hxxps://www[.]roblox[.]com/groups/5582674/Robux-Admi

Analysis

max time kernel
803s
max time network
874s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
16/11/2023, 01:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com/groups/5582674/Robux-Admi

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133445705318976517"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.msn.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "406876136"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com\ = "54"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0a8cf73c2918da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{53BC0E4E-FA6C-408A-9E59-DF6C5D789156} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 60d668112918da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 72b46d112918da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = fd45e7012918da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\msn.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "23"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "809"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "650"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com\ = "21"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5000	chrome.exe
5000	chrome.exe
4224	chrome.exe
4224	chrome.exe

Suspicious behavior: MapViewOfSection 14 IoCs

pid	Process
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4872	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4872	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4872	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4872	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2164	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2164	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3800	MicrosoftEdge.exe
Token: SeDebugPrivilege	3800	MicrosoftEdge.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3800	MicrosoftEdge.exe
4132	MicrosoftEdgeCP.exe
4872	MicrosoftEdgeCP.exe
4132	MicrosoftEdgeCP.exe
5084	MicrosoftEdgeCP.exe
5084	MicrosoftEdgeCP.exe
5084	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 1932	4132	MicrosoftEdgeCP.exe	74
PID 4132 wrote to memory of 2872	4132	MicrosoftEdgeCP.exe	81
PID 4132 wrote to memory of 2872	4132	MicrosoftEdgeCP.exe	81
PID 4132 wrote to memory of 2872	4132	MicrosoftEdgeCP.exe	81
PID 4132 wrote to memory of 2872	4132	MicrosoftEdgeCP.exe	81
PID 4132 wrote to memory of 2872	4132	MicrosoftEdgeCP.exe	81
PID 4132 wrote to memory of 2872	4132	MicrosoftEdgeCP.exe	81
PID 4132 wrote to memory of 2872	4132	MicrosoftEdgeCP.exe	81
PID 4132 wrote to memory of 2872	4132	MicrosoftEdgeCP.exe	81
PID 4132 wrote to memory of 2872	4132	MicrosoftEdgeCP.exe	81
PID 4132 wrote to memory of 2872	4132	MicrosoftEdgeCP.exe	81
PID 4132 wrote to memory of 2872	4132	MicrosoftEdgeCP.exe	81
PID 4132 wrote to memory of 1108	4132	MicrosoftEdgeCP.exe	84
PID 4132 wrote to memory of 1108	4132	MicrosoftEdgeCP.exe	84
PID 4132 wrote to memory of 1108	4132	MicrosoftEdgeCP.exe	84
PID 4132 wrote to memory of 1108	4132	MicrosoftEdgeCP.exe	84
PID 4132 wrote to memory of 1108	4132	MicrosoftEdgeCP.exe	84
PID 4132 wrote to memory of 1108	4132	MicrosoftEdgeCP.exe	84
PID 4132 wrote to memory of 1108	4132	MicrosoftEdgeCP.exe	84
PID 4132 wrote to memory of 1108	4132	MicrosoftEdgeCP.exe	84
PID 4132 wrote to memory of 1108	4132	MicrosoftEdgeCP.exe	84
PID 4132 wrote to memory of 1108	4132	MicrosoftEdgeCP.exe	84
PID 4132 wrote to memory of 1108	4132	MicrosoftEdgeCP.exe	84
PID 5000 wrote to memory of 4560	5000	chrome.exe	90
PID 5000 wrote to memory of 4560	5000	chrome.exe	90
PID 4268 wrote to memory of 924	4268	chrome.exe	92
PID 4268 wrote to memory of 924	4268	chrome.exe	92
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98
PID 5000 wrote to memory of 1816	5000	chrome.exe	98

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com/groups/5582674/Robux-Admi"
1⤵
PID:4252

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3800

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:948

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4872

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1932

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2164

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3476

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4844

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5084

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3580

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2872

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1108

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd7d429758,0x7ffd7d429768,0x7ffd7d429778
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2028 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:2
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4584 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4832 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:8
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3756 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:1
  2⤵
  PID:360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5572 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5592 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:8
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2340 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2144 --field-trial-handle=1764,i,9856188736553963347,1658548113505469869,131072 /prefetch:1
  2⤵
  PID:3492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffd7d429758,0x7ffd7d429768,0x7ffd7d429778
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1820,i,14983153913069974476,8492348780126122565,131072 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1820,i,14983153913069974476,8492348780126122565,131072 /prefetch:2
  2⤵
  PID:2112

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b73d65d6a4e82f58796cb7ac482447af

SHA1
4059174dd23fc893f9ab5ea5fc474d10beea749b

SHA256
c9c5361fc95e2e4143099b434ba18a0ce96d3a04836a9fb3fe0590c7da50d7bd

SHA512
4eeca95f0f339c95f38d82d8a25cd8692c0857f8f68027f0ddb508862086a0131bb4ea30dc67e158d1de5db6c31fdbb44a159c5f4b85e6aa49bcae552a819c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b73d65d6a4e82f58796cb7ac482447af

SHA1
4059174dd23fc893f9ab5ea5fc474d10beea749b

SHA256
c9c5361fc95e2e4143099b434ba18a0ce96d3a04836a9fb3fe0590c7da50d7bd

SHA512
4eeca95f0f339c95f38d82d8a25cd8692c0857f8f68027f0ddb508862086a0131bb4ea30dc67e158d1de5db6c31fdbb44a159c5f4b85e6aa49bcae552a819c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b73d65d6a4e82f58796cb7ac482447af

