8a1c0944292a12ebe6d71b7ed68f3b2f878a457f1da813545e145a5e55b15e28

Analysis

max time kernel
2546s
max time network
2559s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2023, 00:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

RobloxPlayerLauncher.exe
Size

2.0MB
MD5

049a90f23e906d12e2100fc314826152
SHA1

4b92f2e4e367c0e66ee2062e353eafeec10027ae
SHA256

8a1c0944292a12ebe6d71b7ed68f3b2f878a457f1da813545e145a5e55b15e28
SHA512

9008a4681bd2f7946839373a816062515a264b57de780ee766e3d7f920cea07e3364da5a77beb3e453d41499812cc912902543e5366c88e7ff42b669b8b63ffd
SSDEEP

49152:m6d/Cr0NWwE4WUXgbS/1kb5TY5aWaBCb/TBbMhPMQ3dAonTXUm/sT1:bw0VEagbEOCuUm/+

Score

9^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.

Account Manipulation
T1098
Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	Adaware-Privacy-Installer.exe

Executes dropped EXE 10 IoCs

pid	Process
3352	RobloxPlayerLauncher.exe
700	RobloxPlayerLauncher.exe
1616	APInstaller.exe
1308	Adaware-Privacy-Installer.exe
3600	Adaware-Privacy.exe
3880	APInstaller.exe
4712	Adaware-Privacy-Installer.exe
1380	Adaware-Privacy.exe
384	APInstaller.exe
1516	Adaware-Privacy-Installer.exe

Loads dropped DLL 51 IoCs

pid	Process
1308	Adaware-Privacy-Installer.exe
1308	Adaware-Privacy-Installer.exe
1308	Adaware-Privacy-Installer.exe
1308	Adaware-Privacy-Installer.exe
1308	Adaware-Privacy-Installer.exe
1308	Adaware-Privacy-Installer.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
4712	Adaware-Privacy-Installer.exe
4712	Adaware-Privacy-Installer.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
3600	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
4712	Adaware-Privacy-Installer.exe
4712	Adaware-Privacy-Installer.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1516	Adaware-Privacy-Installer.exe
1516	Adaware-Privacy-Installer.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1380	Adaware-Privacy.exe
1516	Adaware-Privacy-Installer.exe
1516	Adaware-Privacy-Installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
127	wtfismyip.com
128	wtfismyip.com
129	wtfismyip.com

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4584	1516	WerFault.exe	199

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133418027706457925"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1574508946-349927670-1185736483-1000\{CDAE0CEB-221E-445B-9AD5-9CF55AEBB4FA}	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerLauncher.exe

Modifies system certificate store 2 TTPs 9 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	Adaware-Privacy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	Adaware-Privacy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Adaware-Privacy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	Adaware-Privacy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	Adaware-Privacy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	Adaware-Privacy.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	Adaware-Privacy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	Adaware-Privacy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Adaware-Privacy.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3352	RobloxPlayerLauncher.exe
3352	RobloxPlayerLauncher.exe
1868	chrome.exe
1868	chrome.exe
3904	chrome.exe
3904	chrome.exe
1308	Adaware-Privacy-Installer.exe
4712	Adaware-Privacy-Installer.exe
2604	chrome.exe
2604	chrome.exe
1516	Adaware-Privacy-Installer.exe
1516	Adaware-Privacy-Installer.exe
3996	chrome.exe
3996	chrome.exe
2224	chrome.exe
2224	chrome.exe
2260	chrome.exe
2260	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe
Token: SeShutdownPrivilege	1868	chrome.exe
Token: SeCreatePagefilePrivilege	1868	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 2180	4944	RobloxPlayerLauncher.exe	95
PID 4944 wrote to memory of 2180	4944	RobloxPlayerLauncher.exe	95
PID 4944 wrote to memory of 2180	4944	RobloxPlayerLauncher.exe	95
PID 4944 wrote to memory of 3352	4944	RobloxPlayerLauncher.exe	99
PID 4944 wrote to memory of 3352	4944	RobloxPlayerLauncher.exe	99
PID 4944 wrote to memory of 3352	4944	RobloxPlayerLauncher.exe	99
PID 3352 wrote to memory of 700	3352	RobloxPlayerLauncher.exe	100
PID 3352 wrote to memory of 700	3352	RobloxPlayerLauncher.exe	100
PID 3352 wrote to memory of 700	3352	RobloxPlayerLauncher.exe	100
PID 1868 wrote to memory of 1884	1868	chrome.exe	115
PID 1868 wrote to memory of 1884	1868	chrome.exe	115
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 3348	1868	chrome.exe	117
PID 1868 wrote to memory of 2560	1868	chrome.exe	118
PID 1868 wrote to memory of 2560	1868	chrome.exe	118
PID 1868 wrote to memory of 2320	1868	chrome.exe	119
PID 1868 wrote to memory of 2320	1868	chrome.exe	119
PID 1868 wrote to memory of 2320	1868	chrome.exe	119
PID 1868 wrote to memory of 2320	1868	chrome.exe	119
PID 1868 wrote to memory of 2320	1868	chrome.exe	119
PID 1868 wrote to memory of 2320	1868	chrome.exe	119
PID 1868 wrote to memory of 2320	1868	chrome.exe	119
PID 1868 wrote to memory of 2320	1868	chrome.exe	119
PID 1868 wrote to memory of 2320	1868	chrome.exe	119
PID 1868 wrote to memory of 2320	1868	chrome.exe	119
PID 1868 wrote to memory of 2320	1868	chrome.exe	119
PID 1868 wrote to memory of 2320	1868	chrome.exe	119
PID 1868 wrote to memory of 2320	1868	chrome.exe	119

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"
1⤵
- Checks computer location settings
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
  C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6305e54826d47e32fecadcb1589cf2fd4da717d3 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x6d4,0x7d8,0x6ec,0x6c0,0x7f8,0xac6fd4,0xac6fe4,0xac6ff4
  2⤵
  PID:2180
- C:\Users\Admin\AppData\Local\Temp\RBX-3A048E34\RobloxPlayerLauncher.exe
  "C:\Users\Admin\AppData\Local\Temp\RBX-3A048E34\RobloxPlayerLauncher.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3352
- - C:\Users\Admin\AppData\Local\Temp\RBX-3A048E34\RobloxPlayerLauncher.exe
    C:\Users\Admin\AppData\Local\Temp\RBX-3A048E34\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=575b6d4bf386370b88ba8d70e0c09fb565cf1191 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5d4,0x5d8,0x5dc,0x5ac,0x5e8,0x1451d20,0x1451d30,0x1451d40
    3⤵
    - Executes dropped EXE
    PID:700

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\4030dffdf66c42459d7a211551f5ec7c /t 4776 /p 3352
1⤵
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc3c6a9758,0x7ffc3c6a9768,0x7ffc3c6a9778
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:2
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5296 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:8
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5008 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4444 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1648 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5672 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3376 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3372 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5528 --field-trial-handle=1908,i,15498338743750846996,13152175199793389352,131072 /prefetch:8
  2⤵
  PID:5008

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1304

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324 0x444
1⤵
PID:4152

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3c6a9758,0x7ffc3c6a9768,0x7ffc3c6a9778
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:2
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4608 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5264 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3384 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5944 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5688 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5528 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3312 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4976 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5016 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5932 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5492 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6196 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3368 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:4236
- C:\Users\Admin\Downloads\APInstaller.exe
  "C:\Users\Admin\Downloads\APInstaller.exe"
  2⤵
  - Executes dropped EXE
  PID:1616
- - C:\Users\Admin\AppData\Local\Temp\7zS056F896F\Adaware-Privacy-Installer.exe
    .\Adaware-Privacy-Installer.exe --nonadmin --direct --tych --campaign --install --prod --partner=IN221105 --version=1.907.0
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1308
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:8006/ user=Everyone
      4⤵
      PID:1260
    - - C:\Windows\SysWOW64\netsh.exe
        
        netsh http add urlacl url=http://+:8006/ user=Everyone
        5⤵
        
        PID:4584
  - - C:\Users\Admin\AppData\Roaming\Adaware\Adaware Privacy\Application\Adaware-Privacy.exe
      "C:\Users\Admin\AppData\Roaming\Adaware\Adaware Privacy\Application\Adaware-Privacy.exe" --install --geo=
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies system certificate store
      PID:3600
  - - C:\Users\Admin\AppData\Roaming\Adaware\Adaware Privacy\Application\Adaware-Privacy.exe
      "C:\Users\Admin\AppData\Roaming\Adaware\Adaware Privacy\Application\Adaware-Privacy.exe" --afterinstall
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies system certificate store
      PID:1380
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.adaware.com/adaware-privacy/thank-you?partner=IN221105&campaign=
      4⤵
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:2604
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffc3c6a9758,0x7ffc3c6a9768,0x7ffc3c6a9778
        5⤵
        
        PID:3836
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1876,i,14978585580215084032,3993860324858092476,131072 /prefetch:8
        5⤵
        
        PID:1168
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1876,i,14978585580215084032,3993860324858092476,131072 /prefetch:8
        5⤵
        
        PID:3296
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1876,i,14978585580215084032,3993860324858092476,131072 /prefetch:2
        5⤵
        
        PID:3280
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3248 --field-trial-handle=1876,i,14978585580215084032,3993860324858092476,131072 /prefetch:1
        5⤵
        
        PID:4836
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1876,i,14978585580215084032,3993860324858092476,131072 /prefetch:1
        5⤵
        
        PID:2172
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1876,i,14978585580215084032,3993860324858092476,131072 /prefetch:1
        5⤵
        
        PID:3708
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1876,i,14978585580215084032,3993860324858092476,131072 /prefetch:8
        5⤵
        
        PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4912 --field-trial-handle=1912,i,1632568390456188012,1281038966001548230,131072 /prefetch:1
  2⤵
  PID:3836

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2148

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4732

C:\Users\Admin\Downloads\APInstaller.exe
"C:\Users\Admin\Downloads\APInstaller.exe"
1⤵
- Executes dropped EXE
PID:3880
- C:\Users\Admin\AppData\Local\Temp\7zS82F1E340\Adaware-Privacy-Installer.exe
  .\Adaware-Privacy-Installer.exe --nonadmin --direct --tych --campaign --install --prod --partner=IN221105 --version=1.907.0
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4712

C:\Users\Admin\Downloads\APInstaller.exe
"C:\Users\Admin\Downloads\APInstaller.exe"
1⤵
- Executes dropped EXE
PID:384
- C:\Users\Admin\AppData\Local\Temp\7zS081BCC10\Adaware-Privacy-Installer.exe
  .\Adaware-Privacy-Installer.exe --nonadmin --direct --tych --campaign --install --prod --partner=IN221105 --version=1.907.0
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 2216
    3⤵
    - Program crash
    PID:4584

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1516 -ip 1516
1⤵
PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3c6a9758,0x7ffc3c6a9768,0x7ffc3c6a9778
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1948,i,4248195262998634519,15280780905007672138,131072 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1948,i,4248195262998634519,15280780905007672138,131072 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1948,i,4248195262998634519,15280780905007672138,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1948,i,4248195262998634519,15280780905007672138,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1948,i,4248195262998634519,15280780905007672138,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4696 --field-trial-handle=1948,i,4248195262998634519,15280780905007672138,131072 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1948,i,4248195262998634519,15280780905007672138,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1948,i,4248195262998634519,15280780905007672138,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4648 --field-trial-handle=1948,i,4248195262998634519,15280780905007672138,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4888 --field-trial-handle=1948,i,4248195262998634519,15280780905007672138,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1948,i,4248195262998634519,15280780905007672138,131072 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=1948,i,4248195262998634519,15280780905007672138,131072 /prefetch:8
  2⤵
  PID:3776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4212

