zloader | hxxps://www[.]youtube[.]com/watch?v=CjzkxO2LQ_A

Analysis

max time kernel
863s
max time network
1053s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=CjzkxO2LQ_A

Score

10^/10

zloader botnet discovery evasion spyware stealer trojan

Malware Config

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader
Downloads MZ/PE file

Checks computer location settings 2 TTPs 11 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerBeta.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exekrnl_beta.exeCefSharp.BrowserSubprocess.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	KrnlUI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	krnl_beta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe

Executes dropped EXE 21 IoCs

Processes:

krnl_beta.exe7za.exe7za.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exekrnl_beta.exe

pid	process
5344	krnl_beta.exe
5932	7za.exe
5812	7za.exe
5720	KrnlUI.exe
5652	CefSharp.BrowserSubprocess.exe
5200	CefSharp.BrowserSubprocess.exe
3928	CefSharp.BrowserSubprocess.exe
3904	CefSharp.BrowserSubprocess.exe
2544	CefSharp.BrowserSubprocess.exe
1792	RobloxPlayerLauncher.exe
1940	RobloxPlayerLauncher.exe
804	RobloxPlayerLauncher.exe
5336	RobloxPlayerLauncher.exe
6060	RobloxPlayerBeta.exe
5796	RobloxPlayerLauncher.exe
312	RobloxPlayerLauncher.exe
684	RobloxPlayerBeta.exe
6080	RobloxPlayerLauncher.exe
2456	RobloxPlayerLauncher.exe
4444	RobloxPlayerBeta.exe
6024	krnl_beta.exe

Loads dropped DLL 53 IoCs

Processes:

krnl_beta.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

pid	process
5344	krnl_beta.exe
5344	krnl_beta.exe
5720	KrnlUI.exe
5720	KrnlUI.exe
5720	KrnlUI.exe
5720	KrnlUI.exe
5720	KrnlUI.exe
5720	KrnlUI.exe
5720	KrnlUI.exe
5720	KrnlUI.exe
5720	KrnlUI.exe
5720	KrnlUI.exe
5720	KrnlUI.exe
5652	CefSharp.BrowserSubprocess.exe
5652	CefSharp.BrowserSubprocess.exe
5652	CefSharp.BrowserSubprocess.exe
5652	CefSharp.BrowserSubprocess.exe
5652	CefSharp.BrowserSubprocess.exe
5652	CefSharp.BrowserSubprocess.exe
5652	CefSharp.BrowserSubprocess.exe
5652	CefSharp.BrowserSubprocess.exe
5652	CefSharp.BrowserSubprocess.exe
5652	CefSharp.BrowserSubprocess.exe
5652	CefSharp.BrowserSubprocess.exe
5652	CefSharp.BrowserSubprocess.exe
5200	CefSharp.BrowserSubprocess.exe
5200	CefSharp.BrowserSubprocess.exe
5200	CefSharp.BrowserSubprocess.exe
5200	CefSharp.BrowserSubprocess.exe
5200	CefSharp.BrowserSubprocess.exe
3904	CefSharp.BrowserSubprocess.exe
3904	CefSharp.BrowserSubprocess.exe
3904	CefSharp.BrowserSubprocess.exe
3904	CefSharp.BrowserSubprocess.exe
3928	CefSharp.BrowserSubprocess.exe
3928	CefSharp.BrowserSubprocess.exe
3928	CefSharp.BrowserSubprocess.exe
3928	CefSharp.BrowserSubprocess.exe
3904	CefSharp.BrowserSubprocess.exe
3928	CefSharp.BrowserSubprocess.exe
5200	CefSharp.BrowserSubprocess.exe
5200	CefSharp.BrowserSubprocess.exe
3904	CefSharp.BrowserSubprocess.exe
3904	CefSharp.BrowserSubprocess.exe
3928	CefSharp.BrowserSubprocess.exe
3928	CefSharp.BrowserSubprocess.exe
2544	CefSharp.BrowserSubprocess.exe
2544	CefSharp.BrowserSubprocess.exe
2544	CefSharp.BrowserSubprocess.exe
2544	CefSharp.BrowserSubprocess.exe
2544	CefSharp.BrowserSubprocess.exe
2544	CefSharp.BrowserSubprocess.exe
2544	CefSharp.BrowserSubprocess.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 4 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialLuaAnalytics\SocialLuaAnalytics\Analytics\RoduxAnalytics\Reducers\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\sounds\action_jump_land.mp3	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\Collections\Collections\.robloxrc	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\HttpRequest\HttpRequest\RequestFunctions\Util\getHeaders.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxNetworking\RoduxNetworking\NetworkStatus\Rodux.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\Shared-07417f27-17.0.1-rc.17\Shared\ReactVersion.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\MessageBus\MessageBus\MessageBus.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RoactUtils\RoactUtils\Hooks\useLocalization.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Components\ProfileEntry\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\meshPartFallback.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\AvatarEditorImages\circle_gray4@2x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\VoiceChat\MicDark\Error.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\VoiceChat\SpeakerLight\Unmuted40@3x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\NetworkingGames-40b180a4-1.2.0\NetworkingGames\networkRequests\createGetExperiencesPlayabilityStatus.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\rodux-networking\rodux-networking\NetworkStatus\EnumNetworkStatus.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialRoactChat\SocialRoactChat\Models\Conversation.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\installReducer\Users.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxFriends-aa874f8b-86a611f7\RoduxFriends\Selectors\selectFriendshipStatusesByUserIds.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\localizationTargetEnglish.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\TagEditor\VisibilityOffLightTheme.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\TerrainTools\mt_terrain_import.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\GraphQL.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\cache\core\types\DataProxy.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.3.4\LuauPolyfill\Number\isFinite.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ReactProxy\React_rc16.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ApolloLocalState\ApolloLocalState\Flags\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VerifiedBadges\VerifiedBadges\installReducer\VerifiedUsers.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\Settings\Help\AButtonLight.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestSnapshot-edcba0e9-2.4.1\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\UserCarousel\Components\UserCarouselContainer\UserCarouselContainer.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ApolloLocalState\ApolloLocalState\typePolicies\ProfileInsightsPages.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\DeveloperFramework\slider_knob_ouline.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\VoiceChat\MicLight\Unmuted20.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\Expect-edcba0e9-3.2.1\Expect\print.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\Commands\types.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\Commands\Whisper\RBXWhisperCommand.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\Shared-07417f27-17.0.1-rc.17\Shared\Symbol.roblox.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RoactUtils\RoactUtils\Hooks\useEffectOnce.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\TerrainTools\mtrl_sand.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ReactTestingLibrary\ReactTestingLibrary\__tests__\auto-cleanup.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Flags\getFFlagSocialTabReplaceRefreshConversations.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\AnimationEditor\image_scrollbar_vertical_mid.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\textures\ui\LuaApp\graphic\CityBackground.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestSnapshot-edcba0e9-3.2.1\JestDiff.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ContactImporter\ContactImporter\Analytics\Enums\ContactsListLoadErrorReasons.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Http\Http\Actions\UpdateFetchingStatus.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VerifiedBadges\Dev\CollisionMatchers2D.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\VirtualizedList\React.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\Lobby\Buttons\glow_nine_slice.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\textures\ui\LuaChat\9-slice\system-message@3x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\Expect-edcba0e9-3.2.1\JestMessageUtil.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\PrettyFormat-edcba0e9-3.2.1\ReactIs.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoactCompat-9c8468d8-8a7220fd\LuauPolyfill.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoactFitComponents\RoactFitComponents\FitTextLabel.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxProfile\RoduxProfile\Actions\SetProfilePeekViewState.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\Time.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Http\Http\Requests\GamesGetIcons.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\TenFootUiGlobalNav\TenFootUiGlobalNav\Stories\GlobalNav.story.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxSquads\RoduxSquads\Models\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\LayeredClothingEditor\WorkspaceIcons\Outer Cage.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\MenuBar\icon_seated.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\PurchasePrompt\RightButton@2x.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\PlatformContent\pc\textures\diamondplate\reflection.dds	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

5640 5520 WerFault.exe

pid	pid_target	process	target process
5640	5520	WerFault.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

svchost.exesvchost.exesvchost.exesvchost.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 53 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXERobloxPlayerLauncher.exeRobloxPlayerBeta.exeRobloxPlayerLauncher.exeiexplore.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeexplorer.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2564175123"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2564165419"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 204b099ef364d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eb827cf93ddd146af8365c0e3ca130200000000020000000000106600000001000020000000aea9d385a51bdc19d18a65f3c02129a478325c800411b659e02229b9a5c70cba000000000e800000000200002000000005cd5a42131ef8da5a70ceb5b5871f69d8bb609f10ec8e7ff0e9ed91cb7ea6cc2000000037332f8196e053379c579e1bb1bfebfcc74c062b1730e7b0edea87c8667415cc40000000060548c50f9b5f10360a88d21f8ac7c211f1c9eedeff31f160dcea9996c9b84c4250b8b250116a90d581f9b14f2058fcc02f3923dbf54052f54fc59212bf98e9	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eb827cf93ddd146af8365c0e3ca130200000000020000000000106600000001000020000000cf49648176a8da69ed121f768edb70a4207de0703a1c7c06382055367e743143000000000e800000000200002000000051731663b15f2bb5e42767545b5f595bcda7b8c525fafe9f5311e13c580d70b5200000004b3d6c03202cf23eab1f58b98bc2230c77acfed254d728e7a85add383c3c0aa64000000032909b8dec42de45e48bcb7e068d3859613d79deedf0017a3e3536c07228dd23da9416ba9bb8ef5b0360d5df32fba21d184feae7e4c10b45ed1ad1841ce8f42c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C3BCA664-D0E6-11ED-BDA1-E63637889D5B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31024371"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 402ff19df364d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31024371"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Modifies data under HKEY_USERS 6 IoCs

Processes:

svchost.exechrome.exesvchost.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "2"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248661369553058"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "1"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe

Modifies registry class 64 IoCs

Processes:

chrome.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exechrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000de49248a6d45d9010da747aa7b45d90174554bd2f364d90114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4238149048-355649189-894321705-1000\{AEE578AF-EED0-4BE3-9865-F69EBC8D30BD}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_CLASSES\ROBLOX-PLAYER\DEFAULTICON	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exemsedge.exeCefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeRobloxPlayerLauncher.exe

pid	process
2872	chrome.exe
2872	chrome.exe
2408	chrome.exe
2408	chrome.exe
5336	msedge.exe
5336	msedge.exe
5652	CefSharp.BrowserSubprocess.exe
5652	CefSharp.BrowserSubprocess.exe
5720	KrnlUI.exe
5720	KrnlUI.exe
3904	CefSharp.BrowserSubprocess.exe
3904	CefSharp.BrowserSubprocess.exe
5200	CefSharp.BrowserSubprocess.exe
5200	CefSharp.BrowserSubprocess.exe
3928	CefSharp.BrowserSubprocess.exe
3928	CefSharp.BrowserSubprocess.exe
2544	CefSharp.BrowserSubprocess.exe
2544	CefSharp.BrowserSubprocess.exe
5720	KrnlUI.exe
5720	KrnlUI.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe
1792	RobloxPlayerLauncher.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

chrome.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid process

2244 chrome.exe
6060 RobloxPlayerBeta.exe
684 RobloxPlayerBeta.exe

pid	process
2244	chrome.exe
6060	RobloxPlayerBeta.exe
684	RobloxPlayerBeta.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

Processes:

chrome.exe

pid	process
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: 33	4612	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4612	AUDIODG.EXE
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

Processes:

iexplore.exechrome.exemsedge.exe

pid	process
1788	iexplore.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
1392	msedge.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