SHA1
4059174dd23fc893f9ab5ea5fc474d10beea749b

SHA256
c9c5361fc95e2e4143099b434ba18a0ce96d3a04836a9fb3fe0590c7da50d7bd

SHA512
4eeca95f0f339c95f38d82d8a25cd8692c0857f8f68027f0ddb508862086a0131bb4ea30dc67e158d1de5db6c31fdbb44a159c5f4b85e6aa49bcae552a819c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b73d65d6a4e82f58796cb7ac482447af

SHA1
4059174dd23fc893f9ab5ea5fc474d10beea749b

SHA256
c9c5361fc95e2e4143099b434ba18a0ce96d3a04836a9fb3fe0590c7da50d7bd

SHA512
4eeca95f0f339c95f38d82d8a25cd8692c0857f8f68027f0ddb508862086a0131bb4ea30dc67e158d1de5db6c31fdbb44a159c5f4b85e6aa49bcae552a819c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b73d65d6a4e82f58796cb7ac482447af

SHA1
4059174dd23fc893f9ab5ea5fc474d10beea749b

SHA256
c9c5361fc95e2e4143099b434ba18a0ce96d3a04836a9fb3fe0590c7da50d7bd

SHA512
4eeca95f0f339c95f38d82d8a25cd8692c0857f8f68027f0ddb508862086a0131bb4ea30dc67e158d1de5db6c31fdbb44a159c5f4b85e6aa49bcae552a819c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
d702e0fbcdc8e75b58e30097ec426364

SHA1
108e476eabf1619c7ffacf492638e8c85c642c59

SHA256
066193441a71dfa523889ab7e58bf3a3508867057fb562d7720ac4608431793f

SHA512
6618b2f43353005911cb5da0331a2b0cdf30d6ae06fce14e901944a5c95bfa06258f8fc633283fdefcab922f83bc008cb15e411bf322e2f7cac903c33c225fbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
03b872523d16cd7ceb2d5695ce6c8745

SHA1
eb1330641463ffb2f3b84624317d4e572a01cde7

SHA256
1fcc0d84312d2b8649d2c3dc7f08b9296a87b2bd47329e714e72513f1dc41e6d

SHA512
be17abcc41a68901a725ddd453bf322103e524d564cd331fb31d615f50b96433bfbe49a4f4a03423bca28a8738f4bc8022f21e6b32f9b238b1d52015ab7f000c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d33acac242956f5c842e1fefc14d3506

SHA1
c03fb79aec8b529faa5cd1ada02233e30f1b4cc1

SHA256
cd4f8ce9fc3502db43273fe66b43176f48d5833ed2cbbb1b3642629f7aa34636

SHA512
807201613fa048e0a3cc146e4bb4e13f5297c579238d55586340136bf2a7c92f648e89a5ffd902fa53fed70891b4782b258f558b693c507801d3efc81bdf2720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f62b43eb1649172f9c96fc52972eb124

SHA1
e6efe9913d57a055b831959dd4dea863ac68a61f

SHA256
7891c72fb0fe72c1d5e20f0711b254bb205892e3635c3ea4b3b687f71d2d55d9

SHA512
5cfebfeba91a9084809381080d7e7b844e332c661e048b847902d348d41438187fd8ab58fb0cdb254fc233dce16861c59cec218a2187daebea0e449b2203d8af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
7205ec94b6ce090579ad646de1bd787b

SHA1
e116c367ddb4200f539fb93022649673f14b4c38

SHA256
91014aaa5abaf5d3817512c5fcac98fc42a841b4799b3e5a8b151d6460b684ad

SHA512
4f59cafdce7fdaf6d873747e0c14993c688e923362f36785d76eda4bae2f96b5d2fd501826bf58015b42503578853dcebfc66216a957cdbfa7e2ad580bbf7cb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
57a051fe8a6b5586836fde7db92825e7

SHA1
fadc0b222d908a18a0ec4af519b594637ed886b9

SHA256
48f4e977f3bfe0eda737e36fd091b40f9dea046045ce6a8204d914bc3240467f

SHA512
0e8590660fa37569dee0cc033ea8d2e2571f408c267da75fb68402918b56c57002f63bc2ba337c06fa8f4d4e8e6716fe0b8845d6372d1cd6cf317bdfbeaeba31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
cca7e7c74b6606a45e3145e7b9cc0a23

SHA1
9b2fa87b77874c9d5b3410339fbd888b3b2fa2d2

SHA256
4f2cd4c9e5d350c89ce4d40c13db615fb2de48e09efa93b7fe30e009e20b0a5f

SHA512
318e0f1fddbf2b848bea6f3c2b8b721563ef89642f56c2c93bfbca1febbaa2b035e386667bcacdea4444ca0a44b2bc492ff978a31425c81c070d3d17d8d16280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
30d0c39f0ddc425aaa82b3f84663e1a2

SHA1
8d052d1e89dff3d86baab97aacc9eeafd7d9f2a2

SHA256
d44ab46d84cb010814715283e1487cf51fa6dbc21907fbcbbfe7d17945fa5ba7

SHA512
57121fed3b1d576df4403abfc95a10d234a9a73508f2745886ff0197c246b6b2e8497966a29ca49038e757409d0235a811637afc79a3f9a40b734d41fdb7ac8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
d4b067e36c6c4bee5c157d2318249a4a

SHA1
355d4a5712b7ca4e4e44016ce6da52dd4d5aa893

SHA256
56de8820dc9914d1fb6a5180256b1f4909f7fb1999cea466004b10ffa0e90e52

SHA512
73a5c0f33123911104945da4f0590bfd787a3aef7efe3ae566ca663d38efaa2029d8693dc9d31958e357c6bc29c32062cb704955756f4397ce80ffbcbc6fb144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e859b9eb067e231a7159095cb05809e4