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324 0x444
1⤵
PID:1612

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1936
- C:\Windows\system32\net.exe
  net user /add adm Admin
  2⤵
  PID:3888
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 user /add adm Admin
    3⤵
    PID:5076
- C:\Windows\system32\net.exe
  net localgroup administrators adm /add
  2⤵
  PID:3944
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 localgroup administrators adm /add
    3⤵
    PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3c6a9758,0x7ffc3c6a9768,0x7ffc3c6a9778
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:2
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3248 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2524 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4828 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3456 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5376 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:1
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3316 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5300 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5388 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4776 --field-trial-handle=1832,i,14298040743007727720,1926579089653939249,131072 /prefetch:1
  2⤵
  PID:1268

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1196

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324 0x444
1⤵
PID:4368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Account Manipulation

T1098

Privilege Escalation

Account Manipulation

T1098

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
4.8MB

MD5
8278a55b92fdc25f4be62155c076c400

SHA1
276fdd8e3fd71003cc54401fadcd75d825e97a60

SHA256
cf3a40c279a843389bb7ed99b4717509fe83cde0be97c64bf7a10b112bf587a3

SHA512
093811f3e45280f3fbe3524f80ee30d3dcbf419a9a425df86ccb2cbc25d8746964e1341e3cb38382ab8202cf2aff46144297fbbe5d95e8b660606901d0b161ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
b2d281836aabb8ac6a8bf96ec268bb5d

SHA1
0b825d0760d07bf13495d382838778b641aee27f

SHA256
5d06a9f39579d424bc4c276b5e67ca88f87fbab99d09e99688ffb75ca9f22365

SHA512
a3ce4733e1ffaddb5e1ec6897a8305ce7518d434d0f17420319749efbdcf7a8fe20a49bb0215a92ddcc869dd7d7c2aaaa294c96b2c652cbd3102b2ccee0002ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_3F250154DC11187BFCB0989AB25259B1

Filesize
471B

MD5
91100d6d4a3ff64217a22c8a7e814e22

SHA1
c1cd9cccae4dd80b169ad13ee05e0b34a651ebfb

SHA256
d69e3ab1c2456f5a9330e22746c7e5d21642b36a7f7a340c6a7009afe0664075

SHA512
9861a1bfd6e7656133d1cb0353043c896dac7bb4ab7f3cd896a930d28cb78fc2d85d39f6a9e09a77069d49497272ed79b6ed91c12a2aee86fd3cced7f5fb18f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
8a8dfa233d915f6ef5eaf7c0863ad428

SHA1
f86ffced6642de90243430b657a3266e82402ec9

SHA256
552238646f191fe4faf81c50c71ee3c9fac50fca29a5a42c35833da4bf9f1d41

SHA512
639cb23492f2024a87ced13876f345c6a026570b04412cdc012c8da23c18acb5de7d91a5f6ab1f4f3f9c9606853673d1741ff0ac086ec48681ce9b0e873f64f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_3F250154DC11187BFCB0989AB25259B1

Filesize
396B

MD5
eaf58f10c72e8c5df92edeeb0f5b40ae

SHA1
e4f876d1f2ec189a1c86f98d2433e3143a049165

SHA256
2109fe40200fd934ac0c5fcd6c1480b4c1d8ab629acf9aa7d04da5467862d013

SHA512
256d200616cdad415e0f7f1dece1e9a3f4482afc3384d65060a1f04ba8e76860d13032a1dc8771e0eba5edab04563e9b054cc949f82ec08eff207b1828455ea0

Download Submit
C:\Users\Admin\AppData\Local\Adaware\Adaware-Privacy.exe_Url_deuln4dv2ziyzgg15fbalrbkcevfoeua\1.0.0.0\user.config

Filesize
804B

MD5
3f23a77f69e1d8aac38b1298c900ce4a

SHA1
33645dbf763c8299027007e1ab6b4c6fe0e22716

SHA256
fdabc6084c9593bbe81e91a4e6b1fb7f16274d411d26a0d36b5624eed5a2c346

SHA512
f5a2980df4635b7e84f81f3933afcd8cf5cf632c95b194a304d7bc224f396cf4e206deba7c0e4f9cfcb69c84c4f037c7b400c9543df047af688e425dd6d3b302

Download Submit
C:\Users\Admin\AppData\Local\Adaware\Adaware-Privacy.exe_Url_deuln4dv2ziyzgg15fbalrbkcevfoeua\1.0.0.0\user.config

Filesize
936B

MD5
31b726d0caae3cfa8c9b99115bfc30e7

SHA1
be6c237e5a1bce2e225d767fb9eb0152e2a97019

SHA256
ce40db196fe4490dce890364d66e59f4d5b30e4f290494cd249b0c2351265891

SHA512
3038a6580bc2eb35ac278fe644fdd0047314a89649ea6fa0d96261657037acc3ad2b8b0f6f48373c6bb85d4078f5466e573863afaa7b6c579dbb80966a7ba7cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c7a33b9876cab748a5a981036219c054

SHA1
60bfb76b9f629ede1406ca333b4c237343f2084e

SHA256
960b99a74c8f349d0e8ed4ada168926e6074511aa39cdd408bedc3b645d0d184

SHA512
cc74e439d25dc8ab0468b616829c2bb8f12d4363ea872501f6ac87382e99119ee6e7ec93aed5cc3095760239524a62e97e0128799df019550870dde2371f1b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c7a33b9876cab748a5a981036219c054

SHA1
60bfb76b9f629ede1406ca333b4c237343f2084e

SHA256
960b99a74c8f349d0e8ed4ada168926e6074511aa39cdd408bedc3b645d0d184

SHA512
cc74e439d25dc8ab0468b616829c2bb8f12d4363ea872501f6ac87382e99119ee6e7ec93aed5cc3095760239524a62e97e0128799df019550870dde2371f1b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
8bd1f37857ddfe50c134974cbbac6340

SHA1
dff20bae86ca7d3685fee2d29a4b2fbf5fcbe564

SHA256
220b460cb2d49351e2a79344fdb3039d4c503718143f9e004264643b5b61eff1

SHA512
de48eb3cc6e0627c589daac1b7ea502e97eec7f8aa4a43d833a4d01a36c29d26cf36a5a38f9c2c20872cd38ced46de151176fad607fab50b27ed3ebb92f13baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
bdb13f13413a10e77c780b5fa7588b86

SHA1
776c28adf1f504ffd086f777236c9bdcfe8c75ea

SHA256
9dcb869806b2080c880c60b7974c8af35ffb9f29830eea5201d8102fb51f12d1

SHA512
18a5d729416027c6d8679704d58fefeec9c9f4dc213b24d113fa5fdf387789c1274d0e8a269d2af654295e21cf699d355de516c055460d5f824a13eb2497cad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
a2b0ef02bb5453509d6c8bded780932d

SHA1
c8ca4d8ed0f248c534f0f3a4d9a2c8b5f1ee55aa

SHA256
5c4772bb2d7a9cbc7bbdb930f2dd50c378abd142c1638b62eb96e2352fa3a505

SHA512
45cd5b2a6a4124b34d1380f9bf9140a3df36852925193ae59e05699ced8e6631af349c0f549a506b4183bb5f971b1095bea11ab06618171e467f7efa1fae5fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
09975a33d41024f36e7caa57ab961b2e

SHA1
040d14136733d98c8a3579efad9fb51ca78fde1e

SHA256
2c3d21ae676e7a1381d67f20d852ed2ca1966884cac088260364da3e9258b7a9

SHA512
29874e15f38ec1013ee112c492063e0a70ec502ab48107baf143f9c2a53e3c8174429006cedec00c52ef9d768ace6fb165233c5658f6baa5e43bf0a166673726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
55KB

MD5
d141c945b6ef4b08773c58d8a6677e90

SHA1
015dceefb445848d33361cee417822bce94e0b1d

SHA256
21eb614cc724fe805c2114f17326cfa87b5320f86db20577dd481dc4722dfc28

SHA512
ba67bb99f9e7f47f9b665d496c7e8e008ba01139cf3ed65e52a3958bd0190541bc6c57c5d2e5fa1bbf6b6e88cfcb6439ef3eb0bfa79a304baf614dc4c1a1762b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
39KB

MD5
17b9bb9509fa8aa6e3ef890dc6cb9917

SHA1
81d4f55fe01ad0a40d0d798b102ca826e97c0de1

SHA256
b1e8315c3e639293576ca2ff44b6374643ec3d70faad0b74972bd3d0183d1efe

SHA512
0a22b4d514642116d483d522bf3a86ac3fa4ed7e9931a67e401cb98ced433316711416f49682ba3014dc0249356a65122e09465d84331574c59e62c293b0344c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
94KB

MD5
64836652ceb9d458e868d9914dcce719

SHA1
1c2f26942c017bd3d3d0e799ccb6c4c82d212291

SHA256
ce9bf8f2d63a0fcc04e60d215aed71177c2bb40b336670b664f71f79da6070f8

SHA512
867d470b23de374b1f1dbcf973ec61149ff1f2ac168921641616cd1448edfb0ba6d3ab737f74fe60c960133dc099d6cc22546aa2508a80e1b6c95b95e11b9858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
301KB

MD5
af4afae8c44ab516b5a421621e8901e6

SHA1
d8fd562e1386de0f43e0f572bd14a744d5e666e2

SHA256
11583bd500affc2213aa6e766762c0684a6dee7959618852e7a1f9deaf881efb

SHA512
ee7b83d4d643bc2e6b1d53dcfc09207c108a0c5fdf606edf45ad5965b706ff4880d81699943238bcbff76f6732566c75bea94c7ff50a8c01b0f1d6e6cb604160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
72KB

MD5
d0c85ccfa1f493ced6145de1afbfe2ff

SHA1
0bb33c7bba807a79c1e77b8752eb3e174d2c996f

SHA256
a71fdf5b1547cb565a581f08641ace126223e54ea8d7303db782b410e037cb52

SHA512
8b67fac448ba74d905ba395426227c3db9dd39fe78df865af5baa31a367fb3fc9a56fbaf1a334303a4d06dc64234acc67fbf9b5d9d7c10584ccfe41d6b9fbeb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
112KB

MD5
c493d9184aeca7c4691d89666ded8a49

SHA1
193f9c0a274f5025a88332156e1903746e289775

SHA256
eeaac582f832cd7c84016f1c5fd1f4ed1899c700b5aad36a238bb3cfb5f76f9c

SHA512
4e9e5df027243998d4ea27473f2d85274c393c343d9898f6651e87ee86d69f6468b0fc2eb5c73b78d6b0b4a0e987f62600ed05cf5363a5d479fd764aa2628143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
74KB

MD5
656aab9a8cd74a90a3964c727fbdbc03

SHA1
57d23cf29221aead649e49c0e1490065a6d05abe

SHA256
cf3951809124a2709270f16f54cb1f5ac393f323333ae53735fe8af22a53400f

SHA512
f5fec7adb70c9cf1d006ac200cb3556169f87d7d1f9a7f02a70431f4a1c65fa37d5b3c394f124177e0a8ae384366550e22db66bdf0a320a7ecb39b661548b87a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
40KB

MD5
7af63db34db605d8dd2c1c9a01b1e053

SHA1
0a78f5165c37eb51371afe2e9dde9ea1f70b8912

SHA256
b4f04e6c5f7e27398f72dceeb47a4711f6b4d475c4a2c8c23e8930d6718ce938

SHA512
78387a5038d814c1ac71a35bb44e0e1e9a49456e4b0da8e38766f3ca3f4ce9f973926697701bb1cfc47552dc11ccbb1326488e0a28f1b1f0cd96e60ace05a8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
543KB

MD5
099da294123d9f50fad13e476a45cec3

SHA1
1791a24e417aa512805825580f20714dc8cc675b

SHA256
1505b305d62f0ce8c9cb77b0de826bd899546e18c1779ba05d3c7abeafde2155

SHA512
4dd7e297e0f93e7bf5deead2aeb7d8dee813d9e95f1fc55523f93270f47018045f594783cf9fd0acec3bff4333772186177d8d72b3e1b80518fac377c76e7649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
199KB

