eternity | hxxp://youtube[.]com

Analysis

max time kernel
960s
max time network
963s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
02-02-2024 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

10^/10

eternity discovery evasion persistence stealer trojan

Malware Config

Signatures

Detects Eternity stealer 3 IoCs

stealer

resource	yara_rule
behavioral1/files/0x0002000000025c31-1908.dat	eternity_stealer
behavioral1/memory/3908-1916-0x00000000004A0000-0x0000000000586000-memory.dmp	eternity_stealer
behavioral1/memory/4448-1936-0x000000001BCC0000-0x000000001BCD0000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity
Downloads MZ/PE file

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Executes dropped EXE 24 IoCs

pid	Process
3908	Silvestras.exe
1508	dcd.exe
4448	Silvestras.exe
2640	dcd.exe
4000	RobloxPlayerInstaller.exe
4300	MicrosoftEdgeWebview2Setup.exe
3660	MicrosoftEdgeUpdate.exe
2676	MicrosoftEdgeUpdate.exe
3344	MicrosoftEdgeUpdate.exe
3768	MicrosoftEdgeUpdateComRegisterShell64.exe
2920	MicrosoftEdgeUpdateComRegisterShell64.exe
4852	MicrosoftEdgeUpdateComRegisterShell64.exe
4020	MicrosoftEdgeUpdate.exe
3404	MicrosoftEdgeUpdate.exe
4772	MicrosoftEdgeUpdate.exe
4896	MicrosoftEdgeUpdate.exe
4740	MicrosoftEdge_X64_121.0.2277.98.exe
4896	setup.exe
3536	setup.exe
4016	RobloxPlayerInstaller (1).exe
1968	MicrosoftEdgeUpdate.exe
3760	RobloxPlayerBeta.exe
4764	MicrosoftEdgeUpdate.exe
3864	MicrosoftEdgeUpdate.exe

Loads dropped DLL 21 IoCs

pid	Process
3660	MicrosoftEdgeUpdate.exe
2676	MicrosoftEdgeUpdate.exe
3344	MicrosoftEdgeUpdate.exe
3768	MicrosoftEdgeUpdateComRegisterShell64.exe
3344	MicrosoftEdgeUpdate.exe
2920	MicrosoftEdgeUpdateComRegisterShell64.exe
3344	MicrosoftEdgeUpdate.exe
4852	MicrosoftEdgeUpdateComRegisterShell64.exe
3344	MicrosoftEdgeUpdate.exe
4020	MicrosoftEdgeUpdate.exe
3404	MicrosoftEdgeUpdate.exe
4772	MicrosoftEdgeUpdate.exe
4772	MicrosoftEdgeUpdate.exe
3404	MicrosoftEdgeUpdate.exe
4896	MicrosoftEdgeUpdate.exe
1968	MicrosoftEdgeUpdate.exe
3760	RobloxPlayerBeta.exe
4764	MicrosoftEdgeUpdate.exe
3864	MicrosoftEdgeUpdate.exe
3864	MicrosoftEdgeUpdate.exe
4764	MicrosoftEdgeUpdate.exe

Registers COM server for autorun 1 TTPs 31 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
1	camo.githubusercontent.com

Checks system information in the registry 2 TTPs 12 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
3760	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 18 IoCs

pid	Process
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\CompositorDebugger\default.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ManageCollaborators\arrowRight_light.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\R15Migrator\Icon_Warning.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\TerrainTools\icon_regions_paste.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\models\AnimationEditor\AnimationEditorGUI.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.98\identity_proxy\win10\identity_helper.Sparse.Beta.msix	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ViewSelector\left_zh_cn.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\StudioToolbox\NoBackgroundIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\TerrainTools\radio_button_bullet_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\Backpack\Backpack.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\Input\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\ExtraContent\textures\ui\LuaChat\9-slice\chat-bubble-tip.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\AnimationEditor\button_zoom_default_right.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\Emotes\Large\SegmentedCircle.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\Lobby\Buttons\scroll_button.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\VoiceChat\MicLight\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\Locales\ta.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\fonts\NotoSansMyanmarUI-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\fonts\families\Inconsolata.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\loading\robloxlogo.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\TopBar\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\configs\DateTimeLocaleConfigs\zh-hant.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\avatar\defaultDynamicHeadV2.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\fonts\families\GothamSSm.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\VR\toggle2D.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\AvatarEditorImages\Catalog_LightTheme.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\TerrainTools\icon_tick_grey.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\Menu\HamburgerDown.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\MenuBar\icon_leave.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\VoiceChat\MicLight\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\ExtraContent\textures\ui\InGameMenu\TouchControls\backpack_slots.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.98\mojo_core.dll	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\Plastic.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\Emotes\Editor\Large\Wheel.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\ExtraContent\textures\ui\LuaChat\graphic\gr-profile-border-48x48.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU2BB3.tmp\msedgeupdateres_ka.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\DevConsole\Maximize.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\ResetIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\PurchasePrompt\LeftButtonDown.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\VR\edgeBlur.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\ExtraContent\LuaPackages\Packages\_Index\roblox_t\t\t.d.ts	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.98\Locales\es.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\translateIconDark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\DeveloperFramework\slider_knob_light.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\Settings\DropDown\DropDown.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\ExtraContent\textures\ui\LuaApp\graphic\shimmer.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\Locales\sr-Cyrl-BA.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\StudioToolbox\AssetPreview\Pending.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\ExtraContent\textures\ui\Settings\Help\GenericController.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.98\Locales\fr.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\DeveloperInspector\Close.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ManageCollaborators\closeWidget_light.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\LayeredClothingEditor\Add Icon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\content\textures\StudioToolbox\AssetPreview\play_button.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.98\EdgeWebView.dat	setup.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 43 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133513347920307447"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ = "Microsoft Edge Update Legacy On Demand"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachine"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\ = "Microsoft Edge Update CredentialDialog"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CLSID\ = "{5F6A18BB-6231-424B-8242-19E5BB94F8ED}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdateComRegisterShell64.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 832450.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 373523.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
548	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
4992	chrome.exe
4992	chrome.exe
4936	7zFM.exe
4936	7zFM.exe
4936	7zFM.exe
4936	7zFM.exe
4632	msedge.exe
4632	msedge.exe
1008	msedge.exe
1008	msedge.exe
3112	identity_helper.exe
3112	identity_helper.exe
1980	msedge.exe
1980	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3312	msedge.exe
712	msedge.exe
712	msedge.exe
4000	RobloxPlayerInstaller.exe
4000	RobloxPlayerInstaller.exe
3660	MicrosoftEdgeUpdate.exe
3660	MicrosoftEdgeUpdate.exe
2052	msedge.exe
2052	msedge.exe
3660	MicrosoftEdgeUpdate.exe
3660	MicrosoftEdgeUpdate.exe
3660	MicrosoftEdgeUpdate.exe
3660	MicrosoftEdgeUpdate.exe
3760	RobloxPlayerBeta.exe
3760	RobloxPlayerBeta.exe
4764	MicrosoftEdgeUpdate.exe
4764	MicrosoftEdgeUpdate.exe
4764	MicrosoftEdgeUpdate.exe
4764	MicrosoftEdgeUpdate.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4936	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: 33	2928	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2928	AUDIODG.EXE
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
4936	7zFM.exe
4936	7zFM.exe
4936	7zFM.exe
4936	7zFM.exe
4936	7zFM.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3760	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 1188	1356	chrome.exe	74
PID 1356 wrote to memory of 1188	1356	chrome.exe	74
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 4456	1356	chrome.exe	82
PID 1356 wrote to memory of 1240	1356	chrome.exe	83
PID 1356 wrote to memory of 1240	1356	chrome.exe	83
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84
PID 1356 wrote to memory of 5004	1356	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd71509758,0x7ffd71509768,0x7ffd71509778
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:2
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4664 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4944 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3820 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4580 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5276 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5640 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5768 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5924 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2292 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5192 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5328 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5976 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4488 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4624 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1468 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1924 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 --field-trial-handle=1824,i,12533034621239521509,384706051024389414,131072 /prefetch:8
  2⤵
  PID:4976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2928

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4224

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\SilvestraProxy.rar"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4936
- C:\Users\Admin\AppData\Local\Temp\7zO8433729A\Silvestras.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO8433729A\Silvestras.exe"
  2⤵
  - Executes dropped EXE
  PID:3908
- - C:\Users\Admin\AppData\Local\Temp\dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
    3⤵
    - Executes dropped EXE
    PID:1508
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO8437DC2B\INSTRUCTIONS.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:548

C:\Users\Admin\Desktop\Silvestras.exe
"C:\Users\Admin\Desktop\Silvestras.exe"
1⤵
- Executes dropped EXE
PID:4448
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:2640

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4580

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3044

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd71ab3cb8,0x7ffd71ab3cc8,0x7ffd71ab3cd8
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:712
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- - C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:4300
  - - C:\Program Files (x86)\Microsoft\Temp\EU2BB3.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU2BB3.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Sets file execution options in registry
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Suspicious behavior: EnumeratesProcesses
      PID:3660
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2676
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3344
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:3768
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:2920
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4852
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzM3RjdGNTctOThBNS00MTEzLUJBNjktMTk4OUE0N0ZFQUVEfSIgdXNlcmlkPSJ7QzdDNTU3RDEtMzVGMS00NUI3LUJEODgtMzI0NDJEQTBFMjJCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxNjQzOUQ2NC03ODE3LTQ3MDAtQjgyNS1ENkQ3NDQzM0UxRjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDMuNTciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDk0OTIxMzU3NCIgaW5zdGFsbF90aW1lX21zPSIxMjYxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        
        PID:4020
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{737F7F57-98A5-4113-BA69-1989A47FEAED}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3404
- - C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-17f2f3d7fcfc48f5\RobloxPlayerBeta.exe" -app
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6756 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,10352471785948573414,665883104445276396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2052
- C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe"
  2⤵
  - Executes dropped EXE
  PID:4016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:4772
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzM3RjdGNTctOThBNS00MTEzLUJBNjktMTk4OUE0N0ZFQUVEfSIgdXNlcmlkPSJ7QzdDNTU3RDEtMzVGMS00NUI3LUJEODgtMzI0NDJEQTBFMjJCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFNDUyQUE0MS02MDczLTQwNjQtQkYwNi0wRUIyQTNCMTg1QUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIG5leHR2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwOTYxMDkzNzAyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:4896
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{621AEA6C-69DF-49B5-969D-F4429C631C3F}\MicrosoftEdge_X64_121.0.2277.98.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{621AEA6C-69DF-49B5-969D-F4429C631C3F}\MicrosoftEdge_X64_121.0.2277.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:4740
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{621AEA6C-69DF-49B5-969D-F4429C631C3F}\EDGEMITMP_C4CCD.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{621AEA6C-69DF-49B5-969D-F4429C631C3F}\EDGEMITMP_C4CCD.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{621AEA6C-69DF-49B5-969D-F4429C631C3F}\MicrosoftEdge_X64_121.0.2277.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:4896
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{621AEA6C-69DF-49B5-969D-F4429C631C3F}\EDGEMITMP_C4CCD.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{621AEA6C-69DF-49B5-969D-F4429C631C3F}\EDGEMITMP_C4CCD.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=121.0.6167.139 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{621AEA6C-69DF-49B5-969D-F4429C631C3F}\EDGEMITMP_C4CCD.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=121.0.2277.98 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff6469f1d88,0x7ff6469f1d94,0x7ff6469f1da0
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:3536
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzM3RjdGNTctOThBNS00MTEzLUJBNjktMTk4OUE0N0ZFQUVEfSIgdXNlcmlkPSJ7QzdDNTU3RDEtMzVGMS00NUI3LUJEODgtMzI0NDJEQTBFMjJCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEQzMxRkRGQi03NDc0LTRFQzQtOUM0Qi02QTZBNEM5MEM1QUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTIxLjAuMjI3Ny45OCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA5Nzc5MzM2MTUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDk3ODA3NDYxNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMjc2NjI1MjUxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9jM2ZlM2I5ZS04ZjMzLTRjMTQtYjVhMi0yNDZkZDViODJlNzk_UDE9MTcwNzQ2NjYxMiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1UQiUyYmJoeks1MnB4b2olMmJNZSUyZmZKJTJmMHF0UWtMV0FvRmF1UjNKMyUyYlRBRGg1R3YzME9MaEpBR0FPRCUyYkVaSWpOdWZUekRRJTJmZFA5ZFFpaHYyYWE2dWwlMmZsMlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzQ4MTAxNjgiIHRvdGFsPSIxNzQ4MTAxNjgiIGRvd25sb2FkX3RpbWVfbXM9IjIxMzEzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTEyNzcyMDI0MzIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTMwMDM4NzE5MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE4NzcyOTkzNTYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDk4IiBkb3dubG9hZF90aW1lX21zPSIyOTkwMSIgZG93bmxvYWRlZD0iMTc0ODEwMTY4IiB0b3RhbD0iMTc0ODEwMTY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI1NzY4NiIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:1968

