umbral | hxxps://github[.]com/hummids/duper/raw/main/mm2%20duper[.]exe

Analysis

max time kernel
1800s
max time network
1806s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
11-02-2024 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/hummids/duper/raw/main/mm2%20duper.exe

Score

10^/10

umbral adware discovery evasion persistence stealer trojan

Malware Config

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000300000002a4c6-13.dat	family_umbral
behavioral1/memory/1744-2185-0x0000025809CB0000-0x0000025809CF0000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\121.0.2277.112\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe

Sets file execution options in registry 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Executes dropped EXE 56 IoCs

pid	Process
2220	RobloxPlayerInstaller.exe
4168	MicrosoftEdgeWebview2Setup.exe
5492	MicrosoftEdgeUpdate.exe
2084	MicrosoftEdgeUpdate.exe
5504	MicrosoftEdgeUpdate.exe
3044	MicrosoftEdgeUpdateComRegisterShell64.exe
1968	MicrosoftEdgeUpdateComRegisterShell64.exe
6088	MicrosoftEdgeUpdateComRegisterShell64.exe
1296	MicrosoftEdgeUpdate.exe
2584	MicrosoftEdgeUpdate.exe
5272	MicrosoftEdgeUpdate.exe
6108	MicrosoftEdgeUpdate.exe
1744	mm2 duper.exe
5196	mm2 duper.exe
2192	mm2 duper.exe
5224	MicrosoftEdge_X64_121.0.2277.112.exe
3864	setup.exe
1600	setup.exe
5168	RobloxPlayerInstaller.exe
3988	RobloxPlayerInstaller.exe
1100	MicrosoftEdgeUpdate.exe
6008	RobloxPlayerInstaller.exe
5848	RobloxPlayerBeta.exe
932	RobloxPlayerInstaller.exe
6128	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
5488	RobloxPlayerInstaller.exe
4500	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
2440	mm2 duper.exe
5644	mm2 duper.exe
4836	mm2 duper.exe
1260	MicrosoftEdgeUpdate.exe
6100	RobloxPlayerBeta.exe
3116	MicrosoftEdgeUpdate.exe
5276	MicrosoftEdgeUpdateSetup_X86_1.3.183.29.exe
4728	MicrosoftEdgeUpdate.exe
3424	MicrosoftEdgeUpdate.exe
3808	MicrosoftEdgeUpdate.exe
5872	MicrosoftEdgeUpdate.exe
5996	MicrosoftEdgeUpdateComRegisterShell64.exe
3788	MicrosoftEdgeUpdateComRegisterShell64.exe
1472	MicrosoftEdgeUpdateComRegisterShell64.exe
2952	MicrosoftEdgeUpdate.exe
2896	MicrosoftEdgeUpdate.exe
5856	MicrosoftEdgeUpdate.exe
1368	MicrosoftEdgeUpdate.exe
4580	MicrosoftEdge_X64_121.0.2277.112.exe
2248	setup.exe
5388	setup.exe
5872	setup.exe
3092	setup.exe
1984	setup.exe
2640	setup.exe
4844	MicrosoftEdgeUpdate.exe

Loads dropped DLL 44 IoCs

pid	Process
5492	MicrosoftEdgeUpdate.exe
2084	MicrosoftEdgeUpdate.exe
5504	MicrosoftEdgeUpdate.exe
3044	MicrosoftEdgeUpdateComRegisterShell64.exe
5504	MicrosoftEdgeUpdate.exe
1968	MicrosoftEdgeUpdateComRegisterShell64.exe
5504	MicrosoftEdgeUpdate.exe
6088	MicrosoftEdgeUpdateComRegisterShell64.exe
5504	MicrosoftEdgeUpdate.exe
1296	MicrosoftEdgeUpdate.exe
2584	MicrosoftEdgeUpdate.exe
5272	MicrosoftEdgeUpdate.exe
5272	MicrosoftEdgeUpdate.exe
2584	MicrosoftEdgeUpdate.exe
6108	MicrosoftEdgeUpdate.exe
1100	MicrosoftEdgeUpdate.exe
5848	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
4500	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
1260	MicrosoftEdgeUpdate.exe
6100	RobloxPlayerBeta.exe
3116	MicrosoftEdgeUpdate.exe
3116	MicrosoftEdgeUpdate.exe
1260	MicrosoftEdgeUpdate.exe
4728	MicrosoftEdgeUpdate.exe
3424	MicrosoftEdgeUpdate.exe
3808	MicrosoftEdgeUpdate.exe
5872	MicrosoftEdgeUpdate.exe
5996	MicrosoftEdgeUpdateComRegisterShell64.exe
5872	MicrosoftEdgeUpdate.exe
3788	MicrosoftEdgeUpdateComRegisterShell64.exe
5872	MicrosoftEdgeUpdate.exe
1472	MicrosoftEdgeUpdateComRegisterShell64.exe
5872	MicrosoftEdgeUpdate.exe
2952	MicrosoftEdgeUpdate.exe
2896	MicrosoftEdgeUpdate.exe
5856	MicrosoftEdgeUpdate.exe
5856	MicrosoftEdgeUpdate.exe
2896	MicrosoftEdgeUpdate.exe
1368	MicrosoftEdgeUpdate.exe
4844	MicrosoftEdgeUpdate.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.183.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\121.0.2277.112\\BHO\\ie_to_edge_bho_64.dll"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{88AE912D-F121-47B7-941E-D634A5CA6570}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.183.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{88AE912D-F121-47B7-941E-D634A5CA6570}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{88AE912D-F121-47B7-941E-D634A5CA6570}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\121.0.2277.112\\notification_helper.exe\""	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\121.0.2277.112\\notification_click_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{88AE912D-F121-47B7-941E-D634A5CA6570}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.183.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\121.0.2277.112\\notification_click_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{88AE912D-F121-47B7-941E-D634A5CA6570}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\121.0.2277.112\\notification_helper.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\121.0.2277.112\\PdfPreview\\PdfPreviewHandler.dll"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{88AE912D-F121-47B7-941E-D634A5CA6570}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.183.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.183.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{88AE912D-F121-47B7-941E-D634A5CA6570}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.183.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32	setup.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2201820139-2432375203-2549035866-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\msedge_resetsb_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window --reset-startup-boost-last-used"	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
228	discord.com
259	discord.com
3	raw.githubusercontent.com
6	raw.githubusercontent.com

Checks system information in the registry 2 TTPs 24 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk	setup.exe

Suspicious use of NtCreateThreadExHideFromDebugger 7 IoCs

pid	Process
5848	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
4500	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
6100	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\avatar\unification\R15.rbxm	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\LegacyRbxGui\health_greenBar.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\StudioSharedUI\preview_expand.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\Backpack\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\InGameMenu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\Controls\DesignSystem\ButtonControls.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\LayeredClothingEditor\Icon_Play_Dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\Chat\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_km.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.112\Locales\et.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.112\Locales\km.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\AnimationEditor\button_collapse.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\AvatarToolsShared\Preview Undock.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.112\Locales\ta.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\common\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\Controls\dpadRight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\Emotes\Editor\Small\OrangeHighlight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\CollisionGroupsEditor\ToolbarIcon.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\PlatformContent\pc\textures\sand\diffuse.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\MouseLockedCursor.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\DeveloperFramework\PageNavigation\button_control_previous.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\StudioSharedUI\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\Trust Protection Lists\Sigma\Entities	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\Locales\he.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\models\RigBuilder\RigBuilderGUI.rbxm	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\StudioSharedUI\preview_expand.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU21BC.tmp\msedgeupdateres_ga.dll	MicrosoftEdgeUpdateSetup_X86_1.3.183.29.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\AnimationEditor\icon_whitetriangle_up.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\VoiceChat\SpeakerLight\Unmuted60.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ViewSelector\bottom_hover_zh_cn.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\avatar\unification\CollisionHead.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\ExtraContent\textures\ui\LuaApp\graphic\CompactView_purplelayer.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\VirtualCursor\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\MaterialManager\Apply_to_Selection.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\Debugger\Breakpoints\filter.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\ExtraContent\textures\ui\ImageSet\AE\img_set_3x_2.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.112\identity_proxy\resources.pri	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_lo.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\fonts\DenkOne-Regular.ttf	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\ExtraContent\textures\ui\LuaApp\graphic\itemcardbkg_dark.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\StudioToolbox\Gallery.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\VirtualCursor\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\VoiceChat\Unmuted80.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\TextureViewer\refresh_dark_theme.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\StudioToolbox\Clear.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\StudioToolbox\AssetConfig\editlisting.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\Chat\ChatFlip.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\content\textures\ui\InspectMenu\ico_robux.png	RobloxPlayerInstaller.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\121.0.2277.112\\BHO"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\121.0.2277.112\\BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C4C4EFF9-62C8-49C2-ACED-A6A8F8B0806C}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ELEVATION	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\ROBLOX\SHELL\OPEN\COMMAND	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-d5d84033452b4ad4"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ = "ie_to_edge_bho.IEToEdgeBHO.1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\MSEdgeHTM	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\""	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.shtml	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26"	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 46 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
5696	chrome.exe
5696	chrome.exe
2220	RobloxPlayerInstaller.exe
2220	RobloxPlayerInstaller.exe
5492	MicrosoftEdgeUpdate.exe
5492	MicrosoftEdgeUpdate.exe
5492	MicrosoftEdgeUpdate.exe
5492	MicrosoftEdgeUpdate.exe
5492	MicrosoftEdgeUpdate.exe
5492	MicrosoftEdgeUpdate.exe
5848	RobloxPlayerBeta.exe
5848	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
5488	RobloxPlayerInstaller.exe
5488	RobloxPlayerInstaller.exe
4500	RobloxPlayerBeta.exe
4500	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
1260	MicrosoftEdgeUpdate.exe
1260	MicrosoftEdgeUpdate.exe
1260	MicrosoftEdgeUpdate.exe
1260	MicrosoftEdgeUpdate.exe
6100	RobloxPlayerBeta.exe
6100	RobloxPlayerBeta.exe
3116	MicrosoftEdgeUpdate.exe
3116	MicrosoftEdgeUpdate.exe
3424	MicrosoftEdgeUpdate.exe
3424	MicrosoftEdgeUpdate.exe
2896	MicrosoftEdgeUpdate.exe
2896	MicrosoftEdgeUpdate.exe
2896	MicrosoftEdgeUpdate.exe
2896	MicrosoftEdgeUpdate.exe
2248	setup.exe
2248	setup.exe
1984	setup.exe
1984	setup.exe
5856	MicrosoftEdgeUpdate.exe
5856	MicrosoftEdgeUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5808	MiniSearchHost.exe

Suspicious use of UnmapMainImage 7 IoCs

pid	Process
5848	RobloxPlayerBeta.exe
6128	RobloxPlayerBeta.exe
1420	RobloxPlayerBeta.exe
2940	RobloxPlayerBeta.exe
4500	RobloxPlayerBeta.exe
5564	RobloxPlayerBeta.exe
6100	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 3908	4648	chrome.exe	65
PID 4648 wrote to memory of 3908	4648	chrome.exe	65
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 5932	4648	chrome.exe	78
PID 4648 wrote to memory of 4116	4648	chrome.exe	80
PID 4648 wrote to memory of 4116	4648	chrome.exe	80
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79
PID 4648 wrote to memory of 4396	4648	chrome.exe	79

System policy modification 1 TTPs 4 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/hummids/duper/raw/main/mm2%20duper.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff7dd99758,0x7fff7dd99768,0x7fff7dd99778
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:2
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4956 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4900 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5152 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5100 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3752 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5528 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5588 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5384 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3244 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6068 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3176 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5816 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4964 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7132 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4308 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7144 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7128 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6388 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7000 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6124 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=932 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- - C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:4168
  - - C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Sets file execution options in registry
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Suspicious behavior: EnumeratesProcesses
      PID:5492
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2084
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5504
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:3044
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:1968
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:6088
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTVDRUQ4MjAtQ0YxRi00MjlELTlEM0UtNjNCNzRFODk3Q0UxfSIgdXNlcmlkPSJ7Q0IzQUEzRTctNTBFNC00Mjc2LUFCMEUtQTAzNUU2RTI1OUZCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4Qjk4NTBCQy05QkQxLTQwNjEtOTQ4Ri04MEEwOEZFMDg0MjN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDMuNTciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NDM1NTUyNTQ5IiBpbnN0YWxsX3RpbWVfbXM9IjE1NTMiLz48L2FwcD48L3JlcXVlc3Q-
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        
        PID:1296
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{55CED820-CF1F-429D-9D3E-63B74E897CE1}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2584
- - C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe" -app
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5396 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3444 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7076 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=2012 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=2184 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5788 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=3240 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=3828 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6900 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6844 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5920 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=904 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:2Rx7_-Kl2snL_8p6BbDQOWlW24dKgjCOYOwV5783Q0SNf7CipUJagFx63yYle9h-bN66V0UtW2NcP5dwHA9555bWneV9-XT2HYxAow5zBi3pGpdToj5BTi9-MPwd7G2GMOhLA2aHdeLKXZIkTCqTt0h9dcxtqrqCjcQYNzhLXdafewXZft50KzDFckca7AQqArWmhsWtNtpeYlpihjS47xZjf5cm_S-K0fsOMJ_jiIc+launchtime:1707636833363+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D217778752658%26placeId%3D142823291%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D71ab997a-00ff-43de-98d6-a3b2f0f120e2%26joinAttemptOrigin%3DPlayButton+browsertrackerid:217778752658+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6124 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:_zAELVoCLusVlqAyK2-CvwSdNASyQACUGaR1eN6VW6Hp6GuYGcbbszhPXWjd-ff5bJjHbjONqI01Qc-LitafuEn1hwMN_k4qqtMw8Gge5uu4zVyrugQLvHpP3WSxtNBBAqmTBm0nIyo8F21bliQ0hKgXcWjzrBWdxyq8e9EAMNTeJLXekv0s-6o4p39bsnnjqKcWFvG8YsHtN8KRBibLJzWL0ZIZrVPK1gdDkCBn_9Q+launchtime:1707637044703+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D217778752658%26placeId%3D142823291%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D4ff6f568-2fc4-454c-92ce-a8ff33bc194b%26joinAttemptOrigin%3DPlayButton+browsertrackerid:217778752658+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5220 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6988 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6016 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:2wcii4wCBsttfiAd8AN0Qr9qx-uVk7IrYsZuKWJaiFsKWRGer5jhPRRFUN408PQKTD-WjufV1x-Lyct1ZyIYrrVKAruwFR2JDM1trb7CPEo1X1z12kEALDLftYNUVWiJwUiWR52onxktDFlB1FMau3qYDoyh8oN4rT2-kYSmZ1PHVlEk7JcUBnih0MCrBwFemuRzpyuXqQizt1T7n-frMIPBCB3JBIZz0JyEFchw5Mk+launchtime:1707637074517+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D217778752658%26placeId%3D142823291%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Db33bf33b-8a25-4b04-8813-829c8e4eacac%26joinAttemptOrigin%3DPlayButton+browsertrackerid:217778752658+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=4468 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:a1Hy_3aGupQmJGLj21oxKE5KQffPPRj7y29Vj0v9wddJu0StgnuSxeBb1c04q2vfRwYdm6RAQ7OL_x4fYs3R4jU82jEPvUHZmcY-B5p2V2nj3qzuJFR1_uPnUfqaoWGXFRhvFZRbmiiHW3xydund-TxI5b7E-VkLCrSORNSqaiHnREyz2Cu7CBdooBfolkxP06mz5-OIuZVO2xmo1UZGobedo9BCWxk3OIxSjo0AEck+launchtime:1707637144274+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D217778752658%26placeId%3D142823291%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D3451c715-30d6-41bb-9716-2a24eaf8e6a9%26joinAttemptOrigin%3DPlayButton+browsertrackerid:217778752658+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5788 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6000 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6788 --field-trial-handle=1828,i,16313387185643648900,10703429638233465033,131072 /prefetch:8
  2⤵
  PID:5180