MD5
fb85d06467182733d308549dba25e6e9

SHA1
d87dd6483dc11d4b1674a3a6b38ac4e2b2ab6fba

SHA256
fde9bd1e1728e905105d33bc5dcd966935914ebd123c3227bb0481db44bb42be

SHA512
5152c7eab8c5112915f9bda07700e2f0ac063f7af766bbd0a2fa3cbe4842a41644694cd9faf347602054a78437c6cece374465881da6b9c87f0ccc01c8e4672e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
18KB

MD5
c54c6258ad93c106a25325f9b0016354

SHA1
af02c9b448175c5a5cafda9255e32660900ac63e

SHA256
5077f3361ec2936c15fb69a06b0dcf0d3fca4fb1551700462ec6bcce53921179

SHA512
7b00e617b5b38a517a99febf25fbfb1fc6c55f2225113b813aaa445847e610e62a984690b7abd6d6fc64ff87eb29cc6d766e9e4f87147777641168a8d2818eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
37KB

MD5
d63d2af642b56057332db2ffc0f06236

SHA1
337f9d06514be6eff47f21c13008cf3879daa476

SHA256
cdafce7d485a65c0cd0a3e4b22c00f2795d569ca9e01f088b1f43fa4f57b9c5e

SHA512
fa09fee3e887575dfd5b6a63a54c8cccf7b36ec469fc75021a3d369cdaa3f496694c155cf6a0fca9ebd2044575a63c1162f166546af9aee2cc8e5c631e684f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
40KB

MD5
7af63db34db605d8dd2c1c9a01b1e053

SHA1
0a78f5165c37eb51371afe2e9dde9ea1f70b8912

SHA256
b4f04e6c5f7e27398f72dceeb47a4711f6b4d475c4a2c8c23e8930d6718ce938

SHA512
78387a5038d814c1ac71a35bb44e0e1e9a49456e4b0da8e38766f3ca3f4ce9f973926697701bb1cfc47552dc11ccbb1326488e0a28f1b1f0cd96e60ace05a8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
93KB

MD5
53e6a0fd6701011510b9c6e08d4243ee

SHA1
45040630f1c7f2791b2ca278ece6d369cc6a76ac

SHA256
5669f1a3e7000331f567c2784ea3e8bcd8dad6beaba60e668ddcfa42f1600d52

SHA512
5ad636ad9269fec657cf5086841d40cdef1fe19d4b99f6216e4b868876828d06cf432c7108b4abc2b820aa73dcc143b2c368941b88b1570e735e984ee3d846ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
65KB

MD5
7d71d189331dada97b9b0aa939d9386b

SHA1
8840ce3ba90bf9b419e80357575ec3d05e997db1

SHA256
0a6e041446d1b6b829c1e2796a5a625dd59a5226a39104ac57019dbeb3f52187

SHA512
5e217a921ef02bfcc5e64fb303cff0230192b93c29e6a6e7934b4a51a98b6574dc682bb0c2026dbaced3cd1bbfdc05f5df326b8887f1f9c7810a3373f9fdc002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
38KB

MD5
9436affc97843765a966b3568fa7e5ec

SHA1
7bfda74bb30589c75d718fbc997f18c6d5cc4a0b

SHA256
7165713d3e1a610399471a5e93d5677508f62ef072c1151e72273bf4bd54f916

SHA512
473ec3a843c33e18d6d194651fe11353fcd03a7959225faeabf8c77484155ea6a7bccb72dbaf2093ed53c408faa3be9f6fc907f7a5ddf8223375f9d09b504456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
86KB

MD5
5d6655e99f566919bf2c88ea93a9f7e1

SHA1
489a6762403ec08c2d956ef63b1772809e54222f

SHA256
0d3711eedf42a6670e51ab10163939c1268c697fb5919479bc677f685872616d

SHA512
1dfca4deb1f756ccaee5952f7b3f5423e61b38531fcdd1b057fb10e5e8fce57d88ff807ba94d59dbc19a68e92433b5794cc64a562274233b0b303686bd79c98c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
33KB

MD5
c7debeb5a854b6d7ec90cb7be4525ed1

SHA1
5fae81e9b07c8f35be933418c60bca0f59aaf5c2

SHA256
b836ab986da2c140fe20cd7b7181325c90395af4f5f013b05ca5703e76559e82

SHA512
df00c2936e92b0479ad03fe597559e475a8efaae9c6fc6cd12e39b1b3e374da65743a926d212b266413d63127ead2795ad4892962b95e0d5228e8e76fa09dd63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
33KB

MD5
29acf44ec3d3436fc5009d3ac1267cfd

SHA1
be754543be11e6d6d84afc3f1c89498e6c86c3b5

SHA256
180a22c91f8721ca2e86104828737d86d7b5e989c60131e7ecef84c2bf3fb086

SHA512
27c3fd09d9cf32dcb5b9b66abf375e68b3f9bfc6daec85204432e3486be8606e5ebc7ebaefca5f25186ca06d3059aa25a0400b6bab7e92555a90f81d8786ffe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
141KB

MD5
c6f909ebe12cd5edeefc3b045f003352

SHA1
e29e76b06815ac3baa7d5b4972de45d448788727

SHA256
53ad03f1d576295c87542803ff9924eb3ef0842a9fe695394a33c47b9cccbd3c

SHA512
f917fddf664574d34f3abd3d56d387374a61b91e341fc9d052d7f21c213c7946edab49fdcbec477ac67b4ae8e6edba6de22f00f3bd6bd8ce3b170397b3e36c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
361KB

MD5
6dd3bc18eee3bd9e592483ee0ff7eeac

SHA1
8dadb71e268f532727c8ee7260cf979e11fcd6ad

SHA256
2a246518720c23d9d27724b0af8775cf29660e4b9c7bccbd163b5a17ec5e1944

SHA512
1397269f29796d8f24ce67021c6c23ee46b9ab2a50ec2061253f71b36ec38fa9bb9e2457c76777acd8433efcea88b71ae908789dd511c673acf464c58a53e218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
638KB

MD5
6357eea6ebb35ce11b61ecd9e0ee504d

SHA1
d79241c7de9b7fb1063e15afc2f032d7c3d9beb7

SHA256
29ca00186e8e5799092c8c108cc8d2578adf61020f6d96c19fafca5c221f66d9

SHA512
471d1f7ab4b23ec7e383f9880f802a5cdf5ed88c4a609e1a77508db73643598ab9c62ac863ab6fa3d2990d6c05c6ff7183a4f7031dca89e013375a581d766e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
1024KB

MD5
95debc0a8ad3d7e64d5b5e17d3d9228f

SHA1
7ff5813f579b58c9939ce59b41151118176233e7

SHA256
da180dbf9a4575f34c16b1664c3e2093b72e5c5ce42c092902de58418538dedb

SHA512
9404f7d7e299cbe05c225a33535cb16825e43bd0638338aeb76cd62f43ca210405b7baec3d6ef88f964a34da4af58ef4cc81cffaeb1df0b4a857eb75861486ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070

Filesize
1024KB

MD5
94390de90a41c250510b0207afb0cfdf

SHA1
7bd11d8d539291b52db1b96a247025d70ff49ca9

SHA256
e905a2f54f8a25c5637c856fa80bb6983c9e2730b64805467902bd120ad081ac

SHA512
e6f5e9c1ec02730c52840eb47c830fffddbd83533671884f8e8f76adab884ed223ef2b46ebe50c33fde04092950974c674f83a043185e8090c026b3a9e397c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009f

Filesize
1024KB

MD5
3f82c6c8dbadfc08c7a1c997af7a8418

SHA1
164e8c36248f92027f389b15dbfbb2f747eb7fc7

SHA256
78c25a5508057900b550930270c9781b48b1bb6471aab075c408471e06521003

SHA512
ad1c01b3b2689ec39880321c3daaac9e48382bac770fc5a71cbe6e03f694407b1e506ca301ad475898aefa9514ee875eb5410ef88335b14ec0e5bd6fb1208f32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b2

Filesize
1024KB

MD5
660a17445ae29def34556601f28fe7b1

SHA1
f6758a0b12e0865e5920a1c2b59faeab46065627

SHA256
be6c1c46121b91c9aac0615c02584fe522ae8bc1fe6fc924d97ed4500d22205f

SHA512
49bf0d308d671db02a95e1e823ad89a7f793b6a15b8bcdec93c6a21427a10d9730e6bef40c29d3510e788bb91f222ee53d1070abdf43cbb7f7287716df82dbbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c5

Filesize
1024KB

MD5
afeb04099df9d333630e8cfbbdf3e29d

SHA1
adac24ffe83a9732470fa1ad6201ec4caa8a9766

SHA256
45a2aa532f5dece7ed35ba34f232102aa6698d92411f935d38a4189b2cac0852

SHA512
77441304d6d2e8733163abe942f86a65e25e781a966f3e88fef62569e63ffd57da5ee53709ccb87dca6a7250c922bd738e91bc119a724613679dbd993dd95282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ca

Filesize
1024KB

MD5
1213e74ae26d8d38869895d85a361fdd

SHA1
f734f91883ec0c1cd7a133ba12ab68166b97c410

SHA256
ddb8843f82be9552af21c3a4fd4b1e8123122932477e067344ff87f25dcd5e76

SHA512
2dc523d424a0cf0c9509113ad898a9658a8c71f8a4a12811496d42954ef14d6957a073d1eecd2ee1a0ec96f7787abc7581a2db85ee9267fb0cded468cb8deb9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ff

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000115

Filesize
138KB

MD5
401c6f5712ecf0dabb5470e4a47683ba

SHA1
7cc6fdbab3a75122d2ed86c074aa84cabbd18061

SHA256
c48f89f81a50bcab87523563a28a58b54e8827cfd87332ea77d49ac197086e69

SHA512
eb182a3fee84c8a5aa469cdbf30d6c3c060bc3d83ff65f0931230e0c6e6e630a8e6391f32dd0494797ddbf148519c6043514e08ae8dda6746f1480b7377da261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
72230cbe8b37e40d15e198e7ef63feaf

SHA1
25c0bdd8790699f2772fa6755298ae05b5737c48

SHA256
2de09b2ef0bcdfdc137d5fc19c458c49160a61b20080cc2f9cfa3b24c7c79d03

SHA512
e143b3fe3b66f758b83054cafe2f0d283a61fd5c43c6306472fded2877ff5ea00bcb4ad99f0f9347ad073df6fec0abf7de0154c11e7fa999e6a48bd95f6b6cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
529e373552c9b650f40ae63b1db1eeec

SHA1
fdced7308cd0cd7b25d005f678dcc11362c1a780

SHA256
b9f939b607e5f1f633215cd7cf0ccb394d70e6433ffe0559665da1b3f0985cd8

SHA512
bf18c97e81ce44a9744bf810958161e6e49db32414685b91d573752e4d9526646bdd238a01b63d3ebf246829d93d7220b1598642b3b9b2c920b29a00d766b03f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
cf71cf6b92527f4172264e571b967167

SHA1
791568e8ae309b8a5fbcf23235a23f3d962ee36e

SHA256
064133f4725d4f64979747824c4145c39d7a85b0c38512606e66ae76cb62bd2c

SHA512
9dd15d7d29d02fc64ecc6735bbc316631782d2b151fee9509d2118883131d82532043f6064ce3ebca62f5456dd15dfe1ae7edb336aa330554c61369e1d8e4e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8fa57133f18f96d7be8250497c1a3633

