lumma | hxxps://krnl[.]vip/

Analysis

max time kernel
349s
max time network
610s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://krnl.vip/

Score

10^/10

lumma discovery evasion spyware stealer trojan

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

RobloxPlayerBeta.exekrnl_beta.exeCefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	RobloxPlayerBeta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	krnl_beta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	KrnlUI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	CefSharp.BrowserSubprocess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe

Executes dropped EXE 12 IoCs

Processes:

krnl_beta.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeCefSharp.BrowserSubprocess.exeRobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exe

pid	process
4816	krnl_beta.exe
4584	KrnlUI.exe
5116	CefSharp.BrowserSubprocess.exe
1036	CefSharp.BrowserSubprocess.exe
4208	CefSharp.BrowserSubprocess.exe
3772	CefSharp.BrowserSubprocess.exe
2760	RobloxPlayerLauncher.exe
4244	RobloxPlayerLauncher.exe
3580	CefSharp.BrowserSubprocess.exe
5540	RobloxPlayerLauncher.exe
5760	RobloxPlayerLauncher.exe
2152	RobloxPlayerBeta.exe

Loads dropped DLL 51 IoCs

Processes:

KrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exe

pid	process
4584	KrnlUI.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
5116	CefSharp.BrowserSubprocess.exe
5116	CefSharp.BrowserSubprocess.exe
5116	CefSharp.BrowserSubprocess.exe
5116	CefSharp.BrowserSubprocess.exe
5116	CefSharp.BrowserSubprocess.exe
5116	CefSharp.BrowserSubprocess.exe
5116	CefSharp.BrowserSubprocess.exe
5116	CefSharp.BrowserSubprocess.exe
5116	CefSharp.BrowserSubprocess.exe
5116	CefSharp.BrowserSubprocess.exe
5116	CefSharp.BrowserSubprocess.exe
5116	CefSharp.BrowserSubprocess.exe
1036	CefSharp.BrowserSubprocess.exe
1036	CefSharp.BrowserSubprocess.exe
1036	CefSharp.BrowserSubprocess.exe
1036	CefSharp.BrowserSubprocess.exe
1036	CefSharp.BrowserSubprocess.exe
1036	CefSharp.BrowserSubprocess.exe
1036	CefSharp.BrowserSubprocess.exe
4208	CefSharp.BrowserSubprocess.exe
4208	CefSharp.BrowserSubprocess.exe
4208	CefSharp.BrowserSubprocess.exe
4208	CefSharp.BrowserSubprocess.exe
4208	CefSharp.BrowserSubprocess.exe
4208	CefSharp.BrowserSubprocess.exe
4208	CefSharp.BrowserSubprocess.exe
3772	CefSharp.BrowserSubprocess.exe
3772	CefSharp.BrowserSubprocess.exe
3772	CefSharp.BrowserSubprocess.exe
3772	CefSharp.BrowserSubprocess.exe
3772	CefSharp.BrowserSubprocess.exe
3772	CefSharp.BrowserSubprocess.exe
3772	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Drops desktop.ini file(s) 1 IoCs

Processes:

svchost.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerLauncher.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\Utils-debf4142-0.2.0\Utils\mergeDeep.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialRoactChat\SocialRoactChat\Models\MockMessageModel.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\installReducer\ChatVisibility\isChatHotkeyEnabled.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestCircus\PrettyFormat.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.4.2\LuauPolyfill\Array\.robloxrc	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.4.2\LuauPolyfill\Array\sort.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\avatar\scripts\humanoidR15AnimateDefaultChildren.rbxm	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\llama\llama\List\insert.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\NetworkingBlocking\NetworkingBlocking\networkRequests\createUnblockUserById.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\utilities\__tests__\extendSchema.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ReactRoblox-9c8468d8-8a7220fd\ReactRoblox\client\ReactRobloxComponentTree.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\configs\DateTimeLocaleConfigs\zh-hant.json	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\GameSettings\DottedBorder_Square.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\StudioSharedUI\default_user.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\TagEditor\VisibilityOnLightTheme.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\init.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\luaUtils\__tests__\json.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\roblox_lumberyak-b6bd621d-e6abd03f\lumberyak\init.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Tile\Enum\ItemTileEnums.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\SystemInfoProtocol.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsCarousel\FriendsCarousel\Flags\FriendsCarouselIXP.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\error\__tests__\locatedError.spec.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\JestConsole-edcba0e9-2.4.1\LuauPolyfill.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\advancedMoveResize.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\HingeCursor.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\Settings\DropDown\DropDown.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\Vehicle\SpeedBarEmpty.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Lumberyak.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\handleChannelWelcomeMessage.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\SocialLibraries\SocialLibraries\TestingAnalytics\mockAnalytics.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\SelectionImage\Components\RoundedSlot.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\TenFootUiGlobalNavTestSuite\TenFootUiGlobalNavTestSuite\jest.config.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RoduxGames-ffcfa086-ca9547e2\RoduxGames\Enums\CreatorType.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\PlatformContent\pc\textures\grass\diffuse.dds	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\StudioSharedUI\spawn_withbg_32.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\TerrainTools\mt_erode.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\AppTempCommon\Common\Action.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\DomTestingLibrary\DomTestingLibrary\types\suggestions.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\Actions\ChatPrivacySettingsFetchFailed.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\Localization\Localization\.robloxrc	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SceneManagement\SceneManagement\SurfaceGuiWithAdornee.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\InGameMenu\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ApolloClientTesting\Promise.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-201ca530-56b79d20\ExperienceChat\ChatWindow\UI\BottomLockedScrollView\BottomLockedScrollViewV2.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\Actions\CharacterAdded.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-2bd849d2-78d25f7e\ExperienceChat\BubbleChat\ChatBubble\ChatBubble.story.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\TestEZJestAdapter\JestReporters.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialTab\SocialTab\Components\GroupsTile\GroupsTile.test.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\AnimationEditor\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ui\InGameMenu\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\ViewSelector\back_zh_cn.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\Collections\Collections\Object\values.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\TenFootUiGlobalNav\TenFootUiGlobalNav\Components\GlobalNavOptionGroup\GlobalNavOptionGroup.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\ImageSet\ImageAtlas\img_set_2x_9.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\UrlBuilder\UrlBuilder\UrlPatterns\GameUrlPatterns.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\avatar\scripts\humanoidAnimatePlayEmote.rbxm	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\content\textures\TerrainTools\icon_flatten_both.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\ReactDevtoolsShared-a406e214-4230f473\ReactDevtoolsShared\bridge.lua	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Packages\_Index\RequestPipeline\lock.toml	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\FriendsLanding\FriendsLanding\installReducer\contactImporterWarning.lua	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

svchost.exesvchost.exesvchost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxPlayerBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000"	RobloxPlayerBeta.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe

Modifies data under HKEY_USERS 4 IoCs

Processes:

svchost.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "1"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248661798263028"	chrome.exe

Modifies registry class 53 IoCs

Processes:

RobloxPlayerLauncher.exeRobloxPlayerLauncher.exechrome.exesvchost.exesvchost.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	chrome.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{218B00B8-2FDC-4B60-BE2C-61D3033AF416}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{B17A8D4F-82DE-4724-8106-C58C3E081759}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-b7209bbd7dd04d17\\RobloxPlayerLauncher.exe\" %1"	RobloxPlayerLauncher.exe

Suspicious behavior: EnumeratesProcesses 46 IoCs

Processes:

chrome.exeCefSharp.BrowserSubprocess.exeKrnlUI.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exeCefSharp.BrowserSubprocess.exechrome.exeCefSharp.BrowserSubprocess.exeRobloxPlayerLauncher.exeRobloxPlayerBeta.exe

pid	process
2652	chrome.exe
2652	chrome.exe
5116	CefSharp.BrowserSubprocess.exe
5116	CefSharp.BrowserSubprocess.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
1036	CefSharp.BrowserSubprocess.exe
1036	CefSharp.BrowserSubprocess.exe
4208	CefSharp.BrowserSubprocess.exe
4208	CefSharp.BrowserSubprocess.exe
3772	CefSharp.BrowserSubprocess.exe
3772	CefSharp.BrowserSubprocess.exe
4828	chrome.exe
4828	chrome.exe
3580	CefSharp.BrowserSubprocess.exe
3580	CefSharp.BrowserSubprocess.exe
2760	RobloxPlayerLauncher.exe
2760	RobloxPlayerLauncher.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
2760	RobloxPlayerLauncher.exe
2760	RobloxPlayerLauncher.exe
2760	RobloxPlayerLauncher.exe
2760	RobloxPlayerLauncher.exe
2760	RobloxPlayerLauncher.exe
2760	RobloxPlayerLauncher.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
4584	KrnlUI.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

RobloxPlayerBeta.exe

pid process

2152 RobloxPlayerBeta.exe

pid	process
2152	RobloxPlayerBeta.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

Processes:

chrome.exe

pid	process
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe7za.exe

description	pid	process
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeRestorePrivilege	4208	7za.exe
Token: 35	4208	7za.exe
Token: SeSecurityPrivilege	4208	7za.exe
Token: SeSecurityPrivilege	4208	7za.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

chrome.exeKrnlUI.exe

pid	process
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
4584	KrnlUI.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe

Suspicious use of SendNotifyMessage 34 IoCs

Processes:

chrome.exe

pid	process
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

RobloxPlayerBeta.exeOpenWith.exeOpenWith.exe

pid process

2152 RobloxPlayerBeta.exe
2152 RobloxPlayerBeta.exe
5352 OpenWith.exe
5428 OpenWith.exe

pid	process
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
5352	OpenWith.exe
5428	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2652 wrote to memory of 3824	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 3824	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 1912	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 3640	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 3640	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe
PID 2652 wrote to memory of 5088	2652	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://krnl.vip/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2bb39758,0x7ffa2bb39768,0x7ffa2bb39778
2⤵
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:2
2⤵
PID:1912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:3640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:4836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4760 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4772 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:3968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5172 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4492 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5832 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:4928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6028 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6476 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6340 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:3212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:3112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:4244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6540 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6476 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:3660

C:\Users\Admin\Downloads\krnl_beta.exe
"C:\Users\Admin\Downloads\krnl_beta.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:4816

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4208

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
3⤵
PID:1408

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4584

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=2292,i,7258342099860434661,13740622947779128967,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2 --host-process-id=4584
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5116

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2264 --field-trial-handle=2292,i,7258342099860434661,13740622947779128967,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=4584
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1036

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=2292,i,7258342099860434661,13740622947779128967,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=4584 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4208

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3140 --field-trial-handle=2292,i,7258342099860434661,13740622947779128967,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --host-process-id=4584 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3772

C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe
"C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --cefsharpexitsub --log-file="C:\Users\Admin\AppData\Roaming\Krnl\debug.log" --mojo-platform-channel-handle=2152 --field-trial-handle=2292,i,7258342099860434661,13740622947779128967,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 --host-process-id=4584
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6716 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1032 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:3996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2764 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:3148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2764 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2768 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:5060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6964 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5576 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6008 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:1544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6112 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7184 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:2304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7036 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:3916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1616 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:1400

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
"C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2760

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6867c2d3365d29f9b40f61bb5c51a4bc7df908c0 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x6e4,0x6f8,0x6e0,0x768,0x7b0,0x109b480,0x109b490,0x109b4a0
3⤵
- Executes dropped EXE
PID:4244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=748 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:3580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5320 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6000 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:4876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:5160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=1212 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:5580