Processes:

chrome.exe

pid	process
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

iexplore.exeIEXPLORE.EXEchrome.exeRobloxPlayerBeta.exeOpenWith.exeRobloxPlayerBeta.exeOpenWith.exeRobloxPlayerBeta.exe

pid	process
1788	iexplore.exe
1788	iexplore.exe
2044	IEXPLORE.EXE
2044	IEXPLORE.EXE
2244	chrome.exe
6060	RobloxPlayerBeta.exe
6060	RobloxPlayerBeta.exe
632	OpenWith.exe
684	RobloxPlayerBeta.exe
684	RobloxPlayerBeta.exe
2736	OpenWith.exe
4444	RobloxPlayerBeta.exe
4444	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exechrome.exe

description	pid	process	target process
PID 1788 wrote to memory of 2044	1788	iexplore.exe	IEXPLORE.EXE
PID 1788 wrote to memory of 2044	1788	iexplore.exe	IEXPLORE.EXE
PID 1788 wrote to memory of 2044	1788	iexplore.exe	IEXPLORE.EXE
PID 2872 wrote to memory of 2460	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 2460	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4216	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 5024	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 5024	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe
PID 2872 wrote to memory of 4300	2872	chrome.exe	chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=CjzkxO2LQ_A
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1788

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9986b9758,0x7ff9986b9768,0x7ff9986b9778
2⤵
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:2
2⤵
PID:4216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3164 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:1164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:3300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:3524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5024 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3492 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:1820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5040 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:4780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5536 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
- Modifies registry class
PID:3896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4844 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:4236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6296 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6260 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:3576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6024 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6088 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5988 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4912 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3808 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6156 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6104 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:3436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6180 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:4532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4380 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:4680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6960 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4708 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6456 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6296 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:1920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7108 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6984 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2824 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:5836

C:\Users\Admin\Downloads\krnl_beta.exe
"C:\Users\Admin\Downloads\krnl_beta.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5344

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
3⤵
- Executes dropped EXE
PID:5932

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
3⤵
- Executes dropped EXE
PID:5812

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5720

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2240 --field-trial-handle=2264,i,6175415059825362874,6522152272796802254,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=5720
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5652

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=2264,i,6175415059825362874,6522152272796802254,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=5720
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5200

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3116 --field-trial-handle=2264,i,6175415059825362874,6522152272796802254,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=5720 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3904

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=2264,i,6175415059825362874,6522152272796802254,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=5720 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3928

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=2264,i,6175415059825362874,6522152272796802254,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=5720
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=2764 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:5504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:5908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5952 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=3808 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:2868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6216 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6996 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3396 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:5396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6892 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:1376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:5856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6740 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:6124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6000 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:4628

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
"C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1792

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6867c2d3365d29f9b40f61bb5c51a4bc7df908c0 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x7d4,0x7d8,0x7dc,0x778,0x7e4,0x12bb480,0x12bb490,0x12bb4a0
3⤵
- Executes dropped EXE
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6112 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:4680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6964 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:3832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5960 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:2868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6828 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:5376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6852 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6792 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:3092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:4444

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:SUM5bq3HC9kUKc8Tm5cQ2lOfo3PpAbA17Q_N3Pdtn8uZg2Li2ElAFC81PPc1eE8x-DpVqslr_66vFUMyVaQMVb9Mq9yzRjUYUXKJ5asxSPS7UidgQAKjy----XZDj5mZP9PdyQ6aXw-mcxONnQyJfdYhv9COXh0HvqTeP6-AGqSv6wX4N-I1SiFT1683o7kqQMMB-WdgCc25grflKT1hBooXIFLclM-3XV53bBEWWjw+launchtime:1680393027766+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D167772987765%26placeId%3D12969937168%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D53482a07-965c-4efb-b967-41969d1f2c48%26joinAttemptOrigin%3DPlayButton+browsertrackerid:167772987765+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
PID:804

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6867c2d3365d29f9b40f61bb5c51a4bc7df908c0 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x724,0x728,0x72c,0x6a8,0x74c,0x50b480,0x50b490,0x50b4a0
3⤵
- Executes dropped EXE
PID:5336

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe" --app -t SUM5bq3HC9kUKc8Tm5cQ2lOfo3PpAbA17Q_N3Pdtn8uZg2Li2ElAFC81PPc1eE8x-DpVqslr_66vFUMyVaQMVb9Mq9yzRjUYUXKJ5asxSPS7UidgQAKjy----XZDj5mZP9PdyQ6aXw-mcxONnQyJfdYhv9COXh0HvqTeP6-AGqSv6wX4N-I1SiFT1683o7kqQMMB-WdgCc25grflKT1hBooXIFLclM-3XV53bBEWWjw -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=167772987765&placeId=12969937168&isPlayTogetherGame=false&joinAttemptId=53482a07-965c-4efb-b967-41969d1f2c48&joinAttemptOrigin=PlayButton -b 167772987765 --launchtime=1680393027766 --rloc en_us --gloc en_us
3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=5416 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:1520

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:U9dqbjVRfbyTGIomp7nCj0th8Q_o4gC9ZYsqIC0Nv7YrW-2Ez9RcNpTNX1-R6eKhwXtoh7qrgOJMUnozUcC_ovxn_PavJqAJOUi__5MFKDKGAFMRqRWJRqpKGo5I-piGfLhYFKd3s91fnLOxDGxTydRSa5Pp951YsxX_8ZnRj7Fm9OwgTd8-4TZnFQMQmxjTBOv76pEq1Q4kJmgufcIUhaoRiN-iruF1AJVh7Spi3OI+launchtime:1680393161401+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D167772987765%26placeId%3D12969937168%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D8a38d9af-5edc-4a04-8ebf-7a6fc19544a7%26joinAttemptOrigin%3DPlayButton+browsertrackerid:167772987765+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
PID:5796

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6867c2d3365d29f9b40f61bb5c51a4bc7df908c0 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x714,0x718,0x71c,0x6f4,0x724,0x50b480,0x50b490,0x50b4a0
3⤵
- Executes dropped EXE
PID:312

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe" --app -t U9dqbjVRfbyTGIomp7nCj0th8Q_o4gC9ZYsqIC0Nv7YrW-2Ez9RcNpTNX1-R6eKhwXtoh7qrgOJMUnozUcC_ovxn_PavJqAJOUi__5MFKDKGAFMRqRWJRqpKGo5I-piGfLhYFKd3s91fnLOxDGxTydRSa5Pp951YsxX_8ZnRj7Fm9OwgTd8-4TZnFQMQmxjTBOv76pEq1Q4kJmgufcIUhaoRiN-iruF1AJVh7Spi3OI -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=167772987765&placeId=12969937168&isPlayTogetherGame=false&joinAttemptId=8a38d9af-5edc-4a04-8ebf-7a6fc19544a7&joinAttemptOrigin=PlayButton -b 167772987765 --launchtime=1680393161401 --rloc en_us --gloc en_us
3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:5376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=4792 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:64

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:IYAtSVVM_xePINP_ACrSKEhA_qlUExpbCjGN6rtUcwhEZ9Kr1xRUDoX34-bntozhboOSTHyFt4HUpTH7gOTgb8Ir8qheg7VjqJmfGMyUlsON6Y0E-kHqEF4Cy-MDCrSgT770GI1pVfdeuyskEeWkGEt5BIVuIdXas9PVNZtkQUE9WRORvZ5_-xJTQS-RXsRU9Nt6CWj_AfhgOXlSLWj5hEqoC6HKDKg5xk5o8z5Li2U+launchtime:1680393349325+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D167772987765%26placeId%3D12969937168%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dd9213175-b78d-4fd1-b76b-6085afc39d7c%26joinAttemptOrigin%3DPlayButton+browsertrackerid:167772987765+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
PID:6080

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6867c2d3365d29f9b40f61bb5c51a4bc7df908c0 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x690,0x598,0x6f4,0x680,0x71c,0x50b480,0x50b490,0x50b4a0
3⤵
- Executes dropped EXE
PID:2456

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe" --app -t IYAtSVVM_xePINP_ACrSKEhA_qlUExpbCjGN6rtUcwhEZ9Kr1xRUDoX34-bntozhboOSTHyFt4HUpTH7gOTgb8Ir8qheg7VjqJmfGMyUlsON6Y0E-kHqEF4Cy-MDCrSgT770GI1pVfdeuyskEeWkGEt5BIVuIdXas9PVNZtkQUE9WRORvZ5_-xJTQS-RXsRU9Nt6CWj_AfhgOXlSLWj5hEqoC6HKDKg5xk5o8z5Li2U -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=167772987765&placeId=12969937168&isPlayTogetherGame=false&joinAttemptId=d9213175-b78d-4fd1-b76b-6085afc39d7c&joinAttemptOrigin=PlayButton -b 167772987765 --launchtime=1680393349325 --rloc en_us --gloc en_us
3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=5828 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:5904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=3820 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:4680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5868 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:1204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=5288 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=5800 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:1484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=5956 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:5888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=7048 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=7212 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=7180 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:5892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6924 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=6740 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=5544 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=7864 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=7716 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=8012 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:1428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=7172 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:5784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=7572 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:5584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=8900 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:4132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=8732 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:6136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=8724 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:6048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=8468 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:3604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=8436 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:1
2⤵
PID:4904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9520 --field-trial-handle=1812,i,772788073224823325,6371054270110268347,131072 /prefetch:8
2⤵
PID:2764

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1868

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x440 0x43c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault935d000bh021fh4d62hb86bh6d45dc526a31
1⤵
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
PID:1392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9928346f8,0x7ff992834708,0x7ff992834718
2⤵
PID:2392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,18405473002799985523,6410250180799275524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
2⤵
PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,18405473002799985523,6410250180799275524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,18405473002799985523,6410250180799275524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
2⤵
PID:5496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5488

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4692

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3964

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 448 -p 5520 -ip 5520
1⤵
PID:5756

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5520 -s 2944
1⤵
- Program crash
PID:5640

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x440 0x43c
1⤵
PID:1868

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:5772

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:6036

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:3916

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:5972

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:4008

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:6128

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1768

C:\Users\Admin\Downloads\krnl_beta.exe
"C:\Users\Admin\Downloads\krnl_beta.exe"
1⤵
- Executes dropped EXE
PID:6024

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
2⤵
PID:1756

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
2⤵
PID:5212

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2224 --field-trial-handle=2432,i,12502161431731351585,16275746500363458686,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=5212
3⤵
PID:4644

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3192 --field-trial-handle=2432,i,12502161431731351585,16275746500363458686,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=5212 /prefetch:1
3⤵
PID:5808

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=2432,i,12502161431731351585,16275746500363458686,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=5212 /prefetch:1
3⤵
PID:2248

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=3040 --field-trial-handle=2432,i,12502161431731351585,16275746500363458686,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=5212
3⤵
PID:2288

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
PID:3904

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:2512

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:712

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:2764

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:6348

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
58e2791a8387895fb7ab6297e54bc2d9

SHA1
eb535f54b7ff46589dab12165257537cd04ff29d

SHA256
b631525f5e6741ade44c095b36ace628988ac7617f0305c503949780200d0340

SHA512
998cae5591b049da4da34de94819c20c309e70e73f85bde552a0cf496e37bc9987531b3b4301d98b4cf9ef210be9204493ad6ae8f4af889a55361a55d9563fee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1CB3B26D4404CE9B58DF976169FD358E
Filesize
471B