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4764

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:3864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.98\Installer\setup.exe

Filesize
306KB

MD5
1edbb65a06a923fcc71adcc66abcdcfb

SHA1
40ee151b1e5dc0c739edb47dc8c13777132050a4

SHA256
ab58e545cb898c322a7bc363cae2e44da970efd67cc7c696e90ba41b5585f963

SHA512
27f043d221a2650495ffdb9da489e63af3e5f5d15db60d210ca1a21d2d51716704e3c9d2991e8a927cf8b08d79a1418c749425509116550f4ed3a6619c5865a5

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\121.0.2277.98\MicrosoftEdge_X64_121.0.2277.98.exe

Filesize
823KB

MD5
b111e98864e25a9a693129f647c53659

SHA1
b5a7d88a007f7670448861c32746853ec095708b

SHA256
f80623e9e2a3faf963a333daa4f56c6217e83389778aa4ea37c7fc6740975dbb

SHA512
5b57ecc1dec4c5ea12cb4e27fae952508f62fe9ce4b805532c480a85b054e62273ab1c631741bf93d032258816a60ca668010eb181f99fa0cf953d442de8a0b8

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
640KB

MD5
497f4b1935e281dfa59b768f8063670c

SHA1
f422963062b63f2fbd6dfdb18cd9b47473febb16

SHA256
fed54dde18f1777c3dcb78eb62c0f2bf8216d617a4650fa500a2a2c65cbefa64

SHA512
d44ebdba178b4b36a1cf5f998c4f8d572cd9a96d67c37a70d80194b25a249311e41130b3d916340455e8953fa4eeafae7a8caea14c0a324b36b200260201219e

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
15KB

MD5
cb5c13251e273b018c6f28e21f092bee

SHA1
d387806d3bca865411c1d14c150307f0f71913a5

SHA256
ad3eeff284c9feab1a2588d1e11cdc0294fc63cb41141cdcf59a749aa1437c64

SHA512
2447dfd2d3868e6eb6f4edda6b081b7d622e3e2b44247eb85cc4e0d99cc139b0e5dcb26533c4e1f1e9247aca0299ec48b2459fdd7ccda2fae19fd75f11fb4a69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
202KB

MD5
c9e9e7c575c62582432f0a182dbc3a59

SHA1
759f00b176a11b59af4a4618a0cd992e760e6e9f

SHA256
22806fbcc9e20d0a5fa377b2915e2adaf86e8ed3ab66220f1ad27e00b3107b25

SHA512
e5188285b531bbf830026c776ea115d360c78ac0936b313adeac62d6534094b2ccc5df60f0c98b3f1ef40cabe5f2de87d7a3f626f72be95a813a1aee15837f43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
46KB

MD5
3ba7e6919bc260bb6ab523197f2be3e1

SHA1
ce2d7fe3aa42d99d733266d023f6aef3766e7785

SHA256
1032fd6f298c16aaae3f1ae2059591f2f5d40e839de4f22a5bb6d41c38a39818

SHA512
2806c96ff57678813e20abc51ffbcb8ebe8986b3775df5d42812be6b50c905840503486d1b963d1fcc6c3de572da4bf9ee175b802032753785d3de69fb0768fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
771KB

MD5
3b2df667a176193cba046f74787e731d

SHA1
0525109b7a249a66df8c8eb7d24b49852cd076cc

SHA256
f38e1d77aa0173d1c110ebbc24f55704f74d28b33c70302f1170c1f4213f611e

SHA512
f6a90da9852126be776f2b7b488e04d8ff3cc6e0f4b222e1d9fb7aa2c938d586d4c88150dae1fecc24606c5a80270eb7c70ca4286a0efd2c2478aa2701056ebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
30KB

MD5
aaba5e872ba07d60f556b78df854279e

SHA1
93d1494959f4027195f527db143e5aa89d60925b

SHA256
0d950d310c06f5df42df4c095f087e9e04f1df621baed053ad73b6c526cdb75c

SHA512
fb9f3fe53d97caf3624a5cfc952daa6fc486e153f9fb33a3456c7f86c655214b520432d150286dbe383bb30fee251f1f63e89e6bb5b45618a541ec03f8a94346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
32KB

MD5
bbac7bb99faedea9a0cb17dfcad195af

SHA1
409312e9c3a5eaa03f2c8227a3693e8a6dc850ff

SHA256
b286f84ee8d1ad423d6c6d681d44ec338a542abff016773fd133db9eecbcb3a3

SHA512
727cc47adb0225730fa4dc9b2a791fc9b88660082bc9ab4e2bb65633a666772a75bac12cede3feab5609fcbb3c4807fad4a3b499d5633ab273e625b3650e2e5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
19KB

MD5
8c8ea6f958bf23e2e70623b94a967a16

SHA1
ffab71601d5f43410d4499790dc119f2b3818019

SHA256
3445e16b3972c8080b7daa1ed3be37fef34c90146a195dbfe722d0a7c1e932e3

SHA512
b8c6590e6a4b52190244d3b30466cddd8c1527940f69bd1a48529c55341811c30e03fe5e03559d99ed3258ea448d320623c888c7415c994915f713a9b3649264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
49KB

MD5
c57582b07b7b8050bf1db5771afdc1ac

SHA1
6fc51c0a211315300ab5cd2122c2065078a61dd5

SHA256
e4711f537dacbd9471e91f06b8daa1b428ead8e9c862e06236ed0231e8cad7b9

SHA512
9c255e2944427f797dc5ffa600a0401e4034efe7dd492a4138fbef7bec42ad9257a9ec885ec4388b45bd13eadb69fbd460357dbe9cda82ebfa3e5e090107de6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
43KB

MD5
26620edcc076cc2fd62492c433a5beb8

SHA1
22a6dc4ee6d78c8a7f25563f090aff42ea044922

SHA256
aab2b198d6c92759e5be4647aed2d3f7e0d581c1e5d5ff58ea99b887f8ee5860

SHA512
1b5a3c8bbc6caf6d12b312a8b693310e4f4416eec4e079a076b966f3036b3a3856f33f46479f91c5605b5248070615321a91fbc70fe20b190da271c1a0347c3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
24KB

MD5
cfe2d91fd166569359b397da57d9e288

SHA1
b301bbb35e5316bd02997c76ffff2175e19fa196

SHA256
7cada24520ab8dddf58e3b2ce548eddd8dd8cd8bd34345a752207139a7b0ae3d

SHA512
99e5ddb84c466c30f85c729152b64dbb5b89fb0f0f0eea8907bf7b2ae45301eef0732a383ac1c7e51dd8e4147431b69bd5c35c9aed0e99837c0e62359220ef4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
28KB

MD5
02f88d8241f04af356c6d93e1c92ea68

SHA1
00504c2d688e6cb6a7f5bfc220c1d59e24799e81

SHA256
641dfc44ddd1df915a0025deeb25618304e710f12f711d864bc290b34a40eff4

SHA512
4a0c4da36efa57da6d4e7de3b993bddaa97d0a48700805d420730ea9cdbcddb49a007a64d113d7e1464f64aa67af968eb78fe7f2f8456454c8c6a59ef860f9b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
59KB

MD5
063fe934b18300c766e7279114db4b67

SHA1
d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd

SHA256
8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e

SHA512
9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
64KB

MD5
b371db5ce46a8d9b74bd756b0645f6bc

SHA1
009dc00f2418cb52e049de4269409c0abffda0c6

SHA256
de9bee8bdec8c5137f14b3b8c2403ffbfd1512e409d0b68c618cf9e1e47990d2

SHA512
44af27107fb35f06cf877a01c3a811a6c9b0619d15da458147f0bc87233229e2a052a89d57a493b2f4011aa0f9ecbc4ed3c793b6ccc7a6dea40576ce0085b5d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
140KB

MD5
74a677f2b142f1b6b4f8cde1c6d49b5e

SHA1
ddd50d3de3b0c849de66d87dc6cafe5cf9fcd7b5

SHA256
c8bd28fb081b3eb04ac62eec7224063aef869281e78d2070b961b2fad2238cd6

SHA512
09715d3767d497ba71aa58f8f6d24e9c47e659f007fc597ed042449d03b15f98450ade90b8ffaa680504f37428823842dc4cd4fc8a1b1ec5a9e5f82e1a289997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
18KB

MD5
5d04a5aed02ac5a2f8a4269a6c2570b5

SHA1
727f0be60a1bd0abfe72a018e5741204006d5f03

SHA256
7d8edeba0329989214034e43d9b5c089bb187c2082dd29a811cc766ad998c258

SHA512
88bcd58efd108cacc3818994606e9fd58f0fdf59e4a0beec4be6081f49d0c236c08168ae9a8b975e7a8955068d4fa2765d68506e5a042bf2a962393aedcf1961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
19KB

MD5
ba629950f8ae7f5641c3ab59e68d306a

SHA1
9478d9a6178a603dfb60085366b6091a3e17be86

SHA256
f0d1ed0ede365c19e8283ac1e27caaffa1fa316bb6035ec9a3df76c1b8e6a9bc

SHA512
6922523a24918252000ef64fd8ac1373e704b23d928a7d7c79a21ab1118a0f2847d02765578b9d4f5ff85cb5ae8bf9d80f84142a6b127a164a699cd888132eb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
533KB

MD5
14c5109c84545f19abf297fb2c5009f6

SHA1
ddc16db22f685f9c5d95086672cee01732a8d877

SHA256
ce2ab4d4d0a34da1e66b427d91b92573f33be7af8f599b9a53b93aad2f114228

SHA512
7e00b2acd05dd3f851f09c07c8c0be9605518cf3be1b2bfa5c133cafb953f9d73500566e70638e5b7afb361bf169c24c04edd15ee956877d2398b7520ef89282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8650d5afad00ca62287a8036f0483374

SHA1
5505a77896b273719d191cb8805bb8b2a13dbdcc

SHA256
3f74fe26ea76554c831d4bac47afb1c01bd58fb63de5ddeaa603a4ea30e833c8

SHA512
ec05fcd14d3a529d70a6bdf22a2b6d6959b7076c7378c5893b6290a5b14c0f7f724ccfb9ab43c1c82e2164f6c77408cc1748b9c3d1504d1e56ca5c58efa8d450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
961e6296abc8ae2e0532fc337ec59f00

SHA1
88198ed3e758635a23d9d41fa83fe19c0f03d76f

SHA256
f0a66b7957866a07f29a10e1d415de3cbca0095b021c41ea890ab7dfc65eedc3

SHA512
5d8d79ef8d391987d92524b86de7af547e12a25627e2c30104c17234ccc024c309bce58d3894fd8e265e713e15442dcf43fed4297042608aafc5c5c547733a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
661b7d96c5404e989d9e6be97432c40a

SHA1
34d7393d1385dabb2e26a278f8d949cb0ea261d8

SHA256
7b003c8db135ffa5aa570edb76907348cdd9ccf83ff792681f4d3ae0ae7818ee

SHA512
d6fcc7f835ce4dc8c8287d83d8e28b0b8d236e8fadf9ba47943b6ffe800cf1a6cf8a0e744c6c4403dbe6709959f6d7ce42d88c62be120f32183af9f2851497e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
75ed46dcde36c6d8c2f8ee240c4fd6ba

SHA1
a51ea8c895284d9a7d765537b7dd082d736470b9

SHA256
aa0ab6f9a8e49d327873e9a7c95e43b35d32d1a1683e6c1a59837b9c55ea65a2

SHA512
c41b665f16eb6571f53909812b73e56a6cde99542ec84ccae42ddb0dc25c9573a3dbb7775ff3ddfb0aea7744e9e779c0e909b6d796e4e4c398f30a79ff0552d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7eb8f19dbe556f1777361565c068e994

SHA1
02c930e68d1a3b622a86a11b7456ba4311f9c0a7

SHA256
69967eebc66ffa21d05aeccae70b70eabb6df7f0293e3f0e17054958034b1b8c

SHA512
1abcdbaef5dbde8ea65985f7eba908f3d2c80515029f24c0340c8f59fd548b04c6cd7e0ffc3992685e52007b59092680b19b0f305e678fb6c3fd2b82b995d301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b09c6a2f3f9af1d4d31bc4dd4373c9d9

SHA1
48d6464161f939ae81e4bdd8cae21aac4a74e79e

SHA256
68dbbe0030040732f32a05224a13aec3da61cf3c8c0ae22313b7eeb5c4bb8893

SHA512
73336f309945c206cbb097146f9808749c450edbce34cb3f24964b3df635d29d1e25c87dff87dd21c8ff1f44ecdc59a20ee9eacceb88d9dbd44870df76a0a5c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b26e654bf6d38c1bbc5e1e5f41f6bb6a