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2364

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:5272
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTVDRUQ4MjAtQ0YxRi00MjlELTlEM0UtNjNCNzRFODk3Q0UxfSIgdXNlcmlkPSJ7Q0IzQUEzRTctNTBFNC00Mjc2LUFCMEUtQTAzNUU2RTI1OUZCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4MTEyN0QyQy1BMUZFLTQ5ODgtQkQyNy05NEJGNUEwQjk0QkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIG5leHR2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0NDQ4ODM0MTYiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:6108
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A277FA41-6858-47AA-8975-D0AEEF05D487}\MicrosoftEdge_X64_121.0.2277.112.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A277FA41-6858-47AA-8975-D0AEEF05D487}\MicrosoftEdge_X64_121.0.2277.112.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:5224
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A277FA41-6858-47AA-8975-D0AEEF05D487}\EDGEMITMP_62A53.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A277FA41-6858-47AA-8975-D0AEEF05D487}\EDGEMITMP_62A53.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A277FA41-6858-47AA-8975-D0AEEF05D487}\MicrosoftEdge_X64_121.0.2277.112.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:3864
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A277FA41-6858-47AA-8975-D0AEEF05D487}\EDGEMITMP_62A53.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A277FA41-6858-47AA-8975-D0AEEF05D487}\EDGEMITMP_62A53.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=121.0.6167.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A277FA41-6858-47AA-8975-D0AEEF05D487}\EDGEMITMP_62A53.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=121.0.2277.112 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff710441d88,0x7ff710441d94,0x7ff710441da0
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:1600
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTVDRUQ4MjAtQ0YxRi00MjlELTlEM0UtNjNCNzRFODk3Q0UxfSIgdXNlcmlkPSJ7Q0IzQUEzRTctNTBFNC00Mjc2LUFCMEUtQTAzNUU2RTI1OUZCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntENUI2MTVDQy1EQzI5LTQyMDMtOUM4My1EMTQ1ODNENEFCNjF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTIxLjAuMjI3Ny4xMTIiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0NTU0MjI4NjEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NDU1NDkyODM1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzkwNzAyMjYyMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMzNlNTNkNDktMThiNi00NDA3LThmNTctZmY1ODkzMzA3YzNkP1AxPTE3MDgyNDE2OTQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RFpNTXg3TUpWJTJiYmVFWExDMlhpb1IlMmZQaDJjMHI0ZlBuSlVnY1ZLY3JPZDNoWSUyYjA0RW56RkNRZDJEUG04aGZMZ3ZJJTJmNkw3NVZLMUNMQWNmUU5FaVA1QSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NDg3ODc4NCIgdG90YWw9IjE3NDg3ODc4NCIgZG93bmxvYWRfdGltZV9tcz0iMzYwNzYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3OTA3NDUzMjM2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzkyOTI0MzIwNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iODY5NjMxNjEwMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjYzMCIgZG93bmxvYWRfdGltZV9tcz0iNDUxOTAiIGRvd25sb2FkZWQ9IjE3NDg3ODc4NCIgdG90YWw9IjE3NDg3ODc4NCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNzY2ODIiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:1100

C:\Users\Admin\Downloads\mm2 duper.exe
"C:\Users\Admin\Downloads\mm2 duper.exe"
1⤵
- Executes dropped EXE
PID:1744
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:2976

C:\Users\Admin\Downloads\mm2 duper.exe
"C:\Users\Admin\Downloads\mm2 duper.exe"
1⤵
- Executes dropped EXE
PID:5196
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:904

C:\Users\Admin\Downloads\mm2 duper.exe
"C:\Users\Admin\Downloads\mm2 duper.exe"
1⤵
- Executes dropped EXE
PID:2192
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:2888

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Executes dropped EXE
PID:5168

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Executes dropped EXE
PID:3988

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Executes dropped EXE
PID:6008

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Executes dropped EXE
PID:932

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5488
- C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe" -app
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:4500

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:5808

C:\Users\Admin\Downloads\mm2 duper.exe
"C:\Users\Admin\Downloads\mm2 duper.exe"
1⤵
- Executes dropped EXE
PID:2440
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:4216

C:\Users\Admin\Downloads\mm2 duper.exe
"C:\Users\Admin\Downloads\mm2 duper.exe"
1⤵
- Executes dropped EXE
PID:5644
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:1468

C:\Users\Admin\Downloads\mm2 duper.exe
"C:\Users\Admin\Downloads\mm2 duper.exe"
1⤵
- Executes dropped EXE
PID:4836
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:3096

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1260

C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:6100

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:3116
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8CEF6786-F0B7-4A3E-9D9D-4B38B647C6FE}\MicrosoftEdgeUpdateSetup_X86_1.3.183.29.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8CEF6786-F0B7-4A3E-9D9D-4B38B647C6FE}\MicrosoftEdgeUpdateSetup_X86_1.3.183.29.exe" /update /sessionid "{DD48D8AB-40B3-4672-B8A1-E9F8CBFEF998}"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:5276
- - C:\Program Files (x86)\Microsoft\Temp\EU21BC.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EU21BC.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{DD48D8AB-40B3-4672-B8A1-E9F8CBFEF998}"
    3⤵
    - Sets file execution options in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Suspicious behavior: EnumeratesProcesses
    PID:3424
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:3808
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:5872
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.183.29\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.183.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:5996
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.183.29\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.183.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:3788
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.183.29\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.183.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:1472
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODMuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REQ0OEQ4QUItNDBCMy00NjcyLUI4QTEtRTlGOENCRkVGOTk4fSIgdXNlcmlkPSJ7Q0IzQUEzRTctNTBFNC00Mjc2LUFCMEUtQTAzNUU2RTI1OUZCfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NzdDM0NDNEUtMTkyMi00NTY1LTgwNkMtNkZCMjlBMzUxRkMzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgb3NfcmVnaW9uX25hbWU9IlVTIiBvc19yZWdpb25fbmF0aW9uPSIyNDQiIG9zX3JlZ2lvbl9kbWE9IjAiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4My4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTcwNzYzNjg5MCI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM1NTYyOTg3MDAiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      PID:2952
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REQ0OEQ4QUItNDBCMy00NjcyLUI4QTEtRTlGOENCRkVGOTk4fSIgdXNlcmlkPSJ7Q0IzQUEzRTctNTBFNC00Mjc2LUFCMEUtQTAzNUU2RTI1OUZCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins3NzE4OUZFMi1BQkQwLTRGMzUtOTc3RC1FRkM2MzQxOUE0NEJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODMuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDg2Mzc4OTM0NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDg2Mzk0NjE4MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM1Mjc1NDQ2NjEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy84MTRiODQ4Yi1hNGU0LTQ4ZjctOWRjMC1iMThiNTdmNmM5ZjM_UDE9MTcwODI0MjAzNSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1aNDUyN3JyNDVTWnp3QVBuMVJodmhQclZ4RFUlMmIzOEhuRHlsb0tHS2E2VGl0bXFrbjlKbjM2bU9ma0g2bDNWVVlyJTJmUlRyJTJmOHk1U0xmOVFlUkxsaExndyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxNiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzUyNzcwMTMzMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvODE0Yjg0OGItYTRlNC00OGY3LTlkYzAtYjE4YjU3ZjZjOWYzP1AxPTE3MDgyNDIwMzUmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9WjQ1MjdycjQ1U1p6d0FQbjFSaHZoUHJWeERVJTJiMzhIbkR5bG9LR0thNlRpdG1xa245Sm4zNm1PZmtINmwzVlVZciUyZlJUciUyZjh5NVNMZjlRZVJMbGhMZ3clM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjE2NDU2IiB0b3RhbD0iMTYxNjQ1NiIgZG93bmxvYWRfdGltZV9tcz0iMjYxNzgzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNTI3NzAxMzMzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNTMzMTY4OTU5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM0NzEyOTM1MTA5NjExODAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyMS4wLjIyNzcuMTEyIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7RjZCQjdCRDUtNEI3My00OTNELUE0QTctMDQwOTc3NzBDQkZDfSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:4728

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2896

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:5856
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODMuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDVBNUJBRTMtNDhFQy00MTY2LUExQTEtQzE0NUJGRTczMkVGfSIgdXNlcmlkPSJ7Q0IzQUEzRTctNTBFNC00Mjc2LUFCMEUtQTAzNUU2RTI1OUZCfSIgaW5zdGFsbHNvdXJjZT0idW5rbm93biIgcmVxdWVzdGlkPSJ7Qzc4MkM1ODktODFCMS00MTNDLThGMzctODEwNTZBOUM1OEYzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgb3NfcmVnaW9uX25hbWU9IlVTIiBvc19yZWdpb25fbmF0aW9uPSIyNDQiIG9zX3JlZ2lvbl9kbWE9IjAiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNTciIGluc3RhbGxkYXRldGltZT0iMTcwMjY1NDcwNSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzQ3MTU1OTIyNzM4OTA0NiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUyOSIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY2MjAzNDgyMTAiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:1368
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\MicrosoftEdge_X64_121.0.2277.112.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\MicrosoftEdge_X64_121.0.2277.112.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
  2⤵
  - Executes dropped EXE
  PID:4580
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\EDGEMITMP_45F8E.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\EDGEMITMP_45F8E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\MicrosoftEdge_X64_121.0.2277.112.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Registers COM server for autorun
    - Adds Run key to start application
    - Installs/modifies Browser Helper Object
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - System policy modification
    PID:2248
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\EDGEMITMP_45F8E.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\EDGEMITMP_45F8E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=121.0.6167.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\EDGEMITMP_45F8E.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=121.0.2277.112 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7cb6b1d88,0x7ff7cb6b1d94,0x7ff7cb6b1da0
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:5388
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\EDGEMITMP_45F8E.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\EDGEMITMP_45F8E.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=3 --install-level=1
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Drops file in Windows directory
      Modifies data under HKEY_USERS
      PID:5872
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\EDGEMITMP_45F8E.tmp\setup.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\EDGEMITMP_45F8E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=121.0.6167.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\EDGEMITMP_45F8E.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=121.0.2277.112 --initial-client-data=0x24c,0x250,0x254,0x248,0x258,0x7ff7cb6b1d88,0x7ff7cb6b1d94,0x7ff7cb6b1da0
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious behavior: EnumeratesProcesses
      PID:1984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=121.0.6167.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=121.0.2277.112 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7bc751d88,0x7ff7bc751d94,0x7ff7bc751da0
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2640
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODMuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDVBNUJBRTMtNDhFQy00MTY2LUExQTEtQzE0NUJGRTczMkVGfSIgdXNlcmlkPSJ7Q0IzQUEzRTctNTBFNC00Mjc2LUFCMEUtQTAzNUU2RTI1OUZCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InszM0E4NjdGRS0zOEVDLTQwMzYtOTgyNS1CRENGNTBDNDUwRUR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBvc19yZWdpb25fbmFtZT0iVVMiIG9zX3JlZ2lvbl9uYXRpb249IjI0NCIgb3NfcmVnaW9uX2RtYT0iMCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODMuMjkiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjIyIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MjUwIiBwaW5nX2ZyZXNobmVzcz0iezhBRkE1NEVFLUI2QjUtNEFFMi1CMzY3LTA3ODZENEE2RTFERn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjEuMC4yMjc3LjExMiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNDcxMjkzNTEwOTYxMTgwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjYzNjU5NzQwMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjYzNjc1MzMyMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjY4MTkxMzk3NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjY5ODk0NTExMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTcxMTQ4ODc0ODYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI4MjgiIGRvd25sb2FkZWQ9IjE3NDg3ODc4NCIgdG90YWw9IjE3NDg3ODc4NCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjIiIGluc3RhbGxfdGltZV9tcz0iNDE1NzkiLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2MjUwIiBwaW5nX2ZyZXNobmVzcz0iezAzOUMyMUUyLUY3RUItNDk1RC05NEEyLTQwODY0RUUxMkVEMX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTIxLjAuMjI3Ny4xMTIiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBjb2hvcnQ9InJyZkAwLjU2IiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjYyNTAiIHBpbmdfZnJlc2huZXNzPSJ7RTU1MTc4NUMtNTY3Qi00QjA1LTk0OTgtQTkzQjREODI3RTE5fSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:4844

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
1⤵
PID:412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.112\Installer\setup.exe

Filesize
6.6MB

MD5
aa6ae30ddd2e06957fa57dab359a1fcf

SHA1
aa7397e1217ec3223cdfebc2aa47a5a8d9b287fb

SHA256
303de788b7f09c324488acb4b9912df83429365752620b5889063cdcca928744

SHA512
7f58d384650fa14ca302a0ae57770965627627df14d74f64e2e8447fb8d8ef3e25eed7f20e79c3ade2b4a9e47f84881ffe4421080be93f344955b6b37e8d3cc6

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\121.0.2277.112\MicrosoftEdge_X64_121.0.2277.112.exe

Filesize
27.5MB

MD5
1ae5e8f88c0f677922d9cb2f312bf153

SHA1
ce38a5e35874da4454db5162f3b55905206e8f25

SHA256
53c5884aaeea7c796e657a9c90a4db70319fd620d2836576f9666c396782be2f

SHA512
da6761efa464fde6c35c89e2686e8018684bd4c9de7b452325a1781db7a84438626e09897583f8353d9af8299572759cfb74a2b69c166a9552b6fff02a42971c

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.183.29\MicrosoftEdgeUpdateSetup_X86_1.3.183.29.exe

Filesize
1.5MB

MD5
4b804d73bbf035317c7ba20591e5a194

SHA1
ac4853a7f3de88e1a02fdeea2ac48d6e616d822e

SHA256
611730ce9e8cb3b7fd31a9e064308175eae4c173b46a84529ee43b4f22c21455

SHA512
119da62879ad4f9813b2a6a4ec7b6b7c6a6c13fc661fee06bf642e36a127c0dbf206de06a9c71478f213ee43ab5953d5bcf43ff7755657ec34db2ef6b89beb5a

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6009E53F-6DE8-4ADC-A714-E2A37E99E227}\EDGEMITMP_45F8E.tmp\SETUP.EX_

Filesize
2.7MB

MD5
3872ceca67763a3c17f147bc2397d306

SHA1
6000c29a264f27d7b441ac62f735b3fd88bfed21

SHA256
a1058eaabc0b3be7ddae80286fa0f74eb06c640e7d9c0227b0e5664e5b1f10b9

SHA512
ed87e537e7b87ed1579d07b96114c77f53b0061124dd9d9ec91bfba7991882213abc569a211937ea124239d23037faaaf459faded6b5a7da34102c271ccca67d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUBD13.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
2.2MB

MD5
3720a42e51cf0bae4791761d27ecd279

SHA1
44aeebd1622d6ee02ea8ebc9239f3231b4d65ffd

SHA256
2a39903503af2b7781ce291ff849d467e553ad978e606f1f715f8786f704c8c1

SHA512
d1dda85161fb7e7e52b6d900ada48ecd6fccf19a3302dc239cd1d09e8462767789d44f4a0002889ffa5fd04b7c69da24cc38af87b233c6d6115999e7a27163d7

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\RobloxPlayerLauncher.exe

Filesize
320KB

MD5
7561c8f95ba57aa30605bddb19c186b8

SHA1
b448f8f6364477539153ad8413e643261899247a

SHA256
ebebf5710b3ee76880dd8ad024607c3e98a4eca2ba3f90a883d25a1298f89036

SHA512
791de215a4ca52120b04a1014dd0cdd3b6c99113baaa0661d9c3c84cef099a3fbefc04bc5a236964ae3adb4246fa25d7bc7e2d53459ecc5e19bc28bbd07ba4d6

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-f2b5c592c03b4183\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
14KB

MD5
a0247251839c96e7d66324ddf2e02fd1

SHA1
7b45b725d5568088d2fa2c868b9ec52fae07e039

SHA256
4f6322ef2915402f2df87561935eb2492db8cfb5746ea499948a043fc5884943

SHA512
bbf29ca53aec3e1f9243b5d27149c33570c229b2841bf0fc22e79f096e799899358c42a7e39c5e6490dc9e10f13c82f75960778ce5d3f6ab615f7469f5743cbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\69a865d0-be4a-4874-9054-4d58f1ed41c1.tmp

Filesize
109KB

MD5
5d203267e0dafdac896223df8d12d938

SHA1
48ab624a86432e1604057c7a4833275196a8f2be

SHA256
1436bd8d663ca606e0de7c1cda488bb5686187fd52983b6216ddc9251f4d3598

SHA512
b4ba1a3fe770a65a7d65308a1a4d4b7bd7a08e25c31a08b3bcf5bd96dfbabcdfc96a5800c99cfffbf67bd0e6266666e52e21c51eb0e8e8e36112c576a14e6603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
97KB

MD5
18d0e0f60b37365dafde13fbbfd5b747

SHA1
8dcf4d0a2d953fbfe8ca3b2b2b51d703f26f8fd6

SHA256
13fc0943ca29307a46ec9770b845835f8d584d03942fd3e2f1c196f6f087ad4b

SHA512
a5794003b0dc7006cb3c257780dc4d8c2622b4b7758e46296ba7aafdb3c83126866ea93ab82d9c062d8b2fc3462cf19da22351157fafa1c3b25ca603ce8bc4ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
48KB

MD5
21af9bc981d404957c6344aaff4b3e28

SHA1
e5569bc0876884ded0d9594432cc261effc66d47

SHA256
e9515acb1b0c8f7c1008358ed424d6563cae681f0e87c53547d0cb7b9f51b051

SHA512
fb42427a114a3cb5739c30f6235c4fe3102876b2063772665c82ecce483955d357dead930e6da185f2b27fb0e72b9837ee272c3271efa5b7e80f98edf4cfaae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000121

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
3e6ed730c8d517327639b26f9446cd0f