SHA1
ee650c53d49bed5a6559bd085b41041850515f1b

SHA256
8dcb4c30e676b3d8f807b6020d08c9f505041fb2f7ca63c8779529b6cbd27e76

SHA512
a936030f3c57951debdf2f58da42260c4bd4b0373cf8b58669b5c16157186634e18299f2470548f9e53c44a5373301b2a524c214e33bc703ae3b24d737c42bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
a0ad4a14e5f555c212ecc3d23cc220e9

SHA1
e2278999080ff961da6572f3fa8ad9d1b8794299

SHA256
d2a289da21a755703b5a7d095541f21294761bdd5cc8336ccd1759fcea9e9ddf

SHA512
c2cfad3c97e142592e9f15f5f0ff24aeddcf4f603e5a04d58db8600d217e046aaabe54eab582169c5576cf6f1114d180457f1633490dabb837563de629f6dfcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
7da8e91754d24895ce77edc77b2b7e6f

SHA1
62270f399569756ff5647f13a1d0cc14666ab82b

SHA256
b3ff1dcef0aa8aeafecefbf9748cac5326798285458d1b06881343f29ec4d63e

SHA512
570e371fcc8dde45924603d29d354d91625d25eb743f9594fa8b49c90aed262eb5f3acb743e34ceb3e182009f8a07c5ffd50cdcb17af15423a4b175a1d5837a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
24KB

MD5
23772825311412f880173cc9833d00f8

SHA1
e09158f02715600032994be47cc7dee59ad402d1

SHA256
00da5a916140beb38a8fe7ada2d8344cd6031958d4eedaf076b0099242baa8e7

SHA512
231ef631c0351c030fee9e82600e611ee4d88593106d31dc4a5503dc6315560a346ff6d5d134f801dd18067aff6e35bbb6f1c8c64d9cf7b6ac3a96cfec7240b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
a89f65bc7889b68a54868f11fbf0899c

SHA1
7b07d8c5757f95f314a5de5288f6bb7ff65c6e8c

SHA256
f99d98c5968e314e9ccfff39926d680710c61c88b6903aa3516741c84bc44f04

SHA512
0cd7481d3152333961253ac9d1271051b518da57935fd640195fe669d82f374cc37cbcc4c2a91679eb93c4e058ed49c9f6535a31368b2d406edc60dd29f1619d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
79e0e8e13e30512e49e3822a6779b92d

SHA1
46bb755448cdcb893ea241af24b29bb31cb0d10d

SHA256
f77ef9d39011e9a17732c0892828413edf47476fecce8ffaca6fbc8dfbd229b3

SHA512
c7735469ed7c150f80dd41e7290b69748c638007ea63f91eb4cb3fcb30a6d74588f8b408bc713b0c26523178ec9b51fe4c532f77b442c7536c6c2e11ead5c2a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.sex.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.sex.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1022ae7479fdf5409ab1025fe4d13613

SHA1
7f3989a2fa1120a90742d3c2d34b89d7d6dda175

SHA256
9ad79b58263efca91a49fcb1f8729ddc7db7efef2e43530eeb9724a90f34906b

SHA512
588e95e4b4099a44caf487ed553f8145c63a64c2367956c7b40af23422f894af72bfeea8d1be5562e8181ffd2aa1fbd5d0886a2c9f6bf289d7b8dde262a737f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
70495dbaa606c32dc324762586425021

SHA1
922a71fdb8eaff52d751e1509563448a1a35c840

SHA256
724905ff7fb603baf4afaa05c0a9dc4b4d6c3fcab50e469a0ec6713300271a15

SHA512
5e43fc45c64b259f0d9df5d7e6ea640be7146487c51c1580849d93f09ad5c809627bcfc20606e9a9cbe2438cb0b10cb7b4b11530d9234d185f52f38b1467e128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
8a8b7d5ad3c34212f42daf8aad3268e5

SHA1
badc8c612c6b30435170ced5bd8b09d051fb4a7d

SHA256
dd26a965e86abe43c30d2b75ba3ead7406fb4ccdfd66b1217d7b3e35c54cf1bc

SHA512
694c38653f6c79d8e58f616ddc9978eea7e3521de3c19a43c70432f721ffa2127262aac03bb7574d14e5c9721233b0622048f571cd0a55fc96eefaf9e866769b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
88e40662e92bfad1e0269844c18dff2f

SHA1
85375ddcbd377392a5e693d3df8760deda812dd6

SHA256
d805ec2c07f9190a2b6104c942a633a9b1080a87231eb808741e9b6acf259c4c

SHA512
85cfee5646c0776b4831afcafb5dfe191080f97b85b938c9f50d139bcd05a6e1b74234214cbeacfe960493ef848fdc5a2376d3ed131bfed87e6ed3db01eb4dc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9d9339ab659a883186d5fd6ebabb0228

SHA1
9dbc1e7a5cdec1d5dea96adcd3476311ce3513e4

SHA256
6f718c621fcf0dd0d1b832ea69519da29c4dd6cf79d07ef0b59b06f046313052

SHA512
9731c48201afa0c2cf6bb43057995903d9b6dd8c223210e3aff97ae3f1303b0c28c2e57a30ca98c81b31f00758af0ae518ccbb8233a12f7cdb90a3bfc7e001fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
e7505314c2a0646ee3bf9308e07bf216

SHA1
dddc5db4630d65bc11a33f4872b7b1667ce3f409

SHA256
11f659aa45aaa0c7c76c971156ea4e9f98eb5a702465fd6db85ae5fbfa70b5f2

SHA512
ccb6ecece0615839acef27121744801183072ab32f394a1776151569e81ff520063157114ef1b3e19cc46f1c6f7eecca94e2dd33e018a89a8b7e37ef0b1d19fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
94b2b4fb69936c661763ee529cd8e45e

SHA1
14fa143431aae95651ab132199f360bd49f153d7

SHA256
848cdb082afb065430f1f0f832790db3fa4bb81fbbdc46bc1ba95ac463baa368

SHA512
898d5ea9e1a0e432251f02de4f10c871352ab4122e3120b23f08c7504e40448178d2cefc728e375665991a0da9545a33e3a7bf52f66d8412f9845075420300d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
0bb222e075bd3fd53452945359c8e6a4

SHA1
a3b73562b77a09d1193f55af9c85d4a8d0132750

SHA256
cf41366d43c0ab20f6947c92f771bd5d2c409856bee1bf8531d1886f596553a6

SHA512
b76b903391dbf30bcdab44874c1947d42430d216192eb2694dc89bed12b754f200fac8e177c64d14362c1575537571bf9daa64cc589f5e13a913f3248303520a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b7f4d86e1626d8575a629aa082157d6e

SHA1
964f03cd858b2a712c688674e37dff7ec24a3403

SHA256
5e412d04c1c807ef28db41539896b4aadbe2976cec78fc0473406234b586cb77

SHA512
cd42afab757710fba6d6a5fcee0bce6ef18d5d6aa8e1c4f4dac74ad005135186aaffaa97cd856fa61028b5f2f0df6e6fbae9942fecd0df7d47653820cbbc8712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
42ab3b48599c67e9ecb62c5ecd853c46

SHA1
8eafc276e0ca2912f635f25b06d6b6804f76bb00

SHA256
a747763794995c1bd0f244eed7d18212f747733e059957d4c9e73d0c50ba05de

SHA512
fc89a54b9fd08b88987f9c2b4c0f9987136680b94b89b1af062dc6721e35236b1c4a37a88a8a2e76f982aa9450f18da62c51fc40228f5e86e7b6dc6a81933e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
701B

MD5
24a9a57e11b45c4adf69e7f10ac6414e

SHA1
c62b6af41ec5bf2dc6029c10da2010b96bb7e181

SHA256
cbcb0edb21e24ff266b7bf07f750ab1b9d76185a352b51a5e4668676f1144164

SHA512
4cb4cf15aad860e6d553745fecdddbfe3bd40ccdeff8f8444e7f929e31f7886e516064e786a90d5e27760664fd95f6983f982d05670724417d35f3264fedf855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
300615498d96fdeb15a6cc322708b4a6

SHA1
aad0791cd02bd64d62af5508307e2afb2a10277a

SHA256
cdaf7f428ed2ec0510b72e110990346d5abc919623cf31edc9eb2cb7a2f96893

SHA512
41939a7f9412b9457bf0aacd6a258e5241370259065fac72d96dcd15088a05554ea294ecc23bb0b327736fb7c9fa1038526351802456e715c5dfebdc18bb1364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6abc936687c67e070e76c2be4f5ef12b

SHA1
6c422565af9689ba06c46792d705428c3216567a

SHA256
028ea03a3b84a91d751a625bc29a8c043e43a8f9128fb1c80675f6aee8789481

SHA512
47b98d7c46321415beec49df0e96c14c209760bedbf317698aa62828244f80555a3d35bf0a014fae411b857cacf2e6201becf7703503221ccd44309f1e1d3670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
676eeecaaa0318bfa3334358d4166a68

SHA1
374b8f3d5c48ea8737e65ed3a706c238e0ef694e

SHA256
d8884eafc9f8d34136803d5ee12df34398cd9a9a32da6b941116b3721f45a910

SHA512
29bbb67bd7e97942674c846b1a5379cfeeef89359ea8b11de9237a2c04aa13939efb5fce6da24cf617b901c59da29a7cc409de6db2323176e946db1d9b36a45a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6febcaeecd257c13a18656c937d4bef4

SHA1
b8e010fa653344d4795e5a8300f8f414b52d238f

SHA256
0a9584e809f55c85e5ce99e8b31626946363d075f8352a0f89ac48d8db160f22

SHA512
220ccd8cd79d4455c1a24bb6804de9d818e910190313f81c953db361e23dc5e458831a892b4a71b580be352c9b31ceb59f4a3bc0b4da11c5cb63febb0326979d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d8b87f1ecab3b9d27f07d79b92ee3aa8

SHA1
9057bf8598106cf42c81b9f6c1eb8c8c59a4d883

SHA256
dadef775f226e8568a4778a7bc858a50f91533aea60df608f3208dd9546da264

SHA512
dd24b934ebc8cf409045a4b2c7da411b4ddb43cb1f5b612ec5ca73e5b5effb7eee312c39696022ea4b7f3bdcef0e532e4529cb18adcb14a84022ed4dfe7dbd22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
30c88237cc8bd91a448bda9f4983107f

SHA1
609646f51d7da41fb2a1ff3eefa81efb7bd9dffa

SHA256
d37f03856b9a904f5be4fae1e222fec33829213b07ebac80c106b7f9cdb6fa3e

SHA512
7a7aea6c25ce00a9828b6e6d4b48b3cb06d9ffff6991ff0196eac48c10eb013d2bbb2bb9f182d0e130f722aab2a70e28c0a24d620e2c23fad8eac1ae7725d839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c38def09e1e39d04f3f47d56fc9f624d

SHA1
af3557da73adc884b2f33d670b52938e98f0c88d

SHA256
0f69b6011e04f284b6a28aa473b042626bb32102e0d2f3cced71cbfcf27c0d39

SHA512
dab8bf82a1403ce489da4885d79803fcc035d245ec3878dc12e18236df006de32f9a43b293ef12a25768ee4bc983082e788d1ba5fc249c96e71dca0d45e98a83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e79e5b5b9bb2ce4cdaa3885f6c7fb569

SHA1
f1a01bbe3e5dce214d6f9176eee7dce7355e9d3e

SHA256
ee0f34081a6e008844f576544714df5c51140232bdf56d79e6adca7f3ec9d3fc

SHA512
ac17734d44c6feffeadced8c3cc02a0e6abf7c27ecefd3b16a72a0efcc170d6d09985660a89bedc1531e41dd08bb19fb37228672293e6c59e95ba3717fc03a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5e9ff5b594b9428e5465aa88cb590a39

SHA1
f4a586d54d5f31dd474b4166354a960f18543675

SHA256
00fedc520af975b25183dd574957189c8a32c5a368a821fc71c1b137c1ba0fa0

SHA512
b381f4216535e3e3e7a1253009d025a6bb63453b7bb71de003871d07313553cb608a01f4692f28c292a1a5d837e64f13deea7beae5fd696565ee5546ed388196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
bc4d33e2b22f91c7cfcfb6db29e3ceeb