SHA1
58286dc1e1fe5b1644eacb73bd7787fd8560acb5

SHA256
a5ddcb8502692724f27ae52c01c96be1d1cf3a4de77a21ddf7324d3871747022

SHA512
4cbe8d4ffe117011c16c62ae0b02329531486199b5588253c4bb7f95a2dbc24a1c40b0fafcf0f8fc1af7b82c297e6f30a55aa10217648b33e875684697f69d80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
465d3e1e3a466c0831c95aac87feba1a

SHA1
a3cb76ec30d5d3d8064784ffb3890a161d2f28a8

SHA256
f68454bbaebac185f3442ff8b625021d96d5d9781b186a51e6c47b495ff13740

SHA512
f2356407e082dcccf75b1f890bac1ffe43cd52a045896cc7c8839f3218ba91ab6b86e02831f37fbd38f03d0d1c29343ab2db1794487b6de42cbd116af476ac6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
a588137dff944ce4c39e001c58fccce9

SHA1
50302ec369918826c4754f29bbdc58ed55eb22bb

SHA256
55bb954db50ba8d35acc02199839fd96680ca4abfd04082a6b3eda2928b2e61d

SHA512
2f4cfa3b1a70a51918c30d571f66e594fee9fa80ac3e6bb174292559e5f6b3d64eaaec93e84ecaf2178a59e55d6d0ea48e0616fd4f530c8f70f5fe4c19b1d4a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
483b5b42f67e2582d8eec75195b2797d

SHA1
ffbf4be6fe4f2302f6d7ab03dbcffe4a9d4ca170

SHA256
b63702b9d3d1e9aae5010a78c175f0bd009ca53582f24d3297bcf1bb45cb9788

SHA512
f81bfaa7f30a22566634b3f1b593562a818b3aebd3ec5d403a90b04ae68ef3e15d25494d74a4f8ed7b544648a87c7f3e341d09238c987f5f57c704e088991f94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
b1719c4f43714d45779d7b8a310112e1

SHA1
ec14e41078f33085d7b0f66d6937fd27b6230630

SHA256
78afaf7bebdc37843d6bab032c1b3447186753aecc5f42795df560cb44768ead

SHA512
c163904cd8bb48cbc7786abdd8fc588be27686c09c1da413749c7ff71b4bfcb6988085f843452d59115b2fb2d06beec367e894b6809a326e75df529396dcf2e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ac2d5518a994f975f1a835bd1c0f6666

SHA1
f0a089c3160451024b17083ff39b14fb92cc3076

SHA256
3c9d5420b5eb3e908218c52b4c22e8ab4c86eb735f93545c58f85d1398916da9

SHA512
4fcc97281e9daba6d26ea2ca543e0262aa759294b670f01c0b13e9018d5c035c203932d32257c7687f35ef216c55eaa34d36a95f8f0450d8ab1e3f1565aad32b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4f4fc93813ad004a77f93d71ea4882af

SHA1
62c64bc2f198116359537cd529710de2dc80d9ad

SHA256
6b5d2498f25870eea720d49028edcfdfbc8c26dc14cfb4c472fe2793466d568f

SHA512
1791cf13e04507635866d7dd1e595dacd145405a96afc2de2c2c70e385fe279d3bcbdfc56a4cd4a75d3c1305c92931411673768edcd9cf6275a2649e1e9fc054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
18c22d9b49732e518a4c77356cb9962f

SHA1
c750e9671194a4a0e67c8a5159a1de95e805160d

SHA256
8eb3f783ba6b5f1bdf7295b1ff16489f49cb6a36fef403db5b542575ebbd0a3d

SHA512
a52b08ac271599ae13bcc353c1a4f0d27ff4983b9410a1db5a1da671f87e4e5e53da4c1951c7f0e19bcb366ec23f0b017f7fedfff6511ec2e490cec751c505a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
f958b98ec38fd45a7a322d0299179e39

SHA1
d0f2c1d9e48eca5332d6e65bb09be12ecf0957fd

SHA256
ee11f448142195bf1d9dd520e574ba1bc2f33d514df53643ff62babbf0550921

SHA512
0beb08a9a1503ffd649fa4814d468f6a05bd16f31729b4f709984bcc35a2547fc4aec9e88a0f81af0ed4c5bb913d5fae3904503b28f4d935a1b8332c561bac2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
69465fb64fc09151bb754557ae229b44

SHA1
7050067d1dc14918f2efffa9c2e8a8d64de3af81

SHA256
e2a933a8c62d136689edd77bb3111e3f62272aa2829edf97a536d4af94eaaff8

SHA512
1593c30fd6ff84e6b1fc08b089157268aae7897f49deb03fee9f316b53ad7800dead7cf48fe4a0ec8aed4073933a4f8ee1d52c5f4a3f4c264e3e627b9990f428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
3b2aa3552763673c98ac387b28f06212

SHA1
65d9c5282ee82bb04320da8c118aeb3b8490869f

SHA256
2e0d285a12ce391e71fc3f2ec38a2034df84da58a4600383e1918d61c8c168db

SHA512
cad9a73c43730cd94eebdf2f098b91e84a7a681e1f1e89e40ce31ab013c0b10885ea711f67315a77c0186f75111f8f561996627779325810455c4231d244e033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
0d5f4bf24dddd76b37b29f20b9281d7f

SHA1
bda2bfa28478244418ac5529d3b40360fd9824fc

SHA256
e3f37cfcc13856ae1086a5c37b1bbcc773d1a5f6eee092076016fb2bbf5dca47

SHA512
b5c19ac49235aae8704ecf5b85372d8f2ce2200df6bf9c2c6ec5cf9eccc92e2ee40956e62a4a1b2dade5ad02e29643f24df4141f6b2bf050ac348c494f564256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cfef04e8391c0c4e64cada91baaefac7

SHA1
1b738a3ad63240221dcd347e3bdba4e32728f59a

SHA256
1b5b2ff03bef570dbd0a789af0b634089d11c384d5392bd22a57da5b591d0752

SHA512
7221596874bb91038aab637fe5a6f97157ab882ee4130588ff3427d0bb798d221ca11c2236d2554c3a20636b65aa0b84187b2ce5b08bc544af9ec4903215ebfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
14db132084472633917407f1d96607b1

SHA1
9397b322ed06d3ee94a31cf1419a8988e2ca1215

SHA256
2f90270f882cebd900264970fd20dd2fea31690f9835d5e8aa1f5a3634635b7f

SHA512
8e0a465ff9d0398e0cde18c98d2d7171c02aab338233c7f890119cddbc16026124383de6c0a9c513079267913a2291956255c4ec41c4b397e49d5b71d323375c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
45561a88cf7427b9b8f6b6ee4778c196

SHA1
45e67ec1d1daf230078f50c25650f24d70a83b84

SHA256
f1f1cce8a475af238ebcdde19e6ab13a70aa5e91fcc7fea576864006f2234ca9

SHA512
17ef8239fa957830e3e5b3d054295e329c799995efca4fdb5210d81198d54f4f8bd04a80f67d8e6d4f576a37714d28a46b4691cd6aed93a2914927a1583f7718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
b78e502d8a1be75057d534cf660d8b09

SHA1
a8c5d4a8c3b6500d41ae589a00bcf848a594af1f

SHA256
ebd7cf002ef9d3d6e36039d8606ae0f34af429751eb2de13e967611d48d54972

SHA512
bc38eb8157683f67f6172c8140d8d29332cce3c190e09a2bc477bf40609ed945a293230caccc3602969260c78c4f4c3b2152cdeee3cc4a72d3ec9087947fe11d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8c469b37fe9254e52e0a38ca28d017b3

SHA1
3d1b9e319bdfdb4aa3e90067cbb8ce32df7ba651

SHA256
451c1a72f79caad652ef61032468745a7ff71b6c7055d2bbd7cefaebb4b10de6

SHA512
1e004012515c3b2e052b5c9c8aa534d359080fe373a4a81759ad5b5d41fd806fea8b978e3596adc9044bf65e93a86a8769b03c01d2ed67802fbef9aed5ad57ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
30b7ee18b566cd81a82e70a565b7a91c

SHA1
482563ef6fbc721958e81a5a304783fec80d3d35

SHA256
a10fcac6d9cdfee6567b739eeff189c0fb5dec8f06462debff62be1193aeebf6

SHA512
851ae8e95d37780eee7c2a67e015488a8fe22dde4bb975bf9fb4f8992c0d8df94228b571d4085b7a67cf88a6530f3a8cf721c2afb0c122cda8699a7f78be32fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5e230f1e0e49e99740757575f0940842

SHA1
f5406d931d267b16349a86ee1d2079e1387b40c0

SHA256
f94688509a5b729c50cc9db7e08f9577672c40795e45ad15c31c9eb91b3762ab

SHA512
09b4d961558ce539376a5124ddac5aa80744569fb6a285705bccac9b6dd8b46638b49d65d37e1a7b8f87cf91d752ba4731ff84c478726627e0a79fae59a9582b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4c2c916139bdc573c23fed832275619a

SHA1
8766ede5401b556c7a8f0aa06dae5806d3ff7860

SHA256
dec83dbf2193dce122ced3b79deca570ff3469a0e750c8f9a9a3322bc77d570f

SHA512
97f1b5ea3282fff111e1d9e778bd51a1fcb1920aea1ff05859c8300195fe12c8f16bec335a78c954410f88a54bf64d802bc2bd692c55970297f295410734f822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a6b43839b8f51c9e82e4a978f615f867

SHA1
3a6e29fc54c483c3e3a319b294789d225bc6dcf6

SHA256
54811eb464d6329870d73a2f26c629de73d4a0d004bd600ade90c7dd6c137971

SHA512
b234f80544c786aafeeeac169b4e703046803368831f618f39f90799d494150e25f94fc438b29a24d88e49aeec2d91baec4f33d5efdf2b8f6a77ce65a956ce5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5a567abd987dcd80426d912c76728708

SHA1
880fb3d3ce3549bac119d0359f737c96c9e39eb7

SHA256
c177273a2f999b5a9eeee7365ab6c239abb77442632ea636f2b14f782100951c

SHA512
3d3162dec96115a6d4be319fc32cc1579b3b5e7526fab16030e4c9b7cdb928ccf9b0f89f7d17a2f0182cfaecbabb710c2eabfac9946f2933be854cde650cdc04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\314d1f27-34ca-4a8c-baa1-aa866a9f8dbd\index-dir\the-real-index

Filesize
2KB

MD5
c880c3bcb43657cf9e0b23382a6b1bfc

SHA1
13a6a0c7aa7c2e1f309f0736badd0302ea9c17e5

SHA256
c59df8ca62509d9de77064664f6d8a096d2dac95f790c6d445ffa56b3d2a0a92

SHA512
dd9377b2e5b8a3acd3b70e593665268ad4731a462aecfbe66d1c0358bf9da194dc1728510be10a5a0a324072f059da30baeac02e67651bb6cd9d4b1c3112a70a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\314d1f27-34ca-4a8c-baa1-aa866a9f8dbd\index-dir\the-real-index

Filesize
2KB

MD5
358126f1d962fff4f797bb3cbf7cf3ab

SHA1
3d456600234f218a4e35260ee07b77791a5a7df4

SHA256
ca03a42aebfb1c5edbc2774a54912b3a2993bd98a82ec83c302a881b01d1aaf1

SHA512
fea9057874653678cd861af4ac4ffb38c8d5c776212a56a962c6e6344f66e3e462d3a26b131d774d3dc97fa1473d1ada7d9b2bbf18695d6049ae55bbb95ffa91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\314d1f27-34ca-4a8c-baa1-aa866a9f8dbd\index-dir\the-real-index

Filesize
2KB

MD5
203dee0b7bd5d56b112f7c5904740e09

SHA1
d51792cae98ef61a17cdaed650c90afa3f9cecc6

SHA256
a6d21172b2ddf56799e689161ebcaec7de2af3222561fb53f57a0c28935bd999

SHA512
b2e7ce34ac6868c103ae07ae2aaed993e441764daa5fe0ae3c194665311e9fdc2015604583255fb9abe994276aceada3f5fcddf9c6af4e40c0ba4348b996df5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\314d1f27-34ca-4a8c-baa1-aa866a9f8dbd\index-dir\the-real-index~RFe58049f.TMP

Filesize
48B

MD5
7876ff3fc50d349ff2df55da90a3181d

SHA1
9c264519e485f181b0525b4f119dc3f579faad5d

SHA256
01715cbb94ea2418d91df1a458ff61b6c6c12b54e2f076c4afd6ded5aeebc107

SHA512
d2adfa07ba2c3bde0fbe1d013ef30306e19cb100bee2ac96901f3a6470025206baea46a32addc95e1cc037ee741207e99ba8fa91f593a34868917495875ec409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3cf2f7db-b948-461b-8f1a-9330996a7922\index-dir\the-real-index