SHA1
5b5134c0240ce2f4c876ccc8f8af854e729ca8a2

SHA256
87d377edac10c2b872b320d0029ca553d8de258c7631e67c25c6abbc7ee64f80

SHA512
9c88a277b2284b6e433d2132bf6ea0608ef64754715a4fd758bc105d5f7bdced26f9a9a308bf7c2c795460f50ad230d0b835ddb6ed0e77c9d658bc48575d0d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
656197948b5ca5e60347851aaa073598

SHA1
59bff06479027f4ac2e70b050a2f60ef353356da

SHA256
dba182095bd9346575ba769b427fecd67d8bf738249d398915e92726be90cac1

SHA512
f56c16e699667288434986c13e4ed8ea941263648f74c75f5d09c21e388ddfea66ddb85fbf24a97c063d510945ec3b927dbabca917e51bcf6cd6bc7e0d2c80d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bc3501a3f9329212e8cccff863d774ba

SHA1
15dad2d1bd36be2d5ce66cf094c57bb0b9d5f2c1

SHA256
73ccffd87b2778da2dec2e57f805bdc5b63271a0efc627aa3465631b3ec63571

SHA512
57707a03f38fd476be9482077b26c0e6b562a86f604e5094da31d6a573cec2b21cce647579a226070077a0e3685a84cedd742b1ea2b1bdddf0ec4cc6c97e6033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5e8a5892713fd64c18177fa8c20bee6a

SHA1
1ad163aab5210b8fbdab75ad04e1d2c0b334a15c

SHA256
cb76ab71924a8b8c0dc04f49ff545b6d4683bc2c5ee7b872ab4f018896608ca0

SHA512
c1d4c982239b49b58bf64c6148b341dbdf6e9309fa3d028397d17a4f957700b962e436441b4c88154c174bcf7de532bc191cc0b14c3d272afc152b0f2d9380f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
08fb593bdfdbf9ef6abc47d4ff934d3a

SHA1
0a8d3ec99829781886a24a38e6307e0a8acf4ff1

SHA256
ac1e0b3c7988a3418a53fd3be18f35569c811ff2e8d6ef62207d2f1b562621a6

SHA512
2efd681fbe6fb343682d3ae5c224e627638755e894f65a5d7b6fb606f5db8d77c33ce64ce77b033ec061679e5492fbf1116f5d3ae213389a97f29e68d9bdf89a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bf74fa7480e6e0221f5488d4c83ea116

SHA1
779f907fb06c874a8bb66f25bd4ed72668fce83d

SHA256
fe23e5a424320d4212b83828c9a2def3771eb99668dc7d2bad1e6303bea273da

SHA512
2302bd7f3e00e017eb831907e911b2dac45f09aa5997705a9277e1f9a1cd6285e5d267780384ec6058945835a3eaa61b6b460f04ce5c3328ff5d4297838e7ad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
9edacc0dc7ba7ab20d0ffa53b72685b7

SHA1
254759165b2fd4c8fb7b0ee5de58d8c6dd0351e8

SHA256
76fc383c0eaaf1f299bccfb6909122fd0e95b9695427e0e662e085daa7c93850

SHA512
839b68a0dc8d173eca76f0ae799769346f18a5d4a4b7251e3e46c6ff2a478c09fdd301ba1a1412b66b989383e564db4675d4abfcaeb5d9137098406eba6e16d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a7ab881d7e9f14232e2cd35c6f349240

SHA1
3c576634087fd81d064a490a85ee500a4fe6fc3d

SHA256
ac479a3fe5d9022ca6a8d17a83322a061a7f313e2d3c75f60e3d83fdfd1716b9

SHA512
7fbafe8fbe819fc37cd78ade98fc6cc33d913a4b3f3db997179c3a1bd3b60ce4ed56911765beaf01706ace639cd429ba0849228c878a60cb3f647e013c9c0ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ca5083ea3d8824e68100dca2c179a52f

SHA1
4ecd8f1af0ec183fce7fb02e77108c776bd5e4c1

SHA256
dfa3a3951bda99447a120e8e5b8817eafffe983c739e03137665750ad1f0d541

SHA512
15bd4e36d50caa8be8d6ccb789afec57c40eec2ff81eb370b122a3a2fc8af83c16ae8b1e87f58ab6838ef15023ba98cbe3a23c524ac63bf0505fc56b61090a6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0a83c41cf404a321ce1020d4f94635c8

SHA1
1a774a83f904545bf3f54f1ee5a471681b27fe3e

SHA256
557613544fdcf8b1a6e770b06391f052e622225b5c46950d754acba65220bab1

SHA512
beb2085d32a8a72c219d4a5e88abb10aec0e48ebcb7815411cfac4056c105fe79ae120e46b5392d7883e01c7d0dbf6583ff6b9bf3c288178a37a0eb3aa9d7884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5ccf46ae95e0a57a81ff216cb7ab92ee

SHA1
0b04520624bb68303ad45697d0a101f84329740f

SHA256
e6806d0659c931c2b1729c3f6a95a35c48ceb8ca8168b8a134ecc1cb3a53c74e

SHA512
09bf823360da15251654cc49bd0e75bf1625a97653c9957810aea8dc2828ee28d5974d6b5c7b3e7923f4c5f602d614f8d6dfe96991a3e6b474b1a18f423f42d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0c2e58d4dbb138ab505017f3d9b1f3db