MD5
365aae6343eff591f54a3c34d27aec3e

SHA1
2bc5ea6839376a39280e12bfb05f63b2c5e89834

SHA256
61e7999166900e42dddb75dfc42c4a04de2a5e628aafebb7efae5e535f90d39b

SHA512
aebaee4ee563a315d806109e86278640a52bdbdcd25ad9fa0d4ed54195c9f8c2f062b243f41f3333765a685f3b98c203a854e55287d04f7b1daf9a4398d51da8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_AA1ADD4071D073F3048022453A5FE061
Filesize
472B

MD5
cf4f85a363bec221001114c4f16bb282

SHA1
1b5dc1b5b6f9539b64473cdbc66aa2a3abc6f854

SHA256
491accd47c18b442f9b208d371a1c09405cb8f96b45db573777cd88adfc5ad77

SHA512
ee1f270ed04b294d77485327783502925b082e2a30cb1cb07fe29326fe469a904430528ae3e9b21fdb20c8928d98f11e057e73afaee80152c7135fdd5da9be91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_F21BF538BAEA56C2FC86EE4A4D9AD2BF
Filesize
471B

MD5
02c95981e800dd9363a6d19dae24da1e

SHA1
21059a3e85170b78c401f344a2cc11359afe51d9

SHA256
c50c93dbf298c3c2e641e178f9c43680c1989bb2a06bc2db723484a7da223cd9

SHA512
2d05e8260ab045be13e0dd48c6e4767bd3d11bb453968123106116ea4f21e045b26169c2e9e1ebb0a598c6c2a9c0de001003769a6b13067393f5b00aeb7437d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
f564ede47cda8c6dc1ed3331fd42fc36

SHA1
9f13ffcb84057dd760bebeddd6fb5b9c2b6512a3

SHA256
4a3bf9776ed273e53e82d4f7280f44bf3c9bc4d77c4e8157a6c7700f7c01eba0

SHA512
a19aa71f18f6fb6e5cac7a319aaa2f53f7e97423612ee13cb5839ce5bf1c3903bd362d174fdf813b2e0c1d9bb4b2a9a414cdfbdfc4c5ff02cc609cd0b9aa0df3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
82550c8f42d1b186e4acd859587ed355

SHA1
241e9d0efe7d47f199112a360b211d3a2b4fdfff

SHA256
7ddd8c90d826258141ffc4fb9ea618b1702b7cf0bd974ec2eef09314b2350b06

SHA512
14cd2dfef36939c03f3bc456c376461569e1d44bbc1e3a5b5a707443fb07b41be5f51cc3a62fb64f6626033b43be5658c6604a778834bf9fb1e83d2376891792

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1CB3B26D4404CE9B58DF976169FD358E
Filesize
410B

MD5
a9cd618865499481afdaa85283e4e1dd

SHA1
424f06a2987f7ccc2bf37b54084a92198bcdd0e2

SHA256
0e24b6e7c04efe6a24ba984a1412511924d73cb386dd0606a5af97f2546a0361

SHA512
b5ddebcd74fa1c875cca7fedb42f85c1c3682afda16e2cb17481af51a95d7164107dc19583ffd0dc5d815be59d9b21bb6872ea7ab42ca7e131602684caa07e71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_AA1ADD4071D073F3048022453A5FE061
Filesize
402B

MD5
bc78d0382011b10d28f8c3b22b0d64f0

SHA1
383d3aa868dad560de1b9ba111663dd24b87c421

SHA256
8794202f47b0e20cf54d82eeec5f584afb50c35c0b026eff196c3db07c16b9ef

SHA512
4b8354501c0af36082ce4d6613ab59456ecfff999bdafdc7b0cf4af8ff28a21481d34f1aab7b4130205aed566be10fd41c08f297561b5abc4050e8d86c89de14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_F21BF538BAEA56C2FC86EE4A4D9AD2BF
Filesize
406B

MD5
99f54bdb79f1950dedcabb1b3ceeb329

SHA1
ff0b62befea81a38be126498e10d6106b35cd26e

SHA256
2c2ae33fd9f618c13ed54278d3a1bba792f7b91a2ccf5c6421b28fb3c6ffa24d

SHA512
a69da5d299e4607b30e4b9c33814621654e7f818e1986cf70d532d65ac9976b204b72ce5792cd004301b61abc36c0fd89cf4b94a26af5813a6b68be57685e0b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
48KB

MD5
10b1102baf964d75a0ce7676ee85dbb7

SHA1
b1e6c78b08ae79f5aa021fdecd5ab04fc04c2995

SHA256
a908f0b83b50291bba322fa1d67afa9c1217c0d544d93b29fd6ecd9c394b4f95

SHA512
cfcfd7da69e1648ca1ccc86365a2977bb21ecb9aeb173a3bb95bb39adab64bc88694d2377e9dec76563cc2277ad8292be9d43b706d4dbdc1a2a23f76cfc1fb3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e
Filesize
162KB

MD5
b81d6636c3ad72c63e532e5180eaf7f9

SHA1
ddcd059999fff6218e98af62dbe3fa9c885a0de8

SHA256
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef

SHA512
4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006b
Filesize
96KB

MD5
2639291d875ba670fc8de04562d06173

SHA1
4f98b16e777a0acaf7dfcd51ff9b8fcd555632d6

SHA256
ac405bc669127a8143f60e44d5c94eb2eb1baf5b55b7417e0474892f4d70cc3b

SHA512
5dbd57fbbb7fa0b98a7d0f0929ea93370d7bab142f5e95defc69c0d039d4db4c6f59f6d4bbcd3fd99c215ac23640144fcf05e2a46be6f0945a89173791ff64b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007a
Filesize
65KB

MD5
c8b9cb332ab8073311069c33d2a42f99

SHA1
0670cce923e16daf1211e37ec115832d5cc7d70a

SHA256
53c11f2ef3f4ef006d2e43230ee91860a35da05b88e274b83a85e295a36bbc15

SHA512
de5067315b9a931fb33b0950bae92f721fac9f1de4efa80f58255e192bca631ca8043c89db3cd3c6389cf8ecbfd32a4639f207756268321ae71258592d4ee954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007b
Filesize
49KB

MD5
9e8361c00c4bc8c9c051dee5bfa339d2

SHA1
d36a51791035bf241d03661e2bbb0d13c837ef36

SHA256
e4d3dbd48148b13bf0c8c90a2319c3fafa42d4abaa9c89fcabb3585d986234f4

SHA512
3bd193a1ce0ac4f243ebf877d95e9bcb8aa287c46aa3737c85b80c0995de1ddd385d4b138718055a216f5949f0bcfe33e33e649c0982db6e8c56fcaa6b242d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008c
Filesize
16KB

MD5
01d5892e6e243b52998310c2925b9f3a

SHA1
58180151b6a6ee4af73583a214b68efb9e8844d4

SHA256
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

SHA512
de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
148467da87adde9311fcd6e4fd994f70

SHA1
0e14b97fb8c47fd976eb7fdb5fd818a21a58532f

SHA256
7b67c81a2b266ecaebc403a91efabb0f217c0e390e37cfea96e42d1c486d8698

SHA512
c425016687da9c7cdae41c342bc4b141cb16ade9b3c1f70aec4effcafa8b79ed97f7db211474ee34e69e89fcbaf4e53cc8614b6845197bd65bce0b599715a2a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
8a50c3adf85b71405a97b72064a8e292

SHA1
9e2f2209a6dec22c9dd8592c89c307c5dc9f3df8

SHA256
5f44ac29c58d987618c02351b7c50a631f6456f19b36848c07b8841b4a31d667

SHA512
b055265cdb105d31fdd05f5dfa47dd30d0d9104db56716df61f87d86eaf0ed95c3f5b05fe3b0245f5d51a99acea7404676260cdc5be954b98d9238ebf31dbe5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
c096a8ad488c826eaca2a9ec848dbae7

SHA1
cd695f80d6db6b91a348e4d12d1bcdafb177339b

SHA256
7d629ef4b513abe094c91e9f108186ed3772e9e7acdd9ad069c231d6472489ee

SHA512
3df54eb0fdd63e7470aaead1b30c351175ac33b9edb6da2e5e7411efac301d31611de5bc0988f4b6bdfc3d5aac258b03e36cd862bdb7345fc99454f133d0eb03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
72a7c09bac608896c38b67e425695257

SHA1
b43172fab2e5f50e06751cfbb3968de03f94a398

SHA256
8c8f1af948758d7e7da51fdceb1f893a6232487b7a968b9a76a670cfe0bc432d

SHA512
b060059f40b21eb943d1d94d84ea307b8e17d33afff7fe09d7d871910a11909dd3bd03928d2a3c9432327f73808120d85c4120cc507e0fee18ae43912ee429c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
f4910ef00288313a338d6d0f69f940be

SHA1
8b26ff0755e53b2daabc6d9579f0e17594f50621

SHA256
46bbb5254e4c317538e414e44f1d464c8762392869fee98b604281f06335578d

SHA512
fb67a615f4b9aeda161a0038afb727ff55b93241624f01f79ecc50ea8434ccfd3d5c691e2e0a487a77c64293dd31c9037e8d47a493b036c0e01e03932ab8efbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
1422f702e0fa4a0ae2912ca90854dc9c

SHA1
c2949628cebb6826d93e3988a93cb8df65f90019

SHA256
910ada075fc2239163f689295e2951ed94775e40e7b1fbb38989799ceea5196d

SHA512
e006d2aa3610932a036beccf4304fa5b2f934e314a52826d4cb36b0b344f61fd94c188d7007ea46c0ed46c953afd1de2f0daba3fbe82a08679fe65eb62386d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
19KB

MD5
3daf9ffda0976d3c07caf76fd755d4b6

SHA1
e4ecddb5c08741a62e14a99b27058bf28e98ff86

SHA256
cd9d1d5d36b59a5d8507f9c2abfa1f2f78b46d2646f5725c383371d12dba5e4a

SHA512
a220ec1021aed465e620dbf3f7ecdf78a3699bda8ceaafa24496a34f0e4b9db2ee0cdaceea45435ccbbec40960374e1bced6d8195d8e3d0c1b6245683acdc962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
12KB

MD5
eae147e4869be7338b22ace54996177b

SHA1
d83d13058dffc6b9c8937aee2e947c5fa9b18149

SHA256
6bf8c5b92f3376614e03ada249abf3f68891b91c8081d97779bfa941bb8cf2bf

SHA512
8ff13748631322343247b8e5b90ae75c6e5ac9d7fd82b7937a4bd65b6a8b315f0afa642131ee02843746f9cc185b6d7bc3cf1688fa5a74103bb246c71ee1b7bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
10KB

MD5
df4acdbb5f0226569232d68fc26afc6e

SHA1
46fe77bb9642b084ca8352259559b30a14b6f797

SHA256
09298ac7667b05c31621afce71c45b9bde6be82854aa683dcc99351adc6938d0

SHA512
217e4a92552aefe5a2b056e73b27ed3a04552825f5d040dc73e8503ed6c2104d96119494af455d8c6929473696dd74b890bc3bfbe842ec0f6d4e325d5be7918d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
324ad17c23f6ee8019f9f6e30f508629

SHA1
443afe67b6c2ddceebfe47e6d7afcc199d2d0109

SHA256
bcc8e435834e14659140878a778a55d253b4eda0b4a4d79a9706a76907e50e38

SHA512
4444827eb70627624d44d22b003d87091bc084727a3c36a5f8a9d7b29c90984670aaea0f5f2e650ea8a0d5f4fed8bf8f269671c8d71d262191d9f324bbe36bb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
9468afc4011bb35d6353a647b5b6129b