Filesize
624B

MD5
082bc4f3f48be29e7898b7a0ac181f40

SHA1
b46fa5716adbdac0acb9d75e646082aa23791a1c

SHA256
b97584fd86bd20da80905872408f108d7dcda3313fd61691b733a3a917b407e0

SHA512
0530e232c380bc94832e4e3040545cb1060f26d73c55f32e124f6371716a5245528280378dadd48cac1f72a01bdcd120f3d57cf56a0c5fb0d8a66ccf8c15f18d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3cf2f7db-b948-461b-8f1a-9330996a7922\index-dir\the-real-index~RFe5878c5.TMP

Filesize
48B

MD5
8182a5b744407eccc151eff6f0af34c0

SHA1
006b655b758066e8ea382d2771b1cd9d7f0cead8

SHA256
a80e9f51cf8cfbdaf757bbf92741ba93fa51707b36d9378f9a85378d77ee1c4c

SHA512
6d9c14440a2bf11ac625735cb89d62b38b6d610f275d7a783dc393aa070c4c9d741bf6a6b24c5877a6526eb4bf49e9dd703a40a597008412d9562832d31c7c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e9905fa2-a35c-4e57-974a-96ba212ce485\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
34c6a1977aae93ed13c0ee510c9b0076

SHA1
0ac521ab428b0251cac65422d8610bfcf29c4d8e

SHA256
63f2678abc8dd6f8b20c58b25271f5d90d4d91b4fe87d07c58c3c58161e203f1

SHA512
bffaa906ef549175a57f3b89c13ec2380be86b0ceb8cb0e9bb063482ba12a08aaf7175bcb742637e66d4b447213e7e73bb074822fcb59f5721df2f4f7c2d7fcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
ac0ac67c2876d8d4eb52dd4d4e9322b7

SHA1
879c0c24a766f47af72f0766575446839b46a2d9

SHA256
f96763eca286ca34eebd1188ac9c70e69f6d0fa6fbd83d1711ae7194631d3d27

SHA512
b4080238234eb723e687888c91555255481a2b073c08f9364a65bab3773c3ef356e0b69f21308c7024378307ea115b9a130c3640667acff2f97921f6ffb9fc98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
a7969dd85492bbfd838f602fc280c9e5

SHA1
5f61eebc995926632c08cce6e087218f6bfb2424

SHA256
37b420c056d0d63340385cb7aa23d3cf5351dd9f7aacf2343ffe2e7bd904df10

SHA512
8ed1b9c53b2f26aff14106e7e65afe9e315eb136a8ba7e4f0c247811ed3adb877daea5c035999df883bc3abc0abc1a626e1a2b087df8e8b88189b98e2a809651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
91ab5a54592f756bf8504ebc9fb64850

SHA1
eeb82ae757157ad9c61acc5b9867454dead6d874

SHA256
acac5258467ea44f3147dd779917e7f409dac55fe61dde1218a4bd42a940408d

SHA512
e7d2f61a3bdb0b2556c4b74cc48124f3a53c5d9de65a7ba519bd16ae435a2eafd57ed457bda7b2ea543e20e09287baf23df453c4e51fa1536c0356b6ff978942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
247B

MD5
5ac2674173a60a9939d5b7b996287f97

SHA1
c324c58d8c7339a18dbe8e573bdb85a83725492f

SHA256
5218c961d9777af609d9d25973565700fee61df715d322a02d20e0368bc15a29

SHA512
67ed644c9d5f9732540f533289517e700c4cb66073308344219d7331b1747cf2a6aca556c747a1a15ad08c4311704ddeab9ebeea260d331a6041db0e1ff453df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
aed33fce71d7cad53fad4512ddcb4d33

SHA1
d8fa3efcc4c97c79cca9c9cf9568de435b99e909

SHA256
31ee91cc3829d7ac17859f2ec10ab2081d1be48479e0a3c4d4f6d61c063f33bc

SHA512
8144358714436aef1c7ca72ce46f3d58c629b0b2cd4677691370235081ca2ff2f6890a1ccf27768cef01aea272e88da8eaeac464807cacec8d72a58a478099fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
20d09e1c0ba0273c5289a45e8c8d8844

SHA1
832e912090394114c233919a29d95e3f31315ed3

SHA256
2e39ff617e0f977dcc2f745851fd1a6165b6c1a54623c5e546e6c98121f2cbed

SHA512
50e42e1cc0f9dfd28e18f71e4e1007681040c53778ad1bf5d0264783b37a8e3c254a6cd7bf3ea36086243c449b2de42862175c76a42319ab2c592affc5da9b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
ab4d97d58c8edbf1d5110918d759ad03

SHA1
602add242f133a68745b821553f41e33490f57c1

SHA256
839a99481a708dd5be4d12c26c848e3e3f62708d9d332f10f352b209522c25fd

SHA512
902766aeea0cba65efc2d39865e75275309528387e97afde3e204ad7cb0987ef11adc440b62f0137c5b7f46638d8b15bcd4d2e7f022005a94dda64885a619ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57be10.TMP

Filesize
119B

MD5
628c5a07b4e1868747524bd55dd707b0

SHA1
e86aa94030e8b338646df2e4e34d21596fbb0526

SHA256
c4248f05146e8656a220aecf6cbdd91bb03d0a715973a63d03180cc6c473eb90

SHA512
1bdb142713ad1e346283c122c811593fce9cb85ef4557d4c3e9ca85991b2652b374edffd554d7302585affdf7c2b5ea0949d07415fd3bb64479dba4df350e1e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
17KB

MD5
ee6a2ef58defd297f423fdad17d828ae

SHA1
798c744bd03f80be1378fc26621a25c62b9b593f

SHA256
62cb3f28b3e9a1e2a51e78ccb436033f36d8f00082318005b1e76c50d3a7250e

SHA512
be2eff123e75c29953164f89fbcfbb05d89eda3a589ca1f386fe831f5642e9f8cfcb95d4b52ee2c0c1e6cc22714fdd9c03aaf107da073a30861bc5e741b593fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
162KB

MD5
fa000973056078f7b40ea56f057104d7

SHA1
91b73e28f9b3150d9173f9f1d9bad4c60e50d438

SHA256
93fb9354b246d08f3f68cd8f5df7304ac5cd29782e2a8304f9f0d2a1ea7736db

SHA512
bb01b05db4af7c04cfabc047afc49fcf91993541c26a21f5442cbfae1ed8fc3156154710f2080c2bd0b0787a1e9ac4835406f78a7879a50d7b8eafea7c631b6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c6c1f9b9521456709f9b235a3142f36c

SHA1
b9e5c9a09cb59a91fc0a63051d342bfdc2a227e2

SHA256
bf4757176865c8add371d3867f038027edd64ebf0411d8db18b4abac7dc3b22e

SHA512
26b2e38c2ff6d92416b1ae1b7c9905312fd708221388c7f855f0ea0210cc318c8970f708cf323f686050c902b673d2e82f362ea738ce8baafb82b79677c667c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585d8c.TMP

Filesize
48B

MD5
51a3e89c7553b63dc374b7e5e37d0a23

SHA1
7973324c40489f0b1e8eb266cb5b4acc68416af3

SHA256
0623f5362cd55127a64370b24a4cca18f28dc154d5258c4772261f9435a8301e

SHA512
818c9c2a0eef5fb35d0ceff0cf140711ec71309710b1c08764e0b7ee9bae67e62f60138698a48b54bba49f6a8e21575a72d5426b1cd660496788f1febfe17b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1356_2006286782\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1356_859884784\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1356_859884784\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
e47f05cd89882a8da64d8c98685549ea

SHA1
84dd29c3f83542f5d157f6b0f2b02b16e595ff93

SHA256
1ae29e281dac243f19d42fb97e887a5aa47bf03e7b188f6d63952bd22033f3b6

SHA512
2be2be9f4335af63329fdb628e0dbabfd992aef2634cab75436214ce032685df9952a143d639aaf4b833c217cc0ea20ea90b1e3bb86bc535a8186af560bff531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
055e5adbf396b5e1d44924931b4c3395

SHA1
169c5032bc7f1f110cedd34efee006c9a25b708c

SHA256
d49c2747bddba30b48c3862ec0656d47ffbc9e3889107f965d9a7787be30b95a

SHA512
084ce0812266bd17e4e6d7ae62af354dccfb029babc133a3ce18fe8aaf7782eaca5d16cb1a2cbe7a5df309831d7e1c64e9e14c5a1eb97a767a5579e21678ccfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
3737a49a80f82a8e13208c2f423bb5cf

SHA1
2eb45cf0d2d7399863cd310b729740d7f29b538e

SHA256
1f345e51edc68d2cead63a44fd95f6e319c5fb7e143fa34c1b14284ec3bcc5e7

SHA512
82a874ed05acb99718e4741b65479c64f1eb4933cc6fc307ec3264471aa40da57bfb689f45e7125ffe92f21afdb3a8764bc0a012a8628a1b7ec686b4882138fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
74d902c81076abcf429cd49ebd4f0ab7

SHA1
a5b665aadf19ff3532175d5f0e5ed4659a1d915a

SHA256
a2ec3bc5304892854b8d51b093bedb393b5a28e46b8e908978f37c435df39b78

SHA512
53afd304946cf3a8ccdda79a47f9a834299ca0da85eeabed13df41860a2fa9100b67b0c27c3e0619a015f06167b44d9b11542b935803672ad1c941477e219506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
73dae6aa898a8b81b9b985f65bdb8054

SHA1
fa6ddf8d916fbffdda0c034bd11e821ba8f86f86

SHA256
e8e681e3f0eb54c50a57af8f3bce150e936954fc29be9599a5adc13f2dd889e1

SHA512
ca74cec8210c00c59136c84fa10779eed5baa967ff6d4df320d733637d0e9b23e380347832f27e895c427f59772ec06a05157df59513643c38409c1b06c0668a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
c7aca86da0302bc5858d8c9146adcb56

SHA1
1faae2a2c78497e34d514d2cb70e22467350c2d0

SHA256
83742c7427dcda0d6b986127b42282e1da3ffb754f2822f3bd2bfc611a88b6f7

SHA512
59679584b52021df3744c3e7121593d097f81224e108389252c39ab1bd8ecdd2587717d5319a1b634756d155ae959c2d51318db383458442e405c782e455a1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
37f9bafdaaf72e05939b7c01267e151f

SHA1
2a2f79030db1ee4cf7018b7979bf9078f1ac4df4

SHA256
34179480776bb588ffe28b3b79db4e45db3642f09c88cd077808f7dc32a1026f

SHA512
92a14534cf25b279577833df1bf6505bdfc757c6c4c1cf317f29454c2a91df9ce41eb925f74944be43c7ce60033f19504bf0b5602f0b8fdcaf9beb0e58db9f69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
f322a179924c231e9767d18f6ee2b46b

SHA1
d57a36ff8a324c47b7d2f8273361b093ff5c61fc

SHA256
d0a86f7ef023a95af61e8571de50b3bcfbc24a5a253f79dd6ec91ed1b096a83f

SHA512
5060b50bea5beecd66650911b4b32e77fd94ae0d65c3058551e6aceef1bdc1f298f989b5506f5c8b676fc8888a588426d15e1cbf94431a57523cd17142372acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
31104117ff839eb1dd21956103feb965

SHA1
b14bc9ffca4c76fc5663a793242b0807cebc3da6

SHA256
613077cff5c309614063385bf1bb743b7400d9606067094829d0ea05a12d32e1

SHA512
f4bdd8fea4440340fe7659c6eb53fe6d98f8a19711d2a420ee42081610b6ae75de5295f2b55d6948240c16ee55a2ea21ef1fb9f88810d5b1a879966405d4bf74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
d81dcbe95b157ed391ebb288dfa97304

SHA1
45c0f56c1553fec72c71ab02d2abc95c046b522f

SHA256
3e9355fcec3e2c7301292cd055ff17a7afa10e4d8f9b95bd5e9bf0d4cd0f904f

SHA512
7d486be0996f9eb62b75987af974dae8fafa29fe81fd51bd83fa2c5640e4d866af5ed8b77ad4230f035f7a6a706d2b1697469165901901fa5645f290ebc88730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ab2f6.TMP

Filesize
88KB

MD5
41f6660ab7f344ff4637d4c61ac9b6d1

SHA1
e34aafd156f94068a0a6b2dacdcc3da3ffb85c83

SHA256
741f57941d1cc37f20cc454f6cd9260aec183366d0d2beaebca84b7b0e3ac9f7

SHA512
1ad55b62d7be71bb6bd8d2a3f32b634125d3b32fa2a82dd916cc651257e96c4afda639cd950e2fd770be9932b407b74ec1276be9b3820de463f91b5f69c068c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
552758a7bb19b27354a76866861c4801