SHA1
271c997f01df4efb4015589e08e30008d168b2d0

SHA256
28df592d6999c1a8b3b26354d40e8df6f915595cb49afc6425b8f02c7c51e6e2

SHA512
d4477fed48660d01963ed71742cf8dae10a7e4ea2cce5978938443c8e1d671cb2f410f793c93785b8eca83eef593f777282ceb2c5437f74f4f5c7f158c5c3a06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
968c43dff6030582a79ba30ae571b043

SHA1
5df09002b26f2d7b4fac350c9d119af1d1300689

SHA256
825ac3d2c50a4247c4842baf8f5975be87c0d92b5ef6e93cc9e8da70e7eb5504

SHA512
ed150f3fbf4e106a89c34dcb5c333f4d09f172e4f76b4790b32f170f5a185f2f69472f3257248e54e77f26bbcf92faa87698eea1452a95b836922b39f9a30389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1acaef8dc190446969c7e539bf3fd253

SHA1
eefe15675b198f3e890ebd902f8926f3473aa016

SHA256
4ac4a8f81ab160d653d59e4607e75db966d6181e6e61223b5100c3b71f5f51bc

SHA512
2de8305fe1f6a3974b4ad69cbd491a805a70409fb8f0a0f454856b751d8ca208692dd5668840d1cbdd0043d078b4811d34d0b5608c33ace0cee27bcc7ffdaad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
cd0be7c427261578b6e8a0c99679bd60

SHA1
65617bb73976afa4e5e1ef6c9db6b97230e24e47

SHA256
171081b1144f228b7bb3e0e4ae40a665a16cff1315484ff2bc7de16cfda4600b

SHA512
8af5ab1f4e9e5c497858f0cd0b4ccbf2cad0777e91298dc50863f92e88ca33514336551257ec21eb489d9b560a1827121b2b72965f35fa3e6549037ffe6d4508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3f9260e0b7f3f4949f63958474719ec6

SHA1
f90366d354e9ccecfcca4c853a0e4b4131ee4f6d

SHA256
91ec215ec935de53a9c87107bef944fdf053c3ef59a6e394ac91943248753177

SHA512
8055651e053ae2dcd13dd3507d94af8936bf5775196162d3fa09eccdbca4ab8dd54d5b198d4cf676dcb4bfafa9abbfe3c90c28da0ac172fdf86a887ffd5439e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
48ac37b763d953d0937ec60503aaa407

SHA1
6ae738a29b02a48692f63b6f3a8fdce2295028a0

SHA256
3dc4cec35edd76123d692307ec9eb1a7c58e56d9ad4dd85fd274b06599453df7

SHA512
40688b6803d6d66e7c770a1841c1826d05e52de49ddcf9ba97f552b1fdab392a3ebdeb4ab1ded56ccf4ee718691f4d358822dbfead6f3dc0c33f5dad8a1ce858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8f1b4a21afceffe9fcd8166bed486f22

SHA1
d8c55cbdce3bdc2153a9f6043b7b77080c1e8103

SHA256
98ff8ace8a3494d98fea0981b2a8ac8e268e847c3680b9932b2bc5e55aa8b0d7

SHA512
250e1b5e17861fa71e847b21c5b9a478ba538e45c14d2d07b474ad1be0d57d6de42dd2ab8d9b4202cb218e89030356db06e298c9b6a1e6e06abc1934e88e9822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
179281a13c74e06975703c1a62b0a9ac

SHA1
b860756e671e6e2b5889dbaf7742fe57612a54c5

SHA256
ab65cb90ba6ef44e26553898efae8196831ad73812e8b9be20f34df1390645fc

SHA512
7d11933acb870955fa7ffeab18d96911a5ee78e3bb3b56a9677fb768d03fb02d94b4310ef70318257f2b8dadfd1afedd6f4b93652e17d76a826c93fb75527141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
ba85084ea72dd2945de88ba334a20a14

SHA1
c2a2d98b3e7a779884d04570c16319ecb9b84de7

SHA256
41167a637c4bd3b24311c4c80890003ee80f12dfb255b9069f919096e7b1ee87

SHA512
ef4a2d66fabe851d6755b5a19f550032752b22c3913c8512947ffeb6c4c4c49aac39e72711f8c78be2ab47d6643a4e1e60441c176c0e9bc1888d6b0505b5cd18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
42de5018fce14e656e42a3302c112dd4

SHA1
677c9c19174f034c938b49006cdaaee440d4f3a3

SHA256
e6b431cd10d2d6199b73526bdd95dfe3feff5a7506352d49c29d126b0e461b3f

SHA512
a2ac85e76e2e23ecd3286a3c7773f12a4453147f0a510a9c5ce1808abf6ed80f15a9462131529458e7d4d0ba81f2d5dc730be3a77f464651efd7ba8e8ce78bd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ceda3c50405fb2839c7bcba231826273

SHA1
cae73049be6d7ef6923af738b64200f4e6ae45f8

SHA256
5610fede03f6c8d22996a10834203d6e482a95cc7787ca582f15bbff33ac0ff4

SHA512
56a5d31107d9b08a3642377b751938d6580c1b7bfdb4778f5f6e0451b7a47b4da60758ca30898f4e9328c6b6aeaa55669839cf0a3910a3e98605a64fb5c46dea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
73b8755fdf2113903eec4123dea81028

SHA1
4fed918247da4a9d71a7b991e58b113ae8055943

SHA256
49eb70c660accf3924d7e7a660ed6a3ebf7e5c2e50f27f60ad287ee75ba06140

SHA512
d66858c249a66908855982be3b1ea57a2ba0c52f13ce18b9a5317bea20b61b76214d3e8c801d7153a24a68468258a5503b390eb9068fe078b61a764ec4539ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d83e637102b0cfb8db0dd44abbbbcc39

SHA1
20ce0f37b4f8a07ac6bd0fe9164826eb24bbddbb

SHA256
1a9b9de2f6ac925ce1aac344e3ca6839c43b4326a79c0265ca47a45f49a31906

SHA512
c260f9d8329000286bee56c1949a6967bae14624772bf0cf0fd6a4da43ab382c08072aececde827ac4705face93222701c5158ff6a82394c826aaf713551fa2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9f904f06ece7ac80debad63113c9e989

SHA1
1f76dbb8cca51e33c6b1a53cadd9b33166f2ae65

SHA256
ba0bea9bdf647d2281afa138b87c3e2037621e0ee1390cfea2be5396c22d6c84

SHA512
7eff32d7a294f921e9c6a7dcf5678660949f1791874acd58326837d88031ee3d21249d528beb05ee07d3546f4fbfa4cba35b471a23c99c44785656c6933581fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c0afe3b9d5e2729e622f861712d967c4

SHA1
5a452bc8269b74234c38c839515965330e4987bb

SHA256
a03170e625905213912d005c4e19a788c1bc03d95449dc12990e0504acffc733

SHA512
0199ed6b080299e12aa499e3f568b6c9e400562f10325f26616a5f98e34128c58aeb54ef7f68f4276994e81a72b653e495fbf119a2bc9e5cd540516b75e27cf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b8345c50e354bfcce4fe4d5ebc38dd06

SHA1
e537297eb8e8f000f6d6d1f7f990b2a1cf7c6a96

SHA256
719ae0701bd1e258690a59f9af2e089deb51f341e9eaed96e3d713fc09225998

SHA512
098f25b732b4b6e7c4f3192d9e5a6f5f78d9df74b529473fb4f086ea18b70240bfd780bdbaf7f707b76ed846ae735763390e4eca485c745dae35dca6c5e04d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4708fda520c20aaa7cf89d63cc2bbd87

SHA1
d39240758524e9866242edde4cf18febd400552f

SHA256
85af1fce95e6683eee0128289c1f621790d5eca0842c769936ef8a3dd2e8ce70

SHA512
8d4346511605b4c2823418eb72db948c0b2fb89de7b46ba9df7bde63a5d4223309783d7ffe7e7bc564be14fb863564e774f86bbfa70123e783a7408567e35447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
290f2597565dfbf7d787f12f4d8498e0

SHA1
459313ee87eb96cb6c99439bc5393cfc96701a67

SHA256
71da2c5edcce319e2b3f10e0ca7a83161af3eecb9c427ff84a874af764a5300f

SHA512
a8669000f43efcb2cc6d801ddbf71a237454d52771bfd50e9520421b4aad812601d0f4a48acf68948dcaa00f75642e6928f9490c1e400a936464d6433d112472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41348f92d8992f493322142c46cba4b8

SHA1
8d0eac04e9ccb49be5d25875735394b50ee8fb2e

SHA256
bd35bc6623535bcaa0cfb5cc9ca0e6178864f1ebc9dde4d24c0d4f57f0ab80ed

SHA512
eac22c82511f37af77c644df6be4b6db2bbc76f23eab9dea2a1910dacc9722dc613a23b40cbc9ba187e6f0f5455de43cf58904645a976a854c1f213dd1f49bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e2245f18b06217efb49de8d5a7c6349a

SHA1
0d60c4902d31c0800df59fc8978d0e6652f2776a

SHA256
b4a8e023301beb80f6bf5df18a5c9d8f21c740f357fde633739407e599126cbf

SHA512
20d795e788721cc4dc1432102b6a548c3b76f08ebe3d93775d290aa8a7a907f99c48c168b0d7738668e76f15f9562efcd008168039646d42c63c460d802f9942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4f4a81f53b214459822438c82318173f

SHA1
8f28f4c5b70c9de26c51e848e14e12e79d188533

SHA256
475574adecaf67c0235da39c3c47e1a14490504626150eb76585161c45c66b2c

SHA512
675b40d3328510b3f3487ff249a40df2e69314d15ab70da7e3cf5311bac23e2fcdf69204c517d8e46d13f5ca0987de883e4710d39076edc5ea56b406caa2750e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b23ff00fc9f64ae3ea7dcdd9d3574ffa

SHA1
d6f8f7a1ec64126ff748915c5333df3f3f8634da

SHA256
74674c8597c4d8491c7a3c55cca29538497534ce4efddaeb604f876f8a1176b6

SHA512
feea14732b65f4e810a5111b8a4bdad1123fb9691b523dae528289c968f9c105f59fcb68772074a1d60e01f3160e2e235b429de4afab57e827b643ea8061a48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2dd042d6c56baca64c3fba722efd5b47

SHA1
48f30b83b35e388ef40f9ce314c33f6b6014a5d8

SHA256
243f094b01b762c353e537a68df19a0f14b64f2be9aefbdcd3cb2cbc8f8dfd47

SHA512
62a6018f4b317151683968137ba58f473b7def9e660fc196110b160b3b15e200ff9ac548d8928560bf258fe296169a7e48812e7f72322eed6d6e75141d8d1997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
72b0ee0d20658ccf5a85a4daa681bbdf

SHA1
0fbe24d09508524a85a9c6424bc50c24710b2483

SHA256
942399228ecc3c00071c27e3614e1ec8ae58748d2a21f1bd4c385c5c375d676e

SHA512
fc5d4de825ab12a492a1aa10b7bbbda8ca46d16a3c9b6021c1db970ae1e99e213767447919079c7fc9718d976799498ee6b63d57875f644602feddd4d33d6ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a3043f63294fe35102e68df132e47a23

SHA1
4c802b418d72e6ea459f6e51c3097fe47d05bfd3

SHA256
9932d12da0aa851157a0a860172f8ee34f983dc8cf3fe6d59d08c07800f4069f

SHA512
1ae7b4b7e9f0126eda4154874450bb92fab66a97dcf78fa3c0217fdfa2f6efbdac91562c1233951f108e9a9f110cbd41f1bfd3ceb0f2d18793aa8147cba309ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
23eba0f45eaa4c6a8b11c1ac517f0ef7