SHA1
da6d778556727e1a91202067c10b1f11b15fac0f

SHA256
5963c5a9600d70e49f400acdbb04fa028044b9894f8c647fd421f2f2a2a7be72

SHA512
ea22d31fd6d888918e993513748afd7e71fa503caf4190fc935469f96a9592ec62b36bffa3586eeea45f76de443525a659b44ca63d49c12c0dc922a87316e7e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5d5d01bb2ee78b582b97892dfe1d8db1

SHA1
02ea78af753a9adbdb9ca33729a21735f6c32c4f

SHA256
c14c1cbdb8129b2182e2ed7fad4e90283e5609da7b49f8f16b4de4ab4559d051

SHA512
2b62bfb688022631be5bfed85b942ef39068f6f1d9532d463322565069b272d0579acf74268c0e7ad46604bf1a2c1892cdec547cb450579bbba2eb31ac735e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
978aef5d30b3fa49fba851198e7e361f

SHA1
79a17d8b41ec880895be4c974d3e82482e193780

SHA256
8726dcda4f12e5f9f884fa94228717975477b42c5b99c7fba36dd6b8bfbbac74

SHA512
b898fddcaa3297c8c5c23a457679a5670a0c6cec2b33a16d1aed2a5c4e6a0fc9f4f1e34ce820e51725e1b3bf815dce2d768af644996c116dd09fba56125c91a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
710c706789007802964f226612fadc8d

SHA1
ce4fcd897dce876e7a618542ac03822879e0b0eb

SHA256
192089d7874e99c8b28c1b9800a034f232085a0027fad83711a49c2d359a3d9c

SHA512
2f97c25939c899c9476d69f8a98ce28fda08e7616346d9cf01a3709cb16dcaad6ef4f897d21304c803f3a8c87bffe6eb7a89ccef4b0b8c85ea26082c7d176bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
59ff77357b22fe849ab66d703e8f0989

SHA1
8481fcedfce57eefd6a37b07bc81e3fe68ad4b88

SHA256
5c55a8cd082afa6b8a7a968db0e442f826326883c2b7c76fa13c6d472831c8c2

SHA512
762d5845912f98a60b35915d3866227a3316fd37901be7d302179012d4f73ce94e1ecf0d9c1d7062a643d0c36b813904d007bd1a727c482f5c2235233ec13603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fe3d7c5473bfbae431d566183f30b281

SHA1
893ed6b09c967933819d15410d0691bed6288e23

SHA256
c74e00cc53e0e9f39e338ead84b01538c81f598d263eefa6c05de120acb5fe9f

SHA512
56f9bb0f22a8a65a7a871f63082546bad633d8cd4984f43533995ba5df2136220f166a6e1328c7c4517663a3cb58c1a1b75d841d13bbe87f1d515ce46b3037c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1c07985b289805441dacb80c30785f61

SHA1
f532e8c55f7218eb7c4c6eb0e382b3ae3816a0cd

SHA256
8a6b9e5373ae12f340edd5846d19eb5a37f3fce4d3220cd5a39f27cffe5971c8

SHA512
e5bce82c586465982b88975403778e39e314129737f2c72bec3af19a8f19d50622e76e167c949415d4e5e2c5c3840a2e29fad0d9c05d93d4e199abbc579b35b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
719a89c6d0d89bd53d18d14bf0de9bd2

SHA1
a5768fcf4ecf7efcd1fb389d6e36dda5f77b383c

SHA256
32832092c037caffd5e6a1f50d50df3ff6e6349e395d2dc5a8af054c78c90400

SHA512
0fc325bccd8b205218f83edfbb0ea7749cce247860fd5928372ec52d17d67253745b4a51a4c79e38dda3d1e50091f6c99d48c375b4f6daa96ed921aab676a530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
876126122d1413541ba9c2adb3646a7a

SHA1
ca3d2186964437896af35f7b7511fc80d263bc0c

SHA256
468ec65a417c46c2bf48df533fa62b41e55eb067a630facd7671d8d95f25ae5a

SHA512
9e53122d585a93eceb470945699c1591cc2d7a65f27a1915d798483ec93e0327de4bdfc496df5dc5f3180b55fea3c2b209c4282440ac0c8966828e0ba9e2c6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
79c843a4ca50c010c54f79edbe0d149c

SHA1
4aa988a624a863e11ced7c4d3068f5327e1c1168

SHA256
4046ae376b1a136d5c113cf6ec68cfa33415c61d61fbdbc9ad8666d31beab970

SHA512
5906bf48821bdef7b987910d56bba66fb16bbeed1f17ab3a4a54acbfa0a1b0c785873e9db5a3ade8b565734f747c1e18096adbd46503b4990944025a7f216cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c8f3d922a29bf2f767a221210462a673

SHA1
a2f6303cf2845842c8b3249137d0c882bbd5aec1

SHA256
8e70e0e996fab12e900ce62e990094ea284120e86a47a991e9a543a65cf7fd96

SHA512
83bdbbfd12f7c5e12457a03b0a927639ebca8ccc16c9536259448a9601cb8d05b36de8bfd37b04bf5a6827a50a0a8d2f5098e29da871085c985deb222f9c214d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
106KB

MD5
ddc64047f8267f4e128f024c4d684f02

SHA1
a6e9473d7dbdddaf331cf1cbe33bc0f84eaa6ff0

SHA256
4480556b63df36c4f4ebcd0cb8c533d32c86ac9b3158a37c7b7a4905bddc2473

SHA512
bff493c104e2ae8345ea650e703896ebc63642cbec99988967ea2ed7fa2d5e7c9ac2aec7f3ba87fca0328f39c064d378cd196f1e729b7d04716f635ef5c122d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
218KB