SHA1
93a74b56e5bb5aa86a53db413081b3ca7ffb808b

SHA256
53e1302ff50d199fd0002ddb9d4f66fd264b17e73a50e67299adf1243663530c

SHA512
13889bc4ffe240d8a7cf71ca0f2a397f33e38106116f38b5b8fa6c977187899d2d7084d606288f2892d14776460c2fe450adbeb93d2d200caffefe9919076fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3d0af2a5-eecd-4bd9-87ce-a36652932337.tmp

Filesize
5KB

MD5
8f35e8cf96677e096c679027d9027075

SHA1
d1b7cb2a74529f355bee0c724c76d9ca6faae68a

SHA256
dffbc941a77e10c11e487b500793016d3957448378a4038c59d88421e983dee8

SHA512
0ff2d858f0614e4d2506f09946f6174136690e2cd54d0374d88a2d4f6165376032904c7188f89eab57b11b6435cc118210c10d574b3e452e769c5672c10fa16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\51ec5713-2675-4390-9282-74decd8f723e.tmp

Filesize
4KB

MD5
af6b8d578f76414835521e150c6f0da4

SHA1
1778fcb7d5e19fda813fe61f037ac4771017ddcd

SHA256
dce6a48a5ce0c11b984b6560a77ea24c58ce1f749d94daf30261199610ef5e79

SHA512
224051a58a145a8bedd86dbfae32d17c4a39a8a968537c136ba3259aa0e11d37dca3260d294c3eb7ac8ae6bb6b2901e2c9943c10cbf69bfbe2366f7032ac3051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
96KB

MD5
987d8920f98c2d9e0f7c2b9f30c8e27f

SHA1
10a0b1e40e7a1c97d62e2b5944a1f90efe1f8c86

SHA256
4c33060665a96a5dc1818a2345702b34f035bcc5d0be88fa1d76afed38a9f1e2

SHA512
683dcce0bd846e89097919469bfe5772680704df4137bd6a5bcc198b187f6768b202f4b9d89aecd46c330dd52c3f1fca595b7eb83c07c36e0f9f703bedcbd209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
42KB

MD5
092e49b7a94a62f2ec5beaf0bd4dfa26

SHA1
1dbb376a1b14d3c8bc1e06dc6097206fbebfc626

SHA256
aad878a61d8f6e1512794d1f628847d62af84ce795a989efae1dfaa51b23cf7d

SHA512
a3f6ab435ba20e528a5c9fcba1d9878d692a65b13bfe1cdfdf641d053aeef7467333a90b11f16ac59e1187e1691c14d28c4ca12679646d788baef02bf4fe163c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
49KB

MD5
950948bdc28159adeae2d735e720f9ce

SHA1
456af20c06403a131bdadabfb5a0cdf0e6e8ba5f

SHA256
608b2d937c5ecd145d356de16f0851f3f782e39494dda6704831752a1f326b85

SHA512
f0d5bc4a2a5bca890c476027ce48b0a6480ec6ac650aed4f3e72d47001307b6f2d2e7880635e09abbbefdb4211abeea658cf9adba099791b5f7c63267d0580e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
39KB

MD5
3b505c362f2e4b6e25b239c4654b9e62

SHA1
6a9a873430c63cf4448d8e067503771aaa1c009e

SHA256
612e8ebe755f43eecc692682b4be69b596164f7416d32a0a19f77851ef233582

SHA512
93763fce1ebb8c5b40511631e60bc290f599b88aec1e76ba8d19949d08fecaac5b9b800be7834fbeaf8deda11dd7f6f32cf62ef73396e5704d5a692d629d881c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000104

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b42132ceec8bb0d479906aebdbb4d8a6

SHA1
ff6abdd3bd011f2c00b83038027d1c5da3075687

SHA256
7fb0b0e64ed7d3dd884e5d3319faf1d215d744a7b42a83a573c6087539e1cac7

SHA512
84796641f5a1c4619330a7de297762c96c7adce587442aa367803e74cfe2c260f793eafb8615abb44a7636da2784538df68d2788ca32be5ed7579d0bed122397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c7707d3a191be6b76fc3a64621967879

SHA1
277f307f606144afd4ba8542a49041b8d8891c36

SHA256
8c989523ae8a22bc6bce30f9f57bcbd65e7de0bbbcda88fd7b7ad5a5b11d7b8b

SHA512
227c91383f71f927792d69aac5620289631c9507765791affbe5c5d2ae4e4624a21f73aa39cd689bd39fbbd976877a646cd02053b4676648d5cad38606b3d3c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
65b9b0f3a4f29a25439c151f99007852

SHA1
bf2bc5486438893845184e1c8b6741f78f8bcf29

SHA256
f6f1edb180a3fb9eef4ae40ce75d6d0b0d354cf22e156eda09bb9543d7a8f0b6

SHA512
0c65390934ec355c0c0a7c109dd957090e1fc640885213b9089a7df88c7361f827b258527f1701dfa702a9ce796067da3adba17ccb1ffb1c6054c2a6764e70bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
743B

MD5
1b065da64e7214e27726725b49164f52

SHA1
218b8ebeb78ed248c600005e93be45214d8d1729

SHA256
29989720bedad64ecc2f4519cd10795294a51fe16ba99ba07dcd33a660a81b7b

SHA512
e2d76545d6b7a2358fe5e1ca0c5245282d32c12cbcbdb93542894aac33f18c97b66da4bcaf8630ff6ea5024946a561284c8567d97980659a301dc82c64742ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe6043b4.TMP

Filesize
613B

MD5
de5892b3c3912bcb03a3d8d67498e83d

SHA1
7976345d2ff73f3967e89c8d0777ebbfd461f20b

SHA256
1f84a5b4f8bb41c0831108023a14e9da8246fbebce6ac4dbd07680a7f0f5f1ec

SHA512
b2559307c2db55e33f20937a234378b809ab7f94a5ee0d7e71433730c6c7bdbca2e0895f0b5395d8de9c6d11940fc50a6af7bcad452088261c9b09cbc459cfc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ce0123d02175761b74353464bcc27daa

SHA1
94a5afdef20ef4c2d7cab33ff5a483f71d914874

SHA256
fc21864d86189f69421bf16f074c1e76bfd2340f45e62bd538c6734e81ab7ad6

SHA512
97b7a994fc4229385df688537eac50f13005b43257c925caab3ac1dc002ccff77df483a701b674ed3a1613447f423db1456931c86cc42be5a024bd07c6c09d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
916B

MD5
a97f98f564e0877127241858e91bb9e3

SHA1
09f5be80156aea2f8096eddef64929c0b699d1f5

SHA256
70eaf475b5abb547f70f6ca5397c25305d0a502d34ef156d8de8b344dc11634a

SHA512
1471e9c0b8ec58d4e0680cdb79bc6c765c73975868cb916711601db0c23812d22a8554fa93c1f1e7f31174f3e08202f4973c0b93468642705966213c05f33228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
299f10cf5e8da50f175e331f824a4c36

SHA1
39e38793d87637402a70d0b615dcafbda9a4840c

SHA256
f0508692119342ef9e7f1bc6206c641ec19a03e71468125226a290103eb26617

SHA512
5fa19facdc671d64bb989cc43e9852bbfe82011fcacd2c8bf87e7384c2dc88ea69bb0f3ec34b6da87a5c51c0901937c8696ec933e3ccf2c07eee8088f5a81c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1c3ef60da45e24048c743a449ae08ac2

SHA1
700b003cf04146bdcbe003762710e18f010b2bb6

SHA256
47efd77f2377fee67943805160a5f9f563a56bfbeaa6d61dfb79349a2714582c

SHA512
6cd4a9b9dc3ba28d58c4661bf826870eeb9013abdd3d627574880a2ef2acaa2871ef48679e1e8cb482b0376b9767cd8f785f91830fc675d7ffcbee8ac93dcafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
41ea182581d1c18e85b8c114fe116925

SHA1
d40a1e330e0be35295986d72827e69600ebfcaa2

SHA256
9e3b91650e4a8aa9f2622a55f5a5acb444e5bc475992fbb5baf1f33d7aaed794

SHA512
4536c8123751084b713eecee0eaa148efa89345f4d234989ef3a8adb11ab85746a635146791e5fb0fff54552d375936ef29b527df75b95554b713544af9da7f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
68be5a5e6169276e9f141e1adbb6c282

SHA1
a7ee4e5a990c8526b27051a9eb1ac4126ccb471d

SHA256
ce16cfa94487ee2ed3932bde1752e4628abfa5de9afbc3b37b23d6b6bee2bf50

SHA512
b9c5a743c8d3748f00804790d96794c8e7e49ba02e5aefb613bde5b1f975df68b187282f4a105bd722074810d6a0a7c13bae32619c239989975483af9c5a1e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9497ee97af7dff5a61f1ff005ee1e59e

SHA1
5b96751ddc7d6503e0824bbce6483bbd39c5d965

SHA256
4ac913b4e57359ad32a391640bdd30886e870ee57a9bdeaa0736c23b1a0a23f7

SHA512
08e40a410cac888dbc24a5b15f9d5bb4fd9a24ac9e9bffaa76e610e85dae1151b4a70aefbd7b5a519520295d9bffb3b62b45712f7b5892c910b90dba76d2c4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
119f9db29cc2c841ad32b6feee9687d7

SHA1
943d49c600bad60a464f71f3b198a6315c228d46

SHA256
2e5555b6be88010704593bd5a9eff6f627ad59fc47827db229b895885ee64c29

SHA512
74f4899db580decbc39458a9ccaf312e80563fc834b75f474523afaa9d5553212f78b0d44dea20b3afb175cf66faedfafb2c9d48c15a47139baca713956b6e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f6710c7fac7ed279acd7fa51ca03d5c7

SHA1
4f22464e780f850c8e82db4bf9a9ce56be77ccb1

SHA256
27f3f20faca0804f3c6e936c781917a4635bcf16122a3e20fa5b397435f0a632

SHA512
aafbe0a143f5cd3b6bdcbdd5b6d3809e33522ac68d841804aaf4866f989261921d56bc122de3866caa139a3f3e5013f3b4243acd16bacd01e12bd6954ea74775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa3b0fa78e2b5f606c9fa8cdd7b5ec39

SHA1
1b1e3c8c564e0ac3fdf13bb47c083f5ff2415019

SHA256
72249785ba35f3f5fa5dc9b7e2dd06fbe1f0f4543da011757504f933b44d0a54

SHA512
def28fee0525bfca6b4a8cbb48745668ee05f154a5149042354885e1b7083ec19d59e428bd197af11b38f8ab4bd0ea073447522580a0bd807f8c65a4d6f552b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd6d8113fe6e776c9f80e24373639c98

SHA1
1873e2cbef491faf88c056ff81adc9d5a7f9c13f

SHA256
55d8e9d25f2ef7d8e8d1d3ed5f26d3400afd0ca33e9049ec8f7f4ea9ec13aa50

SHA512
c1aabfb0db5da55d1f910f8f4f20d9b585ea4ff678fb6d140694a4d72bf9027d66cc4f9282a8b85dc52bf805dfd1742d5ed3b445b3b724c6a410011c00be8e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
63b6255b3f07d9e42bedebea98f2aca2

SHA1
40ebdc3a328e822aec42b2373d092dc73101342f

SHA256
51efbb488012f6ba9fd2182e4f57da8fe07e915e6b2c000fe96617c1d25d349a

SHA512
0e54c65fd7616217d813904524e84af94d966c93b9097053d0253f0e7111883f47aea07016b9d1096c6e6f877fe2c5754c035e82c6a5246418303da8662bf652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1df47de5c8b2dd340b72b4106e2f48ee

SHA1
c2a3d938b20f7a67d9e48ebdefa0fc0b2dd226db

SHA256
987015af549ec9a1a5645e0aaa151041b7aa1526f7687b01b62466495dbef939

SHA512
70071a3bc3071d3a5982a329dd26071c1da108b992155c3037509efebc5eea9d9cd90cb37fd4cf27113905e06ad4cb9aefd7026d9a4e4e32c93e6f7ef418f9cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2a1bfd804bd627bd1fc599976a4ff66

SHA1
122267e9e41a7775934595efdd30735ae18ac4db

SHA256
fe3e61a888da89c3945f6f1c3a64ba6ec3fb68b496abb05e5ac785c025f13b1c

SHA512
d03b7a30bcd667e1bbd2d8484a2c7c7f79ebd8ae104769b41e7e4f7fe95959a10304c3a18f3794c8f457e6a5c95f0535554e5ba80decbf1101e673932d01d48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ca7ed6db2d33c38e0696c2d54c5e4489