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:GJutTaL1p1Q10OZywKJnYXV6HQIEI8e9YPXjtHJyeQwxhpnePVUbJI1po_1dupwCnXhg8uo-svSxJpa0WeOkiE52uMt9gjdCGj-c_AnonDApgn4JUlyC9-oiqJcDHxUbBiEONaVz07UENEZ-4ipF3AYiFoEpazVUM94Dwveof3v-J_IUgttCHDxAnseKhlsCQCqfo1FOnHYLa3qi9wUs3eFFUay1nq9Dy6juFoHTV7o+launchtime:1680392714692+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D167772748052%26placeId%3D5972698540%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Da3451272-0f5d-4d98-85eb-c61904070da0%26joinAttemptOrigin%3DPlayButton+browsertrackerid:167772748052+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
2⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Modifies registry class
PID:5540

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6867c2d3365d29f9b40f61bb5c51a4bc7df908c0 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x720,0x724,0x728,0x688,0x730,0x6eb480,0x6eb490,0x6eb4a0
3⤵
- Executes dropped EXE
PID:5760

C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b7209bbd7dd04d17\RobloxPlayerBeta.exe" --app -t GJutTaL1p1Q10OZywKJnYXV6HQIEI8e9YPXjtHJyeQwxhpnePVUbJI1po_1dupwCnXhg8uo-svSxJpa0WeOkiE52uMt9gjdCGj-c_AnonDApgn4JUlyC9-oiqJcDHxUbBiEONaVz07UENEZ-4ipF3AYiFoEpazVUM94Dwveof3v-J_IUgttCHDxAnseKhlsCQCqfo1FOnHYLa3qi9wUs3eFFUay1nq9Dy6juFoHTV7o -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=167772748052&placeId=5972698540&isPlayTogetherGame=false&joinAttemptId=a3451272-0f5d-4d98-85eb-c61904070da0&joinAttemptOrigin=PlayButton -b 167772748052 --launchtime=1680392714692 --rloc en_us --gloc en_us
3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6732 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:5928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6128 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:5936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6924 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:5912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7104 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7184 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=744 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:5904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7124 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7436 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7428 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:3580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6340 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:4460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:3560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6448 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:7588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5380 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:7656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=3460 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7692 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:1256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7688 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:1272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7840 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:6424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7044 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:6396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7912 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:3712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7948 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:5176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8412 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8644 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8844 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:6108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9120 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:3100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8280 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:8084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8044 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:1
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8620 --field-trial-handle=1812,i,2331306264072763073,15230815759176115350,131072 /prefetch:8
2⤵
PID:6924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4564

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x510
1⤵
PID:4000

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:3512

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:3056

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5352

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:5512

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:4136

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
PID:7748

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
PID:5172

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
2.0MB

MD5
2c3024c6aec09f36db69877db35f8e4b

SHA1
b582af99bd6ba14ae8fd28bc1cbbaec7b4df393d

SHA256
ee27f9cd887945d699f4a3f406e59c49076f38cef50976821d6439c0ab356a7e

SHA512
f2741ada8dea5939075baf3da61462ccd9430c005eb07f3354abd2f686ce83603f401655adb9e990d45808404c3b48d891f7d04e00766bf2904cd12a60a1e23a

Download Submit
C:\Users\Admin\AppData\LocalLow\rbxcsettings.rbx

Filesize
256B

MD5
6e5dbe62467f14cabf68e5a211a62762

SHA1
71787113e1204d64b83aca193624ca0e26dc1da1

SHA256
c2e528ae77696bba1b9c65d37236fefce07af5c4478859c02629b9ef284acf94

SHA512
9ac16ba3e9f8756983007feecc97086f623d8332e4f3d4e40b123f516c1945da40c35c04d3d74937aa21ab25f33d09a689835bbcb3b7288a4900ede7a1f03d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4dacbfce-e0b2-4f63-a2c8-1defe307ff27.tmp

Filesize
116KB

MD5
706f8828c42f0102f26a6ca3e49bc8c2

SHA1
ab79886c285f23e7d88d2d5d12b82759429d31e4

SHA256
d2e7967b1a6608e57d371b41bfe7495993d7e6d752a237c794da163ca508fcee

SHA512
92e6d738bb559d1a1c7f5cea4e751ac3f4b1bfa04963a43006dd04cf0499d4175efcdac8fbc8dab99d5de7dd4f35c3c12dc851d8cc82ebb5ee204abcf810e723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\53ba8dbf-685e-433f-bfa9-e547ea579c95.tmp

Filesize
173KB

MD5
f86b4ba389e3bae881e94016512ea710

SHA1
1a1cd395cf41afbf325fc16ec8ba0aa0414b50df

SHA256
d274262cd779eac18ad74c9a7bda25515af23a20435b4962579f6a368b102670

SHA512
181919195abfc219acdee45da2333bd7dac381a92e6f78c1b456d6e03bbe71d24185505459432a2a8d6d4acb6fe2bf4f8664e3b2844391e034fe41b24f75fd96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
48KB

MD5
1e7768364a8db1e88535d1ca1ee9cd6b

SHA1
90d26fec8305c95cc5f6fa4b2398456d88627570

SHA256
eb24872de47889683879df871844b6468d59bb8126f106189b44bbe305853a0a

SHA512
a47fa27c6b7fe18bb7e82ce09f30d3cebc32a8cd63da4ca822ceeb1ac90569bf64e66632367673c1da9e3983c330f26a6edd7696e5e6e1814cfedef017d0fa19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
48KB

MD5
10b1102baf964d75a0ce7676ee85dbb7

SHA1
b1e6c78b08ae79f5aa021fdecd5ab04fc04c2995

SHA256
a908f0b83b50291bba322fa1d67afa9c1217c0d544d93b29fd6ecd9c394b4f95

SHA512
cfcfd7da69e1648ca1ccc86365a2977bb21ecb9aeb173a3bb95bb39adab64bc88694d2377e9dec76563cc2277ad8292be9d43b706d4dbdc1a2a23f76cfc1fb3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
96KB

MD5
2639291d875ba670fc8de04562d06173

SHA1
4f98b16e777a0acaf7dfcd51ff9b8fcd555632d6

SHA256
ac405bc669127a8143f60e44d5c94eb2eb1baf5b55b7417e0474892f4d70cc3b

SHA512
5dbd57fbbb7fa0b98a7d0f0929ea93370d7bab142f5e95defc69c0d039d4db4c6f59f6d4bbcd3fd99c215ac23640144fcf05e2a46be6f0945a89173791ff64b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
65KB

MD5
e780b1a356c63770e48e9778ae22a68c

SHA1
facff184ccf20098a7a12731f4adff06a1325192

SHA256
cc27dc8af50dcfa718e161a4451d01f20315ec24b5709d8a2f65fc1f3a62f55c

SHA512
3147cd05fe5213208d10a290ab49392c8139fe84fec18dc1b7e7392d868b9411b3e84f3e70ccb08aabf5e1fca8b0369789f778b62e41be5d84d765448f83cb38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
49KB

MD5
9e8361c00c4bc8c9c051dee5bfa339d2

SHA1
d36a51791035bf241d03661e2bbb0d13c837ef36

SHA256
e4d3dbd48148b13bf0c8c90a2319c3fafa42d4abaa9c89fcabb3585d986234f4

SHA512
3bd193a1ce0ac4f243ebf877d95e9bcb8aa287c46aa3737c85b80c0995de1ddd385d4b138718055a216f5949f0bcfe33e33e649c0982db6e8c56fcaa6b242d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c0

Filesize
162KB

MD5
b81d6636c3ad72c63e532e5180eaf7f9

SHA1
ddcd059999fff6218e98af62dbe3fa9c885a0de8

SHA256
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef

SHA512
4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c3

Filesize
21KB

MD5
44129a82842153ef9b965abfb506612a

SHA1
c0964eb2ee1a76d48e4e09e31915415d74e18bbc

SHA256
8a3908fb32a414703eff3e435566b1e5598eb3a5d50c500e70eb1a5c20d003d7

SHA512
77d149f19343d765834f2bcaa02bc160c75bd42db1fc431aba87f78257a83c4c8a7e5953c247cb7cbbaf4ae44ace269eb0a5194dfd7489d66f69489ce5dd78d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c4

Filesize
27KB

MD5
638a4990025383a0f83ebf29bdb84a68

SHA1
153e8818dc42f598e47fde8cf398f1447649a4d0

SHA256
878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6

SHA512
59a505fa1a3bea1511e8fed16dced733299928b4081665d3e3fa4fc71d6f0ed0b09934805f442bf190c9093937e1494ac938167f9beaca0223243703f73efe87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c5

Filesize
74KB

MD5
4e24875a9cfe3e80d3a251ae13e566ee

SHA1
59e3bc920b9212d15f4f20125caee2f932b183c6

SHA256
515ffb72cbeeab77ea15faf625d2f37644abae261e89d81c856bd6f3c222b14c

SHA512
ecb68651b20502066529e3b5fcb7ebba33c796a9b08f3068e87650e391b46a53ae2f9cc4693024451dbaf869b996249b73c489daee8db96c159d2595d7feee3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c6

Filesize
671KB

MD5
1cf62659a0a50329dcc6a8b8ca84e4c8

SHA1
7961077b3ad4593d7bcc7001daaf1001f65fdcbc

SHA256
b64303288981d1880064b71598c3e566dd0953107175f8ea1a3144ea6152474b

SHA512
93edefa98d5c60b924fca43fd00e17ce855fdf9160114b814b38727dd706613c13ac1535839463a54bd74032ce42d643a790199bf77926f4c43da3f1ed69fd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c7

Filesize
67KB

MD5
44ce4cc593051a33c3ae235d338c18b2

SHA1
8aa5923edf7dfa834feda3c2948d8f62ff5df3fb

SHA256
e9e41c331b7db906a0ed64f9d703ac7147709b39183eabb6fbf0bb85f8874678

SHA512
8c0e26cb07074822f5dda2e4ff05581d1f156f4c05a6a3a3ab0c3df3cf7360c920090b36462bd2d52e4e3b0e146fe4b00140be46dbaab4761d3ea2bd892c5c2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c8

Filesize
67KB

MD5
ff0955ef983050efd0813db1f0b1950d

SHA1
a2f3c0c3f6d1e188faa760734b7cb66fdd757dd6

SHA256
3c662245846588689219e752e7f947e392b4a00781637a8175eaf02cf89c7cc4

SHA512
794dc1f0b8c926d50fc3dffae3ef384bca6b054aea08a1660ff81e1a08ae9771aa98183d7cde563ad2287127e0ff04ae9b6d5a391be6a52a6bd8e782e8fabab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c9

Filesize
63KB

MD5
011166905e121145ab079e59916f8258

SHA1
ace6fe939f6485da8cedb6e5918f11b3d982e3eb

SHA256
2c4985e48ff33eaf8638e9850de29437d951860b5e0be649ef5252e320c3007b

SHA512
103dac5872b93ed484a188cc112127d4c63ce95fcb6596783cbeadf19d31e16546e4ecfb4bf5c762da5c0dbc22245711fab01f9cc53ef318ce44bec325b7f7c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ca

Filesize
47KB

MD5
ec55037c230d731b419c6d7bf64c1bc4

SHA1
df59c9fe9368dcc48258ba69a2f145302b2761df

SHA256
a01027c71264b33f60804c64b7c59a3e0dbf90fc0de90993a73e6c3d479b8948

SHA512
cad0f3cbc0355d96bc0b00776d70d0d73485c6cd7438dc1725526705c57869da7c4a7fdc2c1b6f8ed5ccab433bb42f2b33b58a37da440400309a7fee3e05fbdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cb

Filesize
48KB

MD5
ec5d553ed1c592ef6c64daaa94194358

SHA1
647f0de2ba6b511ceab755fbfb84a0cdf5d0ac6e

SHA256
47825a900e347c3ebe2ed17dba529d293ca8a3016faaad7ac8b3850df2fcf9f0

SHA512
2bd6127cb4ac72949bd136cd47b9646533e9bf224846a5cf7f3390d22b2d4c16873d12d6079e333e62a74c5e163842547cea631e12e7dd610cbfb39c908f999c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cc