SHA1
d704f15e0d8f9075fbfcd49751fd2ba0e7fcf84c

SHA256
c9817180475900fcec0e082fbb03ea552358cd892601aff05cd4862c107e575b

SHA512
ddfc00f6b0458fc6cebe8f6b1f056929aa6c71b66ba5841c2e047a184f61b7f62b1484da4738ba98089f9c29f2d27c762d6cb11565e67922a5199a3cc5a2227c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f5ac07b27d24ee8fad9fd8ddc896aad8

SHA1
43146698ea7731ff51d5a60a2037aae162cbc886

SHA256
6e97da4e175ae753ee2aed762589050f919b7cb438cf0048100fda4c97532203

SHA512
0ea273701b140267665adf7291ac5f856447ce8a8e8e6517923bac7564cde9ebe278f4579089fb65731e80ae2ee3a5c70cdc4b2a200190922cfca23b6e824c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b13838ae60da42a4387cae6bdbe35b88

SHA1
2c249acc512ad588b32766d2bca0153f5b62cd0c

SHA256
6003850b934945c2dca6145e920d5d4acde011afcf9c5051965f2e8e26055599

SHA512
83f9208e4b2089f80d671556807f756862f352377d0db2fb1c0f9f647d6fa5bdc4939bef1d9635c89c467fbe53b8d40d15fb82ba4182afb35029b6c78ab1a1f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
7246c1be3100e40ac15cb59f3d776ec3

SHA1
87ef4bad2e9808051607e8a934494682ee2e27ac

SHA256
68a6c53171a4343111c4a67e42b7090a19f5340a1a8f44edcb60d973a916811d

SHA512
44fe7569584796962ed0f8592d3ad1782806fe23d65297713a39ec2c06be26d295a4d7961b982970a018820b967c16932e2bf08b1100f20bb253296add57ca07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
1ef4e15e3f427d4262eb9bf36e7a8d28

SHA1
6e87701cf6fabf9bf0b9f93c51f662a830b144a1

SHA256
9015eadb1f07f55c0d788a7808823aa557ebe9f04ee7f74e7c35264409bec735

SHA512
d9cf7cc6458e942667cff43e627eb7f2eb13afb07117e2461accc366641c749733c98e47611cf605c32f0b4bc26127ca6af916e88dc13451fcd2be8e3ee559cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
25528a81c832fdb2fc0eb995a1661ab6

SHA1
2c2439547dc821a4b31e1ead2fb9f2370ae8c9d5

SHA256
b4b110b78e2e7c6f17bc16b7215ac9928aa5499f2b7176049b2cc64f4e172161

SHA512
aafcdd0b14688ef46efc8ced8f544d98c4c7f79c362077727d1b3366133edf7ae419d08ea1f4a702934d8a04798581ec5507b773084d6730dc8e89e17fe7f3b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
05b4fd783f1c8386d48f87fe7bec62a9

SHA1
e4cb0b0db6eda0b424d01ab040b2f60954e78de0

SHA256
2162148cfb63e6bbf141c828491a1cee0869a35531a7f63e1162d7007dee77e2

SHA512
558aa4912c0aa60b66dffd5e40c550c96488ea1d703afa4306c0b195462d55b6f7e5dd7103f066e86e388f773756b8b80f569417ec680e92ea495dfa60e387d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
92acf504adf0820251a63ca7f72c5e80

SHA1
a36eaa3d190fa7f529625efda020f53a9a14d954

SHA256
28bc8f37ab4d2c57a5486289c4fbca65c3f244618f215a5dfcabe32caed42e58

SHA512
a4bb53aad1c7663ab57332d7f0015b8920ef4d441a769d1739fe36e3905553005995cc4722b55d7704fa50b2d5674b069505cc5dcc848d429bf6bcef3684e823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5adea9.TMP

Filesize
349B

MD5
06384a8da3adedb13ba1047d4b31261a

SHA1
d735714914416b0da848e005b86be6026d2e86d3

SHA256
5c057348afe9a219a197647a2e4a1bb7928a94e848f9b18fab807eaf9dfb1902

SHA512
6433267f662dbd3b3a4174dc6a096d4e905dac4460b8307b688cc92baae9efcbe93adc8558e88eb7030788d8080d255ea1ed3b720f92afa85f4fb39baa926cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0b900ecf-85e7-46ff-aba5-c2e992a62276.tmp

Filesize
6KB

MD5
5eea05465eb04af2b003e92d6f80e381

SHA1
c2a9a1f62304881d8368640776b926ae4158a0c3

SHA256
26b862d82d22fab88d6e502e17298af872a01822630a07c9209439642333443c

SHA512
55d38a9bf7b0bea5b8ca9756e1ac1e5b5f27b97dbef1a8d56867ec5a4605c0375edf664517373a93f9a5a6d175d4e4e2ef39bce8b6a8d4a7aa53ebd93ccf4e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2b05cb06-3260-41ff-83e5-cd2b749d1f23.tmp

Filesize
5KB

MD5
1d51f9ee854b1c565c90ca6580d64e47

SHA1
7bd79c28c928ef0b8364b4706a902985480da8e2

SHA256
7671d9e41ed4d52bb93f74e2544c6466cd785cbcab80aa30ebd3dc085ea62f1c

SHA512
798c014244642f765ca1923398718feaf0a6c228e2529eb8efd33cbe11876ffcb5caf7dafcb1d00ee4034d85ea503c47bf24ede4c5497e6c7bb4b21c33de6575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\366d7aa6-b541-443d-9562-dd9567c1f4b2.tmp

Filesize
6KB

MD5
64b4850bec781f8befa1da44209333cf

SHA1
3e0f6cb724d810d4158b832a7f6bb39d07e4d59c

SHA256
eff570b757d7d55c728e02427a87040fc88ac4980ab304f022f341071a8c7b5e

SHA512
ba93c05f3b6ae5a89c72a3d83161158f616d55eb96d6c169986555a5e220cef0aaed3a7643fc121cb9d71142006b90b29d61f546ee114fee8042fb62ef1facff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3e110caa-b50b-4e9e-8e16-b715b11e0947.tmp

Filesize
6KB

MD5
4ecdc98131dba087ade1b401c72339df

SHA1
8fb00c5d2e8d8c9f0d51759cc2899554ccf1a279

SHA256
bc58abea797b954cec66d38c3d33327641ec8f58607f18eb420816ae2d731de8

SHA512
01864bed3738118cefcf4ead512d4ff6466dc003dded07c7d14a4aed5da26d60e6b3cfe4f128acec006247b283ca3d9d789d74cb6babcc52409f2addad8551c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
454436a6c54aeadb4a357c0a177742cc

SHA1
b7f317c51e3c275ef6b7abd3091355fc8e9a83d2

SHA256
ecc91306f7197dcdd0d6b7656e469d914dd4c94cb55b93977ef361baf6963355

SHA512
ae56d67caeb76a334af2021592c468f4720438a8b00d87db541b5b7aec3e78c3ad450623ec702168b68b38549f06f74fa15a5a01b28279e2c5fb8de2258493ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
f75c7f3d27f2e56cd34753f43bc6f53e

SHA1
ddb10919b0fcf4e67f3a075b048cec18f9233f35

SHA256
2414046f2b6e58719b98207f8c4bc244d3daafe20fbe7341c327c77ab7381c09

SHA512
d84734219158bc17c3c9ee9836664e26e47f32ab5f7931a8904b5b8ca778af9fb542a15105793eb87276b43f5d379882507c40e9e7a362201956a080891f232b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
70cc78237ac56b0a374a41601f73ea24

SHA1
10177629360765001942067bcff26a0d923697fc

SHA256
c24010e05a52d80ecf448193e8d79f817094477260ea809370b99df2e7c0ecb0

SHA512
c4706684d44dc1c7eb9b3e7bf9b138d0e9ec6c5252410fc5c294b8085a72a84e67ab90d5064127d24de56c30e6363a663cf3d7bb551e0ccce527798990cb7afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
279a50f43338de7743b5534b2eb68c4e

SHA1
cfe392e0faa0215855dd91ac507de036b19c18bc

SHA256
26acafa6aeca0bcd23b22f2db43c562f9de5a0e0cd432f84044fbfc1173da4a6

SHA512
8883d27e36d7fd5c32529d2ceeff15c55edde4e19fc339cee387c6973ab93ac4856b0f7269efc2262241b371eb124f3db601d47fc0a28ba757d4782427179532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
a8b1596fd74d75bd9c51d7c6c80c6969

SHA1
77e10f0ed407093be34b2fc3ff354799f7ccae13

SHA256
fea4d0b016166f7448d09b7eba8ef9d93ccd8349c3310e2b4f2b5aa7406a398c

SHA512
df7e5e10f5718236b9dd6c71ebcb16aa185c405388edfe4f9ae8f320eeb3692054b518579125f116c75402652560d8bb848729c97035ea5d97603f7fe1764c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1059ce0c510dfd4674d24a2b45d6923a

SHA1
10d3e8ad3ebb7a30bc44183419cceac6702de8c1

SHA256
57465ff21c9a097396263acce0fa4d6b3faf5e6e8f7425917d9abf2a57b94a2d

SHA512
83dbfdb9de68cd662143e953e1d7d346b62626e2b4b927e006cd2fe1c14d8f007d8c30134db07ed1522e09d22bcf1af8c678c4977415ba82e478a6e66bc8ae45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b886838361bf229091e44d87f22b406e

SHA1
3702d40fd08202cce92f8637cb709cebab2c4ffb

SHA256
cf8f98078cb0c53339090960fbfb8cf1cb80f25b01b6f2ad70bfdbc91ca0be98

SHA512
7fb1b3ed42135ee653505071c304abc36dc6e7fe9303e6cd23a883e62cedcf2521232c53aea9adbcb14b529066e98ac61a17ec6332d0ef96a7af1e66cf78062e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ad5d0efa8e334846b63ce54486ce336a

SHA1
bb5d11fd593e7bf1bf8e6eb3a4f4add779af1e77

SHA256
d4fea9b8a3884bccbe73c8a4a8ce02d3714b3f3a13abbff134065d1a2ad892b0

SHA512
c494e1c55b0aea92b4c1b0e22160161ebe5023e74287ce31dec874a4802e858033aca7743555b8e2b176297c562310102b1998cfb3d32fff24b3a99f4f62b1bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5ab7501452bc15238a964dd5848bdcd2

SHA1
a38ea5619eb334137454b8e27425176a2f11bbec

SHA256
c0d0ea0ff5ffd21cbc472cacc8b91c7bba6a2dddea74f77d79c123d58452c19f

SHA512
3ae7a9b3801bad392f57797fe506a2082ce5b606c2f29324b14860ab1fd4bfeecc54961e1d311752ece38c45aea562ac5b5e7efe3090ce9f7fd0f3dc83a679b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a1789a41aff4e4a9adc4c3fb796b21f5

SHA1
592ad1bdff88001f2b4c2fbfa375e7d3fc0f3296

SHA256
95182479effe718c00328eca1defd930cf302bd788b34b603aa6fbffd2f357a6

SHA512
06be2a0f3c66988d01fbb7ef82fea97d0852a037d96346286a72955d0f164efecc21486e11866394f9fda2d28024eca0290f50c4bba387b8c8d69c09e97455e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
871740c78740c4d529937a4e55efcc38

SHA1
4c07b6b6fddc284dc9221f4d348b6d3ef3d93b12

SHA256
406ac227517cbb245b5ccedee89b0e40cd34deae717579a8101d1c658690cacb

SHA512
59fb025c5e57e00711ce6f31c67f614b8775a3cf750044489c5dc1207f81fce7ed13bb27251dac7064f06ea37c5348ebe11470e422efc33d6e7ebc8c5e19ca5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4c290390707a2a1ef26af272f5f971e4

SHA1
4dc676fb3625e94112372895dc66813045d7ca49

SHA256
3bf7d765543e9907abf107c7040db47a7db38200e39958d1b4fbdece0ee53459

SHA512
7f1e6e97b72b4441273b46f2f9e349f02d746930d00bafd06b22d2255991c08ca54a1f9e647ec619a2f979d8634255d58da024ffb785fb04cf79c673d32bcc91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
25777cc393ed1f488774af3e0dae9ac8

SHA1
7e80e9d21bfba9e9509e5803cb58182d2fe876a5

SHA256
c8f95e01255e26bf7caf45362e0e9831aed8aa2c05819bcede0f827095816f17

SHA512
98f56475876dd0eca3df805b39162f7fdcb1e165f860f52d882d22686ee48021055e05f4e756b47c17add8eeb40f59a7b62207e7ab65f0e8c1846e6e45ed652d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7f59f296aa7a359a47014c18099575dc

SHA1
3d90b50cfbff63c1cf05d0c77ab19b9f4fdace4b

SHA256
56f2f7ec538844ad2244720453e52feb10ca20d0ee0b6174a98387f67bce6fcd

SHA512
fc217da789958234dc2c9ce4bdfe93184cfb764de315ee0017c6afd01c2d041e3f560bee1f5c220617ac73d8bc68a6a803e725a5406422218d74d3a835df4e35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6604e41fd8776da305c8f7e82a975a38

SHA1
7e834301d91c66db4979dd4a925fd15e50c58e1f

SHA256
fe1f6d6ab8ed0f8bb9efcb726f06d15dd345842616d6418fe4aec6fdf855e76f

SHA512
b707112e9a351de20f7fa79691432bff0de6d9aa173f83690653f008966e5a722f1bd8d3c75600c85dcc09e69e239bcd7a56da68b400cea404d71de3760da084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
60d3e62cb545fd2e2efd6e4fbaf72842

SHA1
02712cc919e42f2ff3cc85e8d6a3d6eaacbb1ac1

SHA256
977d6ad766b68a312513b0f1ce9c3ab9265bf308789e664a2ea28b7adf066145

SHA512
8e226c7e0246df75e0c479ac98105b12528e49e3d47feacf13cc6034d184fa8ce7e5905270f4ebe5b56443fa4070b0c413e4b3d7f5046b333b98a991680edc71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
589d474b3f89f84adf66d6c7143ae58c

SHA1
19d27f3600793f2bbba64e90d201127d3ea22206

SHA256
5c8c08e2802240980677e08c8c02e6b96c3955fdf106a20d6d0b8c1f0f0fe3cd

SHA512
e9c9349712fb72195e59e732c0b58225219991e9b87f8af3d164fb670de0c5e5698926e3fc363b76eea7abad4bce5862bab4e0ff00d4c732839f0f9ce3e135c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
86cbdc2b49514f339223f15b7d3dff2e

SHA1
508bf984a8c521326f8426060163ff51ca039748

SHA256
1a76792ae6b3edfbb2bde4287c285011df367fc2eabfbceb71844f2478ed092a

SHA512
163aa536bce371e1a77637190f02f904bf724c33c960e7bf11fc1d1ee0bd8306db2fb1c6c1c6c2557270dae1c68f9ac285cbb1ef49a44178a0db3f3ab42e5981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
0e4178399324501bcaeed03655c54563

SHA1
d6620650678430d63acec3e813e7e7e03ebb3c76

SHA256
0368a155feb891d0a8a6426659f31bba909c2e9021a5bf77c3067348b17cf429

SHA512
b35c3afe7d7a73e08d6d41fcbed7b951830e936630851a6aa8e04c6b79f219b8bf9256bda28509a4fc696ce564cf6d2a19156cfe5ec2e8006fcf80b0a72354af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
91544e173eb8ed6f1638a09ccfb9e378

SHA1
20ef0a9ec4aa9b4c53c2501a528ac805814df537

SHA256
8ec919bc00bf01524b321b89728871fbe460cdec3f6e756a927dd4b3b0b19ae6

SHA512
d3f3de5a84d6927752a66d276d2373b80cf7f2caae13d88e73e082d67649c7999c47886710a23ca21e9ce7f4b7d981d095d6a2ce10b2273c7517a9689c6e3459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ffd7bdd6d6dac28fd122952c05c6a349

SHA1
3abef072084199c5b8b40dbfe1cdd5fb6f3cb981

SHA256
0a8de27b6ebbd7a523d2d3e3b569fcf7bbf374982286f87a002372a1948d4a18

SHA512
bb099abfc960d3428e19573b2026e9ff0b4a104da0ead3352fbe3f96fc1323e6143debeca9dc46d24d8e840ec7a5b6a8883719894af257fa6273dbae74a7d010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c4e9d20a37284daa6f091760c5e020ff

SHA1
c35db6dbdc4f0da208f04ef616957749de4f4b49

SHA256
e5e4980fef1b85b67340b8da0e0fc6b8574b9fba2dd2c24e782869cf23590a86

SHA512
63a89468384a0921cc347c2d3d37ad03dbf5b3c48e0bb7e9f023cf24ad958f0eb17ccc3a24b897a4e9636e02d7d0f5911460f218f149f5a8b8da08e949e744d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1f86e20f8071f5e3b7d793f75447a6aa

SHA1
59601f9e39d62f259a50cb99df8df9ec8e8b8219

SHA256
600be6c3c7e4319405bb729ecd22461ab112d173df3f763d323168e4cf224852

SHA512
40fc47c1c7cd83c1a5011809e3bd0f05a396e3930a92fe3ec4601e8ed5e0c1e5f5d852db69550a646d2bf1968c31a24bf7002c35a4f39ad42f62c8f57f12a81e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
1398a0e7808ed820670613ae06ebd611