SHA1
d529ec31343895373e6abf391f3589d4e4854d22

SHA256
ce548fa40010acaa982ba6778d2386816fc4a6bb0f1be00e8ac61418c627c01d

SHA512
61743464c70c49cea3c06aaeea1bef5e27e37d4fab308b24a048acf1019bdc34837cc3206cdfe8ccf78e74b93102f86a1b00e3b48efdddfa3364546c84b4fd4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
58cafbdabf28217d2a0b5f16a7aa450f

SHA1
a7dcdd4478f244909a57361316bd9a8b691b8f6e

SHA256
baff695c9838bc2bcc510e9306cd7c0c091a90f666529ebb882da71a42e0597f

SHA512
c359b80e7fffeaf622ab5eaffef251946795273e6fc3c9834cc35faba64232c0ae83cdf5844f083a71fbdfb5958316c23b67832485aa9f5df07e4a026669a9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
296f51dd8cb2378501e6428a75b9072f

SHA1
498661054bfd785f16a7b36d054eebe76b497fdd

SHA256
dbd29996a43e2d6377c87289f9b5378114cbd1a5a1c11e42d823d442b4360ce0

SHA512
39531bc0d2eb157b2186d628b765ff0d2174fcc9221dbfdf23379459e01f3cbf8af554b55051fac1b6af2841a439c7019ead9fad3d0b027a6cb2ef089092a0e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2937cb4dece7ec1cf29d5f69f0f72a16

SHA1
0599ae4b20c3819ddcc8e39ccec96f5fa70ea3ac

SHA256
1f972e3e6476f1eb67f3478556cd104dd27392a30f1b5cd66076003586c00be7

SHA512
57e607f288910fc7adef745caa4446fc838647fba18977db9f2d0fe592cc3a7a8e85101ebade703754c92c4b52fa484a70cc7de8fe5bf211437da46a9845d945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b5324e37af20a7f46bd5afa6cfe8f627

SHA1
6fe79f84faadff3caf539d58e26db091a1abe86b

SHA256
3f6ce0e33b7c7545604ab0061cea567a02b51b8235b4603e537a062f9ba93063

SHA512
e2a3a2a2c4293c492f4122c8d1e4fa2424a4a5a0ea9a2ff9d6f75ee38f76834fd7b41644944aedb8567c6a36d04db1eeee92b55782d432da6200dd3ab75ef3a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5e6ea9d4a7b4a751691ed0c3b1c327ed

SHA1
d1d512ab1e6ff9587d56296bc4298bfc838ba15a

SHA256
bbfdbfc2c3fcc1d5b655194456b93fc7b59363d76a48f7a9a26c606a0850bace

SHA512
f4c766f5335ea45f372eee559b13c8ab2978ea3bccd93a4e10450d40686b7ae731ccf2af1316fb1c680773afa8b1f83111516c149600f3f48cbe60f80d10924e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
81c7b3c9930df5aa63c007fd6314f3d0

SHA1
d01de8c8e3a4fedb6e8e0d735c6f549d9accba32

SHA256
7d2d8be946df403aa8eb7278680138d415a1e92c1840f4da9959e2b80c629eb2

SHA512
c9ad0c59fe338a7ed6df98c0cb27b8f89473ff73501a4d89c955d2d995d2b91241de09c90e76b4ef66445cfc53192e275ed25ecbf436fb0401cc31653119289a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f71525b07a92ed7fb0a98f0fbf36f319

SHA1
242a03223f0eeaa40af6ff2eb0623e600c91736c

SHA256
a6622591df3fa5b581a93e4ab7b9801472e1860d5cf4614859fc640ea8b86532

SHA512
d371d85eb18693306299f26ae5f1c0c22d417f0e73f2e9cecade78826c799cf445044fe4b4a554022d7763f0b75b078888ec75889d70c11550e94e66e09b3490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4b2c1e8e9b9628b4fd1607f5656f6e19

SHA1
ef26250ad42c260e4698ef8656dc6a4667da3c47

SHA256
f71da98e8a39f03d8aaa798c22efa39d0e7a35122f8f1d36924b0077112ba41d

SHA512
61a642974d26be9f280d1436f5e7ba3f45b382daad015702b4ab40230dab9d7b97f3e78dc6d3aa9d3040914b63789b22249c9748479dd16f9b105b21f420e545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d0a682d3051b8e23955d6189846367d2

SHA1
40131fd09e5a8c1b276d886204debab148e3b70c

SHA256
85943269563696144121479e41a58bf44290bc9d3ca3b9b9ecaddb838e0d162a

SHA512
b83d40920ef3ab7ba76f350774376ab89eaf1f921c104e7175d6a4ca1e355ba9db95fd1326a12cca7502fa617384c231f42bfc20d01f8056ccf7df5d7f865bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1a9fcad7097b20c4b51e7adad0ddbb4e

SHA1
f00b2959b910147c417bc3f80f76e212cfe9711d

SHA256
8dae8b785c0616bcb79b3e5d1b1ed013345d1f4810b433d2a5c3434909b43842

SHA512
193a5dd7f13755c823bcf560317eeb3e52f123b35e0ddd1f7e8032737bcb7bcc4d722bf78a721219e6819477b2cc509e162f97deb4b12e53ee004e74984e3038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
cdb3b6cfde5f4a76f64ad10721e6ed29

SHA1
7ba653ed9585a05c3347806ab7f28a20f84b9ce2

SHA256
071898e71caf5afec6e61f607e872b4a97e7090d89b34ac1c112c915d17254e2

SHA512
1f4586968061878d12035bc6e06b39a00c4d72b95762a0d51f01af4de2867e2e022ad1ed39eee18a31c3ac32efc01096c5f8b55faea04e2568439c05a245880b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e3bd6a133e2b5ebe41154c3f073e5729

SHA1
24747ed4b594ee68acb2e9dabbae3db730507367

SHA256
2cee5b420e8006844af7c2a04352dd7c7aecbfd977ad41cc761d726571c21228

SHA512
377c29ec3b0a98374053ba0ad6b6d3209bedf942e65a910bc329ee6d4b60451feb8019274d1811333d79df553d799f0f863b23dc8778758fb4b195db24252d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
de7ef8a5f40cda5350dc60d361155f2e

SHA1
f1ec4facf39f612c0199b48d64477f67ad222dcd

SHA256
0df2a70404bb5f95d1f2cdc1ae85ed378bf79aa7aeeed36e3d7dc74bd777fbea

SHA512
b3e25600b7fc746fd18e723b548754fe0cad364de06bcd95c734cb6fb3909b88d9230245f51ed0457b30a1740ed38c479afaf89005ff54923a8d67a2fc88fd15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
57017db920f11c76779adffd3b3134b9

SHA1
6d6ff483d3faf59b92bac9472e858f0793e2986d

SHA256
a329d244c3f29f365276af3c592df6776d6602859b9093b1d3cd188acde3f70b

SHA512
76b3668866853db354e2d6120eab9103d69aeb1648784f5d6dfe4600e94080dc62f024b8551f8d068054d69fcb242c5c10061c4fe52f103d0a1a0b6f948e5ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2d44d1932c0be790bda05e0fe4fbd4b2

SHA1
ff8652de5266aa4d80d1eaf247739aae6a1e37b9

SHA256
ca56a70d116f0a29f2d270d625ac9c3718a74a02d1aa3673f64b5c4d913c2668

SHA512
a8475f8aad52a40790a27144d05769164ed19511b9d4c8f98d98b158184edacceb92930e4968ee4c05fb8b5c76a3c7abd7b23ba2ece3c174f1352a77bce9d434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5495383f7790ef0682b1219b9bf862b6

SHA1
b7d8ff601fe2d5874412d43384220479a0ad12b0

SHA256
2b290b3406d8b3ca1f587e8f556e44ac964eef6761fdef8635e701b67c497ca4

SHA512
e01e252494af24d694b76b4c01de3c0c0db604b682645e158dfe14d13fc567ddc5955342388a18a22dea99cfd575840cf11cf9cbd804ddb5cab00f75e9dfecad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
33c8beed394ecca3174a59ec2f74e1ed

SHA1
ad59c3e819cb6b6a2ac3d9fe6f5f53c5d2876b35

SHA256
7f3dcce8c6bb54bbd54926c63841a98896cd14954ac540f2717a6a1a02619338

SHA512
5bc7a4e75dd3ccc9ad250a0ee40957ff2091d1e54c01f667b755f4110dbdb438d76c039ecb4229c0532a8c7b71f3f289a6cd528f8bbeac4bd789beb6a043f1a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a8147f1ba02591ee4c85cab7cf97a714

SHA1
fbcf7377e967b217d6e00c0415f9bababf8d7285

SHA256
aa4e8523f560e56c44cdfc9fbc4a5788bfa7b0810ba9bfa178c4ae9e7dfc795e

SHA512
da635e1ba6a37088ea5c057cbf2dcaf3ee440cda93a5117b3d2e1b6eb5cd177a7a7f5a8cea797fbcc194215c3181b30924c733b3e695b52a5b71697de2d7b5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
66be46c49ca5d22626958deb75f53e93

SHA1
4fc18860c7fddb97f5160b982879ce6965d73132

SHA256
ef003bb32fa3cab83cc505751c1359001ee3c58b74fb60f514f5c86110b906b3

SHA512
5f6c652cbd36b7614f5fc946c6f14c7e9c8c7a66420848454336e057b2aa341ad81506a537964afe0f3d7dce3cf946e255b174aa47893175116d6852af93c00b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cb39796445e674b9703839104ae68940

SHA1
904d9a9cda629cc12a2068be305d3c6b2cc1d41c

SHA256
2cec492522a5042b33fada1102dadd4b98e2df533b53fcb757bee0839ffc3082

SHA512
7e562972f31cf2f7231ceae703d6c8f5ca283fecbc461dc92ed126be9758f22b68406edad22f0c836657699f2838c790c846604f58996914b6c832c143806b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a840868b1e5561f5491605bbcb2059ed

SHA1
9858f3f68f8a0cc6278a4bffa8e47cc3e7665de7

SHA256
0f41db1d0c1ee62c3de83961a278319f3789d22f1e471bbb97d0baea98872c4e

SHA512
25c959efba016e5b14410b35b2dabc9d46694eff3da2f030991fd1ec84368e327411e3dd1286475aa56655361ed64b04cd9223905e7e0541fe416a0b995928ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5aa6b5c1f4d17682b0cfc698c11e953d

SHA1
d5b9d078759f52096d3f722de59ba524a727eda0

SHA256
6e016a24601ae7457e9b275ceed7279dceaeb7f13c02bffe6921508fce6f8c0e

SHA512
ffd983ed9dca9de824326ee79eb81102011219196e621d07a06b65d58ca00844b6a9b8590c8abeef50e41a79d5eb492a88b7bd4d5e4361d6cc12eef1156fef6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a904c8beecaa9bb52eb37cc016430c31

SHA1
186e21e66bb93099224d0fc9bf49bfa45836a8b8

SHA256
e231882de14c7c93222726459b4d179b307e851be19fd0be7184acf646d0dadc

SHA512
7e098e5bfce49fee2c69a34ea41e8d09b6b54086cfaf2e55c64b75e0643ece29391a79a2b779d19dfd31e9bb5f52edc64594622976870c5532099454c63cdf9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3a72952d271dfdafc977f5708ca02263

SHA1
2c9129b62fc0e9029667d9aa47dd66b9ff4bee00

SHA256
549d9f0f7515eb24e82e699305217a53d65ed3791be4e84c011b1d182210d293

SHA512
1fef16a013bb345a6af0554e85b930f03f8d4267e185ba95c7f20b781c7dd0dcb0a7e940c3a3a94d04a2f9a7083a76ca7602a19e3fe73b69c7f59c4d1ac9720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
335e894225d2958c85bfca0df1acc980

SHA1
ad79ca456e794242a2c1911749f53c31f3f9c92d

SHA256
82f65c69164be4d1fd78f6a1a7a35ec4327be75cdefbb72a5fa21945f254bb5a

SHA512
102eef9939c685d4e32dffa98715bfe65e49ddd5fe804fe9fc63cb70283f8b7d76c800c2e08f5bef5a6ea56584b3cd719178c4e0e5070d0ae902efeb940d599f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8a57958d1275b87ce2dbec0c085439bc

SHA1
d579de5707d0cc3d481a2a8c759aefe5811dce02

SHA256
6701359d5b40ed59feb24506faa74c8762bf8ddb9c6a1e504e1a96ce357a97ca

SHA512
b4ce1e3ff2369fd5443de0e8d63cde016e41b7e37a182c392be41d9515fe00f680e6425881b14f79afdbff5b91b5e7c766f580f11207ff0bcb846eff9e307348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d98837d485dbaf027454e66f8d866b26