MD5
879118764f4471e056cd9cad6a6bf501

SHA1
1fdb38fb6e70118ac1a900ba7d92cfecb883846d

SHA256
b4983d610c282dfe98a641462fa1028b8da00f7f650b9697ac09bc69c44abdc3

SHA512
e125277179713ab1c69d1a3db2160689b13de278dbe8fa752f5a27fc29ce537e70113698916154dbdca1fdc43c7a913999e93cfb882c7cd8a1146b3fa325f067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
218KB

MD5
1ac77d312acf3f3f7503573485df3126

SHA1
c0e067484bafc28db7807ef78e7499dcee3e5ac5

SHA256
1488cd73f4426760f3016fbf23c246fc5a1801eadce36a715862b3e899674bd7

SHA512
0247212ea6ff04d85aa6e02ca51541f1def23c70d08e8836b19af115ea0fe4b59d75fc4d19852ee3f5d2514b9eac8dcd597da2c74ac00669c3371bea809ab57d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
218KB

MD5
ee7bcb6924685c3da243aabadf4baf88

SHA1
19484ccddfd2f4cd5cdd7d784bc798628380be17

SHA256
0701ab31695989934e7edeeeec12288cd8cb761aea058cbb9b91d513a51160e3

SHA512
a8dcdb07ce83b4b052303fec7374e860610903ede2bc07dffcb428e233121786944245679a4f1832df0ba00c663deb4ab54f0b53f0dbe7380039bb76eb0020b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
106KB

MD5
ddc64047f8267f4e128f024c4d684f02

SHA1
a6e9473d7dbdddaf331cf1cbe33bc0f84eaa6ff0

SHA256
4480556b63df36c4f4ebcd0cb8c533d32c86ac9b3158a37c7b7a4905bddc2473

SHA512
bff493c104e2ae8345ea650e703896ebc63642cbec99988967ea2ed7fa2d5e7c9ac2aec7f3ba87fca0328f39c064d378cd196f1e729b7d04716f635ef5c122d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
8b91e0b3ef9ae9893dc818bdb97bf3aa

SHA1
d6eee7c81a1a3e85413dbaf6d9ad21d7bc5a34f0

SHA256
a35bff743b068826704853a575e4994570151a003417ababffadcda08b882d88

SHA512
aca83847b31d00b2052afc5841a1bc4ce2a5c7d1e54234e8efb9c0af64d1b0a2a90519a8fdd6a86fe46380f13808e5777fd2af595d0f1a3d71140dfbbab9bda1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b2f3a.TMP

Filesize
93KB

MD5
606026d61c7175ca44afb6397d7a38ec

SHA1
abeca37213dff9c84198d51eb33edc0629083981

SHA256
2c73f2f026eee01bd60f398ccf83173a4b93e19c8de5297fa741343797507ca6

SHA512
f1860945e0b5e19253fd5e6068029cca4469ea8d1b1ba38fb6572a6ab428eda5b007bd9ea65e3dc1379ee6c7107f0fb2477b113dfc827d13b68d74e2e94295f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TCMH1DO0\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G2NNCXF3\api[2].js

Filesize
376B

MD5
94749823ff25fa0f489a668c7e977ac3

SHA1
6adeb56f871dd41555cc6eecef227e9700a86ac7

SHA256
e308efdfd4adba36b4c4a768924dbdfd35363dce5e00fdd06c5a4590dede06b0

SHA512
d442e0a00daa2ea1e9d8325483dc7f8cd89cd0478e343235e9de9a8206202181a4bc856c5be713d30765827a4e628a6905418c1607e2b9cd4fbc9ea010f30be0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T4MLUWNP\e[1].png

Filesize
68B

MD5
2a637d3d825673c0e3462fa4ed9a1c5c

SHA1
81668d396da22832d75a986407ff10035e0d5899

SHA256
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

SHA512
dc7c40381b3d22919e32c1b700ccb77b1b0aea2690642d01c1ac802561e135c01d5a4d2a0ea18efc0ec3362e8c549814a10a23563f1f56bd62aee0ced7e2bd99

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\VXH7AYQH\www.roblox[1].xml

Filesize
95B

MD5
7f4f14dcb22670802cd0204c639de3d4

SHA1
890e1d103d05498c5c2c98bdd4f97b7213143821

SHA256
8588a3d651b73ebe062c756ff50bb3c80accc76c1953fc5337ded2354dc80ee8

SHA512
06c513b603b09842398e621bb233a51e2451e64f3384745b29bffef2ebee14b14b5bf66224342aa1f53e002bc118ebcb74e2cbaefc535b7a3238ce8bcc65b473

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\VXH7AYQH\www.roblox[1].xml

Filesize
417B

MD5
dc7473ad4ffa0b1f83c1605ae05bae92

SHA1
ffef4f234f29c5817f86d1bbe241a79153ff1070

SHA256
237ad46be7ed0dec7b2f4e62218ee276871b0af50a41729c16d9c4f26f2e5759

SHA512
62d7c8b62f0a1d502d252a5f54c0c81d01de86a2f2442b53788426df72dff4eaa288188202320214358edea040fe57e65eea2b1baa1835e412cedf65194612be