Filesize
31KB

MD5
76a9809af71b8aad2bca076968813fc3

SHA1
06b2bca8a8fb1fa30d1898d99b94e85424da61ce

SHA256
4d22055efaeba5a8116bac69adb5e5570a28410518b2aa1b7165cc52ed2fb5d7

SHA512
6b893871e28ad9b6a4b67bb66d3e01b45edb11b1a1cd5e62ba339fcd7ea2281c1c0b078bf701867531bd61ac276095fdb10adb572cc1dde422e885657f2cf3d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cd

Filesize
125KB

MD5
a4160421d2605545f69a4cd6cd642902

SHA1
aaae93b146d97737fabe87a6bc741113e6899ad3

SHA256
4a4dbc62fa335e411b94a532be091c58c0c0c4fa731339f11722577d3cf6443b

SHA512
d2ba5c00c3b6c1fc58519768b0dcd23951e74c00fdd424ab4565e7c2dc9c6b8e8077dc75015d9158bfd12f4573a7feed6bc3fb16eec96785c356511c9551416f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cf

Filesize
50KB

MD5
cd2f3074326840d55a3c3ea1e99e83fe

SHA1
3a2e1d1a93506526ae3ed2b44d584af7771ff8d0

SHA256
9ec9f50ac6a5dfdf7ace0a047ab4e86a7f8ff297030f93f9b8b4e27c57fdaa51

SHA512
0685f7e50451e87f8d7d47f3373d653f7d6163ffa8ccd143a85b179d2c5c51cf494e8b5f7e561436c35bfb8ffb9304f0c49962a8bf7065830f0cc95281f4ae6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d1

Filesize
29KB

MD5
4aaba64e06ec96c4b69e8d21e62dc836

SHA1
26f1eb277651339b6c613f9493fedc917c287d1a

SHA256
d1997c12a501df3ae947be13650609c5c711ea39e172338177a9883acffd9f36

SHA512
09daa751ff9a84ca1a21ad3cea82840f9ae78b46814d10ab8d59e21c239a6f35a99ab3570cdd8adb6a22e95952b10c74f06ac8cf60026909ef13334566161fa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d2

Filesize
41KB

MD5
6555094b4b43c81b30c7a6d2e0d93e87

SHA1
7e68af0317bf1d2161f561311ad8e004d3699c5a

SHA256
c779b3ae055433b23e0e174f32e06731f8cb0e5c69f78f0b0361a641c30243b5

SHA512
8158d519e5ae39c4b08da875f0611597e53b32bf3ded494211f7443e007e66d66d8f1b813cdfaea1847db24502a2b38b10fd1143f844700d7364097cbdd21e73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d3

Filesize
67KB

MD5
fa9caf97b169b97f64425fac5776898a

SHA1
799cdbf5060714a92aa991f93202cc55f97ca60c

SHA256
29c10624673cbf80e30c64190a1bc32131ed5f4be8879fe21e4b68b22a5c24a6

SHA512
d3215213d453aecbf0767ef9c4d7de0dad34ca0029690dda17b2f8e420066aca79043055722e125fe060d44dfb45ee1a1fa3b4ab66652998663e677dbff99a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d4

Filesize
154KB

MD5
3d06c2d79fe1c2084ad91740af380c51

SHA1
6d381292aaeb00ba5a5f618e9d08371f27b9f008

SHA256
de840c7a00c7757efa46d94642084b4864b61e915376a8abddcfe6151eb34c07

SHA512
2689b981b7a4d6d8122ccfbc2a4f1560f1c8213236c7062a6b838ac61232d9bfafe19d4cd2b8f9f56e83ec737c99b006588cae77c9cd608eee9f396d7ecb3c05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d6

Filesize
625KB

MD5
708dab6ef058d891d99ca0ef4a5df226

SHA1
dae14d250a8e7eeafe19c41a9f6432c7ed8a64dd

SHA256
64354c7157e0415ce14d37bae5ba5086c67ffc330c37d6634b0be94358f56b5e

SHA512
8a6fb1d64c82c1a998e3eca863540c7dbc28e6436108e8c073ed0948e92995c5ccf264fe243865c3be1721dad755b4963ebec717088d07309e47a83d5bb50f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d8

Filesize
268KB

MD5
8c1a7e38b7e7eb7fffa6b63f19f5278d

SHA1
9ae939b06f3827fcbcbb59fc220ef284995cf7e8

SHA256
2e6d4dc9cebd2af2b983d8cf1fee4816ffc91db13729155cfeb46c0644063f27

SHA512
e63db8e911f23cd135c3d4cfb479b057217b812dacc3aea9b71e1d83f5aac425274d84b359ef1bf16f9ced53387380e76bd8d4a97d165004dcc788295a40db81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e0

Filesize
625KB

MD5
7f51c8c258920d1e276f634368311038

SHA1
89963d5fafc95a0adfce0f9943827f9d1558c6d2

SHA256
dedd35ed79945e3f9db19a6971cbb75958176f366af2933a8e92c6334cb8b6a4

SHA512
5c7a11d26416d8ff781fb5135a13decf80bc91a21d1a62a0e956283043e9e4d2e630b840918afcf058d350d26ca255c4c2e70883279ee997e4d6699abc6ccf3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e2

Filesize
36KB

MD5
949dd7b3171ff45b351416d476a06b81

SHA1
6a80424c4ff251b73c7da94d993dc6c7a00eac55

SHA256
b86ff325df0434800e36d35c9c49ec905e579aa4cdd1b7ff55858819b7835268

SHA512
4fbfd5490fff4642ae4e47f6318f5d7a0aae82b81004ad2959f7b6360ba7ef0924600fe145e2e26b17189a984bb63bff408bb4abb29a1ada85bc24623b422d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e7

Filesize
20KB

MD5
8b305c9acd3cc2db0bf39e8e39fb81ae

SHA1
255f57f97d9070c7ce5faf78fcdbda6ff0a979da

SHA256
466546caa142b1cc44efa474e7b28c20bb14abbeaf6372d6c74eaad2f64f4d72

SHA512
2dcd8fa7ac8c01aa9c1114989009f98b67f192c6ac30bfbbc32ca9d0e89c3c6ff4555bf2a6559e502076ac842e427739d1624a0b63372cbe0e9fa6b85076102f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ec

Filesize
922KB

MD5
cedece909cd5378a508d25746c48d944

SHA1
95efe67656b76d37e05a99214a32bd897af96eee

SHA256
e1afda575620f8aa1177483156444eed4b7ab2ba9e2210e5515b4390a54e38d8

SHA512
b6edc9b57c3062ebf782f7b18a3b67f8816bd558924e8009312328cd7633d4eee7b0e0996599c6a282aa84967fe38e1fefbd7eb45760105b43e151c915abe053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ee

Filesize
39KB

MD5
bf6819fe591fe3435c19d0310986987f

SHA1
8f87e85e1e3f3bbba507a500733f225072c3f5c6

SHA256
f3f1420824bc098ded8aefb4a9b544e5f7f076e08fb48d7611f241edaecf80d8

SHA512
e7e32fbba4369e29ccb97b6c240d76714607f676eac2326da1926822f30ecac2bb5c4999adafa3e0df1b6982693e05c023179e835c897b3f2d3c8ca7f00eb567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ef

Filesize
894KB

MD5
14882997dddb51f08d96a7100dbab600

SHA1
40f1853c6c8b5a9cd4b38f115c5f8746d001aef1

SHA256
125face86c08ca32b70aed8b06f57dff794c1eddedae0a7d19163d3daea9a6aa

SHA512
a90711e15aefb95112c30ca0d6361c154ace3ce17d9d6667bb434f41d4920abf2b5a77d40510ca85f42ab7b4ca4c7ad332d0b49a29eadcf3b8391e598ab69968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fd

Filesize
1024KB

MD5
df52629834fe4cdbba7375b325a39fea

SHA1
1d0d92a77e284bb1b2916d765123934bdf28657d

SHA256
82f7307794bee486ad9e0cf9b4b757b96db1540cecd97bfcbdf9fed4e3b8b6b6

SHA512
60fdb58c7532ff82d610ad02786a458cb1db409ee05c2fe4493d869305f4b49b44474551fba0ced77294243f2a9da208ac1f9fb79d026122a0f846e5f634d924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000101

Filesize
234KB

MD5
f1bcc4325d1a1a6f2376a54d492d5f2a

SHA1
c466dadb68c21be4a715561cb9f819c8095a4089

SHA256
8fc5067e280a4feffe69b0f2c784b86ea9694811dd526619a8644386b89d0ef4

SHA512
e35ea947a2da6ddb723e87716c0ad66568d09b2d7e20061f3a502474ad9e07720ab569e0be9f0d667110216102364beb56d99264013a3b81d56f0850748b8278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000112

Filesize
42KB

MD5
7ce5cb77b48a40aa50637bb9ce5c5d7b

SHA1
e9c65571392aca320b5132f6cbd58891742d8edc

SHA256
622ed8eb5ac1a7ec41c76282b1cce47845e4c414bfc59049b5ed1500c6ba8156

SHA512
6b9841f06e4736997b9a5ffd50916b4344bc5c79dcfd6aa127bc547013c248d17de8c2747b9c68e7e7b27749a9970ec3f584e532f34456618312eaa03ac5e93d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000115

Filesize
75KB

MD5
50279a11836960618bf38e01fd9f6500

SHA1
2b55bacf37a429c53af99f204c233c7e3cb5d0d3

SHA256
537aec7ac43a4519c8e21903f6664bae8e6b8b08ace31c7b4937ada0fac5b65d

SHA512
bfd4e7794f237196b027ec9b26f1b751b6ca86d9dd4120d9841b5eed0024ff69af585eba270df845e75ced9daa3a1117f2218981b6f2e0400d96e728d2cc8fe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1f4a6bc5c95f9319_0

Filesize
28KB

MD5
76484275e841812645e895493490e92c

SHA1
92bb9d00ba21e3a10909880a42409cc75ed86047

SHA256
36370aedf4bf0e4ef063fc90f0964c832d360c102020e825f4845f2fdbd9ce89

SHA512
55345412403e6a56d6c9a9f30947c2ec5f91e49e7a42c42bddef522d06b5c1e1222b252d7b0fe590b39eadb7247fb5805b3110f1ef4c73b883d01e99ab2b2bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\81f6dc517e3ee3ed_0

Filesize
269B

MD5
564066697f25c2cd511138096fdb702d

SHA1
a610941eda7451b960d09b2fe12cabba6af0903b

SHA256
47df3f60822260c2bce3ad8d47d02095a072d64aa8cb9466940033fa49117c81

SHA512
aa520a613a3d115a6ada4b2fd9d833f0fde542ea4db7026d29dfc9da2277f2e58d549a9dbe4dfbc3e56bd2c7665674115a65e4c7f02990c716b5606285105379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
6035a8aa3556b5e392b3f85c98db611d

SHA1
7b452351e921825bbc06a528aaa1abc445e71782

SHA256
5a5d439720d011c2f8e3042ae486d76ab0cb8551416b7e66edb0ce8aa3e11e76

SHA512
b4cb86317de2bed263331c4176f850e45215b8525c130a76eb67163365c90a4e2d4a367b5e0122ec838e299566ba98576d1cedf570bb2190ce45b7b95b32679b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
8ab4d87ee56c85474855f4d4bffd6db5

SHA1
8888097a6e1faf46aa4810a7b7eb919138c1f9a8

SHA256
9e580e016c2e2d1832cb9c3cb426c710725fced92a1f72d9619061d50a2d0720

SHA512
f07d2a60bb6f9963486069c761efccb077ad4f5a09563b5255112ca6849e979a6d2962ffda1e4f430b351569f6bfa9b587d84581398bcedcb64eda61dfa8fc87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
9d05c8eecb537157831a53398f373b85