SHA1
68832d62a6b6f21b79fca4753fa990a10eb128e1

SHA256
ac429feca7828424365adb60c8c26cab990c4509988064153ebe2df14bbe3982

SHA512
d726dc38d50d79ebb352608900e559d429033275a0ce55dc3b19203a48da2bbe3b052310660c379552f46b0ac1ba98e01ce9298b070eb40aa2b33904f6fcf06f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
84c25c2bc665cc41f11ba06a654d879c

SHA1
e8606123bd4085bbe7e1f46537067db41401a8d4

SHA256
c12c69d8d922557487ed02f447527e2ca24502bdd00f93998b3baf21c9fc90dd

SHA512
c819cb5781cdda3f58c531ad6d92a2ce8199ea2b42419234e4d364612d6ced63ef60ff8288572e518c14b42f80d421e0d992802909dc0a64ee93d81bae789c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
43d97cc348d97f76a759edba0c5bf129

SHA1
aa1dadf4619b46498e594c46fe5294d8da274a41

SHA256
7e727afa070a01978fd1a0d142b8e12f9045e3ef95b442fca9cb465b7c907c9a

SHA512
99cfcc4df2acc3cbbbdaff27f7e5e4c5775d202c2a583aa7eabbc0e31af5990f623dae84ab9754137f1bf4d72afb11a1aa22e07b6b3828366a19247d2e7dad48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
df0d7fa6fb923c102892937d64068c46

SHA1
75097f98687b8249e4f66a3b76d7a5d42ca6751f

SHA256
5db0c3ee35f5e2583202b6f38125fc9214a3ae4f624a5f6f42123078b00543fe

SHA512
d7ea1e30bbf0f1221f5f42b4c593abd212ee50f1a66c9dc4e8b6d35277817f6a95e657a35aade700a0085aa0d9ab6fd23d066e904ed67cde416adee266ad4f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bacc9be714007aa9e4a12685e525cb32

SHA1
6026674c79a98d7e74f93137977149dc93c9c63a

SHA256
ff04d33752270b734c790c449c47c4c398156c7ee06a7edf1cb1646b412b4704

SHA512
d8f6acf701b09ecf8a8f8dd413e2462e93d0f5a662c093db684a558c0ce01435c4a6ef06f9fccf69254ef84e67c13636f3ee88909dd02872f119859ff48879b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
edcc0fd5b569de66381a4f557a2d7c72

SHA1
47ae10d23dd724273cdbfc5a829d739a72687a77

SHA256
e8acf7889cdb60474163d2f29aff6a1f2109d70052254218c4ee0a1a1a906494

SHA512
76245ff096a28a56ff1b6720857911b6fce74e1545393f4cb4819fff35b11f3e3ac7f349b1217c00d37e787d0c927343b98aaec980809ee7119091d40c14378c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2a899d2008ef6199bf939bb23c979ffb

SHA1
6af2a2878a4e22fda855bf9d65e02bca59c3a684

SHA256
a42469006b36ca61d15983fb773b35a33ca4edf7b061c894fc9df3e9c9a03acc

SHA512
3952235866556901223b8c26e595a823ddd5835ac86a0b7f21578c3e8f7aa952e04acf3be1144137125160e85ee2c4e9d3643b573c806102046128c3ed2315b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6bacda8053cec617f09f7cc9f4ad64a5

SHA1
0700a52c3846fa4616dd5f15344b5fc9dfb91b06

SHA256
0c5f18d368750151d2799e76e24c4036446e30549fa23dce73e1e44c28c6d62e

SHA512
ff47dca045d8b46ba4b024578f3b40aa4bc972872a15758a5d2806b5d05bd3bde8b89359d869213b2033c462640dd8c45334a62cdec383654b85d27ca5cd49fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
52306e2fa935cd999a918df90e4ce2e9

SHA1
c67443fa7ee5db2d7339bb6170ca4f0b67db50cd

SHA256
c77f18848c371c6a33a56e75c284980421192abf01676680a137b2d0157176ab

SHA512
b3e32082d8104913d0125edcbdc3d1832d7686fb9c1c65bcb6fd3f9c074a3ee90d7320518d5928d7985d22e3fc7199bbddd90d67918c9a319c0302b2c31ee5a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7fdc8b87622c27992d683544197ac116

SHA1
49d2b13d1b92b518cfc04bfff45c9ebf00c2c96b

SHA256
d7514e4ae934828fce1cb00e6d8b3380163de7ffbe9f3d6f8eddf8d3c81e543f

SHA512
2631ac63c34036fb37eb25f061a8dbf5efec4235032feeb1efedd816e7dea2cce4bd91327a4a3f4168d75372ff663332f207a1586d04434f29887a12f6f6f992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4af4a3840cb544c290fc5f5efa34e063

SHA1
bad5d20aab13b7243041128423831abdfcab522f

SHA256
c0d512d399d50e669559aa03097f15c81046f873b185282de88a3fff2a0aee0b

SHA512
d51dfc480818b5822f61b7794c66bc34568ff53194326c2665f89bd1b31563035e7e322d218313ae1277027117e9c80b18b350bd1f85399fab5ef58cbb404892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
220b332475e0ac673f53aed127457554

SHA1
2c2a421e520f632ab91eb048db20ddd7f4dbc813

SHA256
5d9d6e4f36a5f232f196ca1fe938a4fa9040745c1a4ebc8b7e7c6306cf21cad6

SHA512
b97f968af86e8cb398b1cbbde9f9dc243a3825819baac13c1f9f4f7c81c3dd210e2a94f3c76d4e2c62671101a291491bacdf5f58f4b7f7e114720b9f1ba7a106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c921faf5e7bc1cbc7954a65029a1ee67

SHA1
99e05aa53ca306b1e2514dcd1c50efb98b1184e3

SHA256
a133ac42daaff0a6bd33f79234d1f64bf907ff286a85839b417480e4255baeef

SHA512
d8c2ecd1ec981546115a6242d58bb2da1dcf165b10a3c543be46903cadb7ab1c1772745d262bee10fd297940b0f559cf96140ede67f5feded7f7f23ef3d43bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9fbc2268570d77b2bcf3ec4cf2d61fc2

SHA1
2f34f7e415b065869781304756beb01bc891e5df

SHA256
0a51adb638f9003b5eac142d3f93eb16ae01b91eb312070b3c50115848376397

SHA512
3df9be2e9cc59465acfd38e58ac8630e989461561d602264cd78cfa58d085132cd0312688bf0faa001d34f0164fb344d37f82bc5b03e1397019a1bbb15f0d635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c46ea076febdb36d2538ddfd62ae4b23

SHA1
95a3b86b30e2c429f93c8d269835741c7a758b39

SHA256
9a8692baa8dc2af14c3caaafa7394b837e7a8e6cbff29142b8ad3823efd73012

SHA512
4a3e6b34d42308db3340d44996c6cf4667599960213b470f0662958dd3fb0415ce516f33ee4c6855e0c8ce64f897c723b443cc49bb0f8f0ab81116fde57db618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ab9afc36143ccbce31d0dd21ba1435c6

SHA1
70e4731860cfa3396e0e650016135a5a3161e223

SHA256
d7231c86ec7b09b0c66790aa8982315ec78e70cb90fbae716cdac5654521b819

SHA512
e193e1375f3a8144627a217b7d58b0734dcc435d6e602867586dff7331977dcd603383976bb735c4d31d4d74c38f507add007a71b2cfc9b59489fdf396c685ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bfa689203bc8cfa35437201a27cbf409

SHA1
a0aa260c4578ac7dd666e57d327633d223a612b3

SHA256
f438a742898e26736cf6feef3230d6687df7f39746ec77971f36523fa67ca539

SHA512
0bcf2ccbacbbf0f531b6521a928c9fd65c0a8a9e58988fdee625521e4058fb55d74d10228730f335aa7b58ec91f95bb89733b75db6d023b7086333bdb8c6a3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c4720adf027b79c985638307b62610a1

SHA1
af58c49a5826220a4aaaf7ac953165cd95ca6005

SHA256
3347dbd4510da32866ceda74110d85ba4a93e7a56da9f3fb5c4fbb19312ec28f

SHA512
682508ca91c8905ab3b687711aa227f950d0e42483b29a48fadcd2b6ef55f31e9cb43c7f28af44008c61e4f9c0276ad18b93546a1c92bc32433c7eeeb9fc56de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d5acdcd2ae13a530ab04f6373d6bee37

SHA1
abfe2e4ea3c5d62bfa99cab6bee30a0060902a00

SHA256
cffc33764720271f0cbc93604d0227c702f47e6196772663b59f8ea81511543c

SHA512
a33b657f9de4416bb3d4dca19d5ba0000bd63a813b840f5638e18e9fdf44c183fa851bcd80b8463716dfb3f55625eb85b995a41025c910072fbdfa89541aa45f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ffce982776eb81b9c9c0dad3b4a11a4a

SHA1
fcec81f3dc6972e7b4f51eb702cc4c4feb532eb5

SHA256
55b5143c07e7608a5143de68b6eb80fb2107b761d8107972dc8eac6ad0a9f564

SHA512
411bcc611bcc018e560dab662310220a263212b5f974a34b6b59b47cf04377ed5da97cfc0e228755266be308ba4fef6c68428d27fa317eee86702ac17c2412d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ff446624430aa1d58a3a56552579b3af

SHA1
9c8e786fd1cd6b5429b5ebdd70e6c12777f2ddba

SHA256
5e3b85aed26aaf970a67bc1b39cf8db8c703779ecb7ecf451623d1fa00988869

SHA512
351394e36629264a635143b065450ff0e71f61a230f267bbb7a74898c0ce26e70bde4bf54ee909ac0f84fd4c8cf229ca3d4678e91d8ed3984a8b55dec3413d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d4624.TMP

Filesize
1KB

MD5
92475630459d2b7da69788fe2036cdb6

SHA1
54cd3186e92663a389b76889a11f184ad7bbfb7f

SHA256
d2ece5a4b9116a9d68f24a687f78df8a322a0205e8415389da4091a43cdd8b16

SHA512
3f2c850673bd2e43f267a00c907a9f93cdcc900fd33bb96cdbb80d0f21afb7aa9ddc507daf2a6e34d81bfb0dbb4aacbf00c0b37784c0b894b3283f8c111cd509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
17535ce19be8e48df0064b772425b726

SHA1
d4095f56ca1f589bdb8458dce2ec803fa8466c70

SHA256
a1b716b550e6ea877abda9038c1061c88c1e566a0ccbfe68720ad2efeadd5e01

SHA512
de15ffb0c8da60d2fbf7911eaae488862ed9b50b43243413c2bcd966d6961684033247db8d47fa1a25f50f4cb60af132cacfbc4e602982123e94b4b94f6f2607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d5fcc83f48a903db124f466ff009787

SHA1
131a7c3436981d3c6893fa64ac0db5c96d133228

SHA256
8499150442c71d01284a243c4ea58e7e4698ffb18be4b7273616f548f2d68124

SHA512
ab78fdca74898c818a4353773800e58ccd908ae30d77e448a40670b2d1c845d74b47537c570b9142017e082ccf083d6e187217805620cfcdb4d94a23c344554f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
62d8d53cd57d9cd4881e46a9383402c7

SHA1
4c22f9f6ec8338cbfd72a5dcd2034c08a3325364

SHA256
f0913d0ecbbc6a997847056dc98cca762ec89473b9d08c40dbb4dea8f2e25255

SHA512
761ef83143f54ba7930c29a028612580af6c0e2a34bbe585a07ceb967866853b547ec3acfd610a6ad6111187c47ba0f6c7d3f99cd188d0e97d0d3bde7238fe47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
56d21a125b3e846995a540ed5f990785

SHA1
82348e93c9b9ac38db7190e98d59229a894be1ed

SHA256
d7ebc35a46c849e4a20385d1c56f3a8749a757fffe03f1fe4922938ef0ef0928

SHA512
e1a77afa60e2d81149f02f1f74c7e559407249751c38c1b900680e651e4be6f5f9f43ebe6307f8ec78a78c01eaaa93df4acd3c6a20af0f73db263cefe53d4585

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\c7fa889009fed8c8f48a9dfedcd339d0

Filesize
2.2MB

MD5
c23aabd8b1fa182ae29f62fc0b7c5709

SHA1
c30078b2e9020ebdfb957d389b5922a6cef5d01e

SHA256
f83af70305868928edb4a7f77f072489e35085744e3c1c3baf778d6e9225e437

SHA512
9bcbd4bebcff55c8e8166e6554921ac56c193350102e00d5003cf8c225e0efb2e6de0c40831d665a7bef1aff4366ce1e4e9fea49f43ed7b8f6dc30b4c8f8ea10