SHA1
65c5da5b46b43e05f6f79a5802dbebf1d28a18c4

SHA256
76bffd99b4ae2e4e3aa2e93ebae8ea005d47615b7d66e6f61d24359f76fc1c4b

SHA512
3d66ec2ef71a3c81d9a1dda3f6d8ff672ccb47821d934484cb880b4368a9b7aae5bb072c51dbf53cd39e044fb14ad97d221f65932b64ee53fdb9bd25bc0c2bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
9KB

MD5
ff25865924da3fa3eef1395fb2c0bbe3

SHA1
9946d60ca2bd2cfdb03299e80d1fb4e94cf89ee3

SHA256
e7895a680320304edba5050de50fae56f56dbad3a50c53f0e5dfe6fc0aebc3e8

SHA512
6133eb8500367f7fabab4b5b3154a869fe2f3e93bfb7a46e6b65f4ba45a9ec7c0aee6263fb81e0008b1b73ecda262601bd899ae3dd479d872983fd1f71f22c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
79887d379e7ced64308270a05773b5a2

SHA1
c2c5ea41ae511e0ce57c818c5d24448d2fdfa258

SHA256
f94f889ddaa1d80b522c9c3d8df9b0926278bd40faf89126ad7bc64f492a2882

SHA512
294af0d6b34a5751f319b086ebade2bb4197f0850f5fad444e287e0f652a0e522b345e8875a4007155ea57fcb445cea054a57181b857790e5ed5d15ea6dc665f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
c84da88f9ac8c22dbd19e62ac7b2fdc2

SHA1
e40263afcaa0bca08bda13a14df0a8d8e0b330aa

SHA256
df3302a93162f6300c6f4f9e8629b85d7e93133f158c272532e1b5311a2bca70

SHA512
d68fc355355b8337e2bed24985ca17ed69af96432a8be683d4f53abb54a80439dd561095e4da33057c28ee5f8ce620b6b86b1507d9a0b702fdee632ff98b4f9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
8613ad41a3d7c0c241cfc7e126bf9b8d

SHA1
486f09c44252f20f0c3a192c96e94ed1b1adb490

SHA256
70de0565ba3fce81492808fcbe1338d05b7888cbc0fedcda321c787a353d38bd

SHA512
c200b61f7e00436afcec9682c5f678a01bece66abeae0bd8b1900aa12ab4dbc0628f30c6bab22c70dbd7894aace66aaa474597a9a79b650d57e9178c6a626f35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
46efa4560f07ea543aac173f53e8003d

SHA1
a5894490e0b01aeabebdb417abcaef55b4afb4b4

SHA256
01a794f3c42c848515adf4c04ed280a2de912432a16a94dffbdec998daf40554

SHA512
19c63016fc37859b74feee51366b06ed315fa6ab3fd80a340cb9d1a402fd1534493104bcd8977d6d663f053e9e9e74133dcab6bbe773e0a1e953d29d80d98303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
08bac48183fd4e3e24b378fa11fb7507

SHA1
7c5647a5eb6db2e6f91269f3b39c775dd42bbc63

SHA256
d4911bdce14ceefb73375872b48b6fe86f2d931bef716ddfa08d3416e84a80b7

SHA512
b52813fa8d7bad76c2c9e0892df61ff3460241c502f1e042bf16b6404a281a2d19817ccd74fb1dcbfb3cd2005f4ecff7e032912f5bc0a87913f7f3b1c295ff2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
16ac8838413a9d14e4ef63932c87dde5

SHA1
fccb0486919fd106ee72a9d78952a1946b3394c2

SHA256
abefda7233ad6df47587643f3a81d44d8e00f2f1a58b2cda557bc32447e50cf6

SHA512
bd36b4b0a7cbc55177860e70636b1943241c7bd9604b368c488552bf23efd685cd701e721258b58724d1dd0073f2d50cc19a6cdfe77216e5d175ab667eb84dae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
c21c939e8dc65aa2576674399b7f5ba1

SHA1
a4552f84c4877963c0fdafd876edfce5bec9caa9

SHA256
93dbba1db701d5302ee9fc911f06633b357f1c7a396fe79216dd2a640a8235a1

SHA512
acce30347daae0c5649dbcb2b8a1ce06ee7a306047380404c77b59e318d2b6340ee6cf8e101a2754e921146b74add9ff080efed5258507fcc5f992fdf207d855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
4b10031626405462ebb2c9ef6cd71a0b

SHA1
3d7c644a373e30d42fd97670f86f944b31260eae

SHA256
109c0cf8472b440e0ff10f06abd5da96281fcc747ada6e90760d7f115dfd864e

SHA512
791bd75721cec72a10866a0675cf22d494726e2256195d5fe7efa10a19694111bc9403346706351d0e25b84f049bf75a05d78b802c8113ecc7737668ffe742e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
9800a4d28779081c1f1b37db74457e9d

SHA1
82700725cdcae28242aeaa9271caca6713107472

SHA256
0dc37b78f0cd300008a867f3b97e87bd7037a218398039c2ed3144b566b6cc55

SHA512
1e6e4ebc689ef53452a33bb10e53adb5c20d136d029b92bfe3990231807137ae5d1c6895ac0adb3d88e53e5017322b3b2e7a124565c5d7dbc7a66a7f08b2b1de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
ca5d1b800b5f9cf64a273b1e13af496e

SHA1
890681e4aa4deb47a8fe155ec8395187bf8cbf40

SHA256
bf61486e06e5afd8cb251146f309c084dd17e4753264dace13b47a53ca9c946b

SHA512
283e8eaa5743d830f5be024c215ccb24fd2e0005a1b3a61d2bbdd10802da8441c9d10fde8bb5491751e54e12087a4f4b6625a624d1a3fa92ac57da79bf9afe87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
08cd6b1b2c32c0b0bdc4074c95d9cbe3

SHA1
fae3f8ea2f498f3fb6a1b8b1f60729a5ccd2466c

SHA256
4ad84860b67722312f63ffe361b479bcdcb7c11708314a69861a7e17eaf41821

SHA512
76bba542cd24533f218dfbe07016272075e4f29d12d0f0541f4c9edf2cdd0d5c2a12fa5c651db693dbd8da0b7164ec786c96e7276e04713276ad0d728136894c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
232d670af98abc5bd6216025b546ce5d

SHA1
1de96cbf19b2f772e43986847de6c6ec9ecc0132

SHA256
6a2134e603164aa38f19c4c0f9e041b50332ef2129afaf76bf30a3a3c35d789b

SHA512
d41c77803e3bf14fcf54090c3afd273afb1d1f6741912b7de98bc35efe4d756a7e8a8ede2f1996ba92ae079f5612cc62c93eba2225c8b2935fb5d8b45443326b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
2fde2629b5a99075f94e80c2bf5984f6

SHA1
7dfd81a00031f8cd4ed41be0c161ecde905fe066

SHA256
6b67cce8a4e7feff7bf97f1c464f59e3c4dd9409e75451a5d07c437d6dba62c5

SHA512
81ca3b615a563dc95e0c436f0a0e824e4e1fdb9884095ed6b4267d7c9caddc6f81b95d130d92a24ba50b3cfe25a99f2c18fce8f76e90b5d5132efd16c5741b5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
1d769c6012d2690c47b33735ee26e7fb

SHA1
c22563b33dbaec50a0a010788b339ae532071951

SHA256
3e581db27cd8793ab6658daba53e3ebc9456f1293a239f0d969764132f9a08a4

SHA512
19291be049eb7acbabe1359ad34a3ae648d8aba78bcd8789b6272b57d9098d3f6d43e1c7a071c04519d5fcf8a8a8a64ea5dcbe1f25aee7b764fb1011751ed6ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
00d4a60b1f0b5548bc1ee6057e98497a

SHA1
88597012a178fd9e5adcb58f0f439ede1f7cfc3e

SHA256
bbdd34fe752f5b7de1f2d8308a8859991495455de599ac22024e995341d4b8a4

SHA512
6bbdf46bcfe822984607b722fd8b511607a0e525f18d3a071715c197425833e8a61e6672a7cb5e564608dcaa90bf2530cef0b5a980e72e087058b8cb1c1f9acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
e15e4d3ca34bea524a77dfa81f45d861

SHA1
74b90c6208dcd7e0b97eda2574e9117afd00425b

SHA256
2fe8d2cd0a5acc152999efbec74e1f0ca48871e0376ad1b357ece52333d82dbf

SHA512
cdcfed033b2371aced71eb2c1eb69f8e89eb60fccd4b4b8cc3ae0d2850029cbbc9eb273fc06b9ef39581affb8034911a6d0ce0a747157aef194caaa2a36ce792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3487a89484f3e4bc646bf9b3bddb8f12

SHA1
0a250bbaf70fcbc2d736cb6449474b98a54c1d9d

SHA256
420e77f475db626607fb2889fb6956a9141d9be6716ddf7fad2826d105ee19a7

SHA512
dd9637bce57b7a2490a5c51d16ce88f9d25b846193878b6bc9aa1728cb55d13ba25be53082e680a7f8e36d4d20ecfc7cb6c26e3f9826287f5c7b7227b1a5e351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
ee0b603fc13a77049f707d910799bdd5

SHA1
9e59ae3a02bfa90d6e1b525316a3ba1e1be272dc

SHA256
37d3c8397957ce7e9b7bfd34b4e7788b8694577b0340f1639a43206f4a7c292f

SHA512
57a9b800d6b21fd3ce967d85093115346743800e35b12cc0a3992fe0bc4fcafaa797fceac64cf675dd5ab3586c4e58aa0543727969ffef9576e2dc66c82ad642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
12fa1c77274b8b38b95640ee54f8cac5

SHA1
723fef0f8e86af83f5e1370cced51925c0ae008e

SHA256
a17ae0d9822af017916a5f6719b6ece3655cc877e81ccab8bbc6540d472e2838

SHA512
477e21beb19dc29161f190dd80a58249b37825fced10e399cdc565426f96a0f87fca76b652e848edfa4ce6a192c09cbe06b7d0fd3a46f112e492dc889a401fe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
12ee115ab8d37cdd0ba9fc5afddef016

SHA1
4ba72a122f40d5c752364ab3f9ee70c10c5389f3

SHA256
ae80acfb0d3842a7739747a1958423b59667de133353fa97b705dea8df4aa309

SHA512
fd6719a24dc0cf0db4652878f0b3def8c61fae010e8c1740be299b7c0e6f9b66466a9a1e39819b18d42c887da3f8b5928eef44822bbcc8be694a7c3517793ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
58f99b5965ce40884c9c190961469061

SHA1
9cce723f39a4ca807d057022307cdf470af53e6e

SHA256
65e5b7095d027bb634cf09aab7fc78c1ffbfa1851a48a139df72d33e8163c530

SHA512
f4a49f7591c4e53d7e66281dfb2d0c5184cfea71d87f39067e3d05f49797c70148a78ef424814536d109f0ce83e4d54eb7c680f1ff01a8a7f1099900ee46fe87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
f6554737dedfe3716b9012c639682f51

SHA1
aa8e4d16b7e45381c82b164e91a905ac0166f23e

SHA256
9a95b4d4320c6eb12a2f3602695aba89ca81da593bf5c2d449863338a6179858

SHA512
4b3e88412ea63c40fbf6e648056d4a4f9818330b7b00932f501d4d08c699d8fe816b3cacaf86822427a1e4f27a4754db13b507426719d09e9e2b517a92506ead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
977117282204491b25a6fd1e5d5b44c1

SHA1
edc2baad0049d8134f6f40ba84b568fea37b5df1

SHA256
d2a0d628fd63bc7679812ee1e0d6830e63d6c0e38aa67e8f0f1fc558371b5194

SHA512
7269c746c4a0f74637e86650b61ab42951a88a4fc766a39f205deb6d7e1f37c21f5ddc4c3f14cdfab41d278dc8314000329f8b04566ecdc98d688477d85c50a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
80975f20e9032a932c17469b6ff313de