SHA1
8a0ccfe2d74cf4e828fa862afb06684b454f98aa

SHA256
baca2e9cf855b7937db2138d704b6eb826d67aaa6af6e3cb81284bea58470e88

SHA512
01bfcfe98cfcebfa655a5c79bd049315d07850c12e0bdde2e9be2d639e34bc5d89465f7300207ca46699e83a6447d44fcdafa2d57116dd263e220fd22c6784b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
faaf96aa3579e80589b8660541e837d2

SHA1
9800fdfb56f05d9215c21264623ddd506b176a39

SHA256
c46d895f3605a89a4899e09a82693ddc14da028dbcc5914b4507711b7121faf4

SHA512
68be2a995717b7d1fd49b6c3d1f728d6e59f6b01a6b1f98472cf40bef65e8e563e5b29879a1cddf5cf754961fe77078a68dfc1fb20963fa60db2c942501dc9ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f8f681d6daa706fb2dc00221578cdd8b

SHA1
7b5e72780c29a52a17c4dba3125d7c349f8631b8

SHA256
8657e3e321e4c6920b5469b1ca494467ec76b1a7a60c70fdded0fcc8bd8155ac

SHA512
795ef932fb9bdcff8a51b1f8eddb2143f663ff66edc231a70ed6d7b972caccf14caa2967d99667f9dbf302342d5cdc6f749ae20a0f66132ee1f3d78aed4591a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
98825bb605e7e594ee2bf07002920f06

SHA1
f639847282a86015bc5be5bd18de5f09c4e61369

SHA256
2891ad2728facdbe6c3c7072b1bcc32289fa34eb116e23d0aa43062cb5b8f15b

SHA512
c566a90efa83eae9ff011fb616243bfe20fa30f7030528359875fd266b99e59bf5380fb3c4ce1c337ec6c0fc60f7ae26379af34c271851ba94f5f1661cbb4fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_gifttopsurvey.top_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
b2d9d299ae20fa213a62d222efae5ac8

SHA1
ce82b041400a8a27285fba0c523ae86118796609

SHA256
b104e4aebfb0ef68671e78b448a854b4eaa240edf369ef1590bc49d5ea6fe993

SHA512
768cc5877902b5ed580f23bf21bf34ba115b499160aadaeb74b3a8b0a88e5b5de58d79b49cfa4898d775afecf077a980e5ad6b71a82a389fcc65df1941b41602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
658102b2ed2ba184fab5c5555bde5851

SHA1
23ef0b88d6fa5a7bde0b2059d0dd2352c96aacaa

SHA256
37efe300fb621e732f2dd8fa941482af92710ef1fb62a8fce9f990b4daedab1d

SHA512
aa5e369e0efaba3eb79f935c0abf1f27ec7903050a5c61a97a4bbae52685f333bf606d40555937d1a391ea1ab72936f787709afffbc683f44e7e4547c81673f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
455aea1d5533bbff11490eeffadf82d8

SHA1
d185a6fd340d57d785a6fb6511735e61e2794a2b

SHA256
7bce918d2300603cf72d09007d15bfeaaa702289382269ba2ac45278c492c682

SHA512
105c9516d83288149924d629127cd1c50b7b79e04ad71575c30e60cda35ea8a54f674e772b4cce9a537ae55006673cad63c9299d0cbbac150a71a45e13178069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
f9e73d2ff38ea8a02ff168a4141b345a

SHA1
33b0a5353071ad792da09a12a2da4090fd517fb2

SHA256
dcbb72a74f5cd80098a2d8f9c862544701c2afcfe7781d6d1dda2cadb3ea28d1

SHA512
f22e1f95092890c841575d9d16856277227d54396eea1426169ab417f94775a040ec0f08fcbc6a34151e80a3ac65c1178312f23c586418d7a48ebcdf628fb80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5b4f365184e120872455919f6248d04

SHA1
9747f82de5b31d3b2212cafcfa281899e73b398c

SHA256
941426196d139041685bad5f1b5a6e748f9047af4ce5e5aa448f40cf3fe458e2

SHA512
6c8221e0b140d9ab61e9598886b02542f654ba54f02896e42b0332dd1223a0cc7b78c7499a11188b88c5097d829c792d148a929af84236eef4887a361df40ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
275251cd750b6971fb3f350e19a41039

SHA1
138c46cc09dbe49a42caf171151058af981c154b

SHA256
0e0f7236af01f2e6ef38fd587ea78de240e993ce1aaa593fe9f1f49790ec1adf

SHA512
c9ca7a667eee04ddf5d5dceb773706452fb2dfb78a38f1d91321c7094a3e3ae1377ce8f10a264707ecc0f85e32fc4e4b317529153d3a17480bdac1e440c1a90e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8e548cb1d6b1c89a1ffc8535ceceb54e

SHA1
1e3b5d26cc0713fa048599c6f0d502b03b1eaaa1

SHA256
bdf58f9b8b8c76520215a3c06a8d9e4f7c901205ce9ebfe750c36f7310c39ad4

SHA512
1d40c8d2a955a6edb330b007180a5bc9a8d04fab912e08d9371855e4dc7e42419898d273ee76d5ed1c23a8f1144c28cbd5d6646aa332964a37e55c872d11061a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
a73fdbb003a139a7a4ea203f3db605a6

SHA1
9eb644333b5e2cd4c1db3b6f4f347cbb8f2b545f

SHA256
b4432e664d20c82fa2f29d2f12df945d89614e190c89cd45579336291caca882

SHA512
e4cf3a9dff3b7b6723c898aea4b89aad8c2cfa791e8d95f1dd7040e883993a738880782cdb277915b49db9cab4d64db1db698eb07373d2417ee1673e5f05d95e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
40aa6b770bc5966647c000cd6fc06447

SHA1
f8975c1d2f88b4caebff4c1bf05c2d9b67729892

SHA256
878692be81a952cc95c0dfc128a6a66de864d1096813980bbbf0c24a1b939e73

SHA512
1609bb61c4276fe592e27fb94c1b3cfffcb66698adb30cc40c781b7cf208a8644bd4bae1cd9d916a5c4a1ddf0ec066900692efaaf7df8363b443003da6bd53ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8bea175c74a139f254a149bb31a4a893

SHA1
86577aebe4995d7b4a3733c07a5c5ef6f6fcc3ca

SHA256
bd4159d1d2b6b11e8da4246e6226b2c32463c45a49b1e4ee5f94aabed22fb260

SHA512
271c8dfbb103c3f4a5f90c756ec28a03f47da391f8b54ad706ce91999952e2f435b8e580f5a11b6ae964db1eb6833a2528225ab61f4bd025475b5a4361823ec4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0122193eea0d9293ea9f27c0a31b16bb

SHA1
ffbe1b7e78c4bc81b72eaf939d267c1884a9da16

SHA256
73377032288f736bc66191fb2513c28d7f0f43b1258a53515abff408477815f0

SHA512
76ffefe0018d2902b03e737187b3708979fc85f4057ed46e9c7b59ac68285ed257070bcfe0dafdc7cc36f41c7c38fa1ea6d5325332f33085e686d2d2dc2fb6bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
d10a2f72567fd9846a75dba42ba5aa7e

SHA1
08220a07e91ae7c53f28afee1ff2eda53ab0faea

SHA256
92e9cff63f9b8599ee0c67c4650db04f5e0c8e6dc2ac5e22911b743631192e7f

SHA512
bb5c362b1eb132376ce6d35d623ae5b25d0164e57483c9bc2d10d175686e5019ed03db62899a2e2d9ebae880ae63c93ff957dd952b20b35942dac0809fb82cf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
e8f8b65ab29b05240334f4f627f16a0d

SHA1
ba0b649476c3759daca318e5552fb01364489359

SHA256
5abfc2780b4e7055e73e3a8da88624b4b99e97d84d073d7702a1d4364988ab62

SHA512
3575c126ade1b1e5ded22ad722d7250bce74492c28e5590dbf2b731ae87c754ab944749a0880a9430c114cf949d2f3ed5dc9fe776f117a01029369cdc3c82b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
751d9ca4881f7586b44ecff84385eb4d

SHA1
6270de96c7cc7d91219c851fe2e6f72e189e157c

SHA256
89b13df904053a14d0387cc72f4cdf0d0ab287451e08a1f3667a0a0df4b370e7

SHA512
1d9783db530684316df40a59efe878da4e6522d77ed359ccfe2577e8b9438481b246bde9bc03a26435961a3aba099d41c9aff14933406842a940fc4672d7d4b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
5c1b109944d1494c025fcf64e78bda9e

SHA1
4ec510a48358d1f8aa1a67b63f25db146bffd854

SHA256
8b496378ad91cddac03febe8edfc828086376cadf4cdb17254f3129c7f0d1ee3

SHA512
cfc8fdc6d575ed6eacbafcefad06cafc6caeb4b37c0b9365b89b9e755c9919dab41815595f6e04fc0f94379aeb63093ae2f8d9654512d03b188597185f267dc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
19fc39254e3f00e536a3139209d80d1c

SHA1
e102737d09291dd9aea18ed764f27081c93fa52c

SHA256
95898587ffd30b912ece1cb8d34d018e91c37f2e5369797a897950f51f556661

SHA512
7fc1ae9abe33660b93f3a81a78921c1d4b0bd3cb3d5a5f4b3dd10d3dcfd50b622abfdfe6e334f318c3260afb639ecf04b6b538969f6a2cffe22e00f0ed190a58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
51f14ba3ca34810125db7575b972912c

SHA1
db55945771b096eae6ea2c23dace626a16743649

SHA256
bd5fbc3b8fb12f9ae9411d2d529133c908e0ffb49805b9c6b08f714da3441923

SHA512
5df3802925c3a86ba5c6df092c7eb4d19a80bbb27ba70eb27a0f6c6fc24ff715bf3ae27001915fd2c0cf46d0c99cc6f93f5ab0c4445d1c88095cdfc5eba48215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
03bd2a3c628bad0215c3281435cad6d7

SHA1
1f799551a1e6c80393e102b7baeec041da65b73a

SHA256
3711b1f131ddbdf36310d3dd4f0956b78fedca6f587b65300a8350081c3d620d

SHA512
f1f513b9f31c6f35ec8e9eade3a0164710a4f92782753c13756c542239c666450664ada9d46197be7768a4bf37bf07e2cbf019b1fe9941c43fb72cd32b8738a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
08fd29a1bc48af75e28f00c362958a9b

SHA1
b4f2da2fe9bc61deb6584dd786093a1df0780eab

SHA256
4fa6246cd5050261f4f598eaa70e60d39f05f35a6280e3eb3d4b67800c586ba0

SHA512
a569135632d367d601ce56d4c7af78df5a164e37eef38f9e17c2f394c0fef7f6a46ac1e94c2422bbd9b3a6e652c8795552412d41a3bfcd4c338f57031edd8ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
765596cd07f2f1d348bcde7ff76f9910

SHA1
560644f3f507866bc304c5bb4c6487f7a0c85678

SHA256
6a70684abedeb4f4b421b2199200c299b33a1527b56ca212b846d25c6f03a225

SHA512
74cf0709e1e9d30ef476d17ce36056ab8ba4699db60c91153a27d7b78f6d4e29b724d783cfb6884df60465fa151df730a3f2a523d96bb6da73276c2077e1513f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
f7b4fa3e14cbad237ae8b901f5c177e1

SHA1
b42c25ba8119f4260718364126cf43c798844d0c

SHA256
74d6d1604cfd0a207d7674688ee4d290c107333ec20513394fd33b641a460660

SHA512
49c53e1c4c5e8febd1a2340ea477efae3d2df6bb7c1366ada71eba0b94795a31d2c080cdec20fea5bcea30c011d3b000ad61813e3003f8fd6f555d333e1e8591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a6b4faf7060c53abb089f43e10fe7028