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8433729A\Silvestras.exe

Filesize
885KB

MD5
4b5481402d3ff988f11ec3cf2d2f35e1

SHA1
6f09f6dd5a70dd4e17a90aae690822ac01b6d24e

SHA256
d9b9764108e88e640d73e72393fa028a93dce32252c113715463e31beb5dc7d4

SHA512
8b17961bad519fe0dfeca668d489633cb973aa21ec89c42c5657fca9f0306f6319531f0431ce54eb47069825534cf6b1d643dda44ca5b6f47e311b484e30c583

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8437DC2B\INSTRUCTIONS.txt

Filesize
138B

MD5
30223e5f732ec14539a06434bc88bf4b

SHA1
6e9ca7ca1af20eb7a64c8a7f49d979fa3510c80c

SHA256
2f4a3aca9a0bab581a4bed543c1f667611816ec5e770d677fdd0a63941175d72

SHA512
febbb5d975e56bfd5fa688a2040befa6770a6a92c10de7dd99e6456b1726ad62eee06f33c0c71775633fd1e9513c17dc5f219fb2371bf5f1634a34775cec2480

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
4.6MB

MD5
6de8c1641e03b8080a40ab515ca5edfc

SHA1
e963bad6f1852de446512c313d9d0359eceeea65

SHA256
59ff1970e144aaea68c2fc942ac499bbece25579230fa22db18d9c77d5d0720d

SHA512
de4088b541f4b857191045123047a3be63f3d7c243830aa6aece28600a2f3cbdc92be90e4a994a72a1d99d7a8edb893616366169bb6a058ee8e9b0c9bcffb18c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 373523.crdownload

Filesize
3.3MB

MD5
8dc257a245d99e91edb3076142e631a1

SHA1
c6401e57959ccf2e99d071053566ad82ab910422

SHA256
35c6ec9c4405e36723aa9034392c85cd08087a4a5341ffb68458b8da3317cbce

SHA512
e594977450309b5a9796a460ca764e4e2e4ee1668189e607fa19a4f16408a12cf0af8ded7a33cd580ae71312820e6f10e0013824e5f16fb2574ea49ef56e5b48

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
242f4808d2ff4c16f3440bddc9e88e1d

SHA1
ffd2685a5e44714ed63ef301a27fd52f11c10e2e

SHA256
824f9007218287585bdc9e0b36322e26365e51b62f3e44e9f802e7946669e38e

SHA512
4d0a88e81cdcbc8f61643d60acd52ffa194a9bab5df7b11aaa7d2a010bbc3e49ad664e4504a33438ffb265f7e5f25422d1d00c0e366b89bb90642736df175a66

Download Submit
memory/3760-4499-0x00007FFD7E0C0000-0x00007FFD7E0E6000-memory.dmp

Filesize
152KB

Download
memory/3760-4463-0x00007FFD7E530000-0x00007FFD7E540000-memory.dmp

Filesize
64KB

Download
memory/3760-4468-0x00007FFD7E550000-0x00007FFD7E560000-memory.dmp

Filesize
64KB

Download
memory/3760-4477-0x00007FFD7FB40000-0x00007FFD7FB4D000-memory.dmp

Filesize
52KB

Download
memory/3760-4481-0x00007FFD7EA70000-0x00007FFD7EA79000-memory.dmp

Filesize
36KB

Download
memory/3760-4491-0x00007FFD7E950000-0x00007FFD7E970000-memory.dmp

Filesize
128KB

Download
memory/3760-4498-0x00007FFD7E0C0000-0x00007FFD7E0E6000-memory.dmp

Filesize
152KB

Download
memory/3760-4502-0x00007FFD80A70000-0x00007FFD80A71000-memory.dmp

Filesize
4KB

Download
memory/3760-4501-0x00007FFD80A60000-0x00007FFD80A61000-memory.dmp

Filesize
4KB

Download
memory/3760-4457-0x00007FFD80720000-0x00007FFD8072C000-memory.dmp

Filesize
48KB

Download
memory/3760-4500-0x00007FFD80A50000-0x00007FFD80A51000-memory.dmp

Filesize
4KB

Download
memory/3760-4497-0x00007FFD7E0C0000-0x00007FFD7E0E6000-memory.dmp

Filesize
152KB

Download
memory/3760-4496-0x00007FFD7E0C0000-0x00007FFD7E0E6000-memory.dmp

Filesize
152KB

Download
memory/3760-4495-0x00007FFD7E0C0000-0x00007FFD7E0E6000-memory.dmp

Filesize
152KB

Download
memory/3760-4494-0x00007FFD7E950000-0x00007FFD7E970000-memory.dmp

Filesize
128KB

Download
memory/3760-4493-0x00007FFD7E950000-0x00007FFD7E970000-memory.dmp

Filesize
128KB

Download
memory/3760-4492-0x00007FFD7E950000-0x00007FFD7E970000-memory.dmp

Filesize
128KB

Download
memory/3760-4490-0x00007FFD7E950000-0x00007FFD7E970000-memory.dmp

Filesize
128KB

Download
memory/3760-4489-0x00007FFD7E920000-0x00007FFD7E930000-memory.dmp

Filesize
64KB

Download
memory/3760-4488-0x00007FFD7E920000-0x00007FFD7E930000-memory.dmp

Filesize
64KB

Download
memory/3760-4487-0x00007FFD7E810000-0x00007FFD7E820000-memory.dmp

Filesize
64KB

Download
memory/3760-4486-0x00007FFD7E810000-0x00007FFD7E820000-memory.dmp

Filesize
64KB

Download
memory/3760-4485-0x00007FFD7EA70000-0x00007FFD7EA79000-memory.dmp

Filesize
36KB

Download
memory/3760-4484-0x00007FFD7EA70000-0x00007FFD7EA79000-memory.dmp

Filesize
36KB

Download
memory/3760-4483-0x00007FFD7EA70000-0x00007FFD7EA79000-memory.dmp

Filesize
36KB

Download
memory/3760-4482-0x00007FFD7EA70000-0x00007FFD7EA79000-memory.dmp

Filesize
36KB

Download
memory/3760-4480-0x00007FFD7EA50000-0x00007FFD7EA60000-memory.dmp

Filesize
64KB

Download
memory/3760-4479-0x00007FFD7EA50000-0x00007FFD7EA60000-memory.dmp

Filesize
64KB

Download
memory/3760-4478-0x00007FFD7EA50000-0x00007FFD7EA60000-memory.dmp

Filesize
64KB

Download
memory/3760-4476-0x00007FFD7FB40000-0x00007FFD7FB4D000-memory.dmp

Filesize
52KB

Download
memory/3760-4475-0x00007FFD7FB40000-0x00007FFD7FB4D000-memory.dmp

Filesize
52KB

Download
memory/3760-4474-0x00007FFD7FB40000-0x00007FFD7FB4D000-memory.dmp

Filesize
52KB

Download
memory/3760-4473-0x00007FFD7FB40000-0x00007FFD7FB4D000-memory.dmp

Filesize
52KB

Download
memory/3760-4472-0x00007FFD7FB00000-0x00007FFD7FB10000-memory.dmp

Filesize
64KB

Download
memory/3760-4471-0x00007FFD7FB00000-0x00007FFD7FB10000-memory.dmp

Filesize
64KB

Download
memory/3760-4470-0x00007FFD7FA90000-0x00007FFD7FAA0000-memory.dmp

Filesize
64KB

Download
memory/3760-4469-0x00007FFD7FA90000-0x00007FFD7FAA0000-memory.dmp

Filesize
64KB

Download
memory/3760-4467-0x00007FFD7E550000-0x00007FFD7E560000-memory.dmp

Filesize
64KB

Download
memory/3760-4466-0x00007FFD7E550000-0x00007FFD7E560000-memory.dmp

Filesize
64KB

Download
memory/3760-4465-0x00007FFD7E530000-0x00007FFD7E540000-memory.dmp

Filesize
64KB

Download
memory/3760-4464-0x00007FFD7E530000-0x00007FFD7E540000-memory.dmp

Filesize
64KB

Download
memory/3760-4459-0x00007FFD7E210000-0x00007FFD7E220000-memory.dmp

Filesize
64KB

Download
memory/3760-4462-0x00007FFD7E380000-0x00007FFD7E390000-memory.dmp

Filesize
64KB

Download
memory/3760-4461-0x00007FFD7E380000-0x00007FFD7E390000-memory.dmp

Filesize
64KB

Download
memory/3760-4460-0x00007FFD80AD0000-0x00007FFD80AD1000-memory.dmp

Filesize
4KB

Download
memory/3760-4458-0x00007FFD7E210000-0x00007FFD7E220000-memory.dmp

Filesize
64KB

Download
memory/3760-4456-0x00007FFD80630000-0x00007FFD80650000-memory.dmp

Filesize
128KB

Download
memory/3760-4455-0x00007FFD80630000-0x00007FFD80650000-memory.dmp

Filesize
128KB

Download
memory/3760-4454-0x00007FFD80630000-0x00007FFD80650000-memory.dmp

Filesize
128KB

Download
memory/3760-4453-0x00007FFD80630000-0x00007FFD80650000-memory.dmp

Filesize
128KB

Download
memory/3760-4452-0x00007FFD80630000-0x00007FFD80650000-memory.dmp

Filesize
128KB

Download
memory/3760-4450-0x00007FFD80610000-0x00007FFD80620000-memory.dmp

Filesize
64KB

Download
memory/3760-4449-0x00007FFD80580000-0x00007FFD80590000-memory.dmp

Filesize
64KB

Download
memory/3760-4448-0x00007FFD80580000-0x00007FFD80590000-memory.dmp

Filesize
64KB

Download
memory/3760-4445-0x00007FFD80C50000-0x00007FFD80C80000-memory.dmp

Filesize
192KB

Download
memory/3760-4444-0x00007FFD80C50000-0x00007FFD80C80000-memory.dmp

Filesize
192KB

Download
memory/3760-4442-0x00007FFD80C50000-0x00007FFD80C80000-memory.dmp

Filesize
192KB

Download
memory/3760-4441-0x00007FFD80C00000-0x00007FFD80C10000-memory.dmp

Filesize
64KB

Download
memory/3760-4440-0x00007FFD80C00000-0x00007FFD80C10000-memory.dmp

Filesize
64KB

Download
memory/3760-4439-0x00007FFD80AE0000-0x00007FFD80AF0000-memory.dmp

Filesize
64KB

Download
memory/3760-4438-0x00007FFD80AE0000-0x00007FFD80AF0000-memory.dmp

Filesize
64KB

Download
memory/3760-4451-0x00007FFD80610000-0x00007FFD80620000-memory.dmp

Filesize
64KB

Download
memory/3760-4446-0x00007FFD80C50000-0x00007FFD80C80000-memory.dmp

Filesize
192KB

Download
memory/3760-4447-0x00007FFD80CE0000-0x00007FFD80CE9000-memory.dmp

Filesize
36KB

Download
memory/3760-4443-0x00007FFD80C50000-0x00007FFD80C80000-memory.dmp

Filesize
192KB

Download
memory/3760-4437-0x000000001BCC0000-0x000000001BCD0000-memory.dmp

Filesize
64KB

Download
memory/3908-1922-0x0000000002860000-0x000000000289E000-memory.dmp

Filesize
248KB

Download
memory/3908-1928-0x00007FFD5CD10000-0x00007FFD5D7D2000-memory.dmp

Filesize
10.8MB

Download
memory/3908-1918-0x00000000027F0000-0x0000000002840000-memory.dmp

Filesize
320KB

Download
memory/3908-1919-0x00007FFD5CD10000-0x00007FFD5D7D2000-memory.dmp

Filesize
10.8MB

Download
memory/3908-1920-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

Filesize
4KB

Download
memory/3908-1921-0x0000000000F00000-0x0000000000F10000-memory.dmp

Filesize
64KB

Download
memory/3908-1917-0x00007FFD5CD10000-0x00007FFD5D7D2000-memory.dmp

Filesize
10.8MB

Download
memory/3908-1923-0x0000000000F00000-0x0000000000F10000-memory.dmp

Filesize
64KB

Download
memory/3908-1916-0x00000000004A0000-0x0000000000586000-memory.dmp

Filesize
920KB

Download
memory/4448-1933-0x00007FFD5C720000-0x00007FFD5D1E2000-memory.dmp

Filesize
10.8MB

Download
memory/4448-1935-0x000000001BCC0000-0x000000001BCD0000-memory.dmp

Filesize
64KB

Download
memory/4448-1934-0x0000000001650000-0x0000000001651000-memory.dmp

Filesize
4KB

Download
memory/4448-1936-0x000000001BCC0000-0x000000001BCD0000-memory.dmp

Filesize
64KB

Download
memory/4448-1937-0x000000001BCC0000-0x000000001BCD0000-memory.dmp

Filesize
64KB

Download
memory/4448-1942-0x00007FFD5C720000-0x00007FFD5D1E2000-memory.dmp

Filesize
10.8MB

Download