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\VXH7AYQH\www.roblox[1].xml

Filesize
417B

MD5
dc7473ad4ffa0b1f83c1605ae05bae92

SHA1
ffef4f234f29c5817f86d1bbe241a79153ff1070

SHA256
237ad46be7ed0dec7b2f4e62218ee276871b0af50a41729c16d9c4f26f2e5759

SHA512
62d7c8b62f0a1d502d252a5f54c0c81d01de86a2f2442b53788426df72dff4eaa288188202320214358edea040fe57e65eea2b1baa1835e412cedf65194612be

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\VXH7AYQH\www.roblox[1].xml

Filesize
209B

MD5
d01872c10b98b1f950737955f0ab5eaa

SHA1
b6cf2531d02fe863cc5c6991d469f5fe4bd725fb

SHA256
cac535bfff7ca25a8064a6a284ac830e8ae50e73441681d65b021dbb9e4d4910

SHA512
754d2aed237fd44e1bea2175051439e6a08196ad2349f7027530afc1941648902bbe3e324754acaf7fa0e7e6ef3d98b7c20484578cc847bad6430cdc214d453f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4U19JT1T\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GBAUMHHG\favicon[1].ico

Filesize
525B

MD5
68208984e7e1dd87ab5f7c7d587c7a9b

SHA1
e1257a0d3863d707eb3dda6953068a1ab257585a

SHA256
1cb7faf06f9d66b671a030ad6a5927119bddfc43fa473b9b9dae463f8175da43

SHA512
6d88db780d7f68ac2d0f5828c001f0aec778e990ef95cbc007320b7ecc5cee76c3db4e74813eb8ed3dd85ab98b130f01ec916229b0050166cc222ae9ee2f707c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GBAUMHHG\favicon[2].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KD26CK48\7bba321f4d8328683d6e59487ce514eb[1].ico

Filesize
4KB

MD5
7bba321f4d8328683d6e59487ce514eb

SHA1
ae0edd3d76e39c564740b30e4fe605b4cd50ad48

SHA256
68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54

SHA512
ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFFCA57F10B9003795.TMP

Filesize
16KB

MD5
a7b0e4d18790873652cbea69d5ef945f

SHA1
362743c4d56480c8044aa858da543dae7f88205e

SHA256
2038dbd0db13a2161cc9d2fb9dd3c3fb185539d0ceac9b45df040431bd86ad47

SHA512
1531616c2bed61680afa9dc169f77d891d544142cd4cd84a436e8871f9f31322ab87bb4b77d722d8707ad8486a7908fe50908292257617787ff7e5d35c48a846

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7YZ3A5K4\common.0715cf3c73f73ddbdac3[1].js

Filesize
2.1MB

MD5
a49fe04203c7f5c149b709e70be8557f

SHA1
8f2b7ac7009296cbc3234d1b1431c4d3880a0593

SHA256
4f84eeb87d82fe84d2ff91950b24be7369dbd904cec07c021d07f48901fe188f

SHA512
bd5d3256c67f11240ab91b2abe94b7dae8d96ebfa7b2698c49f4fda02eadaa02c0700de3b2d5b2195125c06f137bde61179e99af7199d229fed2e6fe494f51a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7YZ3A5K4\microsoft.97763996e48c45e2e1b5[1].js

Filesize
586KB

MD5
54f8428850b67989e68adc1a3ea0d9c3

SHA1
10ff8a9558696490b213eeb7c4075615cacf885f

SHA256
b6a7715cfdad578ed1e016f7e9d04bb2cb10c70670518d1ada8a250c18c3597e

SHA512
ba055e3e390a94b6e18a0d7a7fe1014e3002f9cf72550056a48a65cd7314679e48676b38b5e86c4a28998f9c2c50e67f4da62e1626637edb8233f30887a5c793

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7YZ3A5K4\otFlat[1].json

Filesize
12KB

MD5
0097436cbd4943f832ab9c81968cb6a0

SHA1
4734ef2d8d859e6bff2e4f3f7696ba979135062c

SHA256
f330d3ae039f615ff31563e4174aae9cead8e99e00297146143335f65199a7a9

SHA512
3cc406ae3430001b8f305fa5c3964f992ba64ce652ccabd69924fe35e69675524e77a9e288dde9bcf697b9c1c080871076c84399cdfad491794b8f2642008be6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7YZ3A5K4\otPcCenter[1].json

Filesize
47KB

MD5
928bd4f058c3ce1fd20be50fe74f1cd8

SHA1
5cbf71db356e50c3ffcb58e309439ed7eb1b892e

SHA256
6048f2d571d6ae8f49e078a449eb84113d399dd5ea69fb5ac9c69241cd7ba945

SHA512
1e165855cef80ddfbe2129fa49a0053055561adeff7756de5ea22338d0770925313ccb0993ad032b95ace336594a5f38e9ee0f0b58adfe1552fe9251993391c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G2NNCXF3\iab2Data[1].json

Filesize
386KB

MD5
2541fac0b3054dfb6b20b2f7cd55b2a2

SHA1
1c3b33059932959d17f8768ac4f7dc5d801dd253

SHA256
fa65df1f280e200afee798fc9a8ac4042e6040b2f1fcc78d80fc81858d18fb65

SHA512
66df9cd027767a7695fc94f4e4c00b5187dd40293b569189238dc52f1ed66393b2855bbd36384fec3f6ac6b08f37b2544cc6ae4e4300ae4236fbf60d4ac93a73

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G2NNCXF3\nl-nl[1].json

Filesize
219KB

MD5
1882c3db23546f8230511e9cf96dfe8f

SHA1
2530d704df253b6d4975211e7c7e39af63c21b73

SHA256
ebd2fe3ece579129be86187af562451e88d428fcf54d5fdd1296728c89db60fe

SHA512
47cefbae67a206fb5e94da00890c30d98a942cad70b6cd4d9b1930535aa7d3f76bf035276b8ac88ae925f74564b5e4ef40f5285d685fafda0275d3c8c0c74ba4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G2NNCXF3\otSDKStub[1].js