SHA1
510aa29456655bcd7add5264ac691c685955c149

SHA256
fd61b2e3e3d6aef3456867e4f1a109523a7b2cb49651fd1e447267b5d7f7f6e0

SHA512
dc5c6dce4da3598084727ca44897b284c1f992a3c46aa3c835e932410fc51a28c902d1b578a6d6140d32b6c4eea11be6d0cd8fc7c031e082c8d55a36211c2966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
544480cd5f4237c3850b0c9e4e46ef33

SHA1
76234e89ceb0cab88585be388c7afe1c63e9ad2a

SHA256
407be2406d179119441d839913b1d94436b076a515415050da01cebf067686de

SHA512
d2c330e26843d38d2d0d32166d5b96e345fed1988bb4c5fc49f5352702341a8ee344c1dc911824cf2b1f7664a577d5b476481e65342967cb1f969d66a2e520b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ded5e42549cf98e0c043ec68421ac248

SHA1
d2699730d75c1fc60f6f29603620ed55c7f89f63

SHA256
d57a9521bb87ef963e4c515d44e67d30dcae21582f2b87c482c8d4584b8ea113

SHA512
c568eeafe78857aa42a49620dbd8cbea909dfaa72ca0b8a2520cdf1f42ad3cf023134b30416ed57e65ec08786006200b11e0ccddaadc45a22b44f6b51dd632a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d461ae9ce50235687f57e3b3f6f2ff92

SHA1
118906eadb2bf01a3e062c6a2e8f14b5c93dae7a

SHA256
fc4c92e1e572970a6de08957097ffa09a416a30610d69f74fbb5a3a1244f7086

SHA512
0bc1a8b6f9d4000a157926dfe4f58bd9582bf5971d3cf5f2ca6b38f41ab0b92f962fff51e2a550d2906c155617602649462ab64785454995d383d06f5c5ab9b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d8456f60147c391fd81ccc9dbfec5da0

SHA1
ed43a43aed3fbdd73a759428c323dbd27c1e0eab

SHA256
232706054ec5075bad6ba432f793802d709533e04d669de5b9020a860b6af4a7

SHA512
cbe19e2d92d06f55a94eb6f95b752543f0ff14ce3deee9e31aecbbdeb3328a141bdf7fe0d274e5afd203b4beb84fc25ccac87ced7195a792673eb8eac683a23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8a09cdd91601e1a6a94d23eec612af43

SHA1
aa1a737ed8a1c8c088c18ab58ee46e2800293795

SHA256
39d64b356809bc56d2b7f1a19bef4521ccc75007478a11cb9bcd678fef3a8867

SHA512
e96a4460ba6f3bef09be239544abd43200157d3d42e7e22cad39802b830abe28f9674fb59f06dfee2764d447050eeaa73d1b8437ea95b9fd73182d977178a708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
36cc774fa6410cb5d2d05c53bedc1f90

SHA1
32a722a8b5ef951c516cede2c3cab1cbccf618a8

SHA256
f1a0c6cbc84df19877ec5a9f959d26db83ed817f39dd755973344e7d01990c7e

SHA512
ab52b48f887aca27fcf6c48e20d3550f25cd7abff6d18c6340affd60579b18712106d3f8ba3a3c05673b65689145d4721f2ad1accf5e2fc20c58375ba01df942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ad36b29fb8943ee0f25ecb1d36877afd

SHA1
fdce2f0874dfa464887252306bf1358f4e65f5fc

SHA256
f3d670af0e1e231f84408a195ad6190ef556b7cebcbd5246ff70c3980b6788b7

SHA512
88902c84822c2ca95f3e08d3dd1e175a0badb0ae92e016766ead611ee4d5b59d4682363c7a9b0f0f20642d03e67db37e7fbd8103e9c54159070dddcb6a6db43a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e99a1f3c7d78056e514424b7f665238a

SHA1
5a15823f580895677cc9ae13245ac95ce40a5ba1

SHA256
efc38a67ea854ca6c702ef4ecbd95291474266a34d94f5419dff018ea04f6ef3

SHA512
05b5a09082fa92de3600254a35bc5eff325b8c94bd832570f1735d749619b67e6c8eaa86c7265cd9ee03e9dd37da40eed6b31b221ee34e64a108fd2409e6f6cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4a9c39ebc9a00bc9a6edf1469b8ea3ab

SHA1
c8c6f2864244f139d33ac6e8d9dba22b249d6774

SHA256
839696aa3fa972a383e099f33cb01f96e87f48f22e9a3c46a145dea993876c24

SHA512
8ef67d9603505c1a548c1cda053b539c946d5e9cc6088d9988946c3b9b7d720d43eaa29ca6adc7de58947b1fc9a922f6f0b537295acb645a136d2d1f231defa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
34feb63e594d0b8b5bfc8c7beb2350f8

SHA1
882914a4da82a03cd02c38cc48b4ab93bc10b5ec

SHA256
d4f2e0e1da64fdeb3239527d0d2cdcd91f0db00ee79c7f279e78b338436e1ca8

SHA512
7dc5a985b5341de40299f6dcb31ecd4a3acfb01be9fa8430d88be2ae5323e0b825a48f87d2e69ad5b84aa91287f38e2752151b23ad839ee917880faa818d2246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
51b268454d9fa51593f5a2c7c5f81108

SHA1
4883daa1abf1503e38eb176e5d58be0648dfb8d8

SHA256
8e30ab0323f40c269bb2dc1d0dff51c4c7feafda8d80dcefc3a069318ff0caad

SHA512
3e9ffe6ad896e558798dc37a092e836b5942c48df8eaffcd19d6d2d3ea424fbb315c6441b34df72a22e5fb7854855574f1cfe745c45aca542627e007177897a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5524f56fcd239198cd76b52ce7f1c458

SHA1
a2b4f33bfbbbb299b9d0984346f912246f4e2a1f

SHA256
7dd550bf1f60f8a8108fd85ae9f9c4a04a6f35e165c5625e76e38e0102ebe44f

SHA512
6430d5c075edb4dbaa869a91b556a2f4bc26160df3956c069e52ce4b766d0f289c79f67b0c870cc3b85397456fe211814513c153cdc450a9d704a588c43b59d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b3630ca2eb7cd36e12bf2f8a6d2276e8

SHA1
66423311d4846862c13ca537686158366b3e4ba1

SHA256
48f54ae328b5cdf09654d253b12fc9c7eeb042e1437572c9708a266380d82538

SHA512
dae7e71dfaeaa0b68c742efbc6a8318ad185c851327c8b5b4e1fb977f48eaca5402bea7c463318336f242a84c3125ac8167dfcf96324434debb0e4d783c260f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
52KB

MD5
7782812e639314aa12accae0fdd12cc5

SHA1
99f6a307630604326f4f2ca3ff876f69c2b86750

SHA256
ba49139a2a2962d4efa03733ef55cb8faecb554f87c7617777531c77a279fdd6

SHA512
065eb23fa60b3dda47792b9f997cd908957c3c0ea758025d8f1aa4d68fe625c182161628f85f9f4b0cbb55e5cc89be459ffebf45a9d365e2f1b3bea14bfcc536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e375bfda0a9fa69705a6d03a0ca9afa9

SHA1
1c005d97b2dde8470fc203f7ffe6579b025f332e

SHA256
2580ff1b087608b6e033a5a4a717233c954b0c5fa7df3ddc7faa3917c61c4fda

SHA512
79d51e80ee41f2dda92cca9d187e1b5c76e8f911dc94def940e95b4e075c1e368f4432def5f56f0aa9a91a27183d3a6a7155e3a425c5d4a998725bd95cf985a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e6ab861bdcd07948421ea3a0bb2d502

SHA1
661e82d640d96c55ff75793942fe5fb0d3d56d9b

SHA256
d221ed3c34e5243ef2b792460b1ed4614f4c3f2d7da87435785deed49b7b0ab3

SHA512
63fc7baa9366855311f36e966a40af8eb53fbe872a79d1fc2aa8a707d7df23a4cc7a18491f3cadfc4e8bf6be42337ab33323b7e6eb085c9f7305a1724064e7d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a6e16eb6b9483f2c4cc5054b36742bef

SHA1
dcd2ab2268238ccae0b1f5c898887adacb54326c

SHA256
f279803cf972991527384832d347bdbc0aa78d53bc39ab9a7d98a7e8b22563d0

SHA512
5306e6e17b887f24c561f3b42244dc3fc79710a6e12e76335658efbdf9bedb126298417a28d948c2b08832f0b34d9e2d2a48feb62714b8ce88d70daf7bf9127e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
980ed7e8dc979fd487f6ce70ad78c877

SHA1
dd4dee44669116743f2b3b07d69d601dde997360

SHA256
dc7ce7bec0daf8be1f05abce375aca042e9fdea21c38f38265912adf6db1688f

SHA512
121819a9f621df24609720a67b73e23384345289342c975abcf83b86a988fdedd9d91f1fc2efd6505ff55b4232ebbcfa91bd797364a750ed66bc2c93bc76d19d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a6814f248b1335283c15ceb685a94d24

SHA1
7af964604c1688c709a4827efbd637d5b7f1f337

SHA256
7a27ab3101e3043a98753a2c64d987a41da16dd18bcce2060b43337ddecf7804

SHA512
d0ba2efac570c713086768f0bbae77513479e4d49c55cccb67297b1e4f767705b4213967fad655ba320720268f560fbf2973b1fc53d814ed73152f0798cf6de1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e1f68e2dd52f7dd499aef85aea1ff50c

SHA1
8e8749b7bef08d9bcbfeb97113d47daad1848812

SHA256
0db823cced5089d2fa7ecb6da80200efb8a498ff47000629b8fce44b18d50f0d

SHA512
f9f9c1976c917bb0f0d58386265cb4f72f23100d68143a5ed8e538fdca72c59740ceb30930087e77d2686f15619d3f3038dbacc1addcfee50f407d0fad8ce7d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ff9d9d6053446521ee863cd9ebb8fc07

SHA1
c8749b6e07545b592a950c9817d8e516a26a9715

SHA256
66ed8abc6f4525c5c03e13d9399ca1dfc6cb195b7b8d98d3da2c2ffe9f93c05f

SHA512
1a650a6e8379da2e7467ab98e30b64720e3cbb9d26273f116f6dd0e570f620aa2c5b9d3cbd38531e9b3091ba133be05992f9ba37bd738db7f8246477f6264a95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf5ae41b224966171a24b77b576a99c6

SHA1
a07b7b849d6fe897142ea01c1ddaca29fd92da61

SHA256
b0a665d061fbf14a933427e85b803677b21e4ffa9fd608445660d30d0bcf6e8f

SHA512
63a3e58f3d5fc46f8040a5d5cbbb517d95b278a8404e463f8e7df8fe6cb8d91e125a8ec6408ae8eca683f9d572674aaeb12d9d6841969db8ccf692a4049f6f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
07961430bf23f3762b38ac187e2bc207

SHA1
896eb74425e30559963946b97912c3e80bea4a28

SHA256
b7dc8e690ca18d5a49ecd72265d545c2c2968f24bcddbdef3c151564582ec23a

SHA512
90c466e92d8afa462e4eeb7408b5f918f0eabcc568341c2f388651ea5564c1f2589d0d178a6b1b0f4a270092be870ab18fabf9daceee766c3ddbccc3b870dd19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cbabd8f785335a2238d825cee9a1fa13