SHA1
2fbc74d83ee774dbc14fa4e680304958f39a0e31

SHA256
6fee35d551c3682bb91079f1c8ef11420d2bd3afc9a6ccdace1ff2e54d6655f6

SHA512
9584de8ae29055815e14ef126205f9bc350dab863e7e0f9a308655b68164baf7b6932483f49cbab9b33bbab9f8447de8b9cffea9be2c873b0d64978f2f14a6f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
beb7d2c4ffd0db33d24304b29a41a09c

SHA1
54c0f5d9194e6c030ff6e617183fae7586bb6630

SHA256
9c2f8306d1d99b8ec6e6b2dee111d5d57e8b74e045974fb8fe63a4d11c9d7971

SHA512
c5fa724e125a6a117b6a96c3fe755592bb2d6f710832af386d9c6383e17ca4a4afe95ef703b42e31bfb49858a31139ad35571aff35d7c4e53fab2925d35c0aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
000d279ce7efdce76c71587ce819a2a9

SHA1
cbfc6dad969076b00764864f90f0da193e7816cd

SHA256
32b60524267cd6eb9b4b318e5f2e9fd11a1ce2b2b97c00977004dab087965a2c

SHA512
e6295ea851df989cf2088f2a228c677a3da57770cafd8592eae5053f9820943ce5c7db119226c099f98d51cd7e5d69d3caddcc70b460e967dfb1bb626c94f683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ae1a33f0c5ac5f65f5ed332851f38416

SHA1
329b0f0b7802a015e10d0d7d7e8f34f3dbb169c2

SHA256
5cc7d104654f520fd89878b04adb43e056f9e713a26500f431d1f3a9de9ae7ee

SHA512
11e0392ec46117e9a745f4169929bd8058cf42083e9fcd42e6e92f4734e0e21431551f48280870e379b898588d1b621fcd7f8964443e9dc87d84497589003a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c9abd53dc4c24e3c02cf5809a1b283e5

SHA1
06701d9eaa7774c854ea8aea93027c732d3e1aae

SHA256
1d76383ea22779ff6de3d3ec8663064523ea576042fe9f70db3e5bfe865c7d38

SHA512
223524f19d1badee96666d651a643041f9a11e3a4055c9c43219d0028e2da005e59b50a0b966491b9162585e644c53e9c9c7d2b6c558bd7e145b0e7b0e2990ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
ef3b55fa744a34c9c8df29c6d78a529e

SHA1
9b6acc96c0217569d219f5779682d9831cb80ac2

SHA256
01b26977b209a9e0750e112cb5e98767b832647a2d1641b069b36a4f4173e129

SHA512
839820b3422feb5fc2b69deff7e4299b853b9373a4ff4362a1daeef683c81e6c65f0d5736567a417e8935d32d97f4106cf29cadd565f40a643a1ea6075294cc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7ffa6ebcf314df8be38845bbfe49e6f8

SHA1
7f5a98e010cefc75a47f0e8d42957afb84261d9a

SHA256
b7e61dcab988ea4453abae3b87415edbd491cddac46ee2afcc3a3a2abeaf5ade

SHA512
f0b9e3314ea282e97d50f911abc6f0949fbb5aadadd9c8e1d6861e80529927bd080386439042efeb46c9bc2861c77a373791474e4b45e04aed4e831a788fe0c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
3fe3f5dadcfe35d5c848bd0f1de580aa

SHA1
c8f70593469d947c3f7625725ad87f409a0b46ea

SHA256
9c33a0220472433d15021522e8399f32dafed3a13bd47551c9e67fbadd359519

SHA512
e77f67673c43d99fbb1d2fd6b2bdb09612f3d9a014b8177b0462ba676da2189224e1156397ae02f7cc04d884070a7cf6b5aa0c7bd90356281016b4e0380f98a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
f5bf12539ce06725fdb955560d340099

SHA1
7a68cc7f22272e2039705eeb24ca0e657c0fd324

SHA256
710fbfdd17738c7b1f582b7943ba9ee6f4c0777de5fa1bbe83c950b41d5146aa

SHA512
5b0baedbe6d8b705b9f6848d42ea15d8b2eb009959a52c6033f38711edc9967564a4ca4fcbd8ea7354cbbae5fe7135e4719c294f1f21c4228bbc60c1f933f80d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e76feafdd2bf383a6dc427f08cf1a35b

SHA1
53a5e0454399a6b68aec83d1e1efb5b80d2372d0

SHA256
685cb48b02c5cb3a233c775c611f541b7a3c720bba90ffecc4462be50a3f22e5

SHA512
1228f54649f80d67a07592338cec991bdc83adbe834123c43cf379b75249628d1b706a7b05d5e0c2a7dc89468bda02e5defcf819ee9cbb9f37be8509803393b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
963a4f70d613d978b5a61eab30ca6f0f

SHA1
b26e8417d5f27315dba0e98d2750f96e541d5281

SHA256
c6ef37900ea1414141e19ad83e21f3d589db3df36ddf9a53f8367522c4e02939

SHA512
369e632db92769adac58ef601250294f4993f41b6b91adfe515d9130849606945f689525f47f5adf765a2cef30ee317df833892e0f1903b35edc965d1f2088bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
bbb250665e9fa0031dc22bf9bea34d8b

SHA1
4b3691ce872afd592f733bfe95ffdce80d14ded7

SHA256
76665b4a7620f8de374795b5294de00739c2a7238708c32bd707391b5fe24935

SHA512
f9fe7b32a22f32afea309b3a3fe30009c66b2af7c0273df3f19d64d6e714e506e8b15dca4bb3151ffd348c158ff77e0ddf3c7cef6bf1bbdd3fdac65d8eb7d7fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3212b627a530a9012985f6b972b0886b

SHA1
a9fca3fb61e5bcf7d6e02b8cf4ff345e0d6452ee

SHA256
64582cbe68bd32baf04341692dfc3c6cf6d358a1311447f8f124943ecd8d4e10

SHA512
703d9a74b93e1ec596fdb9c08b08abda919d708042e1ad50abfc47dc2606de60748f7447d6f1d5c1463cd88d6176f59093f12d0c29806b84197746d3bb0dfc5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
ae9ebd1d97abe24c40d42bf6412251df

SHA1
8979b6154cbcf3179bb13a1b738427bde00d8a63

SHA256
a9c3cf3e781daecd278d28641c4e9250ccd18e3463e47126218d94aa0f6aeb86

SHA512
eb507beb10823e3f3e3dcf002f06b7b644d152f57dc9910e56625b9ff0b8ee1dfb3fa34ff3a8c2e66b7fd2854bb805e0c1616a5feed0755cb82122a836678c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
9f62b9ca8c7100bcb75df80847096e12

SHA1
990db82eecee8739611f33e7f68d73e06af8139b

SHA256
17e81063b83ad2ef64a6ac963b459c8f4ac94ea641b9bf372072296111d96b2d

SHA512
a09c7158c152e5f17ddddb17ed192ecfee7704cc99373857818744423e25f10ac0d59428769b814c6840a6325ac6462e7068b4f714bd1358afe10d709152b3f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cc3b228c5d36660ab2564df4b9d72e76

SHA1
0e4bde8134a7605a5b3cb63c2986329b3775f60b

SHA256
45ba36a12831877f1b05b9b4f8b6b7ac7963f765a38a4168c30cac56631619ba

SHA512
c124782e75535bc82725eb001ecf769546da0f8d6c62e6b0378512b5ac50b46ea57c132146389601e083ae1bab6ee7f6386e68012e21d5fa29891d80438a461c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4ec5cc80b43c13ff78ffa82a22492971

SHA1
e333b2fbeb1adbe6dc820dcbe2a62c455aaed147

SHA256
9acf24375c3c78ad095fa52bb21d4c926edc7000ca5f5e4573427169c219fe79

SHA512
52d4332036a1de2887b6776074014aa260c6c90586317dafb8086f959ccd5bb786ecb69d36f1d4422128ac4f57ab97cce7ff3d25d58143f7a380ad1a56e23d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
23c101e2342ad20442b652031a890537

SHA1
74aad28e45f56202df81c8b1c42866560afbe289

SHA256
06f730677056ba423a7efa37d5a37f331ba015b822d83182bfbe1b8cff1eaa2f

SHA512
653c72e0a8029f2f475cfe94e66e8cd38c9564c5c0e61ec477ee614f98bb49f1f775a6681aea63edde979cc55b40e8f561bf850be1cfd8789bdc56237f40ee66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e1e1fc80fe3fa9ca0b3235fcdac38de7

SHA1
926ced929bfd0eceba6ca3372de96e627115826c

SHA256
d99ee8d7c331b189a66d82fb2b765f320bfbb8811b3b5d50980f20fa25e5a5bc

SHA512
851548f7ed425366cb75465f50f12a4d35424eb33b5e748d967f7d131e5f132924252b052d2662b6bb08b4421d91b2c037d0bcf1134228fe6de807ef7c3c31ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
53e7b5046d44cf5adad0ac3c2a394cd9

SHA1
b1a2774983e4300fc16038d09e15cb87292b37c0

SHA256
0108a677d5e12bd0db45b0c286df4b8092885e234e25b1766bcf296854f2ae79

SHA512
c1a1a13fdb62e99a3487cb8a6553d87306099609c6f803c658245c253c92ac2e4343a254c8ad7c81af040c80dde62fc1a731dcfbdd5d1482b197d6ea853fbbe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
bc854a93ffb6b1aecd21c45a95c2edb1

SHA1
78f1a4e2275352c7b681dc456f32f97a10d46ceb

SHA256
9193b9033329f4d9c4becf389bc180741281fb184db62dbdc3baedc11b67014a

SHA512
f793216f9192e0177c6795119fa491ccd4ed899879aaf79ae1b0c148a9956cef6cb2297d36cc9521f13c77293f8068288bf0688679c8a907d27a5fb55c2c0205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
12dc35d158f47d2bffa20e5675e157ba

SHA1
6961afb9726d0fe3fc09add1c57ca1334670849a

SHA256
8210a34547bcea3d8c6d020ddc094d50c36663348becd152781da5b7dca81a25

SHA512
a5ef468feb2bf5dea07c4bb1ba4debba647c41f0c495ca7084ba20534d8a91cd40705733da5f6c7081c00bfcc97ccee79d39d67a277280c7577b7dbcdc10ba50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
e4f163fbc56b7e90b4f1c23abe54285a

SHA1
2a33c4170aeea94d311723992decfecd5a5f174c

SHA256
f32058ef7064d01ae068c9053174fecc07ca53beeeb1b3e5c59aecae3fae5a7f

SHA512
ecc267605765c0a26101968951cd11b8e9bbaffca410f08423e35b77746b323fb4975ffa75d7c395cd632cb1552fd9d3c1c7a4a41857925ee3409b5061e062ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b7cd93ee6f589c74fc6a77ba38f3f883

SHA1
9c7f1c5f96fad3e1c9dd9afea9629015e31c8675

SHA256
02a9ea9a8b4d098e8ea38d3dd78bc4e5a6028f82216bd80c5180040f7ab199e3

SHA512
9eac350cc1ec700b56d2fd65dc93d4bfe3f2897913ea2186d8af95f17cba7140b0894c53f75807daeb863ef7e324c0922e4a4259bc2bcc109303b50a968ace1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ce48eb3a03ce731d97788e397f161f26

SHA1
c0b877fab0c0f109af31de17fd7511d506c07c62

SHA256
f3a289bd0ba49b7709d95ef5da739cdb96c7c637032b09b056c7e8ad1cc3aee3

SHA512
e8b54abf6f410a7188cdaa0e2e0b1c659f3aae3e572c9896067673ca0604107fad53146072fa096d9cada8cd35fbb4861b56067ddca81b20752b0fd88bf7d199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
17753eb4fe3782fc9b6a1468ee53ad7b

SHA1
5712aeb3c4cf0648bc181e4ab5cc4e868eb614d6

SHA256
7d89a95a583902e7aca989acdb6b8661104a59715a2940557c992081a75428a1

SHA512
5484ad1a4fe59b41ec838cfa1fd6e70f24a486326429ba89206f4e1c1bbee8c6314a520c027e3d7f278886529bdb965dce5150b2f2296f3ac91d542e1ff96b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
14546813f8a728acf6ab865d03041a38

SHA1
268ef22210b16c4534beb678c9f2cb20d50769af

SHA256
92052657e0228842e14f205f276ab704595e05366b24e41b740c6bf48d8878cd

SHA512
65e6dcfef51cec04f74e47148a54d598a96820841269b6071328107fc2e2fa6f5ea329aeb4f4d918e6ed1bb8b02c82b13c5ca2751f18b6766c9ffcbe85e919ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8a930ad59b7a4332373a6ebd549ee305

SHA1
0f32cd99b4bb8571f0e850acb4aacb93214bcfd6

SHA256
fdcfcf13e8a4b4da5b7a7add4ab1917ec9a26e2ca03f1887506c36ea2bced86c

SHA512
560e8fa48d6ddd0044db32e483aeabea24d48966e5c990c23ff177a04aa48eab7f4807daf106a8eeb93d727fc1b1960c1062f16564df06b1d38f1edc99932afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
68ed55b2f334d6324adf93a0bdf10cbb

SHA1
30e22aaffbc7ba968bec81e62ca8ee5e8f9dd422

SHA256
8379521f1928eacc74d772e555091da7b3fa53e422d5d20b0de2976f6ca60ea2

SHA512
6b48e93ca73a1feb3aabb8e6d116ff68ff3bbd595db93ad052ce573fb0df5c928685c4f310a975749aac64c38216a52aee90bef3871753757413e546408c3b38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
21e537cfa47188b7c48dd7fbf0015a9a

SHA1
7fcb0764d0167020bc79bffb611759a60ac71b07

SHA256
e2acc7c1139c8c6e62d088498ed41fcc14eb36e4898b1f02a3634366f3b98d64

SHA512
d9f1f5169f5827263e431239df646ae8f50eb1b7ccd1a7508f35ab1e23460502aeabe2e6a429c78ecdbdc955dd6be93198075aee35b11cecb3f05048abb6e759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
968336424253c2e98a7a94690f7db072

SHA1
87fa1e1d02e613a43574433e985869d5de89ed88

SHA256
9f512f216e7ef3f7e8f3b44f208f7745324d49fea3995f1ca7f49ead132b148b

SHA512
a676e7eec26b362ded8fc7d50e0967c6344cd09156f0fffa616d9767b27bf5860f8a0d0d45efe32ab6c95415210a2c5145c525221c807f72a12e7749b735bfc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
2a5c44c7b5aa42465815982c4958b2ad

SHA1
b0d143dc0272f31b023467af26f69a70ced3c503

SHA256
5bd2b2335745023256fc96f7962cfee911aca6decfc6f78cfc369a473252e4b7

SHA512
692d87feb57207b3738db72e72a0f62573c8c1afc8b3124bbbd188af66d46dac20cde3d2fdfbd78758ce414ff3a9f16e264de31f2558e761d03eac24a24e3705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
15e44cf76032b695761b3795fef59218

SHA1
70c43658df6ab9738522f6f7bfc822bebc81e1b4

SHA256
ed7b915cb07531afb60213b695d39a8b2f8c198b8554a687763bbd8667327b9e

SHA512
8563c0bc3852a7091c733cdd1a5869e92b408fa4638d5353d3a2398796ddb72a03ba8d4b67ab13648762566be9a4c5d59014957b683b18d282a7adfb504e08ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c2c026814cba5a86b402f939db49c742

SHA1
54a26a91b4332e5eb1643eed25d96aff81843398

SHA256
9bc59ed145c974c56188a9ab62f721c34c0d08dc25fe025b8e80a665c3ac4bca

SHA512
0d7c96e1f7be8cbb38cab43cf59b7d4a3136eca8f29a20d77895ef0e044021b4a0620bbd3d9120415fb9cbe4310be7e4d352acb5f6f47a8fefa03da605675903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0a8dc9785d73e0bcce31ad428b839549

SHA1
1223d67d62dbf9f3b58e577661752b4c219a5dca

SHA256
36945c9a2e815b761dc1b0c67dcec60e3862bf98c221c4bf9670edc47c9decc9

SHA512
fb33f2e4ebe40c3ae0c7815f81692ed4f4c24de2c32db939da5f80f0622dbe8b561e1d273dafed81597f7c852921886fd1707892451ec76256b1498bee484ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
0f22cc10dc90fc042148a902f5564dc8

SHA1
2a868663df6925f6eff2adc08d80c21d63fd2833

SHA256
e582f94df032131efc50960561130ed4df36eae2655db52c55fac4be6c58eb74

SHA512
25deaff25af86bfb55e71b7f8c6b372c2a04e6d36021673ac4970f780a3545571b35495ac77e75ca241625467fb13c069fe1cef9f327c74cb96dc7907dcba799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
88dac83f37c7a0bd03465d4068da64f5