SHA1
6fe1f6422d27bea8b0029fba103c1390c976a9ba

SHA256
0bca6b6f7929e645e00f53d5be28ce556c7892d2bf2cd2bef440f282679c23cc

SHA512
9561393a72f33bfa7d07810696e0f1014712cc8820eaab7978954bfb53ea96c67ff7ebd6707ea191737bfd5d168b0f64e57c022f1358885bce4d809929dde26d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
cf4e4f6d2f30e62a84d13307e96628d2

SHA1
b60749dda534dbc8e58d5c77146e35977e452c18

SHA256
29fa8f93df9c05cd3efc55f019b1c9d03ee4308e2b1b3239aad6d0957d1f8ad8

SHA512
822b650221ad470284fceb0e532c68ce996a0ddc8dfb105d454d4b3a4ade6edb60e3c8f319b13998d5b28c47a023589d3e3d882b778098782a4c36624c1e675e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
47c54ea98d10009c8bf832a80e2d3903

SHA1
84407a2d9212fd28311160c64b0dad58ee91b866

SHA256
70c5b4c33180f6261a55bb541c0ea8d3c4760b2ee08940ac398848abf94052ff

SHA512
88f6b678ef626c02a03f1ab6060a008b1693fa7473db6b162ea94754d8d971852e2640d07c4733a1596c3dcca8c2b61fc6f57212a3dacc5c51da405b7aaa27f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f5e9d0f69105670979dc550853d5b6e2

SHA1
4c1028bddab79cc5a563210513740dab94afd3aa

SHA256
c96559609a42bdde36488a1f15a6c9869dd9763495d87d29bd7fedcc2124999b

SHA512
c239ae4d10715cb090d8758e0cef83454e58eb65b9cacde672de2eb5a4329fdc9afe00226cbbf38a3309527e702dca568f4d910a0b292162ff74b42c79e5e581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
59f1f54411cf0f1892ca92c1578485d6

SHA1
db5ab4ed0b577ca454189aa2c22eeb843007ed64

SHA256
e5d48dadfece64fb35c82184b2281787f7b52ea281e16fd31a905f87566fe65c

SHA512
6b3c91816204dcc0140678d4d288176932da23e6edbc9157c8f6e0c85e8d96762c83c5596ac83510a23ca4ccb769e125c186f8749ee6a24e2a0693cc7fbdac3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
06d3218f2edf5ce7dc232fc1d7d935b3

SHA1
159b55709feca7e75813a9c0cd032c9071c5b634

SHA256
7ee665e28bceb7779dcb441ad33968252733caf4e53167df7783591a386b6ea2

SHA512
0f3352fc1d7c07afb7071df5231ca00a4a1e22629d123e253d98db7c341723e78cee0eccc03b2fec009c0ebedf0870329e528f5735fa2996b4ca31ec3bc0ae81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
d91cb6c50c01607e8c98a9ef619301ea

SHA1
f05357bfcb847307ede8eea46bac9c0d986a2867

SHA256
5028ad475c7dd78579cc4ba92665375c2c39545fc7850962b1a6f9ce999ca0b6

SHA512
94ab02621dc68d369cc3741e0c52d867258690b842d2d02ea8a441307cd9b760791919cd5ee0f1b913cf11a4d7baf309af57f6d42f2523620bda25f4ee8646e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
46dbf8d83e144a3ea4093a018ec3c96a

SHA1
b543a35570aa4bf4bf40fc72a8c1f142a90950ee

SHA256
b49db144975e5997531c2d69efb9323513a974e33f356328193ad2f99ef603b5

SHA512
ef51940d48483a4ec9a335bd0d778be04206c01be2db8c87ac50dc774f04bd0564f6bf4238ed0168fdb6d9644360f7ec89bf3f6bca81c7d75523656419724e99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e975b954f5edeef9628a48837b370372

SHA1
d1a06483d9a9c3dec2ac8a7ea7e0118f35a94459

SHA256
82b4ac60ff4196a49af44fd522239381d11a8bb00c6fca55065465cd3f405c4f

SHA512
d6f1cec0d4149c2dfff6325f698ce342cee452772cc910420cc001994a13c04d7ee9f0a21393ad340e1de8cce96bf56adc592d8dee91f3cd2aad14aee08623ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
8a348ad3bf338f1f40f690543807902c

SHA1
92639cd4744ff782ad955064d745e5fc54178f54

SHA256
b20c73ff768ea9ed418b05a6c46c5fdc30ed5559f6fbb22f343fade17059b79b

SHA512
28adc3b8b9cd0322ca5d3947ff865bb827c95015c60ca396abd3c6be03ed1ededd6942758adc1a94fae043e38d7f469c8a8af50b9135141258b0da009c948da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
4fc7875ee8825e981a053a382c64d80f

SHA1
88dc0ac0e0e48af5cf807f344091bbc45a2c2ffb

SHA256
7dfdda4e8cea0b181b8544b24d06bf9b9f478837282728a0d9ed4c1e99ba66ef

SHA512
1de8a3da41ee807ef6b5543320f925d64026ba0587494030febfd7462d82765961d57b513844afb95671d659adddf2aafc57b745133efcf77738632c89e3689e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
269245c0243285d192196cd0f3977d14

SHA1
e2257bf49d9cea1d12a033c7d6132b4e0b9a7d6d

SHA256
c3a01aac434f1462b3e160938d4a286b316418e2940d0e2cce9f174c59ab84f7

SHA512
98b24a00fa23930f6aff40a94a2c1d53c3918e187bb2059bcf92aed263e62c68d48ab85e590829e9fef967fdeac7bdab59dbc9311de8aef2e80dea2aedebf08b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
bf552c7cc0a4f428296a20310112f59b

SHA1
0b189c2ba80e68ccb8aeadc26ec906418900612b

SHA256
bd562bb521d1bf3f47b9cd9cd750ed26c9138f782f0d7bede35141ffed0f8164

SHA512
382de0e93869c9137584a7f439ba1cb1bddc7a9f35ae5ecd7110e0ed5147b5079aa6e0de5932725a482e68bc51addd74d107b61d333928892d664f705e38a020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
6b1e87ccfb51f9e6f1a65a9a327ab6be

SHA1
764dee2f2f673f1e2a3b30addc161de29fdf541b

SHA256
b81bdec3e4ceb86b76623a285b3ddbc5a3c022ed148235c888ed7e1d47a7a48b

SHA512
26c0743fc7b00d9adb310d0399f053dada3e9bc8ba07dd63f5e24c3627a6f5c184e75e6745841302e4599552e156dba2d36e10e7779487edaf6cb810bd5f2bbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
86a69be2a413b07a7bfc45af1c707e70

SHA1
52445b4cd31506386f2f55dcfe7165ad05684502

SHA256
51e3469a249b27212a7ebf885dd4a2e1394125ffdbb97da140879378be023547

SHA512
30408092f1b1549f9fd4dd8b3c73602eb61aff80e814ee0f2869eeb0c3473a437edbbaf9d848c63b50b0f5e9e2cf51bee3d20e56aac8a16124a6d7a84200ce0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
49a4ef04b10aee6dd413f04ef94e6b62

SHA1
933f7ab655e66e696f0905b2ab3e95c8762a14e6

SHA256
fc4d199cbcbad4d8a50b656e5c35bc82c4fe7d7ad7b70b57d0e19a1a0f7c7c2e

SHA512
f922ecad97206443c2279aee5f21525e441243467d5a308359d0e6b4fc6d52d097ff286ab881c72aeb8c2ccaa9739015cef55f586c43bcd2c4b4c17eedabc97d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
d9d48dd396ff309feecb9a8951824ec0

SHA1
865a050c919189e1de30e1b4029d8014d43fd043

SHA256
bd296fac043823398e2af2b5752714e9d7d78f028a522653c0fcbe79de129ba1

SHA512
974f7b3e29abda9d20926770902b2c1e1905563908d7221c593515d70b55e35c4496126abc5111cab127a9d24eff30ba94c75652403f76928440a93ac24404e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
96a5b8f6b59623a68a13f9b173f23db2

SHA1
f892d9bc4021520a3b68ed2a8580c946a8b529f9

SHA256
daa277a469bf2d5a6a724e5b68ebff3ffdee7dd647fb68b885e7513cf216ee88

SHA512
b2205d2bd6f5d13cf942a9754f7d48af8331631a702aaf8c76c1c3b8f8aee098f458542c0f10e365a09a13997f3ac932b2edcffe283de2fd39a60cc31d08acd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
25be3083759a967d67c8bc0571e71805

SHA1
9edfcc1d13222331feb49bd0f0bae17e63e31a60

SHA256
e97dbfc831f2ee9a569d3e0de79dcb89b3e39df4c55fa0193448ebba45dccf87

SHA512
30d72779a4f13ce67fb80780dce157f1b315afbc9568a18f35f0f5bbd2655fa3c956af29224bd216c1ff258dafa02ef7991a3fcf6ff8300f42349e77d32d4496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a8d88323209dfb50e31286bb1b17651e

SHA1
63c80a3a611b5e85b5acdfa97af9c885dff3b6e6

SHA256
08389d38da79b8b68e6399cc39f36650d92eab134cc33cb725b69f1aac73ba0f

SHA512
0dc415cd433363c76176f640a77520630f44c9c57a6d5bea8bbaa5db285a4ed1d4dab2196fe6c2bc5eb101f188eb10d16943527bcfa41177da053e18f635da76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
06475354abeaa4ca49640b62a371b0eb

SHA1
893b2db217c23e40ed9a96dca251e6a235eb88ee

SHA256
7aa0ffb01f387c6648304e002544b69feee9de8a4abfa0adb8d920fb16775b25

SHA512
2acb33110425382880f97e075de865ff2a88e9243d036597d1211bf05c61916773f36daed458a1427668a3ed0375ffeaccce8d45ec5822464b8b51e9ca1eaaa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
aafba39d2dad5c685bdbe7be42eabe0a

SHA1
47d9ed34df3751563870c39671cfaa99fe22912a

SHA256
3e1c2d27157f7497cefe0195c2545d476f725441f0057ead43b6dbb186d67a72

SHA512
80589ff25519d66662490572e591d01bd4908e414caebb17bb2bb5e2dce0d34fa46b0b92bc0f878b26ea0be80dd3bc4827d981fbd1eccbcfafa2d32007d39586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
cbc42b73c1b30c6c45f147092744e776

SHA1
3ccdd4a0c6f69252e0b9eb646bd52e1c2f99a2a3

SHA256
a472e216b15c8c3e0307f32efd1f9bf663c357729faafeb09185fc0430c2278d

SHA512
ae420701a10c558de28c961cd203fa338e2c00cce37bef282c2974e0016b24e49afe7125e4b81c4e9987a85974fad24c29b2f7fac3be36c5cf12fa2c8ff849d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8230de8f-1bec-45ae-a36a-c70b7ef95dbb\index-dir\the-real-index
Filesize
624B

MD5
b881151144da9750fdcb9fb0f10188c3

SHA1
97d79b43169dc37f88f7d1837ecc275f2382adb4

SHA256
0e0b929086b7fa75bfdfb27b2c711b10e4673fb81e8448a0f79da461df55be5e

SHA512
2e2a02973e8ef5c3a00796d2b848947265e5a1e7afe08059d6fc9b1dc9b909e9cbdc0eff8893c2f5ee9f5abcea9802cf66771b5b251c5b17e986eca9c7866e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8230de8f-1bec-45ae-a36a-c70b7ef95dbb\index-dir\the-real-index~RFe57edda.TMP
Filesize
48B