SHA1
43ffdbbc28161637f772a371f7a1423398f2ab41

SHA256
709d63d391a6d8b7d4c6125a2dde88089cfcc13c2d923429dd10a5afbe8f8162

SHA512
ce96f809fbbed41c9ec12d5b92fc98ebc6586ed5430b00c6ab6658ece9a7eec33be84a9f6b17e258661a10a7e9d6733510ecfee611d929c44ea6c2c461d875a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
23eba0f45eaa4c6a8b11c1ac517f0ef7

SHA1
43ffdbbc28161637f772a371f7a1423398f2ab41

SHA256
709d63d391a6d8b7d4c6125a2dde88089cfcc13c2d923429dd10a5afbe8f8162

SHA512
ce96f809fbbed41c9ec12d5b92fc98ebc6586ed5430b00c6ab6658ece9a7eec33be84a9f6b17e258661a10a7e9d6733510ecfee611d929c44ea6c2c461d875a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f3dce0992efc4b50bde3509a24c2b140

SHA1
fc6f1a10b471326abcdb28d8a3a5f75114666a46

SHA256
023c431d3402f8469b3728603016ee5c43d0a853160477ff4969e6a2cb3463d5

SHA512
c790c524af2d05f24db5a7f355ce0cd4223d00887481ec76776ac7b7f66c37d09db9f41d435029edd7e5e5538bf529e834812b6471523eebc5e8ae861a0acfcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91eb8dcc636942761a36d68f71fe10da

SHA1
d02e9a8fee5b067ce38e497fc0643353dd608b45

SHA256
ea145031fc9839ad63e122f00caf9ed99232ed69ae03189e13679486b9527ae9

SHA512
7bdf93a82591fd73e23b49ff6cdd71d157debf51c66a5d99c9dfa5dae5eb019a9f0f72dd6cb02d7f47267b86bea3a63eb1486cd61bfaa6445e613817c843bcd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e132bd59bc414229e5993926cad54bf20af20b49\7b667fb2-282a-40bd-8066-b04a3d683a8f\index-dir\the-real-index

Filesize
576B

MD5
5b7b6f11005a7143e111da72ae98dd4e

SHA1
17d505cb4223466d20226c38b129cbe555a94b2d

SHA256
f0aaef80d47b3c86e1e3daa95d42603d7e1c9930525a286b1d6deca8567d32c6

SHA512
dce79b7ebb3440eb1af7b998d5312ac082f8d84e453e995279a65b6b722c6cbcf8f86f30987a0ce6e2454fa7b958dc67b3dc24e9bad9638bea0745e1b3b58bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e132bd59bc414229e5993926cad54bf20af20b49\7b667fb2-282a-40bd-8066-b04a3d683a8f\index-dir\the-real-index~RFe61a7d8.TMP

Filesize
48B

MD5
75906264f450b2d40ed253671bf1336a

SHA1
aefaa147da89c62b39f0e31084a61876716df06a

SHA256
a95eb9c29442a052537c27e4290700235d999e278e82aa4f7c08976daf8f8c2c

SHA512
f1e5971ae43a6139838b8b741286bd5d096cdcd8e4b838d55ba23aeb98cb9c6d58b192817b8b3f9809bbf89322105e5b9856d2343863a091f48c11ed503b5672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e132bd59bc414229e5993926cad54bf20af20b49\b3a1f322-ff9c-401b-9755-783969b68307\index-dir\the-real-index

Filesize
72B

MD5
a4f3c00af32afd5e9770d4c1fb08aaef

SHA1
fc871d9c91eebea6c468a875eb4abd1a3a8d5aea

SHA256
76693cdeca7cbeecf0b8a94374b84c6e26d2462b39311c2299349c8e77afd934

SHA512
72890c54eaf89ccf531c2c9d7963a33576cae8c952c976ecb41715e00f11ddc6fc64474f1dbeba34d4283689dbcd2dcddc4ee1c59b8f9427b11ad7086d85b2bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e132bd59bc414229e5993926cad54bf20af20b49\b3a1f322-ff9c-401b-9755-783969b68307\index-dir\the-real-index~RFe61687d.TMP

Filesize
48B

MD5
32508c2966413b41289f6e2cf6df5a95

SHA1
503e1aeec027784ce5e6391b754277d731d3ab97

SHA256
ce95bd708c190e8a9b5e37a7422526861509a44a2c2120575422bb2688637d6a

SHA512
be5222392eea8fd4816a36cb1deca6a012778b634a179a154883b8328d13d5150452737e99d0d51e2286d3a57e93a34eb79e65f75f033de13cff799a4208111f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e132bd59bc414229e5993926cad54bf20af20b49\index.txt

Filesize
228B

MD5
8dd91a7aeadb209d5c68537b168f2a6f

SHA1
81cc3d2b87645e98a1cdbd27a31e51b28d43a2bf

SHA256
97d695aae304d7503521b9b4589cede57f35b935b6e0df2ea3c0b22f29cac7b5

SHA512
6273da9367e97ddee8d5152785b66b8dc0a5ecfa9d060acf404c929bed52a468a39e140a37e09d08c9a28dda161c379df6b6037742ae054118ec3719d004028e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e132bd59bc414229e5993926cad54bf20af20b49\index.txt

Filesize
223B

MD5
043453806a01b33cb5f0c95cf41afa59

SHA1
ef3c7dbe624664b1a08709967c094bbfda8351b4

SHA256
f967305ef8ea1c1e1a2c5d3e67155ee2a41faa8cd24202f8df6767cb343e9f3f

SHA512
8ca862cfc604ad0b84e713fd6a977f7390ce1a622d96701a3698c2acd4e16d7e5bb4a7d4e2771784903ea0c60eb9c9b9400c7db49b4992ac0c20e38917fa12c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e132bd59bc414229e5993926cad54bf20af20b49\index.txt~RFe611e64.TMP

Filesize
143B

MD5
a1abd28400ef9dcbbf21734a1a045179

SHA1
ba8e8ee71a4a36c2bfee2145dc24a934da0aa743

SHA256
a6aad39dc2721316ccdf282ddd10a9e98412279cfce2dece4b4c88dff7f8ab7b

SHA512
88298d08a0fed7f9fa672e2ab295307aed369570b089a7d7d5dad7781b1b4b685df61e4d6057d07ea212780eacf4739e56178413827b87d4b065b4a3b6527b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\013888a1cda32b90_0

Filesize
2KB

MD5
bf76729749b51103a86597835d65bbc7

SHA1
4b686e3bc70a129b56036875eb51ea0355c82723

SHA256
83ba1e18c306e67c6c6118ebc12ab1af8338196d87d4d71ca751d44e1c643321

SHA512
53c2f0e1670d7e1ab1e8526364b847cd07fe2b906242496dc9567622f22541f3b84c9f514ff17a97e88c26046abc72e0104515ea4fde894222e41a193692ea01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
9abd3e50606d05ef901b19ad092bde5d

SHA1
42026823b31009b7fddd6e2273c720e591daf8d0

SHA256
21cb2a523a1c3981ac4fa9cc10812cf0771ccd7f479775775954815bc2fd068f

SHA512
ba4604350fb507ce422195e1c71212650f36fce18a6c4a27e2f1ffa8988a71c1a14e41c9bf21b8919b5ed478051cfe53ca928e67cd5b254c5a89cbf66606f843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
1440db33b9eb18a9631377b41376b9c9

SHA1
7b1c016ecf354c92069be69b2d8bac88c3b8c7be

SHA256
c8f4cf2a7af8855e372bbabf9099d10566a1d7d3d40f723e242149c9b550f685

SHA512
1b7d58c5631bd33869030037ee61e7bdbc978b355f89231d83526c30e97c8028d7ff2b10417a170241912e78e828cd0f8ba6641e38a871bb952c57d3ac52c223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe616800.TMP

Filesize
48B

MD5
49c8abd96cedc9e0437ec28a4c6d78e4

SHA1
ed6887ff5ba123bf970bb8d02a0a67848b7ed41e

SHA256
d960b976adac73ec8ad4d415c894bdadcf24417f78f6c73718c36d562397524f

SHA512
294de28a25f387f6ecb261a63b9594e4c4bef30f66d817188f8f77484fba029fd9b60576a81019dcc5f4a547317e62f29d228525294bb0a1e9a5e95dce3b8b8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
71976d15645a390eb47ab2d630ac3603

SHA1
58b05e40f44f6e27c2a56d5606c85d6e58c5b88c

SHA256
e7b72a37e12fb2d11dad28c1712a1a86e29132364eededc3ac2dc91d875582df

SHA512
cac4adfdbe45aabfd05895534287cb21ccb158f74c5239fbcf9cf1797c1c8fd1c159d5023f9c801e0f5d82688cfe1d3532c992113ff7adcdec0bf6627e8d541b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\af7cd38d-270e-4b08-9d52-9c287a07d89d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
b482de463bedea7f22b65b9fa792e418

SHA1
935a9202cb803bc479925b7a3209b6fd48afc922

SHA256
ee93536c345b2cc67acba510a5cb4d897eb9e9de0859bb674d7ce0b9c127b51e

SHA512
89c2a173457b7fac5b28b1117caa1f2ba4de3fa7e5a45d49f883d85e8d489c1575f396eb6cccae2bc428d4ae2d3e59ef0838fb467799cdb3941a2cb32986678f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
24d3c5e55e6e09850522dfe24fe95f2a

SHA1
456e627944270cbc98485e742ec7017a6eb2ac27

SHA256
6e7cce3263843f385e66ba34c020e9c358e348eaf2d58b44fd004a11c8a3951e

SHA512
2e6f581d74a1ac08a5f4145aa31f07a761b9bcd6d4e42af06fdb2b481240b568bfb7cf43496d4bc509207a20cae73a0f7b5f8d43f5db98738f8effa525b8e178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
e3aa58e37e32c02669fbbed075431858

SHA1
d1d44e2f2ff3d1f25f494fb3eba78b1362e9064d

SHA256
c078875cf3c1abf1dc8949398290badf38c6eb27e019f3da9bd7742952b54721

SHA512
ff17ee4379be5b719e93314bf259d69ace0867c5a94146ac659f2f444885e6afb16bbd167087f9d803ab82416205f040c840746872488fc12299b245538f0205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
0263043ff7450bcf88aa7ddb6a6904d2

SHA1
eb3b8aff5ca1bee9f87e13cc9384326549d8a553

SHA256
e7af2df4c78797833c059c61e8be72f1c0bbcf54626ccd13a39d4bfeda16261f

SHA512
cc752f82402b4909d9e49fb53977079fbc2df8ae45c90114e4f6c0c20911c3293e31ac2dd3c862e8b12283eaaf5700382565a59b41e8463c65ee582ef47991dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
f82544ae12fdf1cdc5020039ea26f7c4

SHA1
20a7c59e5858f22ca1a3a6e44df46da02472804d

SHA256
54fede9804a5c5fdf7006635a2e3d04b15cf2e5bd03bf97a99ad1abad3986b0e

SHA512
f58e31f6bbe21aa5b29ee4d20f0382e8b970f3fd575d0502e987adc000f201c03f1856ff9daababe7ea1640ed15f97317d7d4cfd7dac4d2071d84bc27277b20a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
42de21437b4fc26ea44283e308fec82f

SHA1
a5017c867af5b27135efc7bd3fecde53f9961f65

SHA256
788c3b278c5eab958842b33bcb58e56682552b87b18d4ca0fee9a0a9b066835a

SHA512
1fca75664715482d3c5fe4f2c68165d4108ee9e3789d202a1d82941f53d9a9fc8fc1b94ce78438e37d65ca19d168ff3580b6d56ec8b6c48ed9f977d8e90bb531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
bf943ca66cbd2f9742b63aeb95cf7899