SHA1
43af5d1f3d4ee6600878f4bdf1db7b30d0ed750d

SHA256
418076775a394d3132bfd607929518f06f2e5068da1d3a01d1186e816107a123

SHA512
e171faffb9e05f0016e107406e6e36a934507f878c85db91478558c42086ddefee9dfad6852ef6f49489eb1778d8ecc35a11e8ed03cda904eb5039f0c4a01afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f8470763b88d6c01ff6e7c6294136eaf

SHA1
5bf63f3d6d8e84cf18c753a559930cf3a6682634

SHA256
f28b68f6d753b0f1da31a9e99ace63b2e2fb8c49c36c343a7f198cbd95fcc83f

SHA512
43f47122d5d20332d1071ae8f4149d688ceaec42a2ee28193c5156b02051bd078bb33e1d3e2757f98d2989409ce3935ed30c4bab8d201e66d0a8cd15d0803cde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
2d7c692c34ce1d18c558aa5d73174bac

SHA1
5717733e39522010b78ceb4a42366035534fb24a

SHA256
c59ca28a88c7076f6edfc0fbebee83b4b1f42fb280050f12d4dd739a6682a4a2

SHA512
45f603a35c7c453cab6d022e72dd004727469f9765115f17b66042c890e5ac3f2467ec34c0c79196293ba57a12def9201113b48b11317d2b89dd9e06a3e903ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ec0be.TMP

Filesize
48B

MD5
8d3b7f36bacd3b561f6158f8966d3e7b

SHA1
495f0ce3df6b20d30805bfd7950a3b4aebc686ed

SHA256
d2f2cd35edb6ff97610664e33267709ed2731d161aca15f399c9d4013efe6014

SHA512
c5394318ebbc0fb9d730d12b7b418f9d2b348aa60ff2d8a394f992a1221527fad7f115f5f4ae610f486e198f41262ec6441d2d881ea5904f242d7ad3bf83b864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\863d0db8-6c00-4bcc-b130-efb469b32906\12

Filesize
4.8MB

MD5
0a784e1cb87e00e749d71cc878940327

SHA1
2831e714f677ff270e8928d76e19577c2e2c4c35

SHA256
931a0802aebf30d4ed58090413bca1b4a6de71f372bc095ffac8b8689a4307e9

SHA512
f087250664ec621e90e5066595433bc0c216534deaebff0f91599f892f23f01c9ccee59158b933a14368297963702fb6c6ccf203022e9b20bc3cee03d2459499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\863d0db8-6c00-4bcc-b130-efb469b32906\17

Filesize
4.5MB

MD5
4ad23147bfa46dfbd495d11be158343c

SHA1
ccc1e9290057925d5296cb73b32a382c3f5a327b

SHA256
06e49d137e7e62e2b10100feab80c1bf59f34444b84fb928243594990ce665f1

SHA512
b66eef24fd5351107e5739caf5537d76ea6fd6632aa287378b9e90f870456b3bb8dfb0a3002c686f62c600ffb20cec75b79a1d0260c5f1e89e6cd6a0ddaabcf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\863d0db8-6c00-4bcc-b130-efb469b32906\34

Filesize
4.5MB

MD5
40133d1c99344b07dfecb5fa8a4a3639

SHA1
da86f0ad64ab41af10102d19f3b812332f4d7183

SHA256
0f0e0d8d0f319a28c8df0f48b65a1f82a48130cfa39baeff00b5fc1f2d26fecd

SHA512
fb53dde0345a11ba7f14ce4518d72ecffee6e1700ef0a537c6cc7fa858612f082573ab6ab6a77e1164357f6505090486e74f8bae550f148e0ad0c8c89ba8475d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\863d0db8-6c00-4bcc-b130-efb469b32906\35

Filesize
4.5MB

MD5
0667b9fbae5b5cde2c47953c0671693d

SHA1
0e38665edcac876b6f28b29f0145595093e52618

SHA256
ee1cae44aec00f3e9b6900880f039e60b29be540d8355de56330f44dd015e537

SHA512
45f11fcb762deaa4f0dc4334e302ad83972eef92cfca93be07303f35f05681e4bb9b4b2c431900b3934952eac27baf13d9c320665b07c07e185491ab267f9ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
eae9e0bf6df2d9c85ff227db75619fc5

SHA1
80af23326f621cc514c2924e188688c980f4912d

SHA256
7b517a553cf76f5d9527b24aab3452749fdfe03435c50c7e8cc07fb8e8355eb5

SHA512
424aa0d5d7d3ea3a1443c4c198892040e1a963b23a7d84b61e1019801dc32c19a80c4572261abbe98fc8bf80a02c514e0d39f8b025ea88609049f8c5197f5aa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
d7849367c7388c2146d294c5b9944ec4

SHA1
7d7eb1b7c0e44ec00c13b8200def20deee48c07b

SHA256
98f25a3b92e8c936922dcd085ef3629975728acebb8ab2236a448223cca5ec4a

SHA512
3c4f97a628df72ab1b273a4bc904557a6037e261137ff23553dedb676fc19321f44bb4ad92d052440ed66246f69c230ce8fb7d77708b5e8ce7ab3c3486a779df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
8e09b373fe9a4bb2ab7b1baeb5f89ae1

SHA1
2c17faf59dbcfa2eeaf1d62d9a8bfd6bb6e036b4

SHA256
8c1efeab6e0e47036eebb2f2fe987da3a388900bd47d576da82b885f75b36443

SHA512
f482a5663a99c6b7556bb4ab5b55922e5b64fb918e7888f6d4e65492baa513cc85eceecb1e69fa71559ce5a283af2f6a8b3708dbad25ceeed6ca40169b9cca1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
4d6fc2d42efb97d40ae8fae5d8d4bab7

SHA1
11b828144ff96af71e7613788a5466af79b0b451

SHA256
7682ad6f938f87a92312333cddbcd4b8838bacbee806893e6d546c4674169c16

SHA512
37286067672e5a964b26d8058e62f969da383f32d3c8811919369d17a79f6b11b1be8134c97ec66725013f894fd018cf20832675fc1c0550073fe6ef0123a466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
bb7c2a6bc7d16a987c02f4b908c503f3

SHA1
e17d21e0bc548383284015dfe7794fd72ade81bd

SHA256
8c06e6d8740072327fb29700728c5da011debac3fa3bbe7c83272f0dcf3273bd

SHA512
45d6a1caf93c97cdb25b0e7149674d97a65734ee29232242403576424074e1ed0881d38a37fd18542fc27163c79b3318572891950b399504c4eb761000e85423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
4c56f9cc19f240fb4a7f90aba0479ba9

SHA1
da913ab0ce7defa184789f9155ca686f7811228c

SHA256
39c08c02cc8793b4e65443aa3e54ff6e2999d79040675cf9cf6707d928ed5d9a

SHA512
b2f0c8714e444498773fcfe164c2a7b146c2c0bd943eefb4a4e0d5857230aee24edb1719559b759d7bf75580a1309c88f5012614446e684718685ef65849bd0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
2111b1131208eeaa27a0b650f920a682

SHA1
453e811fe54db53919f331c800d4099805c0c965

SHA256
eee41f9569a5478755f893d2c935596e2581e2807fa6ea1b04fda11981ea10c8

SHA512
196cabbbce8569ab8658b42a237de7d2d8c08b9672d90199c07eb290be91524befd6af692e6defa9f289ef760dbf9bfe0861d6e361a46fb614bce57c11298587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
3df500fcb0faa79a2deef2735f9774b1

SHA1
dfc5322b5199b228451b9adc6074a1f2ab890931

SHA256
eb28d2321a1210a58c968d181f5388c9b3811d8c8ab47e4a404894dbd0f1d886

SHA512
0a61b7df8d31a0efeba1e3b38bab8e9b3e3785d5ed269fc5ea730c4a6d468b1f3d425ed8da56e8aa40f22785f9be63cbdb98dd3875b95ee244b3cd7fcf5964fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
d7e588011172ccb2636912ab15b6bd17

SHA1
17f329888a81aa5d558132afea515c6019871bf3

SHA256
224e42f46c726171171b99e6a0deecc59d3444b329adb2dbf7b3078c65aefcdb

SHA512
f08d5293141e2911fcabdc7cc6c13ef40bec5386a065538f6de96d192e7e47934624e1798dd1066776266cc61a6412fd4ce312187bc4668e9c204b75bb90bb72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
123KB

MD5
b74d4c55af59e70efa5db66402e95f45

SHA1
13831ce9ee39db92f89660ffecab9b3bae30e529

SHA256
66a570e2d70dbf0f76563cd73519118ecf7c5dd38750ea690550000f7d2aa05a

SHA512
2b0d6e40136d350c07d1d8a5e1fa4ae7d5a0f0edb3d2fa88390cc8310c843c12274e97637f912c974942c28ac14815099eefcc3efa55dbe2f2fcb8dc274004fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
119KB

MD5
203c6a8ab2fa916cbc5aed428fc4c516

SHA1
68d9d6695573cc6c0902566fa72f3a0edcde284c

SHA256
ad1d81b08e8fcf390b6fb56683892cdcca0d93aa98e959c4106f9313af272601

SHA512
81aefbb8679447dbed2a36ac982c258a851fdb48cef96d0ab8a042dd797079bc75517e824aed98f3aca06f6364bc6fc0d8655ef5299261e43a355e45182b5ff6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586472.TMP

Filesize
116KB

MD5
85ca540aecfce427ed23800334abf829

SHA1
4174b68ccaaf134e73cec127389d8b20e3a36752

SHA256
ac97e0ffc546f8c08a658f6213a8ddd467f378bb75eef62913c037446d057725

SHA512
740c61fded3da872ead9e588c62a98173d1728a6cdc911bfa7ee6146d1b7a78e5a3a3becd8b6f15a12c3a17ab23f11fc39e7b3bdf676529723fdebc01bd2601a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\BatchIncrement[1].json

Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\WindowsPlayer[1].json

Filesize
119B

MD5
efd3cb52d253121d226d4993f3a53fd0

SHA1
066779a7678c6134132c56f9c0e64cb5423711b0

SHA256
d49f693ce8ccf0d4cf1704efe4b60fdec4ef93b455ea6da3fef2d83b6151a458

SHA512
b49042157eb0c5f3024b14093cd9e626992ab59446b67f680d5bc5c6be586df406caecaaa9b33ac3cdd1585f54c68d4fd3fa81227ea86fb5fbfb44fd66779ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\0ad66925-950d-4ff1-a659-bf6378e5b583.tmp

Filesize
171KB

MD5
2fc279b4cd4ace33a72aa2ae05a83704

SHA1
0c489167cf0fa7d59ea27d3ec6f09099ed568159

SHA256
a81b5014e5509a0044044f21bff1e8eee3cfb4d074e8387e827878b29397b46b

SHA512
1ae360a198d71338223b296274ba5951617a5d044f0cdcf2c4585bf3e8134ee19c8db45c2f3c04daba85889925fd2cd1731b49889bff094beeb2b5289a24444e

Download Submit
C:\Users\Admin\AppData\Local\Temp\4584_688866580\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Users\Admin\AppData\Local\Temp\4584_688866580\manifest.json

Filesize
984B

MD5
59741ca0b4ed8f06f8984e5c91747a4a

SHA1
334c396dd6e710de0e5b82b93cfaba764abc0331

SHA256
8dabab92309c13bbbf130183e757967bb1d80b47d06d678d12bd7009bc4e0dd7

SHA512
9ff5db978545120a033f5899444cfce08fbb3bb68afd3ca4be394adf781f42c8689c3a2a3d929c0d391a7902315e2073509eb5f8344b96e186b1a63f35d565c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\1ef51cd9a86410704733a9594249d326