MD5
3aeb6300d3d4e2547172085b5cb3f7af

SHA1
92828c4d1c480fa84c51c29f2310247aa8472239

SHA256
77dd18b7ba87a37ea23f00be300ee03eeec2e800adf1d5098751297239691067

SHA512
306d14146dd3639ec88733fe8957dad7f682c527af55d82764a33da88f4bdd62da1c7f02f53c185424e5448425965e38796b24dcffecf9de6e6a3be5ea668fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
125B

MD5
2377ea2cd61c87c3dabc9cd58d91ef38

SHA1
7aee92413bc7fc2dc396b05536fdbcc76fc0b9c3

SHA256
9b5225d343bfb221c4bb3ac18840126626d9e44a04b75f1b03066124049ee803

SHA512
9e696a214a63765ed950f56bae0966f3fda821184f504628a684b9daa86da5a290a3c4ec734126c3d2bc48daba2659cd9a06c102027283362eb70ec80232eda6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
129B

MD5
d38281de00528e4a432fad0853665135

SHA1
dc7310c3e85dbcfd207f97e78261f9809ef903fc

SHA256
210bf5abbd912a9c253ffb7e91e1f9b5fbf54dabb26e2dcf59bf792f652e62a8

SHA512
0f7f0b389ea8a72a3017312af76f88248d3a25ad3bbd84f23a66c8b6692479e0391bcac76d0f7ffa535265090cfe4c07630bf91bba915eaa8d2cff74698cddeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
189B

MD5
2ec60b41083afe73a40b9e20c83a925c

SHA1
67da2e218e630820d6963eb80cacae44f5da1fea

SHA256
125d9018ec2d22e5fab129b4c828050b21a2d7c06c5d8bc9a2992d9d91d898ed

SHA512
02b0b483a1efa39df566213c0f380feef90005ce60327cdf0e9410811e79fd4a247b82872eb6015e22f998994f8c3cc0b4f1918dfb1d14bb76a2126169a0b47c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5783a7.TMP
Filesize
120B

MD5
ab92097bba5ae6f4b2cb2338bd46dc5f

SHA1
1594f922db75b1612e74b0714761faa3cfe13c14

SHA256
e6f69300aeedbf06eec5bc575fe5210a42790db0ad14da9a26fc2992c3320427

SHA512
52b2d3ac431c482c44cfe873a6a5e937f19060af245482ac28dd59203c875831ee5fc43b3b1ec9af2c59562fb005a941e3b76b5006d7648f58d360e5a010b968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize
14KB

MD5
0694d019d112720dd34ee12cc335b719

SHA1
f524f3b12819bf84989b023ef08c839944caf459

SHA256
d81c4ab0e86b1eb2db7ed6ae4a818b4a10b1c70ea9438ad4a86188326ebd94cd

SHA512
34287371f016cf99d1fb8669dabfc14689ef406345380d52453a5f104f9b011af6866ac5f48226d48f51ea6401120d8ba932173cc7362a5516762b4d0ada3166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
Filesize
8KB

MD5
f0a87ca84aee0d9ad8257e95d4577c54

SHA1
e6a0010597d3434cabcfde0e183a3d377c10251b

SHA256
b1f7b2fa881204d52163d0970f3d1ad2b917b456ff8a6c95b98b78e618e7dd27

SHA512
bdf9338e13429da83d19e623354f051580274650355622ef461e8a5e0b23f43ffce4d083f7bd9d5425f2b73526b7882c8d898fd44992e79095d3db704431f841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize
137KB

MD5
cb543d9b77ca7bf32d7cef3b87e39c84

SHA1
3717d8e18d99c4edf1a71a388d2f796405d86d89

SHA256
4bacce074a4eb834baa7bb565c40847251dbefaaea59bd3c3f4cc91ec85d943c

SHA512
751e4706eec22d8b872588753c0b8cb259deb4f58de4a89f7bdabe5b392c59ebddb6a2ea42339c6e4011c2a1175d65b94fe7e62eeea116a65d3b153c28fe9d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
Filesize
336KB

MD5
1781ea2055784218415da0baf256c4aa

SHA1
37a099d46fba17a90aeef7f920440c5f10129f4d

SHA256
4ec7ba9a11ff4beb169a3713fdc3b12d93a739cf6e7ad877db577b7b162758b0

SHA512
89b840c3fbe30f062302f20ad4e6f6342a52b91dca80639a1c323dd6617b2189893c5feb6a1b1d8e5bd768959be619b62011e9479acc0a470fffe7f450ca8e74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
120B

MD5
e1912fa5f9e61eb7281d2e9a5fa39acf

SHA1
44d3869479485463f307888fdb3f3b4e5671bdea

SHA256
6f5c3518af8fa48cdbb9002c67fb61c596bc771453ac03bd79c5cb3391646305

SHA512
dbb0ff68b53b65c983f7b5192f58c250cee0759b0497dbeada5e83065ae81393bff7d39352166cf96ae7086bb8538aa3bbce0290e8192d9c5afaaaf399155a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
650c86a39f1b15b2ce7065df84b74b87

SHA1
067cf01315f231d2da055c5742264f520e58cdb8

SHA256
68b62791fedcd8280b7860c9c1cf735279e04e8c16a9b1e6dbbbe64f85f5eac0

SHA512
b8a3498a86b91773e24ed1521ea33d670dee7d733c7253441c98f88cb0d5c7143ad02053ad00ce90a0f9a79972efc9902b10ec58175d913df31529fb595fbb67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d9f5.TMP
Filesize
48B

MD5
4d786342633f143bd9214cc093c0db6a

SHA1
0e1af10ab85f124cfce0a6e4fe7bf4f974cb5a30

SHA256
f349c1b3842c4d2ee214f9517dabb0b5ecc77a373c170609ada2cda50e74fba7

SHA512
f34789795c48c1bc0a79b9bb01f23343bc761ad2f421e94900e53c417e1e7ad44df87faecd7d0cc374bc5cd0ba0d1343cc808c2b0164eb3c89002474990fceb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\712284b5-187a-4b75-a98d-b1d625b2e298\3
Filesize
6.1MB

MD5
05fbe8c9c61139f3eeb4fc94f523dfa3

SHA1
b4b40c415691a96b81857a261acf8aacfaea7943

SHA256
5a27024a30ba742e7f4161edd6e7f88378a0c71e9856b05adb7879a309d32aa4

SHA512
5ae0bd27e94e26107d128312cffa904861f2b1de15f303bc95b29cec0c10bd937fe1bb47e39d3ee86bab1bfeffa9b1b5d0def165d7dc17fa58db13f0c201926d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
5181403e8c8ac40099b3c363afbe19bc

SHA1
7a452cee4f8f337246c0dd5bee808c890c5eca90

SHA256
424defe9cdb482afd533e8c937d364bc0a305adbef4d706a78f66de026463ed4

SHA512
09e53028124aa878f0f0d0124e660508b86808a1ca635b56c9e53380ade294ce91f64d620faaefd291988e8dbdffd941ef10b729f154b89819220db201d4bf07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
50442d2010b490e7655a2ae59be82bad

SHA1
b9606c83b8acad04dc535f393bde3bffbd9323b0

SHA256
8acb223c6d87c05c199c85f4ffa17404b29bb5c33cebb4a63245456276349a3b

SHA512
ba4ba9553111a4a67423aa5a53efe6e641a466d10c0a7dfa04374d42d392a1290bcf9707cacab627ba9c2ea9ad28f362a67c303565508d2f8266edaaf5ab8149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
97e209892d611967f6d2b59edfc46a7d

SHA1
4ab9845cbf6b3af8236151c8515590cac1a94a09

SHA256
8411d3ee11b2da4a6bde194853acde56966cb61d124d5753bd02b518ab037589

SHA512
7e2a767faa0b32c02cc1be641b383be718efef8defbce2b7f9741d25571be2f6588be31ec3387fc9b1bd7c78b2f2f43ad76dcaf575abe11fec312a6e789580ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
b5e740a53f44a5325f2636097e950bbc

SHA1
c983a533b5c9ef3a5a4e62ae8dafd2a920d69553

SHA256
1bb98b38fea115b08df389f0aed8357db2a941e450cd131e566be06deae3715c

SHA512
38050820f8f5b0c37109390bfcd5513d69c27921c362f63bf5d88e28724fd95278f9585f6cdb0256f5db2166477ccc92b7cd1030ae8c06b1408dc2037c4d01fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
8dd6d5c06a6c17a9910ba0095369a35d

SHA1
967ed5a8e413cbf51c560504afc2db0e45e67e0c

SHA256
c4053045a855fa36f1c0ff2cbd3d7cd40633b2c62da9a7bfed31347bf7150a58

SHA512
8e7ba2786cf6dfe8350d6506f2c2057d0ed2fb8fee035feee26612b689cd70d71f1594feb04ad4f5cdf564f105163261fef461e4fd3d07185b69e61a266edcdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
9c1bb6ae98242ef43a5a75a14c84d258

SHA1
e960b8c7772159f7e0d80990bde7f804b008b6ba

SHA256
6258b1e17aab5496bcc079537f6e060b0ec6fa48738ac5473bc283185ba9c61b

SHA512
8b5c451e576895653a4f5b93fca71855ae9913acf25872dc561f6c3261140aa494ceaed7ec18eba6a16c7b367023e75313f45de64072341b3474b9dd2d571ce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
cf9d4a374fc76cd1677bdbef7fed01af

SHA1
bed137eba7d4f7e3590b7d83357a16e96897c569

SHA256
4ccd0d3fe15503545070e13038419736706a183a27a67860a4fc71c2a972b20a

SHA512
a4c75ed9de215b5de4a05f9ccf3c3f025e776fc670e8801ed4c420acf57924428351a863ee5066f4a8152f4273aa4ae9c6a7c201155d1cb009add8969471c610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
cf9d4a374fc76cd1677bdbef7fed01af

SHA1
bed137eba7d4f7e3590b7d83357a16e96897c569

SHA256
4ccd0d3fe15503545070e13038419736706a183a27a67860a4fc71c2a972b20a

SHA512
a4c75ed9de215b5de4a05f9ccf3c3f025e776fc670e8801ed4c420acf57924428351a863ee5066f4a8152f4273aa4ae9c6a7c201155d1cb009add8969471c610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
cc6b0d902c92ec7f1dcb28014a7cba60

SHA1
3108c6518ba90d98c9bd01a68896d22bda17e0ae

SHA256
e57106bf51367e15fd11b0e57c7b816f6a0800024bf359695a5ed3f715cb6404

SHA512
19b70eccb1e4b4a258321f0ed7fded52c69775059b6a534c18f0abbdccc8c1c9917155234910934187a1b2fc8d57ab984d631dcae8121d684b8640729a7d5c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
4b846e80e45f4c699145239d6d84d7f0

SHA1
832a2282dc72e3c9967fbdca43a29d9b6fc64648

SHA256
8f79d97560ea513d7edf969be7a2a7e89f8714a1d57eb5c76aad601246476bbf

SHA512
0050cc925beda692383c555039fd069d8e1861d80dcd97d9839f93ab153c5097e900ab2a3661347b3243df87cc263bff7ecb2d5ae77c796be5031c4230e0865a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
121KB

MD5
6aeaf1adfbaaa9a386a0c3be3d25d890

SHA1
b31b80bc7312aa3ae5e6eb55f449cb2082f6fb45

SHA256
348cfb48c562c303c3e54e25fb1beffbf47cc2d43c856260706e13305f45b00e

SHA512
c27faf6be1d3b0f48806f9526f24d3bfc0d6503ee0c48aca509ed56e1c20246ff16b24f5367bd6c41de64cb72bf54f2b5924b66d70606ee2ab70b819954ccd27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
123KB