SHA1
faa3ce24a48384cf7f165b07867a532924c34571

SHA256
13b648bae1a4257faecd5c63ccee76c82f0d837af47c6c99c982d890adfc62ab

SHA512
8ed189d8e51ff46396811da20d85fe60323b2b3139e058f932f75309411f7811ecd3871c3d13c891d8eb7f9d1014828b2e25df923cca05223e34c46662bf079b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
d621ea8c721648aa52707682d54be24a

SHA1
200d8f743392ad7dbe340a6c79895835f09c9330

SHA256
e435361539dd859ae631f9bcce7da6f20084045365cc8c85c99f86e9f6bfb919

SHA512
d9350722ef56a20071a381d93474fd0774f66008fafc1a0af31324dea62d75f77afe451b68c266f8c3842bf8f47279fb2806117b3ef32690b892caf2b1dae0b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c6272a3ec258e5159ae1527886c7f58a

SHA1
33b7400ae38db7efdc4913446fb4729c2188e411

SHA256
d3a5f4114cbdc86499bc91ac6f25eaca4f59286e192960b1eb9a9a01fd70678e

SHA512
e22323e95b16818a8bab815dcbdd673704dea09ead2627594138ad982f9a7d3bb94c4bd80d91f2ee693f8908854126f1b6bc11c0f19e04d6eb5fa5cf867098b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c965ff02ca3a3a81393a6dafde649eb9

SHA1
c359d3532491c0df741c0bd97eabcca810033f44

SHA256
c723a9ce592fdd40be290e9d836202fbb9c86674e12feabfb19cb6b628baf4ef

SHA512
918fba4abb850d86edf600536c380797de04e81c9b1ad366890bd251bde4b3479cf00f7ff7320157df85f73d272e2abfc3fd80f94a7b8aaffb7b409df37b4166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
9c65679c44c82404b0d7e8ca901a9cbd

SHA1
1c464255e48aea3ccb604faee297e27877d128fd

SHA256
20752150a515f68394b79b996bec7b7dbbf9fa6f2847ad5d4993d1600dd42b51

SHA512
242c41374a2f4d31c7654e034d94403a25a2bb6d5c063b6fec7e94559ffbe9c7b60771bad3c5ed87a97a8eab9c3bd98e4cc61ff2d0cf5263a6ab303362c5f0f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
58f827ca5f7cdecf685bc772abfc8065

SHA1
e9db91d6e969862e3cddf60dae3586a7cc7e89bd

SHA256
79ae4fb7a06b6c8a22c2bbb634534d3af97b4da157e7d0f000f3a00e48818ec4

SHA512
85715ecbae5cf93c70db5e63abd3bf8eb747a6d8129ff3bdc3e2dabebb66542091e8a560f80d2f74e1c0754681bb23d413acce678da0bd9fd11207f1b363dc0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
a0676dacd4149422a75a0ce0ceb8975e

SHA1
0947b3fd8f7853849617da84f6374b5325234b7c

SHA256
342977a6af0a9f288a4473630ff5b1cf2d83370881bbf54b73a466b96253658f

SHA512
9083ea4236e5ef9a6f36f1936cee75576f87c073225821f2dfd3041134925d4890b4b14239a11aba3a022c4b2ff7fe45507c937190ac5a3d3b39e575747b2c98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b06151a265deb9c9eb095203fb1656f1

SHA1
8b16ffffc85ec15fc27e6503137d4bac7ca7701a

SHA256
6e6b0b2453d8f31974915f67173e69c5c8cf2ff3d521de53a4cc98de4faed99a

SHA512
ededb42d1c99229b7214097a04ec967a04d983e98db717f6398f38c5c6406c19667b04ae8a9a6287f521b95d3870040b07104b6f6b1bb600ac1e5fa4eecfb746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
6fbb23241b1de8e5a65704fd0265bfd2

SHA1
eeab588c55bc9d9e4ade6487c75c72a7adce40cc

SHA256
aa5d5102c4ff051e184d7a8623a11b08e0ccb270737f4ea7b0290ac38abe3269

SHA512
7916f73f1a49085243a9680cd0b618d588be36d2c6fadaa753ec5cf32cff9a82eea4ceecbbffd7bbe3a968846fd9a035806d8cea5acc843619f2986f9b06f324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
e704d08d8273fec04d054ce326919152

SHA1
ee01659f70a67a0c9984094c2355bdcd5673fdfb

SHA256
c9215b026ee74e32f4f6d9b35dbde39ab4ec38660efb52f77564a8fd36907c26

SHA512
626db3fe14041b0ee2fdcf65a82bbd9355c5667824b35e5242ba65b2bf7473304c299d9dc30beddbd8135abd726b0ab00d7b9a9c937749bcaeecb8e64865f241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
e2a9d76ad9ba2b5c485fa02550605f34

SHA1
df7adc3959a990ebb2cf62fd8c39102b4a509bcd

SHA256
4e4befedf91ae46c32bacdc64634494e95223a23656ec52f6a1c78fb6c67fd49

SHA512
dd8f4ec5574693cf280ea4010c7b0ca5e52e8cb232b4f3ccbbd053edec05cdb3697fe67f33b70103cf36c819e2973aee01fa4de5feaee50ecd3afc70004869a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
452c9c9870d68667a6837e69cf741bed

SHA1
93eb74b90def0a4f4215fbe16e8a8a71b840462b

SHA256
c9459096a88294b016d1ffed1290a4d0789da97dd5ce507de2f6cafed7f1ade2

SHA512
c8727767adfad7f995eb92d76153e78c68ee3dd405861a17a1da62e07393ea7fbe742776c56670bff106f9f7d237c4146a9aa707e11bb1aec1dbd9bbddbb4662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
115a0f496eb257687c5d6c53115777f5

SHA1
2b06efeee79e9a00676ffa88fbcd20bfbfe3b751

SHA256
8913e5fc0f0cffe99fa1467e6dc3aeaf7cb5bae5cb67b036ca7b7f46110dfe7b

SHA512
71be707f408af1421c75d0b3c4c4ba06c0e6338e61b8ebc019f75b791b9fa1a3c2cc2ff469c7b17bdd4dde73eef9f0cedac87ceaf7bd3254e11be76b501a6a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b1765f856cc56e1749000d74bdcdf59a

SHA1
bb5a319f3d31cef9a128408a9d4365aec50a7030

SHA256
c678746705cd5c50175700b2ef2a5b90c8347f14ea1cb3b92d9d08d141cf2502

SHA512
d070515c40325ebece7cdc99bb5cfef5a754094d4cb471a85d65667d9d2b86c3492b7dee73c9bce43fd1df1d5766d008d97b7fbd7cdbb84423cfff9b1948f33e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
4d78e0d54a8113cc6e23367b86cb78ab

SHA1
f92344b286aa60491abe71b75063db2860233741

SHA256
d1fc444a254a7664e0cdc5edc1ecec75baf6dc27aedac107eea782073e550fcc

SHA512
cf9f2acc9d3b5c4adddfc074206f2457f54237578e0bc36d97381a9cba8f611da9fcbb8ecbc43b9b286278454fa2b12cf68716f36f8791e9fc338b7ce93be587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c6f3ad908bda1c7570e3d1b7e18c4b43

SHA1
9660beb3dc4bedcefeeed463470eb5c7219fc62b

SHA256
7bec00233c78ac05895580dd578477bf0566ad1141f2bd34c3c65948b12f65bf

SHA512
eaf20bf466276b88fbd4dd6fc5c94837d3a0844ff2c90fe97edb5872c52db8dac3966e3a461fcce1278fc87c5320c3d9a3afeb3ee0032125770fc055d84657f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
9c807435fe0b3254316da337b1f412a8

SHA1
0ab14ecb18129979c7ea0757317c5b3f564af00b

SHA256
b41f380d21e9d90b20e6e58423dc01d5289d16e88a720bab6e706d3a304db927

SHA512
65f95b97976a009e86cbc4b990d65aef5aa150d5e21d1fca1ccec9dd79496ed5637e3fd57b66df9d2734afdddf85c28bf4193a285923f98290baeb2044e2dec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b6aa648f9ad5028e6447b13856858ca7

SHA1
90c47c4f0e7dc7ddf0ca53f2951ab38a4be7e329

SHA256
3a1358f3252d04b40ca9e375b17336dbd11de8c808e891a84627554dc33a9d98

SHA512
da195f479340003d24c008908e2bc543697703d22f0bab66f9d91f51d76abbafd6ed135cb6fe9b080a7eb185b373bba185fa72b0ace0bf1fc2f50edac578ea0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
35399282b42936a26165291cd9f74d75

SHA1
26933fdb309ba23dc4f7720dd9ee2c6d376e8c43

SHA256
132b1c254dd9d62dad97da6d317c80e29f54d41e23ff0c028e09ebe7b07acdf3

SHA512
2d535995a381ba7d732150577f7ff883af254ec56a727d1de0d7c1065b07da13159b32122af6ef868a61af430ffc32cd5967a7bf5ee140c9e3663b1865a1d120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b86a967e4fbf3da7da06ef347e33dc66

SHA1
3c3be77604cc30b1893527ea30b6c536f010e678

SHA256
891e3a3fcd5738b2515623324b3b890f460119d9771964ffa1f999bd6ae14842

SHA512
39eebb91666d68b003bf457c12a353064ff562f1285b1af76f5e5ed0aac454e005f9bbe2e5c799dd689299d78f062d284d8ba7b3e3aed6140be16df06a1df6da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b191a897374aeda4f9ada0c81cc428be

SHA1
a08fcae0db09f7b42f251fe573ddd3300246ff0b

SHA256
0b4db0745e37e7279164b158d82c6d0fe840e878457de49dcd82326011f411ad

SHA512
9c1fbbf711a79d40a530c2292c0cbe33c4d3e37cbd7360418dec33110328ffabd78e6f638fb77230d13e573cd12e1afdac8f8f003885c6ceab96e80eccce0350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b13bd9ec982a3ac9ff82c1805ce53ac4

SHA1
5c5159e8ced07e766f9501e2e3c7bb149afe736e

SHA256
aa969b3eb10b52b5d0b8bded100d6c8c56083f470fc274a8f80b4e828677a338

SHA512
97a8ad7539cb8b3d337601e99a25e075608d0501bab0dd68449d050f17f1c91fd7af823acba7a26031f108e743bf4e0a1a0af7f2d183d316ca1f181b742f8a13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
a4ffc97d3c66788b4eca8c1fdb938c7b

SHA1
abdf318079f1be208bd1eecc6d1d6e13c3c4dd8d

SHA256
95e61a68ebbc25f13083d3219f0bed4d313cd31c00d54535f4ee6934915d496c

SHA512
0831c707df8d3f403d10117a9061755ff94415591ecebf9dd2160a79e4bc0facede0748f442420c932874b12e82a6b6db5a72210b4958b353db6565fbd13a09a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
f7b736bb4771056d433b023404c76834

SHA1
3fc8b422d1e9f9c8581be9408b65a66a9b497343

SHA256
2801f57130cc7865e3e32c9c9c98cbca0b3e021a26eb8419d5a1cdee519660fe

SHA512
d0e7eddfad4433e656a1c6cba85eed169f52e83f2cfb8747fd6b81ddb3bcca8b9dd6ec9604717fe7a00f2f3c3c056c732a1c286f22faf9c3f493c7bcb25c938b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
6b2bdb5aebb8a2bc43c569d14b598249

SHA1
e0b111e76ddcfd90dcf1977a6d55f8378ca52cfe

SHA256
494605a42c5f1b5c8f9cf1fee8b6ed977b343b40925540e4cac7714a990dabbe

SHA512
54a976b46c31066c90eb637860fb17a23a7b5061a656dcac33673e4b8a79579120de6b9381dae9303c0f094c0d0714fff09d4f52b04ec7a068d750c46f672b78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
7edbef8e859de3ad32780cf87b7f8f27

SHA1
771964c1e63fb75bebe0d1d552f7d9f7c747aec9

SHA256
c793dd04861ab5af3d837fe7e7b355d98ccc14c80ccec0bac37209bd13cdf2a7

SHA512
6059d6efb2eb6e9509ccffc1cc43c323c527aa066a2d73b32d6d27b1cc0e3c064442089eaf4d0bb6dff6eeafa0c4bda31e2b259392b984fc5b0f4d91f98f57cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
0f8a40f7c376926eac6cce2f290d6f61

SHA1
574106558bb2c3e35d6d9bbbe3e6f37f1546e685

SHA256
a7c6a37e1c6b3bceaebd2c9b55771718437f9434c54da9d4d86f41af39adf9a5

SHA512
2d207c60e45b736fb8f9cc4b850713dbb88442dbfd70049ffa3f009d30bfc5c76af5c73c05bd61d9f340689ed1da0afe06399360de83c396d38ed871c412c01f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
bcb52038e62c7ce24807093183dab029

SHA1
228cf4c39903bb47720f19ee682fe66619e0a70e

SHA256
e8d6f8bd75d49fd60015eed3d5c5eeba49874c3c54adad70af91b271b409c598

SHA512
07e09c73a650df02265c9d75519398ac7e7c632cff1cd009d6c8a36821c7245828f6f603da0df106e4feefd3fcd5d3a786c3b3c790ab04ce2af5a74ece461b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
acbf7922fc23fc9d0eb112c161f97daa

SHA1
8ee28e8848fb8958143727a66ba0defe04e0952a

SHA256
bd1239f1342909cd38d6d3fa1cd09ea1f9790887064b42ae655d98d48fe9d99d

SHA512
9098a936b2e338108e7041709046bf5ef926d9425f469c00416e75ea05a814a7071ea002a659a3ef03ee84965dbeac7b21056b99a5aec213f11560e1335f3cd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
d265d827c00787c180b17ec5f9f38e2e

SHA1
451f616b6d04ff7ea3482039c434e816a3675904

SHA256
695786a9776f4a635dd7554309f0c89fc3650e06f1cad9aebcc5901a4c29d71a

SHA512
40809db69bcf375f21b700df4df282291014e6bc056cc891c093afc5fed9bc75412a8cf0d78d8bb2168bb63f6e6fcfc0a15bbe4fdd94915270f7967792d87722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
30aa79e59895e73f4ef600b1c9c9cad6

SHA1
e3233cd060251e3338f123464b265aa4aca70352

SHA256
c7b173a4807a0f17517f18aa5679feba913de899f543cc80a8f3cade1cca466e

SHA512
023e757209c3b1be4a661a57cb9393c933befafdca6d75e3797b180cc7588f068124f5e0d062c4f997116a16153d443f051d300a7ea12f38c9a6d354f1517324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
05f07f8aaa97d14e046b71915dceb677

SHA1
8f5179ab399251d4a8ff59cb9cd0d85843f762de

SHA256
147f6cde1b2933fbb090daced236e93c6b6c5ab555a776280fb8d20c089436f1

SHA512
01b7f16e85a68e7bba93e8598e72f5db0e67174ddeef071471503d9cb88e5161d2bc0d66bffa15e0bd8e1c59421413a4742703b2fabc4fb431db3ccc35a9621d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
90c70f40bbaf06f92b3ef02c25a5b6e3

SHA1
b18380b4cfd1043ef91bdeff5d0c6445e0eb7104

SHA256
d1bf11ae496049327c304744d8f53e833fe6d320f1fec20a7e00f926c25de879

SHA512
c1987c18765a999b2ebec708fc3cb485d85fa41f173ca3b2c7e45708e6b778c17abe85c7ccb4716d16221b212768713e2d704adfa365e4325f7b3b66268c27c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
faa483a80a700d3ca7e4f4658ab856ac

SHA1
93ff984507963392da362591db9947bcee29f014

SHA256
d0ea67e1308ff0ebf198a8bb5f7a0fa08f02d03c5fbd33cb8427705a61a78605

SHA512
81bfa64c31b9fd631dc51324c7f18f594503cd47a14deb4f9d7c079058cc9f09cf9a4e067b6706c28913ff4230062c64181583ea593974c7b30811ff893b905d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
33c93ba07193334cc41d49021fbc12e8

SHA1
0c14ccc14bcd262fcff48152d405bcf025ff5a12

SHA256
84a65cb5e03812df2724a29e5f704a121db933aa3f672e1aba161dd8d35365ee

SHA512
eb7207ee576f0721c14224572edadb421d6c12b1a7046a53f2ddbe186f2c74fb89d800dad575300f5b0688794b7ac8c26be6fa3175939df5d79fa4b092a85456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
eaa8a570a849f9215b986def8075ceb1

SHA1
0cdcd02b6384f6921184dea16317bc1bc00e955c

SHA256
fc92e620ce305fcb8b4db1335d343d0af6b6dc2028836ce769e106d9349bb713

SHA512
20e2c8105bcf1bcd3b0e1383db8431a787b8d5c173e4f50ad1f5c76f588fcde7e39d27c98e0f90be5ea41071f54da848771b9b49c3a66dc84bc73cc42aa127f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
a821faa0990f6aa350d105cbcd60cd64