Filesize
21KB

MD5
d794b7bb9171be8cb5ac2fadde1d3381

SHA1
b9de5426c6c7ee3f1b356ecc1d58e47c5d6910b7

SHA256
adddaf18d639a41c27ae38eaf7b21475a3d2398aa2f8a204c403e95e5f505964

SHA512
00245fbb08b5a3c26d2c67a61b9040e5cd51d97b153db5c15c68ed1a7ad34dcd6ae9aedef1f4fd849dfd2c07e9e5b24c9c1974fc730876d8d57be815a18d476c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G2NNCXF3\otTCF[1].js

Filesize
67KB

MD5
0606db37671ee56c7195c84b00cef18f

SHA1
d9ee43680b5c543dd646bbc4fea0b80cb10ce07f

SHA256
3beb3b2d06da228a383ae8a42d3bb0e3416737a96147c4ea1bc5d47760d3e466

SHA512
c886c802e9ad8ca4109a7cb7497b578d9f572aa455fcad8dd94427385bb3ac748f88a78440341fb6c1c6859da1a13d08290bc1af76ce98520fad8989f22ff9f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G2NNCXF3\vendors.cc344578e78bd295323b[1].js

Filesize
108KB

MD5
10cc965d31cac286a661b72ba6019a63

SHA1
d02c85bf1d3ca0564eafffb28fabcec3c9ae7ef5

SHA256
a2f1dc773c25c41fc6ae1a32dd1e4a2d070ce07998f0b563fe964a60b0ffb015

SHA512
4836ca56ea78b21e711f372b80a1580ffdb17762f899c08130df6f7645e682124963393b562e72c3ddb0d5afb0b976119a9ef77951c331b16a1acd7d21998e10

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NAGCP3GL\experience.f61d2edeab4b4c8e401f[1].js

Filesize
538KB

MD5
aa1a8e3719d37ee8330f7e5bd1213e60

SHA1
98a7d83aa2762c970d1d46e510110cde1e901db4

SHA256
9fe16c6581ad89feb5a28f0afc75102a04f6c15a1272f18140301c5280ef805b

SHA512
6123e26f912bf70b060a962e3d2a13eed7c043159eb2773b6dbfd20d394bafa5598137c432aa86db6393a082785122659ddb9cc54c796c5b7238719468322af2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NAGCP3GL\otBannerSdk[1].js

Filesize
317KB

MD5
56b5e93bfb078b9eef2ba41db521ea9b

SHA1
a61a4949bcbca6b8148cc6821d7cf88fbd90062f

SHA256
b8603101616c7960752244d2ec66d2a845bbe0094b83e7cc2877880a3a93402d

SHA512
c10e26f5c9b66e1fa82926ad43c7c70edf00d3bebe376da674b325fb34edb47edf490bf84457bbc085bbfa1af37d92f20067aa46b1334d623d2ae80b66810c02

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NAGCP3GL\otCommonStyles[1].css

Filesize
20KB

MD5
e4f88e3af211bd9ea203d23cb0b261d5

SHA1
6067e95844b3e11a275add0b41d7ad3f00a426fd

SHA256
e58322f14ac511762e2c74932104d7205440281520cf98e66f15b40aa8e60d05

SHA512
b2c8870b61e9132dc7d7167f50f7c85bfe67eac6da711bdf0b9c85eb026249a95e8d67ffb0699934eaa304f971e44f0180e8578afd8353943154fce689690b76

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NAGCP3GL\powered_by_logo[1].svg

Filesize
5KB

MD5
63e737d3544164d2b7f4fbca416ac807

SHA1
030370aa38715e4c41589633f69d0bfe8255d46c

SHA256
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

SHA512
31ee1bb536c0e50f5568a415ea3308367bfcfd11d2a6f7dff1c8e3a982f7be790c240a603cd4c6e187672824b8e5d07646049a28c6a88a7b001eb9a0142f312b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T4MLUWNP\55a804ab-e5c6-4b97-9319-86263d365d28[1].json

Filesize
5KB

MD5
e6ee3c996b942edd06fee362c53a05d8

SHA1
a3b746a5b725a96c4aff82f84d3050e1f770e48c

SHA256
6c0728572834caca320f1eaa9ed356684a097490b95a8b7e467c7f2d1712ca77

SHA512
319a6532b45f8b8c5a152ee11466d3be88c07949c1d4c241c2b7a835c5d7ba5c5d94ea3776eeb10847c9bd748884cf6fbef6afed6a8201e6a78ddb865e342394

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T4MLUWNP\ot_company_logo[1].png

Filesize
3KB

MD5
13cfac93f102cca813515b432e292220

SHA1
2515da7707d11c89185c9021f0000cffbe0578f9

SHA256
a335fc1da4a5ffc1fcacfa3eab57506faa41f026954496becb59cf5fbcd99d0e

SHA512
7c6b0361959e8667cf28e63149a31cc141af2f9b3fe7dc758bcc19146abbd2573d333d52f7df9d7ce10cd2f7f2df9becb300bfe839ca76590508d3360abe7849

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T4MLUWNP\web-worker.46f4093abd713fda20c7[1].js