Filesize
91B

MD5
21b57f77f2d6c32467e2e9f51ce0d8de

SHA1
d3e3c0d9d377de49ab44f5eca3ea2e0e5d8049d2

SHA256
2f2101a88e0b4875e597e289c68a7300771bf748b52093b1799466c4d548d587

SHA512
899a6940ca76fa46e3a416e254bc516342aa52c59906eef810240e632098b06007b2d9eb7f1f3945854ed8bde65b678201298f5f2b5980d3e997f27cdfe7d718

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\4743d3ed8ea67aeec84aeadb8789f5f2

Filesize
150KB

MD5
3f6bf06af294f1d18dcf27bbce76aa2d

SHA1
a281230ec9e51d48886ea24382a6306f7f85cbde

SHA256
46d089593fabf8f1c25c545f22e07afd6bfeed1295a4781480fa59be84790145

SHA512
b0b4ca5be0b0ff2ed3750db760a5b546df83890279c1dbf3e28836322c5262db6e4234a235e36bfc6b4db7b701ff6d71b3432e4b9d053dc55afaf56f2c6e8834

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\4790409506596844ba2c078c2c2f296a

Filesize
167KB

MD5
3d48a71411ed57e39f354ca5a4c6b730

SHA1
f38afac28d1cdefa1c47eccdd05ff1d189f29228

SHA256
9f9fb04630c48fccd9b08beb941bffc9e65ddf7a23acb26af60ed1eaa6262948

SHA512
aa96005532ced86698e02735ffa4cc48523198aada3e5fa67b6e0d25b9747221e7b202fafa21e4c1f9810fe7b7c147f254b12953da76466c781dd7e9897c2930

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\b38a7bbb0efc0e8b76bc35ed5aa8a715

Filesize
183KB

MD5
446d0f59385a251be0a6d63f6535a533

SHA1
1740a7a4d9d41b95e612884729877af220a57dc3

SHA256
56eab8d4b5fa79aba14735c255b2e84b302cc1c89ab0018d6319969272799628

SHA512
1ad69a335f736136bcf38e279123a4df765f81fc90dd2ce0518dc413bda703e848f827711fdd90537bd98c84fb92f839ac7c99d27a7005d98aef18b00a150861

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\d4ecf83965e606253cca9235770fc9b9

Filesize
126KB

MD5
35a486a60ec97c034cc6e9f7d4182d02

SHA1
871f8aee6800ecf81979a997654054e6192d8e7a

SHA256
547d97d33c80ea093d2da13279a9eec8cc4dd1508763623605e74ef31455f3b7

SHA512
393313bb6c84eb24bd5f1b17efdd7ebc334dcdf9d3effcf98b71bfd0c7928f191d4bd04d6b8c2008db79d43a6cfdda7e430852b865ebcc58933e137ebdbed4a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\e5eb87023ac7f8658ab9cd47e661a1e3

Filesize
68KB

MD5
e39ae57b134c725b3ac5d4b4d5291a22

SHA1
fb9bb69262d01c5a2979f2edacb9b9f4973a8c74

SHA256
57014d8623f1607fd6d1879a9d3f27691658a19fc254c5e38fa02929e1254dd1

SHA512
6eada1087f083518eabc4fbcf72e9b5f56a7196d4f6156cb700a2ba03cf62eea713f429161496fed060bb7359c38faead304fc44f89df7740968ddfb98aba791

Download Submit
C:\Users\Admin\AppData\Local\Temp\Roblox\http\ef36c12e2ccd2a2366fa44d57c22a533

Filesize
281KB

MD5
5fecd8979a773329d5cc814e1f73fc2f

SHA1
04b0b19d98e9c57b51270bb09f66801f36dee1ca

SHA256
258eb9ccc5b89433aff7d77d1674fe5e11e3bdb2470569f1d0352d5d8bd02af8

SHA512
b3c973fd1e46e2e7271b15b5bae6229632440ec6e49ad6f72d9e82f0efa7fcd5ff4bd09e3040a61d93882655ac24dda7250d711f4a2b04b3ccf5c711b7329ac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d39b4498-2b5e-4f44-8560-5fee31b3b7ac.tmp

Filesize
549KB

MD5
13864e70f3d7eb9e606ee6bf6ce3451a

SHA1
331c4c24aae7596194038808de5fd5890a58b97c

SHA256
8babb658756c350028838b148e81e8d99588318f4a5516ac3a8aaacc479e6b97

SHA512
6e3b9252ab58c03aa164c99d980b8addad47b3c4ed32ab8b59d66cefc98005a18444ccb8ecee747513570fedee59135f6a8a7e39565adca0b36f6346c68bac08

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\card.config

Filesize
12B

MD5
773229091774b2b77583da0f15a718ac

SHA1
fcdbebdefc85658d65e23dcc52cd1a3ae9a12ee3

SHA256
f70e955a67aad2ee28ac0c8b1c0882c9bd9991da51b87b224a4e22eefb8956f9

SHA512
7762bbbc14bdc679c51b5d9b75b1c19b0977d70c98a1edcbceaa950e7ba42c991ae4e81768a9bd80bb1bb2bd1eed4e6a18e98e16a2ec974464850d9c14a9fc2b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\preview.png

Filesize
155KB

MD5
971fcb67b3ed9746cfd5c12032c8f54a

SHA1
378d56a2909c9b4dacc1a679664de7a3b9b48109

SHA256
94d47c3270fd8af9431722aac704778dd0e157fcffe7e24435a25368272e6bfc

SHA512
3d5e2f7112462049cd84fabce244cd51cbc341e8adc4fa27e5516855dd6f1d9727d6dde463812f6c552a732ebb2dad87ea6eed38a9bf7a1ea55800068fecfa63

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\profile.png

Filesize
7KB

MD5
fe0cf96f57839cdd21191af66c241b96

SHA1
fba1b795f839c0fbaa4e47dfd9ad79ac6c2a4562

SHA256
bafaba91b68e495a6946cfae26a1f194dd8e556c1fb28dcf1e220721eb0ecbfc

SHA512
5adf6c8fc4b24f5af253c0f03c5b57ac7243008765b3854ed4b83d758a1901997ff4e6d9e0e1918383bce19832b72fc68cc7005c8a53a329df41b2ad91162ce9

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Cmdx\script.lua

Filesize
1KB

MD5
4417aa7a7b95b7e9d91ffa8e5983577c

SHA1
367b923829db8fecf2c638fb500f161d22631715

SHA256
eafd7bc4f8aeacd998f6ffa38c8fc2ec2fb043ca97c956a0949aebb9bbbdbbe6

SHA512
04a5f440a6e00ea0aa8491ae4c6dd6aa68f704db54a43a5d6bf4c99446ae2c7792be8dcaee6542a93280eb35dc93acb60e8e4065f13c885e4186d80824feb04e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\card.config

Filesize
11B

MD5
a3d8125d741db04d38a0c2c56eb9521f

SHA1
69729d39c0b4ff201d2aa7c6a77ecb4652b22aa3

SHA256
e2e623686b91cc0075b0f86b4c4577e45d4ee2ac6fce0aeae7326550675d1a96

SHA512
014cb710f3ad4264bc6cb524c33569e297ff6eee5dd417d10e4a1519951fcc739663a794f373a86eae4a0280002b4ce2d90715e4d9328bfe18f669e98878a994

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\preview.png

Filesize
534KB

MD5
1ea0fccbceecbcfbe9c57bf230241889

SHA1
4b538297c419731bed21e7f0f8c1f921c6c3f389

SHA256
79eb0dcb2cff8cb7a620fa87284fdf79a1bfd97690d193c8caa15ffa3068c9cd

SHA512
6229d6084be3f3368a98ffa4b0aaa5899fdd85d5dd2f538987a8abce2bf1d3c378731c1b1b37e2d555e47d8812f8b5e8fef0d68241dfbf2c8952ffb1737a6909

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\profile.png

Filesize
19KB

MD5
be676e5468366d6f34839bab1a2be5dd

SHA1
14424fc881b910a406f364d1dffb22ee0dc28e04

SHA256
196c3db248754cab84491e35496aa7d2dbd93bd1f1dce0b20462c2310b13265e

SHA512
3e87468cd2fd4669a59f2a18a4a968a32414ea788eaee0f341b93387b852fcab3c0d4c5fa6a29f884520b6fa10916b39eb7791e82bc951355378356955bf2ca7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\DomainX\script.lua

Filesize
98B

MD5
1f74e0539c4f0816badd444b487dbda9

SHA1
07fc32012374195023f00353c12d800a5ed8d07b

SHA256
f01656ce161b59d49730ced251f20cea8a4aac04efbd85152e3c89e0f182a41d

SHA512
d068fb33ff098e7db909784985bd7a47b62ba607119d976c7084db8260d05b1aacb984543b556cb002f53fbb14c9107477e9d1b51a78648e6bd040840a87c55b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\card.config

Filesize
6B

MD5
af55765f33160409360ffefd60211d32

SHA1
f16b23456ff82b6875e996c252c92eac375c5c54

SHA256
adfe3a9eb182052dabd7530e315fc5c0784bf5d115002b9a1a6f76dddf35773d

SHA512
1488a18106ed2dbb1502f218f8a543eb45fb5d12fc5867dfbd7d0bb500915c9705a5a8e2a21e964f5aeadc460d69d0f39bc729fee8d66e75e08907bcd0adbc4b

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\preview.png

Filesize
10KB

MD5
6c5d6e01657cf543c2211452ff43f52f

SHA1
7f4735960b3128f279aa42c4351ee50b32580788

SHA256
014920b3352e755b1608681e3dc613ce68e7875527ac8372a8edf5f875d32f5f

SHA512
f01c45f42f9e55982e9191979c3f0854a064b7455f65141e9feeebb72432ebe3d784263ac81d67c4cdf48e4eb49b39787eca2fe3a4964a799b130ac79a6b4b04

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Community\Hydroxide\profile.png

Filesize
12KB

MD5
516a58f5a912ea4cbef1098f8fd5ebc3

SHA1
217162ba93d4c94d7b9389694734e365a91905df

SHA256
c9d71e41f4103780f381c11ce608f797ffbbe3f92f20922cc8576203543aa461

SHA512
ec211867be06425d54e6c70aa60b99dd209b949cf70ed6922689645bc86e9508ce234c14e3a1c37f2950a95387eef7424a518abd82cd2ac4e6680fcc329ab5d7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\SavedTabs\tabs.config

Filesize
10B

MD5
d562efb8d0085ce79342a90326988ddf

SHA1
a8be4018df90768f3309db0a9db5c9d53383b425

SHA256
2e315bf9efc55d78951256e9c0bd223bf2c5d0d21fd3ed914c752c8d2896a07d

SHA512
308f4b6037e9d25f88693254ea6217ec8a0b0b2bb1575aa2a7304f2d733ea51f3824dc6e004f12aebd5401f353d80e48e59bd76e775fa3eef7b2e8ad14fc931c

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config

Filesize
438B

MD5
909df77c711b4133a8f8560483ec2bb3

SHA1
8df8505ec0a0dd670b4044c641e772f6ded485a1

SHA256
c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c

SHA512
0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll

Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll

Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll

Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.Core.dll

Filesize
908KB

MD5
9aa41e58b0ceded6442c54e93cc279dc

SHA1
76b3622d8bd5c0ab88d2a6422866e8b572afb318

SHA256
a3ec829be118703645ebadde46a13d8aecc08291567314652e81ebc163ea8f0d

SHA512
ba24aac25bf61898e924cbf049a44e45dd996308b2caedce91978b67f4bb1accfc98860610ff0a5469fe5dd5e34c2a87bee1e8930d4019d3139bcab89552b3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.BrowserSubprocess.exe

Filesize
7KB

MD5
5f7e54710987e30dfca1e90c2063402d

SHA1
3917a469d1516efe34f275b5f31a83227cd14694

SHA256
2b44d738767dc991b0f8cbf3832190de9c1670da929e28e8073a88033f9548af

SHA512
b9ae359ae2a2f833aab10d3399b3620b0ef24482fdb398c8a3794f2fbba3329ef94227a200cf63c064bab18779ea56cd940159279a5ba2ae7f65bec5403fef4e