SHA1
4b68012a61a66ccc0cb427f7b6caadc475567e1c

SHA256
9e2a11ccb7251da8dd7714b386962bfb2faee0e151379f8e90f291896edba7c3

SHA512
ff7b1d7ae16d69a8e850dea46c7fe01d46c486321008831f2c82f87fa88e0c10ce4fc096fd1446ffc9943d4119eb5fe199558d433aba6d4c0ca6e9d97b342317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
654522ee902dfc6fc5251d9db0ee23d5

SHA1
9cdc8bd6771120b5624efe29c57a05852c25cc01

SHA256
2bc6527d5bef6196d640c3b8b07f71be41a9edf79fdbf2915c1995421014a149

SHA512
02c12e67d6f4ac7e3509241b9747242ac259f47f88786fbd0ef7157f9095a4a695519aff7890b1c55ee8ff0057224a4951f1cde78cb095cc8e03f523c36fccc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
40ae0d91b11ab4613e5a9ba9db0a1c92

SHA1
985cbd475c592721c956a74347b1a8cd5621c71c

SHA256
0c8a93202c56bebf57292c332b80b35c899623dfc35bf97695b5f0f56cf29d78

SHA512
173763706e70a4735bb50607eb7471e2168524465ec442473300de256cf2973faed2718d05710098d55354fe05fb537a2dd8d65d57fee914ee4637618cc6d5c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
13e0931ada3f08fe7a930f7a14aa3b89

SHA1
8582317484b48194a37bf08f8071094725f54e3e

SHA256
1e3b82d38561541ad8f69742c44b70b41ccb7ccf019487367cab91262e6ee4e1

SHA512
6729e7998b0514f98f0ea7bba4ab3034595b412f266a9d3dc8921da7847c1270d3203d6d01094934d10fa1b958a834c6a479a8599031e3e628c13b6bbe2b4c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
f0b6d3973ea8ce475bb6c88614e5125e

SHA1
b5e37a6fba74850b16ac6dd60ec92c59ccbac0a0

SHA256
7d17da731784e45655c832756d928006df9b4ba01ec2a15fc3d6baa3abbe4650

SHA512
961c76dc5f16bd566f52b69b3276d6a13c7f47f79b8b8f577997ee4ac037dae99daabf910851be0ecbc41257b989d84efe93df1b9cf0e8143573c732b3241570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
14a025b00ac30bb6949a63df578f8584

SHA1
3b2a6253ac14993f0812031bd237875874ce8776

SHA256
fd35a7503f79d9cbd997c5313a0dc78b5686854ecfc26d6dd06fedd417fc06b0

SHA512
519809f937c9c69829d9f5c71382e1ea3049de0bb769e06e80a6e7019913a1f3f58ebb7e7ddb765aad3a6f37a26fd05b91b760999fd6e905f786b41b85007a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
46da0ffe68d4fe3f2fefbee572d7c1b2

SHA1
3ac203c5c142c40e3047dde889e8566cd0993b61

SHA256
fb96eaa98dee396f086f2542276b9ad7e217144d076c1d87b86f5f03a81d0e03

SHA512
14a36a14a2cc86a4aab0f4a4ba18933dac2668193f9bca4173bfa95be85dd4b136f45735c507e5ced56aed92c25668c2b9799f4edbcf25b66b00f5afde95ebe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
557588313cafd9a9fc8fef3ddae2cbf6

SHA1
fc3428934f44659133f48583da2649e2cc270d82

SHA256
f256586f8cf12a2325284fdd22636152be19380695a3d6e1bbfa00cf22b63109

SHA512
b4d3324963c915045392e2b1169562258bd69ae1b15618b1b359e89316ff4f5787ae3d095d0404c37d0dc0d3f42b714e4e91809d912fa2ede204126e18851668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
8df12fb9d29cc41b5ab3babc17ab119e

SHA1
d0087c16e1af4c4d654ebaa2602a202db01eebae

SHA256
a31023700d09e925313050bc1cd86d676521b215cf31eca94064820462772fcb

SHA512
ebb4e210f2310ff89093afc28604b574c414329d277a9984ca5f9c54f1d26d553d5ba82c5f96c8cf44f13197a7f6e6e83bf14f6c8c529f5d9c4e6b775e96e732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
50c1f7cf7240ae95d37e73193593726d

SHA1
b135394d8afcd170b1390ce3d61e13a395adb2d4

SHA256
5a69ec6289314af649d7bc1c7a2c498e52e221ad8ac7f3e8ffe52a927d74030d

SHA512
d70894aaa969fb4f3da0849d14c854012c51db72cc7b9e267009d2f90aa50d455d416808fabb11593c31a761baab0479e6677060c0f240255b102e1967a4e206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
607817243fa07282e153d2b73b057178

SHA1
98adef521a79f603570a5720aef62531faa55a0d

SHA256
abb36879cb70e72b6681053885e2caa1d0ea826d8be17dca5609905b9912f66f

SHA512
7a7946b7dd0d16026b6774905892d64f624ecfc3b46f0a56c4f92e8a8f43f12b80e36303b58528ad8aab4e0caaf7d98fbc6b5cfccd5c971446315eb611ebcaae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
af89090727a5e54beaa66f8be8238aab

SHA1
bd87ca1d8f99d0c3001679aca60025eef6cdef7b

SHA256
977d2f3acc4216de1d86a6efcf600f1c31bab429a3d393753615df79e8ab9de2

SHA512
bad8d9b68081ec18307f168a8c7840d8c66a76dda269f61ce598df5f6dbfc326cd69e46e66d8fe93125b6bfc1caf4b5fd5338f845f1cd06878fa4187b5ca3a7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
d3c108c51a48c51cc5e65f6f9b57d646

SHA1
484f44451918d37fde0cdb426ab91c9db1e4bdb8

SHA256
614e1a825e5b09263c454046986c541b009bbb347621dbcf0a74156cec6daaf4

SHA512
14c271eed93b099033b3bd03a13f2320ef3dd87af2c7779ea98a49d3d84d9432acec953b0019743eedc7e69ab71c141930bfc173fe8c2c1603bf10eecaf6bcb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
3fbe0d5c85a7de3ed8599f8bc7de92ee

SHA1
df3bb4492060ef578cfa1611e5239f2a4e326ca1

SHA256
864c34373dca5fbdf69be162644818f921805b45a6d31bd983a745e7518a0096

SHA512
66f35be0f3b0ccdf15e9c45d493ccb6565e77f2cb2e655f049d933475b7a5a0d7fcd9c448110b6fdbd27d28aa371e49b916238fd9fc1fdf91e0b58826c0edd61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
ca008a6d283bbabc5d6daa1970677a7f

SHA1
741f75d5d8700152d30a51ff9f60eb05fc41597e

SHA256
0d86e1aef9bcb13227038f696d870c2fc35a5b1597ec89c113d0eb22d9752a24

SHA512
3d54b433923db8450a9c2c56546403adb2200a1d179162eced22eb04bb540996c5f50993ab4f5ec37dac7b89aedd6e73884928f2543c16d59d01d1ae0487757f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
204d0888487f107de2072a4e9a7ceff3

SHA1
d288160ba1ac1c2094e03651733906cbca6e4aba

SHA256
52d1c34b49b63200dfed013b0181d59c66a4169c2aa89203d1c90deb8fffecbc

SHA512
c522b322e264a1023cb766b4415c2a692e778a800e8a742b49159ace76872f9c461f3016bf8b4c6e95708e99f172645ccbd3abcbbc29c6b4397c93a1af61b948

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c88c6b137cae6ad569a5942d6bd36d3e

SHA1
fe680ba855b2df1fa502dd4ca1d204c42aab4698

SHA256
7f76080dad2e109e009322c3d4bf41fa2cc58d53702521c494ef2c33e2f1b1f7

SHA512
b92fac90f4a0fd77ff40b612d6084020482c1270dbdb20a00cf570a0727e6b76a366a16a6a1a43c52c22c746b03967855f0f02907582f0e0b2ae2f4c5d71104e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
dbbcfa306da7b38ebe08a5306b30714b

SHA1
9faad0b79793f8379793aa9f7f7d8ba9e1506f33

SHA256
cf4f3e638a06a72b0b509b3dfe3c6d6eeda41c3b5aa1bd9b3a1798cb6c18bc86

SHA512
ab0d57646427519972eb87a7a72e81e926dafabe929455ff544583f8b529284da4340d06c4983329f3d48243451cd1480074a140bae8d826c55855a9d3f0cb7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
322c16527a441f70dbb3d06b0d0bd681

SHA1
c4c115901371295ed74f8a6e9bbd03781ec587ae

SHA256
228fd95bec6311c615efe14119010de9eca416e39141fcfa08f5a391e2e6bc6e

SHA512
f4cd70c1993b1dc718ecf8814a1d03a72e3a3e3b45de506cb7b7ca49cd7254801d9a0b3adabd74b92f7013208bb1ff9e32bd272de51116685616f3cfb2142589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
0b086a6dcebf4eeaa1cadaed109e04fb

SHA1
034b52b48dcf6c1221c7c8408437dacdf099f864

SHA256
f88ecf1fcfdab50566e7ad299839474f86485376a8a89a22ca841cc009d66cd3

SHA512
438d4818887b8cc7ebefb1c7b01f30e8424537477d4f1bb6163259ea77d4c3c13fa9ef2fa90bbdd7ef610ffcdf5964e38a47bcba1d34aa15b46240b2b3171e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
670f65c424fa2995719d193fa57b28e7

SHA1
e512cb836d176c98b92088070b8fb4f53ce6a3f2

SHA256
e1c0829a1f74e494ca65a101f7a23dfdb5d21a6f04932bb81db2f7929a621599

SHA512
b429662682f41a9929423fbd57f6262d936ef441904af260948b628ff90730f36b06a0ca486711d04e08b105f8d68bc24b99d44205eaeb9f0d313f13b8ea1d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
759adce6e0f888b7c2da058f495d2da3

SHA1
5d36fc51381abaf014a6102db7fe3f7d4e4cbf72

SHA256
83e7a05126ab8ea8534e3d66d528602b9cda64557a300199be1dd0904ed730c1

SHA512
8051eb926cf3cd84dd332efb4ceaa5ab6f560db45b67c0bbcb623ba268e697c5214a588e8f586a252bd81bb576a75e8b05b4ff6bc40db1dc172425c960c86f60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
87350cf46a249bfcf9365df33f27c164

SHA1
89cdfbccb470ae83d9a6e4a611650074a6c97f87

SHA256
2a7614c6de9279586c212e389fce9c85afe942a219878aea345b45c92c27eddb

SHA512
fd1d95cc7ee5ca1beb1bcf8c901f60f6d3d90ace301605214564d58a38db134246acd73fae74993b5b782152591bd19363b9ef4aef53e160cb006ef7008f1edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
63cc22b44d1aa4ca29185e56c18cd62a

SHA1
20c1348d7f4294dfc6960cfeff02e4e790bbeb8f

SHA256
f2c9ceeb87a60d48156d8c3274a91a1136bce7e5ac4aeffacb40bce58d64f851

SHA512
26e70fc8b17af8b3c3130d13f40afad72b47655b265eb7197f1b7bc86dd8c1231d49e2fb9f6a6015f0aa06bf97e0d118e46e1f232cffb83311e877156ca8165b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
7ed2a893ff920cdbfbf324009d9f48e3

SHA1
540ab6c9e7a26780a930fdab656b6f018a267bf3

SHA256
a8eb0b54e7eca0b13449e9bdb09fd7fe98876eb29ab4bff38caca6fb2689ffd3

SHA512
05144b46ddff2a2efabe94cb2d0561ccd29e17085d8d79683e693fab864dce988ed22a05c75f6fe235c6176de5193bd0cadaada3a00a2acf39c4426c87b1e4ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
927c5a24b7b554be572811001e1d3853

SHA1
93e1709239fff2c880903b6dec09561f2321be7a

SHA256
eaed0f18432da97c9c5de7e9c9e2ccbe4d555a9dc854badc578afdc2d2043d19

SHA512
bbbba9ff2ed530250ba15c2a68534b6e6bc45fd94ca5012de29536b80306f2998310a9c91097fdbb2fe742cd5b429cc7025919ba55f29c08cb7ff58911a0907b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
dd1c37f8162346183c58d5b9f0401248

SHA1
9a15f7b71161856af7667b84d1dae9d98792d316

SHA256
be19174fca693b9c729365006f93b703b4c0d2b4439e0e4aeee3a00b0f7f9667

SHA512
982288fe2e299de8d43b382c93d429ce8aa58f654137a10955c3d834cce9568404bd7c72f7221c3b9df31e665a2ccdf132d46881dff3dab347863bbbe72c053e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
5f44841cb278d3eafa30e62d642eda51

SHA1
16013b9f80d351cd8b8f984dd42cc21bef8f75d7

SHA256
6f61605d6d3c78ec0de2d8a5b9f13906b022cd336742574b9499fdd70f666bc8

SHA512
a903facd4706c845522146381e6c8abffc1bb7bbd56a9246c9278fd5d488adf90e59913de408358028b06aeaea474334897d7ab8244511d4738e42562541bdbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
24963b02c26aaf12cec889cb3318d106

SHA1
ad3747e61395c7b597c59a5ccfa4bd6ab4600edd

SHA256
752fbf7e8707c94300f0f696acb7514c4aa10925df91b8e84c404706ef5467a3

SHA512
594e4635c0387ec3d898392ee8a3b168f34e643f2bb0b3b9a0a808e296e18fa1f4ea203160d2b95a185561ecff093cc8d6b3acc394656af70ebc5f9947f20809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b896718de6e47fe62546331e0496ca72

SHA1
97f45d766c7fa566b5ff16b02e4bb77c3a6be486

SHA256
e86d9178e6ba2c0cbb52ec276f5b4bab844808821cf7b328523ed3af66fd66d4

SHA512
d4f6b865ebed9dd24f800476e63cc1d7a237252e92723cb5623b5c5856d2c62733a9ac45eced2bd0eb2931a9b566d0e552ffb02415baa5b4c4b0ca75a0b18855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
4badbfaea4d261aac2c6049df19d4ed5

SHA1
d7ef81d3febba7e613a17d1e136917a415b27c79

SHA256
ebfdaed0aec43c914b740430366e0c7def9945590eca3b8567a7c35713c6325b

SHA512
cf0189b2d4b0fb54b570939f2210fc206354dc0fadcfe00f876ae2a2ffec98a958b52be27eca0c1ab69c5efcc0ae3e344561a4f404ca0c9f0b25af8570ee2b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
e6e11ed3f1325d7815017a66bb043b68

SHA1
4f78bc6795322b6578b2dd829818842fd3c36cb2

SHA256
244377ba7730d2cb0fd8e7d7fb5a6ab90033863041e32630098be3bdabd51ee6

SHA512
785e3ce3a88aa06e1a032b69342212cbca79e3fa8c4a0d294889ea766ae5db5b6fa83858fec577c71fea93de3b190259a4dd0e5b4d3129cff4e90aabd0da68fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
469d2ac8e8dcc42d103bf025591dcf1f

SHA1
cc04422d3e5e48a785e034d614107623d9ef13ed

SHA256
fa1aae7d671cde1d95251439ec755876fbc16a52638117dd4bba3cd7f76a1f6b

SHA512
014abfd6df0133e64dfe60dfe744e6ba5fd39de65b376e98ca2beec347db50998c81eda7874e2cd18efab3d64ef99f619826412ce3aa2a19ac5cd7025e0dc000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
4440af1971c2f5e9341c6f23e05732db

SHA1
476c48b19c3c248f3aa47982c93b051d98b38ebb

SHA256
d8ba7624b30a77c19847d1aac46440e129b4e4ed5397c66945636ecf73df9b49

SHA512
a2cfe6e03ac69eecfa1db700ef816050eb0133798b0c68d1a27951ffcac1adcca879d2e87efd81598d017fff181394cc45e014ee8bfab55dd803760d85e453ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
8502318c48529612591dfc0114e0f8fe

SHA1
98d9d0b77c27bd2510bec5937482a3dcc094d75c

SHA256
e261a4153fe500a0f7d77462996c573e92bea5e616cf70e79eea0ad62500872c

SHA512
b8b3f27949615ec8903519bf0697276184d3baef310863b48c9a4d92b6aa36564039f0ca5be339186d699ea1ef7800e7f71eaec9e5edb526c596281bd9071004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
93ccd46fb887516853ffe9367ce28eaf

SHA1
9d722a3fe6a5a11617135d14ade742d840dc7468

SHA256
2b518e41fc5314287cabe54400446d3ba0f20ca5d7009f30ea4c138d1cbfe1a3

SHA512
d2634892db4d66508674e9d9a19facec5f63b19c466428155674fe51b0c792469748b516d3784481cb551b5c86096d046dc99fefa126d35ea7265e93b398e04d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
2ea7520fbadbd1c43a00b771bb092787