SHA1
c307ebb7c4579ad1fcea62e12a83434335bb8b90

SHA256
8bf41e894c917bb0ad03bfb0b14d52132265b51fbfe1da0d949a5f5531aace81

SHA512
3a09f10344283039ba52b45d4925526e72cc0a29de61767508abc31434e6c0c5fc632faaad64d7cc3fbb9585a6cd9629f4ffcf9e174ad29449119a95cfa60e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
29439a805d6c88b41e4f551cae5f9ed9

SHA1
74677f30b58c55cdc11531f82e7483ec0547ce55

SHA256
05960f28dbd0e824384187c5da8876e7c6dbfb919aab733c612ab9c480f4b757

SHA512
dd891e18a9f9b44ef34dca5f7a98b34d9096be38d398be80e55ef6840a25b80f418362f9687b9906641b0dc314890afb712a4282157995ca3b2fb051e16cad57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
29439a805d6c88b41e4f551cae5f9ed9

SHA1
74677f30b58c55cdc11531f82e7483ec0547ce55

SHA256
05960f28dbd0e824384187c5da8876e7c6dbfb919aab733c612ab9c480f4b757

SHA512
dd891e18a9f9b44ef34dca5f7a98b34d9096be38d398be80e55ef6840a25b80f418362f9687b9906641b0dc314890afb712a4282157995ca3b2fb051e16cad57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
39c5b905286e87ac40c3bfa7c065e1e8

SHA1
a85774570d4e3af87e14346cebe4f38b337059f4

SHA256
a89d5c677845b3a5ca2e7491b040735aee1c523711bd69b76214f4983caf6ced

SHA512
0edaded72854a3259be4b6bc10043ebabcabdcc4c8fd7d5704a8e37c52c386f6e20c298bc350198359fd68fadf07e63d87d250f8730d868215dbf04858f0eb17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
3c4e5ccdb96cd85bba3a4ebc5b2880a9

SHA1
6d6794eecd1edb46475a6c875e196e4581d86583

SHA256
de42ef7171d41d6ed090a6cb481666eb896bf95ed01a4eb58f9ff9d742a78dc5

SHA512
50287660ac3eaf2779124bd0e69c0fb53b63c2e1ad50c2105c7613479d76014dc266c9d21e723e7cb59a1ec970d95d9115bb344240553b07de1a979ac70fd443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
b57bc15e7e313f99bea4ff4efe102cbf

SHA1
227fe305c3d270f5291f2d2ee389dbec2c4a2b57

SHA256
bc4c1003e6a34b4ee96b417e9482ee218a90819292e097d971861d2aefe43568

SHA512
f448d073b86d205635b7f0ca37660436aa43bf50e115c4f5f781eb44656884c322d0dfd26570918719aff1284ccead0fd838e7a5b6a4e373f509bb668cc2116b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
6cf03513d93bdc8367875097a5d31042

SHA1
dd99f761b22526590c902853d23b6e7ed8658167

SHA256
b056044ef11b7f5a68beee55494e6568770ab68a8b2ffafe346132526f04b0b2

SHA512
2d7f7c434109cb33c886badf3e9517e99f163623d780653d07c76160b41aa7c8662249436375423cd0856d924e3b714995c65a2272d293b510bcae441e6e3830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
119KB

MD5
3cd05bcdaa0f437a6718e4dcb63fff6a

SHA1
f6d7fb36a7870e26836cf7f99296ee9966aa9928

SHA256
0e9d99ece8aa4ffdb6723226c7db2b95697bc613290da83897c3c60051759b93

SHA512
ddc09884f39e3d99494e85fa2ea0ffd9651dc8b264d29442ead5bfa9db45cd1251b3ab09c57d84e46aa14f4abdb418dbdd7c2a2a0ec6dc0d9d7f1494dbbfb86d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
4474326a5195035c1092c00d9296524e

SHA1
35c2e42fd6f784a0bbf42cfea26f5c262577f3a5

SHA256
a809d16190566c05a0946c700e63f82416249104603b9ddf14a039a57daab37a

SHA512
ae5148c8541d140436a0345fc4767737705fd9e4d7cb76efafe90dce1ae8316434aba85ff5aecef711a4affefcd2de626af83c026a8ffc2f059a5c2f313c7239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
118KB

MD5
61ffe78616bb47975ef4a6f3b0fb01d5

SHA1
34390c89336bf6ba87004453174b85c80831af36

SHA256
b26ef92641c4b41ba205eb90314c2035990816c6dfc513333e69fd533720d36a

SHA512
6d1f2abfc2b8aabc27429e87563cff2bbeed2117ba2c3b9d29b443bd4f16312ba9a5ffefa27f3150f22c99a0cbddbd3af12fee6932cf4add6dd0e67658fa6c42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
e47768da666dac516b52a95b00b41512

SHA1
e6c3dff436d64b6785ebf16eb4479f120a06f5a3

SHA256
d5e1946e048db7ed89344928f62792cfe00508420c2334f4075b1b20f829511c

SHA512
1711b5225cc9e610b568da112c14d1548b5e4df0dc2e33a5ef05c7b5c632f980ffb93809cd6239ddd6ba1c9108a03813e8ec0d02483b44228f8868d53dcd49d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7A5L91DP\PCClientBootstrapper[1].json

Filesize
4KB

MD5
2ecf98705e5a512879610e4ebcebd8c3

SHA1
439dedf522684a7a9b40b08da09fb1dd22c85d15

SHA256
afb207e8b30f3b74faadfd20acab4289a8ef8efd75daf86e4e3e9d5ac98b49b2

SHA512
e63a18ad88030b1fc3152df5044d927f06cfd1c5b797c9e0008ed639aec577ce9e08d784e973e48538422515365276a34aa8da19c22f0b8af8b30a1bbf687218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EJBSOO5R\BatchIncrement[1].json

Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EJBSOO5R\version-57e2dd886e0e42a5-rbxPkgManifest[1].txt

Filesize
1KB

MD5
95464ed5a662251fc34bf61851ac3d77

SHA1
9a0461dde0566c63436441c00eb39f31194c606b

SHA256
cb5f9fbff57317c2fc3b55786ace950f5fe19d01a98163adbad43eeb161e35ac

SHA512
6c2279be972a25784f9e841dba18b64ab3aeca96490406364474fcfcd53ceb3e9392d02458c7a8170bdd0e8ddf7adbb864d4d6aff59e36726c923fea6fd51408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YVRU9O6W\WindowsPlayer[1].json

Filesize
119B

MD5
93e4956c3964e64e539ef9986596a63d

SHA1
3c59764502215aabb55375c99b9157cdc5d5c93b

SHA256
c74e5a9da3babedef8c6a28a178b3ecb3d43afbad2c4973d2d5f167b8a501b1f

SHA512
5cffb7ee2afbc7a770a7e0c37c34a35f99ed7a61f78df6172f917080f0dc0937ed3817504d84a29f8b9bee11ec010cbab17bd957b750a442c952dfecd34fd86b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS081BCC10\Adaware-Privacy-Installer.exe.config

Filesize
863B

MD5
29d3e7a537a20ae13aac39781caccbfa

SHA1
207f210624f80807fe060c05c5d988a1751adaac

SHA256
4bd89d7cea62233ffb2982fb413c44ca96c11199d5d0f568fb5b7ce1e3821909

SHA512
e2565e1297184006cf6fdf0cafbb605b52fb72662bb0ba05dc99346f1e5889c12f41fd15b49af3ecf48d5f56bc7235615ebe703cfd9385951f23d0adbe79382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS081BCC10\ICSharpCode.SharpZipLib.dll

Filesize
208KB

MD5
bfca336c1a60220fca129713486c7690

SHA1
6b15b432eab850df22a93930156020c94cbae312

SHA256
c3848dd0f670bb2dce8f80c10693c17759a217f300328f6e67eda479ed1fdde0

SHA512
4b92cedff5a0ae347d6b5b64c0e24544a6439c84f2cbf4519489a685205efcbe8f5e5473e79afe865517c371dfef4d1b8c45c144bb2a90b79494118465d54ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS081BCC10\de-DE\Adaware-Privacy-Installer.resources.dll

Filesize
19KB

MD5
bd97578b7cb8929f6c05d9efbf246fb8

SHA1
ef490ff7f6621e372b17b9a2e0f671d35f99485c

SHA256
3235b1a35d15c10901e67205aa41c05c86a97537f47d8ca27985dfe99a62dc9c

SHA512
ce981c481cd7de630e1f014a944be5612ff1990bfa1e541da018b1f8a22f3608d95c223d8254fb635330f02a041c4de38b6ddd7c872c83692b24b0e00b6c1e91

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS081BCC10\en-US\Adaware-Privacy-Installer.resources.dll

Filesize
18KB

MD5
8d8ec8f39d0965f892084b5e755613f9

SHA1
252f9cee8af2c84f6d613268c62c4d7ea7de8822

SHA256
8267557f348be4f002ac09b952a245875ea9eb5617f7f08d8a2851978a243a00

SHA512
4e662207e4e389e200024d9c59ca2bffd1b0375063d4eb330759326ab700b34b71d7a8436707c0347ac846851ec9100835af7f8c132b9e7a7f1989f3e2121589

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS081BCC10\es-ES\Adaware-Privacy-Installer.resources.dll

Filesize
18KB

MD5
f0380c679f2d3c089792af44c1d8b8de

SHA1
b948d7aa4d9d9b6b36f13c5d081bb05b28c6d295

SHA256
af5cc004199e28d9cda02606e7ce258538ae387b75f0ed3e6ab2430b6dbb53c9

SHA512
2de641027d4a1bdae42249c682b5428e4ba70bec1da935074c894d613040272745be6f63598949c86f2e3328da4ebb5d717467add0f9266e415d08bf0f308231

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS081BCC10\fr-CA\Adaware-Privacy-Installer.resources.dll

Filesize
18KB

MD5
b60db206feeb178fa44a20546ad0828a

SHA1
cc0cd12708440b8b8878204c74d0c5940787dcd0

SHA256
71ee47b0efbd8267b4ae1f8e169c31924ae6bcff89a0a636ceea4f6d456a2d2d

SHA512
a4f1a56cd5229983d7ff2d4f3906189c86701dd54fec6d452c416e44e50f879b97504bec172fb2f4155907be2f0bc075bb17bb27b67ef48e61cb2a81da844fbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS081BCC10\it-IT\Adaware-Privacy-Installer.resources.dll

Filesize
18KB

MD5
12502653fffa677f76dc6e4bdd2f3be1

SHA1
02847d9b2dd3dc96050a8cfd117596bc5566f6da

SHA256
5bbd0606f1165bb496d03cfbf06ce21abb93c96a8849e2e99afb7e665e93a6c7

SHA512
879319f5ecfea9b9f1759d66cae50ba8e46aa5afe0d714bee48367d4edee4975f3569580966c6435bffb9e98452d1bc3c30d570bf0f676314af9a647708c0d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS081BCC10\ja-JP\Adaware-Privacy-Installer.resources.dll

Filesize
18KB

MD5
eb2f97755cccd6814d87ed5b4f041175

SHA1
f02dd758217998f65c75e529633d72be5163e81b

SHA256
c3786141c2f333956965403fbb34d2739d14ba995c6313137c3e1e485791fa79

SHA512
015e7f2d5dc3985bb7aa9a4643ffa5904b75d0a9e01a3a1c69a1f4cfb3fc433417c1017dbd8dfbf12b18fcc9274bd60b1f583f626d2903fa7fad425541056808

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS081BCC10\pt-BR\Adaware-Privacy-Installer.resources.dll

Filesize
18KB

MD5
96c172f55ca22b02def92774209d8048

SHA1
2c6452eee85119e5c6db039706a5bf26ac6658ba

SHA256
f695d73730db7b9fe89a8eec089529bc1e6b628cb5f2caaed4f77c5b8457ec0e

SHA512
bbd5166556b96811ed756c56d9e93fd09681bbbd1e0719cc6bf9a932a96dead0a9972209345db5e524209e0ac62c346e33935648f3d2faf74a20632389b4ef93