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.Runtime.dll

Filesize
1.3MB

MD5
a7fd4a62e39e518d26c93c72a2574123

SHA1
d466eb6792cc8a22237d34e49b29b1fef88a9256

SHA256
8145075e6bee962eb6b160cf13fa16d907be16a1155291e7016b69a5ccaeef85

SHA512
96b8e9f1f40111009b4dd2c404545f1272f2ff04e888839ae9e8cda9f88ebfa47862e64d88f772616f9687aac8888bc805f79f17c205d168a9a306e3f70d5576

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll

Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll

Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Core.dll

Filesize
36KB

MD5
100f91507881f85a3b482d3e1644d037

SHA1
4319e1f626318997693e06c6a217fbf2acdf77b2

SHA256
7f9338f537a469e71dd3c269137bc0e5a11f769edfda8a1891319c0139a1b550

SHA512
993b92a1f28b1cbd37b2d7fb646ee04473eb81de02017b66e7ec2efa2a83b4ff35bee44aaa643c0ed531d42fc4638081a73b50caa530f29eff6bbeb252ea46e1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll

Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll

Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.Wpf.dll

Filesize
100KB

MD5
6a9e3555a11850420e0e1d7cbaa0ada4

SHA1
17597a85caf29df6556fef012dd1fe5205ef2cb2

SHA256
a39b72613843a4e1b40761fa83c2b7c87941e461c32d091655c42d9cbfa59fac

SHA512
41d1f5c6e38a02a232f8cf3afcf44e7bc8c83ac5616849a78560a3e064e7b220d272f37507c2d5d939b1a0aff5884f3f930759d1b39d11c3cedcc0f2d962ae6d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll

Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll

Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\CefSharp.dll

Filesize
1017KB

MD5
f371f39e9346dca0bfdb7d638b44895d

SHA1
742f950afc94fd6e0501f9678ba210883fd5b25c

SHA256
3a7bf88d5376a46cab4d6be0169a6dc98361f9485d178c20faa162380d165327

SHA512
753b400c80be841910227c5eff53dbf607b5c6fcdd05e53cfaf487529c54955bf32ea4d939927a7be1a602fc6e306c20e25850d36690b36d22948c0a7bf2d4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_100_percent.pak

Filesize
620KB

MD5
e05272140da2c52a9ebef1700e7c565f

SHA1
e1dc01309fca499af605f83136d35e6d51fcd300

SHA256
123092a649b8def6efca634509fb20ba4fbf9096d6819209510b43b5f899c0a3

SHA512
476907363a0d1e1bf81d086aff011b826fd28a885e2eabd2e07e48494eafbd48d508b1a9050efe865585f7c4d92a277886440876846cba8a2226033ff35a7a81

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_200_percent.pak

Filesize
933KB

MD5
0d362e859bc788a9f0918d9e79aea521

SHA1
33abea51f76bde3e37f71b7e94f01647bb4dcbd5

SHA256
782f475d56e62c76688747a22ba4ae115628c5c3519c3c1e3d1a51a4367bfc28

SHA512
37ca08bbe5525d0f2d45a9fe65a45f6c5d8366330fc60304822d4c7470dd66b8733d92803ce6aabdf4175ad0cf43d6e4a9ff9d4e49ff89d8eddc5f7083e7f067

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll

Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll

Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\chrome_elf.dll

Filesize
965KB

MD5
1b2a029f73fe1554d9801ec7b7e1ecfe

SHA1
01f487f96a5528e28ca8ca75da60a58072025358

SHA256
d4800601b82371914f0efc45f1200ce8bb9d57c15c52b852f9f452751af61912

SHA512
a32e991cbe0681aa66535a454dbc961df4be142f9983dcc48d1bafb9be938c5abbd8cc6219b0614074ab2c51e4ce410d056fced6d6ed4cfc0048bbee9cba29b1

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\icudtl.dat

Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll

Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll

Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\libcef.dll

Filesize
139.0MB

MD5
7bc0244dba1d340e27eaca9dd8ff08e2

SHA1
3b6941df7c9635bce18cb5ae9275c1c51405827c

SHA256
43c16856ebf80186a248fcdcce694c33cc02307005eee6724e0fd4974f954e7e

SHA512
3a9acdc1b07831708c88111bfc4ac9552e24ea1df5b6c13a0c6bf7beeebe35d8509bdb9f09c84a9b0361d4501214508fd3911a9b3d97f08ca71563dd7d744a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\locales\en-US.pak

Filesize
296KB

MD5
99b4fdf70abc76d31e44186e09a053a6

SHA1
fb4192460341de2a04127f1e7fdf5c41b12ca392

SHA256
87dc8b512fdb79d381db0577961967ac2968a902f4914b6fd3bb59ef84a149fa

SHA512
d84b2c0a1fb32515e45bfb922f14a7134ddf01c62ec1405f2d5c7e54a8b4993e943333e3a69905856215a51b3df64f2547128bd0094b70280bb105b4444f32da

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\bin\resources.pak

Filesize
6.8MB

MD5
34516ad6ff9278dea1fa89839156cbe5

SHA1
c61792315d0cb0d0f1e55fb985e3f6bb471fb2c5

SHA256
91d3ab4e61bc261d9cc78b750dfc26561fee06fe1431136652f9f50371be2426

SHA512
6e4046a2eb72b17451528d1995e2359cb058a9dd41af586f3e88693c621ffd97213031462fc1fd8a23c7e91217066c2f0b56522fcdafe862bc24eec30b059d29

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
76f49230db0c68ccf074bca567b798ff

SHA1
a5cfe20f6e8cc28049cee17b60138661c66ef82b

SHA256
e8e616a74b89c4606b0f2d4a7695d8038ca58bb2f69e88da2a475d311c86ff54

SHA512
2e4faea15a1b9a100860d8cb012b82647087cf6e6a1156240e96046f75bae3f20ea8247213d262ea14f2a2c039ac1dd410c279c0f1d574eb5457434b07d4b114

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
da3a550fe1bb79d5f12ac74c7e8c8b90

SHA1
cf634e56c952b7f0860a2ecdf366f4bdcb95843b

SHA256
39a13995121068a72426ce8616a43b646375b673b0fd972a48677c333849e96f

SHA512
ea6a8e352bb35420c23608d432211a792a638a6a07247092fd9cffbc9abaf01b6b7fe571db8207e927edfa6587e0b93fa27d0c82532edd8f4dd87275ac575459

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
ea422ffc74fbfbd6d980ae8e4d3513e8

SHA1
1f1b01250bbab5d1b893add52c1d6654336c2f00

SHA256
47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

SHA512
806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 366628.crdownload

Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
C:\Users\Admin\Downloads\krnl_beta.exe

Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
\??\pipe\crashpad_2652_UMURYYQGPBRYALVK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1036-884-0x0000000004AF0000-0x0000000004B00000-memory.dmp

Filesize
64KB

Download
memory/1036-893-0x0000000004AF0000-0x0000000004B00000-memory.dmp

Filesize
64KB

Download
memory/2152-2125-0x0000000006330000-0x0000000006331000-memory.dmp

Filesize
4KB

Download
memory/2152-3318-0x00000000601F0000-0x0000000060A3D000-memory.dmp

Filesize
8.3MB

Download
memory/2152-3291-0x000000003D6E0000-0x000000003D6E1000-memory.dmp

Filesize
4KB

Download
memory/2152-2131-0x00000000005F0000-0x0000000005D09000-memory.dmp

Filesize
87.1MB

Download
memory/2152-2130-0x0000000006420000-0x0000000006421000-memory.dmp

Filesize
4KB

Download
memory/2152-3293-0x00000000601F0000-0x0000000060A3D000-memory.dmp

Filesize
8.3MB

Download
memory/2152-3297-0x000000003D6D0000-0x000000003D6D1000-memory.dmp

Filesize
4KB

Download
memory/2152-2129-0x0000000006410000-0x0000000006411000-memory.dmp

Filesize
4KB

Download
memory/2152-3304-0x000000003D6C0000-0x000000003D6C1000-memory.dmp

Filesize
4KB

Download
memory/2152-3292-0x0000000040840000-0x0000000040841000-memory.dmp

Filesize
4KB

Download
memory/2152-3319-0x000000003D6E0000-0x000000003D6E1000-memory.dmp

Filesize
4KB

Download
memory/2152-2128-0x0000000006400000-0x0000000006401000-memory.dmp

Filesize
4KB

Download
memory/2152-2127-0x00000000063F0000-0x00000000063F1000-memory.dmp

Filesize
4KB

Download
memory/2152-2126-0x0000000006340000-0x0000000006341000-memory.dmp

Filesize
4KB

Download
memory/2152-2134-0x0000000006430000-0x0000000006431000-memory.dmp

Filesize
4KB

Download
memory/3580-1760-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/3772-895-0x0000000005900000-0x0000000005910000-memory.dmp

Filesize
64KB

Download
memory/4208-894-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/4584-812-0x0000000005290000-0x00000000052A0000-memory.dmp

Filesize
64KB

Download
memory/4584-866-0x000000000D3C0000-0x000000000D3C8000-memory.dmp

Filesize
32KB

Download
memory/4584-816-0x0000000005280000-0x0000000005290000-memory.dmp

Filesize
64KB

Download
memory/4584-882-0x0000000005290000-0x00000000052A0000-memory.dmp

Filesize
64KB

Download
memory/4584-811-0x0000000005290000-0x00000000052A0000-memory.dmp

Filesize
64KB

Download
memory/4584-883-0x000000000D410000-0x000000000D510000-memory.dmp

Filesize
1024KB

Download
memory/4584-810-0x0000000005970000-0x0000000005A74000-memory.dmp

Filesize
1.0MB

Download
memory/4584-3303-0x00000000076C0000-0x00000000076CA000-memory.dmp

Filesize
40KB

Download
memory/4584-863-0x0000000005290000-0x00000000052A0000-memory.dmp

Filesize
64KB

Download
memory/4584-865-0x000000000D3A0000-0x000000000D3AE000-memory.dmp

Filesize
56KB

Download
memory/4584-864-0x000000000D3D0000-0x000000000D408000-memory.dmp

Filesize
224KB

Download
memory/4584-881-0x0000000005290000-0x00000000052A0000-memory.dmp

Filesize
64KB

Download
memory/4584-892-0x000000000D410000-0x000000000D510000-memory.dmp

Filesize
1024KB

Download
memory/4584-806-0x0000000005250000-0x0000000005270000-memory.dmp

Filesize
128KB

Download
memory/4584-802-0x0000000000790000-0x00000000008AE000-memory.dmp

Filesize
1.1MB

Download
memory/4584-891-0x0000000005290000-0x00000000052A0000-memory.dmp

Filesize
64KB

Download
memory/4816-839-0x000000006CBD0000-0x000000006CBE2000-memory.dmp

Filesize
72KB

Download
memory/4816-405-0x000000006CBD0000-0x000000006CBE2000-memory.dmp

Filesize
72KB

Download
memory/5116-890-0x0000000005810000-0x0000000005820000-memory.dmp

Filesize
64KB

Download
memory/5116-862-0x0000000005810000-0x0000000005820000-memory.dmp

Filesize
64KB

Download
memory/5116-844-0x0000000000D70000-0x0000000000D78000-memory.dmp

Filesize
32KB

Download
memory/5512-3289-0x000002A831A00000-0x000002A831B0A000-memory.dmp

Filesize
1.0MB

Download
memory/5512-3288-0x000002A831A00000-0x000002A831B0A000-memory.dmp

Filesize
1.0MB

Download