MD5
3e3e16818b708b99dcc3de66d641a836

SHA1
2b59b55d71417cab260cdb5841990c63c45e95d3

SHA256
ac350fc4e1214760c5c0adc2968bb0eecb325c49b4d6cded188d066c25f186ad

SHA512
4f5d1aeeb664dbf699c4e31f8038a38e0b0ed2feadba4716ceeaaf3e622ab50d2692cd0cf55987b3ac4e4f9a8b551fb832ee43c782ffb3d8ce30cf9a2aeef975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
117KB

MD5
8bcf880066a7557d4d76c8896e083408

SHA1
765c54d8f187a8a09e533be1f4b02f21629ca6c3

SHA256
bdc2013f0476c588b296134cab7f18fca0be776a0085961e2cb23b5e27b82f4c

SHA512
db297c815eb43a7618cc617f10b5027def9c71e4046ea5f76f1cfa0aac6db7cda4b678c5f2648ee727b20554bede4342ff0919476dae7c046fb592c46c274c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
106KB

MD5
47324d7ab70010db4fd88e6866e10343

SHA1
9641669c8c8dd7094ebf4c8108d2938f043f8a35

SHA256
79e36313cd00706481ba78653506e64df77dd04910bf1ab3bba7880eb883bdc9

SHA512
074f8ec41933c6eb643b15f891d3ba3709ee7474aab1c6a943966c070c3b505a196fbc227bd02483228cb98360417138fbd21de8b83dcdd63b2b8dcf2a3300cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
114KB

MD5
192c9d7cd8cc73d74065440c06e1483f

SHA1
26a95a71e582463d268b3185e44442f612610a6c

SHA256
78bfbeb1e51281b3a1b29cf33de2830aecfe851f5d88d18596776cb9e9d9fe8b

SHA512
3945444719cc9e26632b9cbbbb94e4b11eed433e1e3970dc96dd35d6016552cb8982faa67ff8a88f76270e9c73dc4aad0293a4bbb11cfcf44c2097c4ff058a78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
115KB

MD5
27f0ea59a349b6355c6186cc9fb137a8

SHA1
a3c8ce0884adfac7cf4d4247e212eec5bdc91065

SHA256
b95fe4bf43f5b46015fd0d9cf62e8c97795c87a817107016efb48f30e0c5b8a3

SHA512
cae666ee7911972e72f5c5ccdba06e5ce78885e325a858da7ef7e5855c3f7ec494c008847352f836bdd0b0468d667af210a6a3bba96ab441e735c830c751de7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586618.TMP
Filesize
98KB

MD5
88d5df4c3b7ca49417b596fb66357655

SHA1
c511a31f095df9f777dda3feaefc5e55f382e972

SHA256
aaa2af3d09d86cdee2b656fdcc013d9f8034ade8781c37df3af661b0f7bcf6b8

SHA512
439e0818e3af5ec9f022a70b383d607adae7261fe189e3ee83420fcb9d2aa17749f0dccb1042b9d2ac52d1f9927b32963a39f1fa52aff32ab39c4bb7bf3c0eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
e8440f5b650bcda3a0f7995186950a2a

SHA1
d1201cd38a42a47bdb212f703c44e6e2d068b22b

SHA256
0d417a570976f5743ec118cf5d74e281ea0c0330811e812acd1a6a85d24bfa02

SHA512
82f3eb2f92d4766cc860b7a66338a133491b4cfab81f6ffac37680cca8378720731319cfb66286579d0c9f0ef6f135fba1d10eb1179bdd566ce416debbdec038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
3KB

MD5
ec048824cb5c4303b65309b18a02145d

SHA1
6ad21c8dc70035f8b9a8e284713a8360c535cca9

SHA256
9703c7926f03136a1b3595d08e10d2360f5e1ba55ce43a87aad56f2ece20853a

SHA512
8198509b2f7978b66a5fe916ba132cac7a3e717939827fe061290aca9094b406fba8d9756546d43906d88a48e923afec700d32e2ae4380eed658751d18522516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
634b5940cf2c9df9b6b34eb0a709e144

SHA1
5c0a440fefbaf838dcdf443175ee5d0513199693

SHA256
48874c6986130ff148af212df38e4ea8c6d14b025363030aae13be738ab1a66d

SHA512
3cb5254639d25941d41d68dd0e8076f883331ec7193ee9b1ffa77a8deb0ad0866090e9aa1dc4f622a1ecf78e198e57694f0eb50849bf31b1492ea004ee7c8a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q7s3h6i\imagestore.dat
Filesize
1KB

MD5
33e9726be9041fddf4923c821a784914

SHA1
990c859cd152a8318e7872b67490fb71ad416c61

SHA256
ef4aa18049f93cd123b4a030dcb9fa0ac19c9f4d37d5f33dc655b79949d36eaa

SHA512
99e7f19ee19368470e7e3ff9718c5bb754dc0c3186e08162c2769998db37abf14cdbf3f27b00fc9464dd598be990a0c12df71d604d6cc2693a104321e5b357f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
28KB

MD5
afb2c4cbb233797a7c5ccef59d42ceb6

SHA1
5310cec9a1f509c5b795a69ad22ffe26c6b14cab

SHA256
7f7bcd8e02f1dc095c4735f56c1f61e5efa70570301ae6eee0e3e0622f73b788

SHA512
3e49f80d9e032bbd291355482a33ee8addaa671f8a3ffd524925e6adf66589428d071e205c7c03c595bf463e702d0fcfe76674494602db314c66d22a251c34b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\BatchIncrement[1].json
Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\WindowsPlayer[1].json
Filesize
119B

MD5
efd3cb52d253121d226d4993f3a53fd0

SHA1
066779a7678c6134132c56f9c0e64cb5423711b0

SHA256
d49f693ce8ccf0d4cf1704efe4b60fdec4ef93b455ea6da3fef2d83b6151a458

SHA512
b49042157eb0c5f3024b14093cd9e626992ab59446b67f680d5bc5c6be586df406caecaaa9b33ac3cdd1585f54c68d4fd3fa81227ea86fb5fbfb44fd66779ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\favicon[1].ico
Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Roblox\LocalStorage\appStorage.json
Filesize
4KB

MD5
0028df969333926a7a7fc2c9d411a02b

SHA1
8dab804c4cffdb3697c126eebaac9954d02bfc42

SHA256
b8805315ce6858a1a27999f507b7323b1b3f16ddff8bca53fbd61357aa91b5dd

SHA512
854f2d215edfc27b1b605bf4419c386536f16183d662c43eaa6accf8eb0c402e0468d3ae231e62b3c1405d2f17de7f85c3afb62981ff61d91b97cd48c75bd6ec

Download Submit
C:\Users\Admin\AppData\Local\Roblox\LocalStorage\appStorage.json
Filesize
4KB

MD5
f83c498dee5fb998d4919ca28e2c5894

SHA1
2688a2e7b7dccd77fcd8aa20f7a07ea609fcc926

SHA256
9ba8db20604b046f11d809afe07f4c91f498eccc3105e85be9500d8e5459fa81

SHA512
69e28d93c14e4b61e35c2991fc506047f77506deb5fc2782cc7e2d481658e7c315b8f471095eaf5df44d9d440bbc6c7d5105db340e08cd8e5e7cff347574fcda

Download Submit
C:\Users\Admin\AppData\Local\Temp\5720_493098826\LICENSE
Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Users\Admin\AppData\Local\Temp\5720_493098826\manifest.json
Filesize
984B

MD5
59741ca0b4ed8f06f8984e5c91747a4a

SHA1
334c396dd6e710de0e5b82b93cfaba764abc0331

SHA256
8dabab92309c13bbbf130183e757967bb1d80b47d06d678d12bd7009bc4e0dd7

SHA512
9ff5db978545120a033f5899444cfce08fbb3bb68afd3ca4be394adf781f42c8689c3a2a3d929c0d391a7902315e2073509eb5f8344b96e186b1a63f35d565c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\6308009873b6e28576872a25a9dcd1a8
Filesize
30KB

MD5
d9551ba59e7231df812041555a29cf44

SHA1
dd21057b655ae2cf1321f4f40c8dfbd6226fe7a9

SHA256
4cababc71d875fe4846fa8063297f1916a561d97dc0b19bef38535b19fd333c8

SHA512
190d08ea58f55973107f75f60afb2121bcd73bad202da0fd4e0e3b70be56a8d5de85c3a78b12a2821cb103c1f26eeb61ffcd68cf60867bff20eb894af98d02b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX450586BFCA1D408DBE61B2652CF507CD
Filesize
91B

MD5
9de52d85b06da1acd48afa0d6d1d19aa

SHA1
6683b9c8eabeb1f315873fa6bcdfaaafa9353ad6

SHA256
8b231ef4bd7d12979f583d8c1b89c66ae7e379d6557a1bb6bfeffcafc15f1a2b

SHA512
f3c1210177102ad92dc8661720f12f4c6aed3a86991b59c823471464feb2eed41cc1512acc864cdace009852380701c20a694fdc0311d5a023c2b9298979c8fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBX910750E9BDD64E5DAF5D0F32E281FDBA
Filesize
91B

MD5
b04c0dc18c7d55cd67b193981117e8e5

SHA1
de1b8da5292626c82c5369243ab17e1fe87819e8

SHA256
0e9e0d48cb004bf17d389dc2d43451e7c45546210703bf2c36048568477f538a

SHA512
e6a2aea601a6cc021d9537fd56eaf034dbc5932f9dfeca57fa69921733af8d1c22fa4997a596f2895ca60a9a064ace6a135a8c5893381595521da9cdcfcfbef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBXD7A581FE68E74F6690C99E709F7F2738
Filesize
91B

MD5
934a11b8eaef18e6790e660f167b251b

SHA1
1195e4573af3ac1c966de8210b162d76f57df7e4

SHA256
8a8ffcca05368fdf6f8941aa5ebf50c565c4946e660dac731827703d5d36665a

SHA512
7b9ec190b7cbdaa40921a775beb6cc245f9e92b12785d0c1a9fc6285a996a809a2c80546a099fbdf5e2628404e4cedc2ab652f3e02c27012fd2fb3ea6d1ddaa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\RBXE81549C4CC35470786031FD82CB6C3C9
Filesize
91B

MD5
5bff0b6da657e8e4ed652a4a5faf57f6

SHA1
ad49b5a7c4734d26061b0eea4496fc41949bc5b2

SHA256
c80ae50ae40768b21e62b593515865bd729b4c0712a006cbaf374a66f14f956f

SHA512
146a0ca1c20471f2921f1c911692223b77c4f528f2de47da9df54c1620242230998b86be05b436a725e64665a008cfc21715e114fb0fd1b9e0786288ad20ff24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\c81813ea34dbe699086525727806025a
Filesize
1.3MB

MD5
31248587c9a2653c5927eed252fc94ec

SHA1
379e3410d04945f35cae9a7e7d66bd68056a46e7

SHA256
236e88f26a7148521b5e702bb73747595f111dd027e8ee99ed095be4e02ef068

SHA512
03e173af2eddfd4df228d8fb025ddd3a3cfff4caa63228dc44a5c83145db5c733cb90129b9280cebd163a6453941384eca9af76f5f78273ad98bc59646fddbc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat
Filesize
40B