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS081BCC10\ru-RU\Adaware-Privacy-Installer.resources.dll

Filesize
19KB

MD5
30999daec0b087ff35d1638ebc5cee59

SHA1
0ad3bf08b8ce3d3ca2f6d54858b5eccc5d3866f1

SHA256
aca6ef7d3450564cb9f1d568b0f9a7d54a4c100d350e0b2e1a6f39129e122397

SHA512
3d6bf57d836f9ab8ead3c90e3251a31285a209d20290026c2f9a63cbce7497451a32cb1c9d906214f12622f061051386c57d3160f3ea0d420110fab5195500b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS081BCC10\tr-TR\Adaware-Privacy-Installer.resources.dll

Filesize
17KB

MD5
648d834f44a98e49525845034a6b76a9

SHA1
77f4abd346dcade52879084e15fb1e1f739fd906

SHA256
8e6f7db56a396a90aa6e3fa726c2ac52210df95044dbe3d4bca5a4786817bb9a

SHA512
c366e646a46bc4768e4385fd3c60466acc274077fad6391dcb1c1f6b1d9c4563b6c1aab50d2d468abbdc03d11c355c4fb1019cdb2678ec40ea418f13f6a896c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS081BCC10\zh-CHS\Adaware-Privacy-Installer.resources.dll

Filesize
17KB

MD5
7dfea4e18c241481cc2e8ea059a54342

SHA1
e3b3047e0fcb975a9efc396542778042e1f1dd05

SHA256
8c5422ce7a14720e0e8a3bc606b47ded3f059eca486d18fcccc5086e9eb707c7

SHA512
2ba48afaef29e307107b7a8d864dce47afc8e380d006e12f9eaa3b391347b0893dcc1465488fd784b7a438cce47b505e3835c0b44ea176a3df5d73e84e9a0904

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS82F1E340\Adaware-Privacy-Installer.exe

Filesize
444KB

MD5
b34d0e4b5f31e13cccbbe3b8d17be9dc

SHA1
1710aa46343e46f31d5efffeac510afb36a3fea8

SHA256
ab045fbd7c8356c26a93a94908d555b9f9f8b122140703b44e58c637127e0cad

SHA512
e03d4bcfed174aeed9aac1997e3e486763f42ff8838275240048e6f2b903306dedd012793cc125545d5ddddca0068a08388ffbb74ea033a164d817f8c711753d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS82F1E340\Newtonsoft.Json.dll

Filesize
562KB

MD5
526ec1419f035cf5689db5e14e610d6f

SHA1
075def7718cea98ab6a91cfe16d97a33fbb28ce0

SHA256
19e6fcdbd5df1916a209a288f3e9a95a6ef48d05a29deea2dd3a6f25a2def44f

SHA512
716a74d396a32ecae960cca6bc0a234eaadfda412e9dc10badca7c9c721c9ada1fe005195fa0ba57e5cc392c87237b5b69909590ae7ccc27e0545fd0e099ced7

Download Submit
C:\Users\Admin\AppData\Local\Temp\AdawarePrivacy.zip

Filesize
20.2MB

MD5
e6f94dd56a8c6d8b6124c16e7a114a92

SHA1
860ba21c4cb17fad8297b13d64a28eb737209a7e

SHA256
58a541ade10d70e9104405a546c11bc4f78bf6c64d022970f3f18ada375414a5

SHA512
a66b8b22e0217a2b280b715c0270c36e2f5ecc6799eea05451cbf90ed7bdd97045ac88de14327af11a0d10bc564ae6f7d427e0fb2e54d5d824eab534218d2528

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-3A048E34\RobloxPlayerLauncher.exe

Filesize
4.9MB

MD5
d4845be8c0192ae3d60151695a2bd063

SHA1
e6fb50fc241cbec75d953b7f0b240ad4c19a396f

SHA256
9a3b7b139d754bf44bb4481f52d14d2e695ee8ea0e330591aab75f0103f73fb3

SHA512
77045b572bfe05b859518e9b2b12ff9e5326232520c0e8b4295035aedfdd4a62802075a9b62618c91742dde391bae98f22389627f9a7cda5ba4a72ea3dd54164

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-3A048E34\RobloxPlayerLauncher.exe

Filesize
4.9MB

MD5
d4845be8c0192ae3d60151695a2bd063

SHA1
e6fb50fc241cbec75d953b7f0b240ad4c19a396f

SHA256
9a3b7b139d754bf44bb4481f52d14d2e695ee8ea0e330591aab75f0103f73fb3

SHA512
77045b572bfe05b859518e9b2b12ff9e5326232520c0e8b4295035aedfdd4a62802075a9b62618c91742dde391bae98f22389627f9a7cda5ba4a72ea3dd54164

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX-3A048E34\RobloxPlayerLauncher.exe

Filesize
4.9MB

MD5
d4845be8c0192ae3d60151695a2bd063

SHA1
e6fb50fc241cbec75d953b7f0b240ad4c19a396f

SHA256
9a3b7b139d754bf44bb4481f52d14d2e695ee8ea0e330591aab75f0103f73fb3

SHA512
77045b572bfe05b859518e9b2b12ff9e5326232520c0e8b4295035aedfdd4a62802075a9b62618c91742dde391bae98f22389627f9a7cda5ba4a72ea3dd54164

Download Submit
C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat

Filesize
40B

MD5
6a21236355f99acaa788dfc43197a373

SHA1
048821a0971224bf96ab3f3dd3748d01a9b4b4e2

SHA256
7f58615ecda7f6352f6aae7079b056bbaddade9fcdf84cb41418c8556ed492a6

SHA512
00e264bc2f7ef3ee67b384ff2a0c123eeeb6fcdbfe81d727808c4293a530eecf57cc15605f4956c57038683bb7edade9610f822bacc4a4bfbe37a1b1888f3144

Download Submit
C:\Users\Admin\AppData\Roaming\Adaware\Adaware Privacy\Application\Adaware-Privacy.exe

Filesize
2.7MB

MD5
588b870d69f42197d91a331241c5e147

SHA1
c6629c77d4ecba5115a81670f125061ba7184f9c

SHA256
f4bf5472c0b3119c17ae86b18bf85abd8c9527e55b198f6b69798536fc4c1e73

SHA512
29f60f728ff47eafb8849631755a95d360d3993ee372d0f8461ccf578003d3f74ac6ce758b830afb3a345a44e7ac2fbb0505091be8ba3511673364cd89c8cc12

Download Submit
C:\Users\Admin\AppData\Roaming\Adaware\Adaware Privacy\Options\ActiveFeatures.zip

Filesize
382B

MD5
91b94aaefc1bb2ad27fe07884ff3cbce

SHA1
d237a024cf26542b10eac1caaf3389a4a9982b70

SHA256
a5e62ecf4153ce0f31ae261cae77a7403cb3e8759314c35e7b0620ecea36c960

SHA512
246e8ffe95986dcbcb9a6b7561977c29d957347be05b49bd737f419cde28920b0c6e87ae588cbc289065bebd46ca48668dfa7d26a05bd232fdc8ee7fb7e036a5

Download Submit
C:\Users\Admin\AppData\Roaming\Adaware\Adaware Privacy\Options\AppSettings.txt

Filesize
297B

MD5
b151e68dddf4b106c4fd9fd84f4c2403

SHA1
9054d675a82129502957490234d63e14718c054d

SHA256
808ebba7b702b098de733ea03e3aed7f922ad833099289db083a23a9759423df

SHA512
a8ad39eeb7b9850fa7c10119e7d28eb7837f6bd55b9cad72bcbd5c16034120dd12a93eb9f846a758dd7a48d3864364fb1df0989071f31fc2ecec640324aa555f

Download Submit
memory/1308-952-0x00000000056C0000-0x0000000005752000-memory.dmp

Filesize
584KB

Download
memory/1308-950-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/1308-940-0x0000000000B80000-0x0000000000BF2000-memory.dmp

Filesize
456KB

Download
memory/1308-1087-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/1308-1086-0x0000000008A30000-0x0000000008A3E000-memory.dmp

Filesize
56KB

Download
memory/1308-937-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download
memory/1308-1085-0x0000000008A60000-0x0000000008A98000-memory.dmp

Filesize
224KB

Download
memory/1308-953-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download
memory/1308-1084-0x0000000007330000-0x0000000007338000-memory.dmp

Filesize
32KB

Download
memory/1308-1083-0x0000000006AB0000-0x0000000006AB8000-memory.dmp

Filesize
32KB

Download
memory/1308-954-0x0000000006050000-0x0000000006072000-memory.dmp

Filesize
136KB

Download
memory/1308-1505-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download
memory/1308-955-0x0000000006080000-0x00000000063D4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-1089-0x000000000BCF0000-0x000000000BD24000-memory.dmp

Filesize
208KB

Download
memory/1308-957-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/1308-1082-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/1308-956-0x0000000006610000-0x0000000006676000-memory.dmp

Filesize
408KB

Download
memory/1380-1365-0x0000000007BE0000-0x0000000007C1C000-memory.dmp

Filesize
240KB

Download
memory/1380-1398-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download
memory/1380-1306-0x0000000007AF0000-0x0000000007B56000-memory.dmp

Filesize
408KB

Download
memory/1380-1227-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download
memory/1380-1322-0x0000000005DC0000-0x0000000005DD0000-memory.dmp

Filesize
64KB

Download
memory/1380-1314-0x0000000007A80000-0x0000000007ACC000-memory.dmp

Filesize
304KB

Download
memory/1380-1293-0x00000000079C0000-0x00000000079F4000-memory.dmp

Filesize
208KB

Download
memory/1380-1368-0x0000000007BA0000-0x0000000007BC1000-memory.dmp

Filesize
132KB

Download
memory/1380-1311-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download
memory/1516-1402-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/1516-1401-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download
memory/1516-1289-0x00000000054C0000-0x00000000054D0000-memory.dmp

Filesize
64KB

Download
memory/1516-1639-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download
memory/1516-1288-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download
memory/3600-1197-0x0000000007640000-0x0000000007C58000-memory.dmp

Filesize
6.1MB

Download
memory/3600-1225-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download
memory/3600-1148-0x00000000059F0000-0x0000000005A36000-memory.dmp

Filesize
280KB

Download
memory/3600-1147-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download
memory/3600-1146-0x0000000000F00000-0x00000000011BE000-memory.dmp

Filesize
2.7MB

Download
memory/3600-1150-0x0000000005EB0000-0x0000000005EC0000-memory.dmp

Filesize
64KB

Download
memory/3600-1151-0x0000000005AE0000-0x0000000005B00000-memory.dmp

Filesize
128KB

Download
memory/3600-1152-0x0000000005AC0000-0x0000000005AD0000-memory.dmp

Filesize
64KB

Download
memory/3600-1153-0x0000000005E40000-0x0000000005E54000-memory.dmp

Filesize
80KB

Download
memory/3600-1149-0x0000000003430000-0x000000000343C000-memory.dmp

Filesize
48KB

Download
memory/3600-1212-0x0000000007460000-0x00000000074D8000-memory.dmp

Filesize
480KB

Download
memory/3600-1198-0x0000000006BF0000-0x0000000006C0C000-memory.dmp

Filesize
112KB

Download
memory/4712-1187-0x0000000005760000-0x0000000005770000-memory.dmp

Filesize
64KB

Download
memory/4712-1186-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download
memory/4712-1226-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download
memory/4712-1234-0x0000000005760000-0x0000000005770000-memory.dmp

Filesize
64KB

Download
memory/4712-1403-0x0000000072DD0000-0x0000000073580000-memory.dmp

Filesize
7.7MB

Download