SHA1
fa3742991f8b19c5299b9a61a5e97529fd5f66cc

SHA256
6f0e1d9758ec9c83159eae6bd4da5aab44bc7e5674dafe8d4103e7acf7d898b1

SHA512
b46dda8856dc3c7fba1809083942d4b744d2dce4c7594476428c4e028abc3a2f2abb6c916cb96b817b27ecfc646906d7ef8ef79909d05743526d74afa6039eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
7376d8a6a39df39a1411896ff1672b9f

SHA1
ba7fc472db7c65a5a3c9baa133d0125b7532abc2

SHA256
20a2af973a02cbb926a50259b9c0a6f19114f46b522654040219756b0fef92f7

SHA512
f4af9a24e89070f2525f1e3124d51a19bf839b92ef0981cf42bd54353384c6977b5b2a33848aad0c1b72fa9b4f2628d992d1fedb30e3726dfa0b70d43431b64b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
3ece118ac04517c8058d0af43d552a93

SHA1
2626226d4a212a0db219c4f4745eecc66f522d75

SHA256
afd5587cd14dfd485d28758e30f04bb4ba2c2b1acf52a200ac486ed01c497187

SHA512
b9551528b4d0c98b2a860da38f8ed8427073ce0b06ee981e179388344241eaa2d5746f4f17f7be4f52744c76bc6c07b8afa0e684b81905d90a97d74116efac50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
8a3e4e36da71d88713b370230d75e9f7

SHA1
81012a698153359a1866a75f210a53b633d85fea

SHA256
40b9b7c9b73226ce3c401a4c53d17c534c8565da527ca6e51fd7c58bcd4d548d

SHA512
66ed0f2994884c25a3dd5ab802751a10b844763b06a59029666d1b0b384c08985b4e61493293d8665754d7ab7fce827cdc24c6c33227c66b93ebb04cd9bef058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
76d9ff1dbc8c02119488129a8dba5e75

SHA1
edfdf1c17d95e4726a0b98531cc6163123b0b03b

SHA256
9914ab3f3afc02b92f23333f20ea9031ddba9775d8283503b117f3ae53758638

SHA512
e18dcdbbbf0a4d47c221cac81550264f20da2cec28e797e368799dc8663c792ba1a0c659079c4cabceb7ed05bed039bb2ed0256e4a34dfe2ff8fa77073fb49c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
1b96cfe6875808949162b3c4a4dee4c5

SHA1
3a9a4f494dd15022fd385e5f62fbd6bf3a410707

SHA256
65a07b96d4e8a33f9fea71fee69a5d4cc20329ab3e250a7c3f4d96017197e0df

SHA512
2f47ec8488a1928e779f0bfa08c423c71fdbb96aae07c74ef0914514caabc1daf09a1d66a2f633cc6437889504c7a2ce77a128f3725485b203c7d934d1acdd36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
4cc97ba1e286d51c850ed2204bcf4055

SHA1
dc8c50ee795353c509042417e7adaa695d01da5e

SHA256
62a4983b7ca293170c1485a9e88932cf23fcfc819f8431a1a0bc1c37976f7753

SHA512
4c457285533687ab8a29032d93dfcf3ccb04dc723bf24d4c3270c306ffae2b535d80057041e1c46f0a2b33451dc9d5d93c4adca8ec66bee6f5ebc784c8afc1b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
bc5df5715185c21a2060b41e26fa3daf

SHA1
a2bb0e1abdaf659858a8903cb0db4d9bd5deefb1

SHA256
0d007f498c1cd38f03d5bf02ca308b5dccaad55e41d2acb5ab5fcb466ae5e7e8

SHA512
6712656d5b25ebc49867843ff395d5c50c1aa842c314c6d9a1ed5f7d804d81a84b84ac242a3ef8516bd3738ac2daa37b3eedf0691b33f4d22b7bede653a04b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
44d7b1c9ab4223567c2429692620609a

SHA1
6bc22103b1a47d36675122487dd0cbf79ccf8676

SHA256
664b41d1fd08375e2b1d5da4853ec05df0b99ab52fdd13c9976ffa1869802714

SHA512
412fe3bc73e306abd3616860d8e44d79082c4806bfe9db5bff5b0e5d226b065ba6661ef0f400a43fd08bd56c4edce61020b0f97faa6cf48c610c1b6bed3d27c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
e258b17bd9df25c5ff40021cc6009e76

SHA1
ae70d13e5257400ac20346994eb7b7bc2bdb159c

SHA256
336ae19d5f6adc3383dd5369b6ad8ffabd5b00db887fe05c7f4a9df9ea49ce88

SHA512
3a571cebfc3c3823c1f7f7b51eeb4edbeef05a2bb0c777c74b35914559b0ca9504eb6789ab44762d3b6c9da1ccd8520a6c3f343fce3834a1aeec501c01d5dbe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
ffc542c77d85dd0c8326838471018dbe

SHA1
88204e650fcfe4c5e2fb861f7f603a033b76b078

SHA256
f42358aae05a60835c2c3f1c283c856a446608523ed7690b4ab8d5747606f69d

SHA512
8032e1e8769ce178b061c2f4e744c6832223585ca50a5b51d7bcf2b1dec1f53876b6daff472b2584699deedb200312d1f8103b3ef530bcd0bb1116f8b5a1ea3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
91e2e268747c4096fa4c3a26ca9b781d

SHA1
2a5e76b9d6cdc6c4f6d0f261a1d09622b5811719

SHA256
46aa679a65b3a73b3ebcdf777f0f4411d3b93c905a4d9faa9ebc4acdbea5cd2e

SHA512
1146781dbdef07fc6569df1980611ba40a7b2c6f4bb6a3ff9f2ed74cc64362a8b1037e9d722192bb21e32e653f5f584df0dec7206abd8b0873a335610ab6034b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
656d51b79086cc448bc4b77130afe2aa

SHA1
bc2a051dbf38701920455c8c809ef088f3a84778

SHA256
864d030441a6bc0e6ede190b170f82d1b9cd2149f0614999e4285f99ab50735d

SHA512
54d7e99f8c5325ce02ff1c356d0ff5a2ce73d181739607dc7738abff1192f2da81c342bf29ca14a1ed743ed4f672db9459711ddb5d9e465a78f244887896766a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
311ad0880d59ec592205aca8a7f9ef83

SHA1
0dd523c3908abe10e075b7003dd70de9958f3c1d

SHA256
8cba8001dffc235db8a9030a525f2abd06f61171137d10ed284e2ed224441f4c

SHA512
8b47d257d3461fe07867aeafdb5de58865cc32dd3ab1195f40ec96c90a031908018f8bad769467e6f0a179fae2c10fcd558f0a7f6cd2e129f64110073dbe30fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
44fe6a90931019d9f96a0a9823bc98bf

SHA1
fb24988a9ac4ff655ce5299b1555817f8ba60219

SHA256
c67dcb26d685b4d66ead38b09d580950f2924861ac228d2625c85c3264eb3e9d

SHA512
987b44a234ec2b17788779f7adab82b2d8b1179bf4b20767a4136cadd67945ee0864b4a95680e6c9486d773076095dea1c2481cd2030ccd406a7f7c14f80664b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
341de99f767c1c1dc1ca33467787ce2d

SHA1
eff79ee9dd9cf7642754206c1f713bfbeb341920

SHA256
7cd07ef6f31ed3c7f589b8dc19d1e8514bf2af0588268901c891f0e6ef90e3d5

SHA512
56f57935418373894b5ef98639a635f587eb6106b8ec2e8af6fd6400893054f644341f456ba26c50a0db6f266eaa27337572e870f3d75c2f6638dacc9c27f7ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c75be28c0b4e7f4417bf957ea5f467b3

SHA1
67046a767c53bddb6efd3962246dc6a5287eba75

SHA256
f91751738d2b8d96348b1fc5aa0e2f564c7565d874a7ec94c4e3a982459aac0c

SHA512
5cb6321d7f2a2991bc63728992f9f757c05c6f0dfbed62e82544eb8ebe807c8b99f8790d6a13a40ae6f9cec19a0a7b6674478b4c0897088241a879fc37e633ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
114257a3a98d9a68e6638464a56da46b

SHA1
46712f06e0a70a7409e3fb572ab32d7bd03f9b59

SHA256
ed835e6bdd195a684b2f91db780ce891e32013d782dbcd55c9c9513c0718e3fc

SHA512
e80b994142efd70f20c89ce5490668e8eaef75e8154a75b2f5d74b9be35c9433fd9547cbee78e886a857d3ef8d93db45cadfd6f92d9298f9a112201d300f5b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
f0895d74881bd47481413fb46263e3e7

SHA1
5e9eb86534972541c2ad2581cdb7579123e11037

SHA256
12923137c53e401459df3697e6f77ede12c4df55616fc071d7e885a0c18e4e70

SHA512
88d9e6a03b93f6205f3bebc20f49f5c27a4ea6694edfbd400f311f4658d190e2d6dfbd21f34426baa7b91c99f7abaee059c0084a3666585b6089a51f3e68a674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b9920cfb-1e12-49d2-ab20-8e4947c42e5e.tmp

Filesize
6KB

MD5
2d47ed7f8440b8fede1fe2fb8e54a4f1

SHA1
79588c28e8657fe5c8ac81896a2e9969073daceb

SHA256
fe7a971abeda122fc56ff0637749864d7de7052f3260beca91f0bb37822fdfb9

SHA512
98bdb3f7338c8d630b7a395366006d44439cf7ec585d9201edf9d2d9f8ebec82bb79780f78ac430d7b4cc2b38ca54d3fb9ea9ce08bb35b406800dc10005b1c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d5c4d804-674c-44f3-a3e9-fb38f59f4794.tmp

Filesize
7KB

MD5
9df5cd9364ef3db9558ec52817248e2d

SHA1
eacd91b04806f7195faad0769f0d77f758f02dfc

SHA256
26655089fc606a12842e187adba330be55f68a048c00b44be16beb19df0827cb

SHA512
0735328f0271425c580eccf635c7867b3fe7235f23baa9525f4356d51482c0c6d627b492607182f04fb00f24ed5b58422dfb30a7239842363ee7dd6e55e880c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e1730e1b-4c23-41a0-8e8e-e85ba7f61674.tmp

Filesize
3KB

MD5
1ee8349a80c762a2ddab5ffd08b26442

SHA1
b864b817eeacf086f502110958157cf43a55bf67

SHA256
27b312f1e6d001f54df67782ab597defb0158be40d1941cf4476bf791c5400fc

SHA512
dbd025250c883a6bfdc4114812e288d0b68ec60b5748a981cd611d46e261d2854548f86931c5282646a1d1ab155cb4b2cf22d929713821a42a45152fe279cd27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
271706f081e10d45ca8eda24d17dc3fc

SHA1
a3c634d0b330a5c64e8b0f0edfee0671bf17f5f8

SHA256
f0dc98848b060120aa1b515589b912af546d28b8d47e458fc4bff02c81c95588

SHA512
bdb36d7621795be5e3c3bf92e05f1c7933f901f3e2d55f7cade8a4a37e16adf750348b226dd56e32e1518b11c8f0c117da89c4fe38bc2bdab9195ec78d51d2a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
83d614b88872719bdf607b75f55c4031

SHA1
ac03b9ef44e7d1c0c1299de0a1c9fe77a5cfdd11

SHA256
fa3b319ea2b481e534be0ef7cd5402d8d236702893ff7bbcccfa94531502bb24

SHA512
814466645301a4c72c587b0e126c428e3bab4efb440f011d5479576b2e32c9439b16b800468146dc858642963f4b3521984e74d483a6c8fe292bb0b3aefc1330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ca0d4eade89cd37cd1d4fe50833cb4fa

SHA1
5bd0b5cf0ae5a22e901b246c0f9f38c28c16191f

SHA256
01e7978279a008b9f5251109395dd172b8a5c58ac9eb6f927cb206b17fc4c165

SHA512
2e1f15052ab6a79848b06b6cfa33be18033e3ee0bfa54a2d5d4f59f6db7382e40f6036b64d49cfbbbb979a224ad0af6071861c51cc2ba9f34a7437423b8b053b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d3a3ae908a2af2eb3ec9850566772f5a

SHA1
197ab29a57fbf85901ba6db40e9ae42bbbf42ab8

SHA256
8b540eeac18725dd7dbb893e8570aec6228e81e88bec139547b75b2ed5a5ce05

SHA512
ea19be4867c5381518422f6eef0538512871e867a1846e810f31ec7417075a41151944ca5e53cf48921276ab09de34aae589abe78c8555c1f26b2f83090e3a2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8432fdfef77cfe0d822b1f3b9d6037d6

SHA1
5c20f3e7ca87f353d4ebe5687bf04c90cf32eda8

SHA256
7c727e0eefe0111643de25bde0c1d7c5e425ad0ad084971ffc58b2cc01390f5c

SHA512
b9d6fb62ace146db2c2789b324c5ca192311dcc4b06d9553aef8082cbb5d73c780e9c8d18ce3adf238ef9d5357928ebff80afa428c8c1c49ce25bb06db6d77c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
f033fe99712d4f0740cc2a1a8989debd

SHA1
f4cade441f5c609bb2fd08b6c17b98b0b78c9733

SHA256
6cb5290e8d8b7d7195beb0e71cecb5d2efcf93501692d83bd9ba62e70b63ce4b

SHA512
f98f6334bb2ef5bba924c2374d815f4bfc2369858121fa7a9313173f42e5b05734af2e359332d9936290b569b5e19ed1ec00046d50520670793e81f226271a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
5f98fc1b744af3fb75159664af7df98c

SHA1
cb62c7bea7c1fec9b1122b7705c53bc87ac39b14

SHA256
48a3268ef5c3114c00a10472854d1a312d0fc4258fd571488af33cb5f11a23c9

SHA512
d8d6a956601cd9276eb98cced7fa574c6db84c00e5c6d94d57ca90e9fef5a95115aa6178a3a7071b6df80cda68e1acfcd941769d06d7847ed36f927d203bf126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
2b383882b3e63dc58d7f2196d7a19025

SHA1
ccbe550d23544779f912afe1a04afdd5b7f6f710

SHA256
f387b3d351ab1089b7d32959b6374bf703822554582e1ace07f2ced95266aeab

SHA512
0e4aa723dc82e6304954239aed4cc25331bf958e95ca955ea3fce702e6cbaf6901adebe99ce1f3b8efab16125af50774d25df3fee29c9afa23846b25e883ef0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
a250b57ce4f21acef164cf678f08e403

SHA1
bc934f4527f34c05d2c3e9e16f3c5d682743ecd4

SHA256
560ada428231556ef9e59ce13bc53726367ba8c3ba96f7a4125d0599cc7d6760

SHA512
fd92dc5b2cc8231d040f5886e6b539eb0af372148c08e395661af78e839d5ee9156a257773daecec45e5667a1ccf74fbc1d780fbb802a371d0efa03235a6e81d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
fba223df40c640d1c34ae3021551fd25

SHA1
ff9e89b10416ef3c2cbed68b28584d106dfa2555

SHA256
f7bec53d65f06f3c38988ce36c09765759a93961038c1a50603b2a64760b7549

SHA512
9783e4f06fe11d2dfe3a7daf40f60a70a438e4b9b9b8cc4ce8957f3ee6683feb7d690529fa06906f6589dd1e7006e86a7f2f931fd07ccea6717bd759da09ae80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
88e8c152e45f0f0360d2f0cb29cdd65c

SHA1
adc575a8648865477e99e644b1cadb6197280433

SHA256
6ff181971ba8d7b213a7d15fa6dc83374850230df271c6bf6d7203ad93570186

SHA512
dc3d80f4626d21840601d018efcd21965467e7e934c386747b54015af223a32779183bfd96fe1f8efbe277ea737f720ce97852334a6fba89fafe19acb5e4c89b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
b8a2c7751315ca729baad37d46eef451

SHA1
abd381b2b6c3da98a03d0883a66b620ae383e47e

SHA256
2c7df089b9ed8a0c52ca07c01f162fe20b00478c71ae9c54f1473b09b76adb3e

SHA512
09f31fce7c6b36d3156b742ca164e5825e4b0ce94e96be2fe39219d10c710229b89e633895f3921c0828087ae1c14a916fffcfc0a7be8738b80211a7cd79c494

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
4026ea0051ffd40db55222df564bfd93

SHA1
d74f2015f80013c9cc323b1c15944d55366fe940

SHA256
5464e0b38c40d167382ca7b914d4884904cc73a64cd40a2b99ca8d491b628fb5

SHA512
ab58a791150b1e6954d11df76f644fe03fbefe9207d7ee83857d5dd001d634adf4d98ffa996907359cfbef3f061455f523a54ed67b2f19acdc2c3b9b169fae06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
2abf2ff9871bbcfbd3d04f0371fff370

SHA1
d2a2ffe9786394b2e3b94b1dd957a7d3b827c105

SHA256
e208086cc4003374b09ed888fe3ccdb48d92f32de04c8b7eea9fcc2350587cdb

SHA512
54fe3460f6f89094f6a15b2ee5bfd262700690ec7308dbb78b3546a6377fedee4889b6a6385e3c5ad0228164d9bef993f32e5ab9e8462a4123f0d5921ca4c824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
4dec07a6d81e9ce78fe7acbe34e13e64