MD5
fc4d4e31477b57e80656232be64b83e9

SHA1
56a7d1414659735a19dd2d7d13b4aa52cd7c1fbd

SHA256
4ae399cc3a7b7fa2e0baba606a957c2d6fe72a1e5e75b50223ce1d8c1f10ccd6

SHA512
7cc358d7d614c17eeab63c5e8fe95e8a4857fe9f29e2bf43241f92bee6bb5040a6e0ff8fb56d6558bb3df67e73661ccb23bd62129e4d187c72acc49c176f17b3

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z
Filesize
2.2MB

MD5
e7e69e3bb82e50d10e17fceb8851f1e3

SHA1
ac38d2c834b5ef30feb0b23272ee289779caf14c

SHA256
1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd

SHA512
ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\SavedTabs\tabs.config
Filesize
8B

MD5
911af7aa209e00b49f3d6fd2afa92564

SHA1
621521f9a8788695ec292cbec54d2792cfdf0a7d

SHA256
f59ab8d1331b7b16952fbd388258f856b9e09ce2d7b904f500bdfe4905640774

SHA512
de46c8852eca652e4a50bc9701ca0d8da7381420b112d1532750eac26a22d87d5bd215eadf3d9d6831bb217eba0ff7fff2749a34a58253e3297e312d2641a925

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\krnl.config
Filesize
48B

MD5
38345211bbf6a5a39371fda7cdc009d7

SHA1
d4f33df064fb76e824ea87a25dfdfa331552ac84

SHA256
5348872c64500e1f7affe7e5095eeafa1375879cd8d0ab9807ad11a6601ba31e

SHA512
3fa2730bec4af73aaccd3b138c44bb800afb442808e2f9a14c218c61c5c882d6fd351c94c5d8cbfb4d6b818437e197ca25df37760fda95466a9c85d23dc25b4c

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\GPUCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
Filesize
71.1MB

MD5
cb244bb2cbed782853d39042fd705b4b

SHA1
f9a69f8f2b87134579ca8c50b91a67bd596553fe

SHA256
d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015

SHA512
3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
13KB

MD5
87c0af6f1e4d3026fd2cfbbdc365b04a

SHA1
637c59fc210f93249fcb9ff60e47ac688bce001d

SHA256
60a2306da94eeb2f017f85433be6ee2f2373c8ffaff182165c9310aef5c4ae22

SHA512
f1bf26cc0a945cdcb966e3da772afc8ce2dd2528b51aadf5133a51ba258b33b3fd8e584bd8960f4dc9734226184358b7100a853a64dce09a5d0581c38397325c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
18KB

MD5
ad2f471c2414381fe68825ca7cdaa9fe

SHA1
2db5541698e36e75ebc2a720edbdf9bb78fd3792

SHA256
23edf9f3151910a83466f0069f96b7bc9f5f28d95e3106e2cf439f1810d1bba0

SHA512
970585f6fc69b535afd8ae96269e3e534589a164075d4a6614e3179b5957e28e5b521e72ddd22787644a51613191e4e925374e77cecffb9c1f08fe62a264fe7f

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 612958.crdownload
Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
C:\Users\Admin\Downloads\krnl_beta.exe
Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
C:\Users\Admin\Downloads\krnl_beta.exe
Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
\??\pipe\LOCAL\crashpad_1392_HEHWQLSLQZTVYBYZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_2872_EGFRLZDYDTVBQVMU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/684-4379-0x00000000060D0000-0x00000000060D1000-memory.dmp

Filesize
4KB

Download
memory/684-4381-0x0000000007E10000-0x0000000007E11000-memory.dmp

Filesize
4KB

Download
memory/684-4404-0x0000000007E40000-0x0000000007E41000-memory.dmp

Filesize
4KB

Download
memory/684-4377-0x00000000060A0000-0x00000000060A1000-memory.dmp

Filesize
4KB

Download
memory/684-4383-0x0000000000040000-0x0000000005759000-memory.dmp

Filesize
87.1MB

Download
memory/684-4378-0x00000000060B0000-0x00000000060B1000-memory.dmp

Filesize
4KB

Download
memory/684-4380-0x00000000060E0000-0x00000000060E1000-memory.dmp

Filesize
4KB

Download
memory/684-4382-0x0000000007E30000-0x0000000007E31000-memory.dmp

Filesize
4KB

Download
memory/2248-4809-0x0000000002DF0000-0x0000000002E00000-memory.dmp

Filesize
64KB

Download
memory/2288-4735-0x0000000005150000-0x0000000005160000-memory.dmp

Filesize
64KB

Download
memory/2288-4751-0x0000000005150000-0x0000000005160000-memory.dmp

Filesize
64KB

Download
memory/2544-2273-0x0000000005860000-0x0000000005870000-memory.dmp

Filesize
64KB

Download
memory/3904-1652-0x00000000059A0000-0x00000000059B0000-memory.dmp

Filesize
64KB

Download
memory/3904-1644-0x00000000059A0000-0x00000000059B0000-memory.dmp

Filesize
64KB

Download
memory/3928-1654-0x00000000054E0000-0x00000000054F0000-memory.dmp

Filesize
64KB

Download
memory/3928-1646-0x00000000054E0000-0x00000000054F0000-memory.dmp

Filesize
64KB

Download
memory/4444-5111-0x0000000020A70000-0x0000000020A71000-memory.dmp

Filesize
4KB

Download
memory/4444-4586-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download
memory/4444-4599-0x0000000005F40000-0x0000000005F41000-memory.dmp

Filesize
4KB

Download
memory/4444-5134-0x00000000212B0000-0x00000000212B1000-memory.dmp

Filesize
4KB

Download
memory/4444-5123-0x0000000020A60000-0x0000000020A61000-memory.dmp

Filesize
4KB

Download
memory/4444-5119-0x0000000068B90000-0x00000000693DD000-memory.dmp

Filesize
8.3MB

Download
memory/4444-4581-0x0000000005DD0000-0x0000000005DD1000-memory.dmp

Filesize
4KB

Download
memory/4444-4587-0x0000000000040000-0x0000000005759000-memory.dmp

Filesize
87.1MB

Download
memory/4444-5118-0x0000000020980000-0x0000000020981000-memory.dmp

Filesize
4KB

Download
memory/4444-4585-0x0000000005E20000-0x0000000005E21000-memory.dmp

Filesize
4KB

Download
memory/4444-4582-0x0000000005DE0000-0x0000000005DE1000-memory.dmp

Filesize
4KB

Download
memory/4444-4584-0x0000000005E10000-0x0000000005E11000-memory.dmp

Filesize
4KB

Download
memory/4444-4583-0x0000000005E00000-0x0000000005E01000-memory.dmp

Filesize
4KB

Download
memory/5200-1653-0x00000000052F0000-0x0000000005300000-memory.dmp

Filesize
64KB

Download
memory/5200-1645-0x00000000052F0000-0x0000000005300000-memory.dmp

Filesize
64KB

Download
memory/5212-4736-0x0000000004C00000-0x0000000004C10000-memory.dmp

Filesize
64KB

Download
memory/5212-4805-0x0000000000820000-0x000000000082A000-memory.dmp

Filesize
40KB

Download
memory/5212-4737-0x0000000004C00000-0x0000000004C10000-memory.dmp

Filesize
64KB

Download
memory/5212-4733-0x000000000D720000-0x000000000D820000-memory.dmp

Filesize
1024KB

Download
memory/5212-4732-0x0000000004C00000-0x0000000004C10000-memory.dmp

Filesize
64KB

Download
memory/5212-4728-0x0000000004C00000-0x0000000004C10000-memory.dmp

Filesize
64KB

Download
memory/5212-4729-0x0000000004C00000-0x0000000004C10000-memory.dmp

Filesize
64KB

Download
memory/5212-4748-0x0000000004C00000-0x0000000004C10000-memory.dmp

Filesize
64KB

Download
memory/5212-4749-0x000000000D720000-0x000000000D820000-memory.dmp

Filesize
1024KB

Download
memory/5344-1189-0x0000000008EB0000-0x0000000008EE8000-memory.dmp

Filesize
224KB

Download
memory/5344-1191-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/5344-1225-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/5344-1264-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/5344-1265-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/5344-1192-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/5344-1187-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/5344-1233-0x0000000009040000-0x000000000904A000-memory.dmp

Filesize
40KB

Download
memory/5344-1190-0x0000000008E90000-0x0000000008E9E000-memory.dmp

Filesize
56KB

Download
memory/5344-1186-0x0000000000510000-0x00000000006EA000-memory.dmp

Filesize
1.9MB

Download
memory/5344-1188-0x0000000007E80000-0x0000000007E88000-memory.dmp

Filesize
32KB

Download
memory/5652-1626-0x0000000000D30000-0x0000000000D38000-memory.dmp

Filesize
32KB

Download
memory/5652-1649-0x00000000059B0000-0x00000000059C0000-memory.dmp

Filesize
64KB

Download
memory/5652-1627-0x00000000059B0000-0x00000000059C0000-memory.dmp

Filesize
64KB

Download
memory/5720-1643-0x000000000CA40000-0x000000000CB40000-memory.dmp

Filesize
1024KB

Download
memory/5720-1621-0x0000000004AB0000-0x0000000004AC0000-memory.dmp

Filesize
64KB

Download
memory/5720-1647-0x0000000004AB0000-0x0000000004AC0000-memory.dmp

Filesize
64KB

Download
memory/5720-1651-0x000000000CA40000-0x000000000CB40000-memory.dmp

Filesize
1024KB

Download
memory/5720-1650-0x0000000004AB0000-0x0000000004AC0000-memory.dmp

Filesize
64KB

Download
memory/5720-1648-0x0000000004AB0000-0x0000000004AC0000-memory.dmp

Filesize
64KB

Download
memory/5720-1628-0x0000000004AB0000-0x0000000004AC0000-memory.dmp

Filesize
64KB

Download
memory/5720-1623-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/5720-1619-0x0000000004E60000-0x0000000004E80000-memory.dmp

Filesize
128KB

Download
memory/5720-1620-0x0000000005350000-0x0000000005454000-memory.dmp

Filesize
1.0MB

Download
memory/5720-1618-0x0000000000040000-0x000000000015E000-memory.dmp

Filesize
1.1MB

Download
memory/5720-1622-0x0000000004AB0000-0x0000000004AC0000-memory.dmp

Filesize
64KB

Download
memory/5808-4750-0x0000000005940000-0x0000000005950000-memory.dmp

Filesize
64KB

Download
memory/5808-4734-0x0000000005940000-0x0000000005950000-memory.dmp

Filesize
64KB

Download
memory/6024-4641-0x00000000054E0000-0x00000000054F0000-memory.dmp

Filesize
64KB

Download
memory/6024-4639-0x00000000054E0000-0x00000000054F0000-memory.dmp

Filesize
64KB

Download
memory/6024-4640-0x00000000054E0000-0x00000000054F0000-memory.dmp

Filesize
64KB

Download
memory/6060-3361-0x0000000005FA0000-0x0000000005FA1000-memory.dmp

Filesize
4KB

Download
memory/6060-3332-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download
memory/6060-3333-0x0000000005F60000-0x0000000005F61000-memory.dmp

Filesize
4KB

Download
memory/6060-3331-0x0000000005F10000-0x0000000005F11000-memory.dmp

Filesize
4KB

Download
memory/6060-3334-0x0000000005F70000-0x0000000005F71000-memory.dmp

Filesize
4KB

Download
memory/6060-3335-0x0000000005F80000-0x0000000005F81000-memory.dmp

Filesize
4KB

Download
memory/6060-3336-0x0000000005F90000-0x0000000005F91000-memory.dmp

Filesize
4KB

Download
memory/6060-3337-0x0000000000040000-0x0000000005759000-memory.dmp

Filesize
87.1MB

Download