Filesize
169KB

MD5
b4d19d623079133d0337b2bd90ba2b66

SHA1
63509a544e5bf22cdec37bc805d3425382735a00

SHA256
fcf3a9344a51df6ead445eb3848ce6f179eede4fb72e75e5ea7b457ee4d160bc

SHA512
5be41413784ea7b9bf3e01d1cf7a859d58bf53623ca2c4f4e893d22fb5470d51e315bdafb6af772f35e8ac1c1d955bf0d4787442a8cfdfdb1001d1673a78b30b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\BGOSQSDJ\www.msn[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
24ae0d9168405b19ce5cb0707e7b07f8

SHA1
c65f79546dcbc27f6f89c17a5005869817d6b9af

SHA256
3ee18a4be378da7f1b139bb16be4666ac2c8eea91447dcc570d5783f9a334c8d

SHA512
fac428211fe3e2fbc533ee7b1c4a64c5d05510ee3c47aa1679a026c6b9853ca54d291b0a2f30e869937a69f0855847d8d06e86357040c1eb873c0aa066425243

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
076e19c59387052944a8b43f53559252

SHA1
4a692c6f4210973597265cc291882282ef056972

SHA256
3edac4168cfa8d52e15a628b5d798d3860c4cd8c1474c515cc91e6bdaa4ba862

SHA512
19211a711b1d1fb892917b35098d8065b6279de0f2bb4414cfb2b6aee7b51867bc4d8d7816608f1f4982faf7ac823e9850ce96abe573093543fd25fdc5d6514c

Download Submit
memory/1932-772-0x00000214FAE90000-0x00000214FAE92000-memory.dmp

Filesize
8KB

Download
memory/1932-367-0x00000214FA940000-0x00000214FA942000-memory.dmp

Filesize
8KB

Download
memory/1932-870-0x00000214E63E0000-0x00000214E63F0000-memory.dmp

Filesize
64KB

Download
memory/1932-868-0x00000214E63E0000-0x00000214E63F0000-memory.dmp

Filesize
64KB

Download
memory/1932-862-0x00000214FE890000-0x00000214FE892000-memory.dmp

Filesize
8KB

Download
memory/1932-859-0x00000214FE870000-0x00000214FE872000-memory.dmp

Filesize
8KB

Download
memory/1932-847-0x00000214FDE70000-0x00000214FDE72000-memory.dmp

Filesize
8KB

Download
memory/1932-827-0x00000214F9860000-0x00000214F9862000-memory.dmp

Filesize
8KB

Download
memory/1932-276-0x00000214F9550000-0x00000214F9552000-memory.dmp

Filesize
8KB

Download
memory/1932-282-0x00000214F97B0000-0x00000214F97B2000-memory.dmp

Filesize
8KB

Download
memory/1932-802-0x00000214FE700000-0x00000214FE800000-memory.dmp

Filesize
1024KB

Download
memory/1932-777-0x00000214FAEA0000-0x00000214FAEA2000-memory.dmp

Filesize
8KB

Download
memory/1932-285-0x00000214F9880000-0x00000214F9882000-memory.dmp

Filesize
8KB

Download
memory/1932-767-0x00000214FAE80000-0x00000214FAE82000-memory.dmp

Filesize
8KB

Download
memory/1932-745-0x00000214FE2B0000-0x00000214FE2B2000-memory.dmp

Filesize
8KB

Download
memory/1932-740-0x00000214FE140000-0x00000214FE142000-memory.dmp

Filesize
8KB

Download
memory/1932-735-0x00000214FE120000-0x00000214FE122000-memory.dmp

Filesize
8KB

Download
memory/1932-681-0x00000214FCB00000-0x00000214FCC00000-memory.dmp

Filesize
1024KB

Download
memory/1932-677-0x00000214FBC20000-0x00000214FBC40000-memory.dmp

Filesize
128KB

Download
memory/1932-670-0x00000214FCA00000-0x00000214FCB00000-memory.dmp

Filesize
1024KB

Download
memory/1932-650-0x00000214FBC60000-0x00000214FBC80000-memory.dmp

Filesize
128KB

Download
memory/1932-422-0x00000214FBCC0000-0x00000214FBDC0000-memory.dmp

Filesize
1024KB

Download
memory/1932-402-0x00000214F9580000-0x00000214F95A0000-memory.dmp

Filesize
128KB

Download
memory/1932-397-0x00000214FA2A0000-0x00000214FA2C0000-memory.dmp

Filesize
128KB

Download
memory/1932-379-0x00000214FAA80000-0x00000214FAA82000-memory.dmp

Filesize
8KB

Download
memory/1932-871-0x00000214E63E0000-0x00000214E63F0000-memory.dmp

Filesize
64KB

Download
memory/1932-369-0x00000214FA9A0000-0x00000214FA9A2000-memory.dmp

Filesize
8KB

Download
memory/1932-351-0x00000214FA2A0000-0x00000214FA2C0000-memory.dmp

Filesize
128KB

Download
memory/1932-326-0x00000214F9F00000-0x00000214FA000000-memory.dmp

Filesize
1024KB

Download
memory/3800-0-0x0000021DE4020000-0x0000021DE4030000-memory.dmp

Filesize
64KB

Download
memory/3800-808-0x0000021DEA8E0000-0x0000021DEA8E1000-memory.dmp

Filesize
4KB

Download
memory/3800-804-0x0000021DEA8D0000-0x0000021DEA8D1000-memory.dmp

Filesize
4KB

Download
memory/3800-35-0x0000021DE53C0000-0x0000021DE53C2000-memory.dmp

Filesize
8KB

Download
memory/3800-16-0x0000021DE4500000-0x0000021DE4510000-memory.dmp

Filesize
64KB

Download