SHA1
539bc989fe2874fb0e0874ae79d42c4e2b106ecf

SHA256
f0f3326cef8f34ffb148ffba8154b2dc3d81cf433abe82047f00b22ad6d2410b

SHA512
95886a2790e5a88456d4d08186da31e87f54b5d0bf8aa2f758be931af6fb635852340ce0ff645f4be4c0f895a646c614cb627c87ac37428dd29b21df3b214da2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
87d0c7c14ca1b3e7797bdb703de534f7

SHA1
8f0f73f85479d611e20e7d362ed7c168b43154d7

SHA256
f5a7a945e512e7761b41360b420f477dea7d9c9988e73dba5e3be62fd8f075e7

SHA512
badfd2f274e84ddad29e0a3064b7f5a44472c8aad457f29f89a655291612475f740b308046c9b7de6d6c0f00920629449af3b894e7f61fc08105dad3517f1bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
4592a503c96cb7b89e441f0ce788e047

SHA1
4d93e1c4a3cc0ac2824c4d1c825611af53e7e4b4

SHA256
8e99e13344c1c73765b11551fecc39e7012c13e3dbceb4183d86cad6768878b5

SHA512
232ead1ad7fe77fba4533b40a73d8d46940cbb0bbd98db66143535d58cd1348fcda5ceade5784af6b04f4e15bf8045a59e70b2ae3c219dcfe779b0b1d040a327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582cc8.TMP

Filesize
94KB

MD5
deb0524d0ab2c1d95e975b2d6ba1db4b

SHA1
e9134351329c627506fef8aed45ee39861347bd4

SHA256
f6ace4e11936f881c0f914c7d959adbc040f530f8e503269a7d26b3045cc493e

SHA512
52e73c06162e91f56f78084a1530c773fa477b55718d55fad347985b05a7bc53016dcc5ebbf6ec3996b0d07d44d6b0f5c583ee5c4917275eb9377feb4ca3ed81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
941d69d43e413f59a9a782bf046f424b

SHA1
1d24b1b97a1db463b5295fdff4a23e8f960cdef7

SHA256
5e86fe41385064ab2124d7a893f64c4ec0b0fa3b5fcca088d049ee057bcc9a49

SHA512
a3eff2bc2b4aa221e88b0339b3f6fd346238a42844d701da5442797d72e25fa8b85739bd922f570cb563efa6ef6c2ac655f61c25ff37789bedc502846345a12c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
e7d3a733d2f10f84f4a68dbf2e428050

SHA1
38c8ac56b6b098bc371ad43d97122cee2d41477e

SHA256
6382fb4f19563c939093290c73495a0c55b2026a2d7debf192501981eebf24dc

SHA512
92a3de4c677beaae06e266415cffac094ad5529242d957e68f7d89bc67f76f8c51b236838f795226fcdd44c9c992d9ddef2bf3285b2e865bbe399267b3782eb7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 184240.crdownload

Filesize
229KB

MD5
65536dc4bcafc3ee3c1dcf7ed64c12df

SHA1
e1ca248ae2ef47a6b89ad6fb155f4d5ec3674e9c

SHA256
98e7e144b7bc45bd52601d093b1e447cf486bf2e8cd2ba84e8325e2d7b269662

SHA512
25f5043750e42d312b879dcb1b37bc4621790f7402befa21578818c8de6020f1983a984bde79eeaca60b3cd12654fe2dae6e728826e0c4da3794be3519d3bcc2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 787742.crdownload

Filesize
4.6MB

MD5
81f0d54a40f84ad10daeb5c1966b1af7

SHA1
689f076096751d1a18fea5bb7e4d7140334d3ba8

SHA256
0ce04e62cac2b43c7b86e9c82f5aa895e19ca9f5654c9baee7992ecea4fe2ef9

SHA512
9c4940aa129808c1f19267e8996a1f6527ff4e3342a2cd9e62a05b99845e0ace13c3d23107b35ada9e5c5cba3a6569742c24433d0b489d473c460bcf7d791e29

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
0db7a2eaf89452af2574b8194c949ed2

SHA1
453655939949d0708acdaacb39c70c1f44145731

SHA256
3d871170932d8c89652c9135f8d94b277e729bd5cfd494344319ca3940e7a9c1

SHA512
94b54fb7047240337fba7423c740553d98db8c89b34f30922a39ed67a6946bfd38ed910c8f8e7b4eaeacb02f8a01722c466c2246eb85457bb29358caf20a788a

Download Submit
memory/1420-2923-0x00007FFF8C650000-0x00007FFF8C651000-memory.dmp

Filesize
4KB

Download
memory/1420-2600-0x00007FFF8C650000-0x00007FFF8C651000-memory.dmp

Filesize
4KB

Download
memory/1744-2185-0x0000025809CB0000-0x0000025809CF0000-memory.dmp

Filesize
256KB

Download
memory/1744-2186-0x00007FFF68030000-0x00007FFF68AF2000-memory.dmp

Filesize
10.8MB

Download
memory/1744-2187-0x0000025824350000-0x0000025824360000-memory.dmp

Filesize
64KB

Download
memory/1744-2198-0x00007FFF68030000-0x00007FFF68AF2000-memory.dmp

Filesize
10.8MB

Download
memory/2192-2223-0x00007FFF67F50000-0x00007FFF68A12000-memory.dmp

Filesize
10.8MB

Download
memory/2192-2213-0x00007FFF67F50000-0x00007FFF68A12000-memory.dmp

Filesize
10.8MB

Download
memory/2440-3356-0x00007FFF66F10000-0x00007FFF679D2000-memory.dmp

Filesize
10.8MB

Download
memory/2440-3358-0x00000110F3320000-0x00000110F3330000-memory.dmp

Filesize
64KB

Download
memory/2440-3359-0x00007FFF66F10000-0x00007FFF679D2000-memory.dmp

Filesize
10.8MB

Download
memory/2940-3061-0x00007FFF8C650000-0x00007FFF8C651000-memory.dmp

Filesize
4KB

Download
memory/2940-2935-0x00007FFF8C650000-0x00007FFF8C651000-memory.dmp

Filesize
4KB

Download
memory/4500-3108-0x00007FFF8C650000-0x00007FFF8C651000-memory.dmp

Filesize
4KB

Download
memory/4500-3231-0x00007FFF8C650000-0x00007FFF8C651000-memory.dmp

Filesize
4KB

Download
memory/4836-3382-0x00007FFF66F10000-0x00007FFF679D2000-memory.dmp

Filesize
10.8MB

Download
memory/4836-3383-0x000001F4ABED0000-0x000001F4ABEE0000-memory.dmp

Filesize
64KB

Download
memory/4836-3384-0x00007FFF66F10000-0x00007FFF679D2000-memory.dmp

Filesize
10.8MB

Download
memory/5196-2199-0x00007FFF67F50000-0x00007FFF68A12000-memory.dmp

Filesize
10.8MB

Download
memory/5196-2200-0x000001C46A570000-0x000001C46A580000-memory.dmp

Filesize
64KB

Download
memory/5196-2201-0x00007FFF67F50000-0x00007FFF68A12000-memory.dmp

Filesize
10.8MB

Download
memory/5564-3234-0x00007FFF8C650000-0x00007FFF8C651000-memory.dmp

Filesize
4KB

Download
memory/5564-3357-0x00007FFF8C650000-0x00007FFF8C651000-memory.dmp

Filesize
4KB

Download
memory/5644-3361-0x00007FFF66F10000-0x00007FFF679D2000-memory.dmp

Filesize
10.8MB

Download
memory/5644-3360-0x00007FFF66F10000-0x00007FFF679D2000-memory.dmp

Filesize
10.8MB

Download
memory/5848-2447-0x00007FFF89D50000-0x00007FFF89D70000-memory.dmp

Filesize
128KB

Download
memory/5848-2425-0x00007FFF8AAB0000-0x00007FFF8AAC0000-memory.dmp

Filesize
64KB

Download
memory/5848-2418-0x00007FFF8A310000-0x00007FFF8A320000-memory.dmp

Filesize
64KB

Download
memory/5848-2419-0x00007FFF8A310000-0x00007FFF8A320000-memory.dmp

Filesize
64KB

Download
memory/5848-2417-0x00007FFF8A310000-0x00007FFF8A320000-memory.dmp

Filesize
64KB

Download
memory/5848-2416-0x00007FFF8A160000-0x00007FFF8A170000-memory.dmp

Filesize
64KB

Download
memory/5848-2413-0x00007FFF8C650000-0x00007FFF8C651000-memory.dmp

Filesize
4KB

Download
memory/5848-2415-0x00007FFF8A160000-0x00007FFF8A170000-memory.dmp

Filesize
64KB

Download
memory/5848-2414-0x00007FFF89FF0000-0x00007FFF8A000000-memory.dmp

Filesize
64KB

Download
memory/5848-2412-0x00007FFF89FF0000-0x00007FFF8A000000-memory.dmp

Filesize
64KB

Download
memory/5848-2411-0x00007FFF8B8C0000-0x00007FFF8B8CC000-memory.dmp

Filesize
48KB

Download
memory/5848-2409-0x00007FFF8B7D0000-0x00007FFF8B7F0000-memory.dmp

Filesize
128KB

Download
memory/5848-2408-0x00007FFF8B7D0000-0x00007FFF8B7F0000-memory.dmp

Filesize
128KB

Download
memory/5848-2422-0x00007FFF8A330000-0x00007FFF8A340000-memory.dmp

Filesize
64KB

Download
memory/5848-2405-0x00007FFF8B7D0000-0x00007FFF8B7F0000-memory.dmp

Filesize
128KB

Download
memory/5848-2421-0x00007FFF8A330000-0x00007FFF8A340000-memory.dmp

Filesize
64KB

Download
memory/5848-2407-0x00007FFF8B7D0000-0x00007FFF8B7F0000-memory.dmp

Filesize
128KB

Download
memory/5848-2424-0x00007FFF8AA40000-0x00007FFF8AA50000-memory.dmp

Filesize
64KB

Download
memory/5848-2406-0x00007FFF8B7D0000-0x00007FFF8B7F0000-memory.dmp

Filesize
128KB

Download
memory/5848-2404-0x00007FFF8B7B0000-0x00007FFF8B7C0000-memory.dmp

Filesize
64KB

Download
memory/5848-2401-0x00007FFF8B720000-0x00007FFF8B730000-memory.dmp

Filesize
64KB

Download
memory/5848-2403-0x00007FFF8B7B0000-0x00007FFF8B7C0000-memory.dmp

Filesize
64KB

Download
memory/5848-2402-0x00007FFF8B720000-0x00007FFF8B730000-memory.dmp

Filesize
64KB

Download
memory/5848-2400-0x00007FFF8C860000-0x00007FFF8C869000-memory.dmp

Filesize
36KB

Download
memory/5848-2398-0x00007FFF8C7D0000-0x00007FFF8C800000-memory.dmp

Filesize
192KB

Download
memory/5848-2399-0x00007FFF8C7D0000-0x00007FFF8C800000-memory.dmp

Filesize
192KB

Download
memory/5848-2397-0x00007FFF8C7D0000-0x00007FFF8C800000-memory.dmp

Filesize
192KB

Download
memory/5848-2396-0x00007FFF8C7D0000-0x00007FFF8C800000-memory.dmp

Filesize
192KB

Download
memory/5848-2394-0x00007FFF8C780000-0x00007FFF8C790000-memory.dmp

Filesize
64KB

Download
memory/5848-2395-0x00007FFF8C7D0000-0x00007FFF8C800000-memory.dmp

Filesize
192KB

Download
memory/5848-2393-0x00007FFF8C780000-0x00007FFF8C790000-memory.dmp

Filesize
64KB

Download
memory/5848-2391-0x00007FFF8C660000-0x00007FFF8C670000-memory.dmp

Filesize
64KB

Download
memory/5848-2392-0x00007FFF8C660000-0x00007FFF8C670000-memory.dmp

Filesize
64KB

Download
memory/5848-2381-0x000002266F9C0000-0x000002266F9D0000-memory.dmp

Filesize
64KB

Download
memory/5848-2423-0x00007FFF8AA40000-0x00007FFF8AA50000-memory.dmp

Filesize
64KB

Download
memory/5848-2420-0x00007FFF8A330000-0x00007FFF8A340000-memory.dmp

Filesize
64KB

Download
memory/5848-2426-0x00007FFF8AAB0000-0x00007FFF8AAC0000-memory.dmp

Filesize
64KB

Download
memory/5848-2428-0x00007FFF8AAF0000-0x00007FFF8AAFD000-memory.dmp

Filesize
52KB

Download
memory/5848-2431-0x00007FFF8AAF0000-0x00007FFF8AAFD000-memory.dmp

Filesize
52KB

Download
memory/5848-2430-0x00007FFF8AAF0000-0x00007FFF8AAFD000-memory.dmp

Filesize
52KB

Download
memory/5848-2429-0x00007FFF8AAF0000-0x00007FFF8AAFD000-memory.dmp

Filesize
52KB

Download
memory/5848-2427-0x00007FFF8AAF0000-0x00007FFF8AAFD000-memory.dmp

Filesize
52KB

Download
memory/5848-2433-0x00007FFF8ABB0000-0x00007FFF8ABC0000-memory.dmp

Filesize
64KB

Download
memory/5848-2434-0x00007FFF8ABB0000-0x00007FFF8ABC0000-memory.dmp

Filesize
64KB

Download
memory/5848-2435-0x00007FFF8ABD0000-0x00007FFF8ABD9000-memory.dmp

Filesize
36KB

Download
memory/5848-2432-0x00007FFF8ABB0000-0x00007FFF8ABC0000-memory.dmp

Filesize
64KB

Download
memory/5848-2436-0x00007FFF8ABD0000-0x00007FFF8ABD9000-memory.dmp

Filesize
36KB

Download
memory/5848-2437-0x00007FFF8ABD0000-0x00007FFF8ABD9000-memory.dmp

Filesize
36KB

Download
memory/5848-2438-0x00007FFF8ABD0000-0x00007FFF8ABD9000-memory.dmp

Filesize
36KB

Download
memory/5848-2439-0x00007FFF8ABD0000-0x00007FFF8ABD9000-memory.dmp

Filesize
36KB

Download
memory/5848-2440-0x00007FFF89C10000-0x00007FFF89C20000-memory.dmp

Filesize
64KB

Download
memory/5848-2441-0x00007FFF89C10000-0x00007FFF89C20000-memory.dmp

Filesize
64KB

Download
memory/5848-2442-0x00007FFF89D20000-0x00007FFF89D30000-memory.dmp

Filesize
64KB

Download
memory/5848-2443-0x00007FFF89D20000-0x00007FFF89D30000-memory.dmp

Filesize
64KB

Download
memory/5848-2444-0x00007FFF89D50000-0x00007FFF89D70000-memory.dmp

Filesize
128KB

Download
memory/5848-2445-0x00007FFF89D50000-0x00007FFF89D70000-memory.dmp

Filesize
128KB

Download
memory/5848-2446-0x00007FFF89D50000-0x00007FFF89D70000-memory.dmp

Filesize
128KB

Download
memory/5848-2448-0x00007FFF89D50000-0x00007FFF89D70000-memory.dmp

Filesize
128KB

Download
memory/5848-2449-0x00007FFF89FC0000-0x00007FFF89FE6000-memory.dmp

Filesize
152KB

Download
memory/5848-2451-0x00007FFF89FC0000-0x00007FFF89FE6000-memory.dmp

Filesize
152KB

Download
memory/5848-2452-0x00007FFF89FC0000-0x00007FFF89FE6000-memory.dmp

Filesize
152KB

Download
memory/5848-2450-0x00007FFF89FC0000-0x00007FFF89FE6000-memory.dmp

Filesize
152KB

Download
memory/5848-2588-0x000002266F9C0000-0x000002266F9D0000-memory.dmp

Filesize
64KB

Download
memory/5848-2453-0x00007FFF89FC0000-0x00007FFF89FE6000-memory.dmp

Filesize
152KB

Download
memory/5848-2454-0x00007FFF8C5D0000-0x00007FFF8C5D1000-memory.dmp

Filesize
4KB

Download
memory/5848-2455-0x00007FFF8C5E0000-0x00007FFF8C5E1000-memory.dmp

Filesize
4KB

Download
memory/5848-2456-0x00007FFF8C5F0000-0x00007FFF8C5F1000-memory.dmp

Filesize
4KB

Download
memory/6100-3510-0x00007FFF8C650000-0x00007FFF8C651000-memory.dmp

Filesize
4KB

Download
memory/6128-2481-0x00007FFF8C650000-0x00007FFF8C651000-memory.dmp

Filesize
4KB

Download
memory/6128-2704-0x00007FFF8C650000-0x00007FFF8C651000-memory.dmp

Filesize
4KB

Download