Analysis
-
max time kernel
496s -
max time network
511s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
23/02/2024, 11:34
Static task
static1
Behavioral task
behavioral1
Sample
U3wiR5s9Rw.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
U3wiR5s9Rw.exe
Resource
win10v2004-20240221-en
General
-
Target
U3wiR5s9Rw.exe
-
Size
3.0MB
-
MD5
95fa0324e5c4fb381d26dae7c0b9fbd5
-
SHA1
f8557d98c6f7fd1111aab7a71c74bec9395e9fbb
-
SHA256
52fe9f423aa1e4a763fb5b012095bcd6a91819038803ab35e9b26ec676304821
-
SHA512
7596a24c786ba54aa89078f9668116b5d9b9af3a0cb2c35d96bcb9fe2724564c76020c512a3d1df830887e751a61a05df5c6799e3fd53f06800f242cf239fc7c
-
SSDEEP
49152:RcEeTCc/TqjAtennuhRVCuvxVgfId7/jwl5phlJAq3pXtMyFqeDNerQfWQAo:WEWN4uvXgm/W5pP37MheMLQl
Malware Config
Signatures
-
Downloads MZ/PE file
-
Sets file execution options in registry 2 TTPs 2 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\International\Geo\Nation MicrosoftEdgeUpdate.exe -
Executes dropped EXE 18 IoCs
pid Process 5104 RobloxPlayerInstaller.exe 1460 MicrosoftEdgeWebview2Setup.exe 5352 MicrosoftEdgeUpdate.exe 4556 MicrosoftEdgeUpdate.exe 5388 MicrosoftEdgeUpdate.exe 3316 MicrosoftEdgeUpdateComRegisterShell64.exe 3684 MicrosoftEdgeUpdateComRegisterShell64.exe 1764 MicrosoftEdgeUpdateComRegisterShell64.exe 1272 MicrosoftEdgeUpdate.exe 1740 MicrosoftEdgeUpdate.exe 2304 MicrosoftEdgeUpdate.exe 5212 MicrosoftEdgeUpdate.exe 1764 MicrosoftEdge_X64_121.0.2277.128.exe 4304 setup.exe 3744 setup.exe 2068 MicrosoftEdgeUpdate.exe 5524 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe -
Loads dropped DLL 18 IoCs
pid Process 5352 MicrosoftEdgeUpdate.exe 4556 MicrosoftEdgeUpdate.exe 5388 MicrosoftEdgeUpdate.exe 3316 MicrosoftEdgeUpdateComRegisterShell64.exe 5388 MicrosoftEdgeUpdate.exe 3684 MicrosoftEdgeUpdateComRegisterShell64.exe 5388 MicrosoftEdgeUpdate.exe 1764 MicrosoftEdgeUpdateComRegisterShell64.exe 5388 MicrosoftEdgeUpdate.exe 1272 MicrosoftEdgeUpdate.exe 1740 MicrosoftEdgeUpdate.exe 2304 MicrosoftEdgeUpdate.exe 2304 MicrosoftEdgeUpdate.exe 1740 MicrosoftEdgeUpdate.exe 5212 MicrosoftEdgeUpdate.exe 2068 MicrosoftEdgeUpdate.exe 5524 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe -
Registers COM server for autorun 1 TTPs 33 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerInstaller.exe -
Checks system information in the registry 2 TTPs 10 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs
pid Process 5524 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 36 IoCs
pid Process 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Emotes\Small\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\PlatformContent\pc\textures\grass\normal.dds RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\AnimationEditor\img_forwardslash.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\StudioToolbox\AssetConfig\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\AnimationEditor\ScrollbarTop.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\PlatformContent\pc\textures\diamondplate\reflection.dds RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\9SliceEditor\Dragger2Left.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\StudioToolbox\AssetConfig\copy_2x.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.128\identity_proxy\win11\identity_helper.Sparse.Beta.msix setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Emotes\TenFoot\SelectedLine.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\VoiceChat\MicDark\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\fonts\NotoSansBengaliUI-Regular.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\CompositorDebugger\settings.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\TerrainTools\mt_grow.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\TextureViewer\cancel.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\models\MaterialManager\sphere_model.rbxm RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\StudioSharedUI\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\MenuBar\icon__backpack.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\TextureViewer\refresh_dark_theme.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_1x_1.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerInstaller.exe RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\avatar\meshes\torso.mesh RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\fonts\Sarpanch-Regular.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\Cursors\Gamepad\IBeamCursor.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\StyleEditor\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\as.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\mk.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-ingame-8x8.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_pl.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\LayeredClothingEditor\WorkspaceIcons\Cage Visibility.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Controls\DesignSystem\Thumbstick2Directional.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_is.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\CompositorDebugger\History.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\StudioToolbox\ProductOwned.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\LuaApp\icons\ic-add.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\resources.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Controls\PlayStationController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Settings\Players\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\Locales\ja.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\fonts\Sarpanch-Bold.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\VoiceChat\SpeakerDark\Unmuted40.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\PlayerList\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Settings\Help\EscapeIcon.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\VRStatus\ok.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\msedge_200_percent.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\avatar\compositing\CompositExtraSlot3.mesh RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\MaterialManager\List_LT.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\VoiceChat\MicLight\Unmuted60.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\LuaApp\graphic\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\loading\loadingCircle.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Controls\PlayStationController\ButtonL3.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Controls\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\LegacyRbxGui\popup_greenCheckCircle.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\VoiceChat\New\Unmuted100.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\ExtraContent\textures\ui\Controls\DesignSystem\DpadLeft.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\msedgeupdateres_zh-TW.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\LightThemeLoadingCircle.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\StudioSharedUI\RoundedRightBorder.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\121.0.2277.128\msvcp140_codecvt_ids.dll setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\content\textures\ui\Controls\XboxController\ButtonX.png RobloxPlayerInstaller.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" RobloxPlayerInstaller.exe -
Modifies data under HKEY_USERS 41 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LOCALSERVER32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ = "Google Update Policy Status Class" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe\AppID = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateOnDemand.exe\"" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" msedge.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateOnDemand.exe\"" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\ = "Google Update Policy Status Class" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ = "Microsoft Edge Update Legacy On Demand" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreClass" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 624919.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 29 IoCs
pid Process 4764 msedge.exe 4764 msedge.exe 5040 msedge.exe 5040 msedge.exe 1520 identity_helper.exe 1520 identity_helper.exe 4824 msedge.exe 4824 msedge.exe 740 msedge.exe 740 msedge.exe 5272 msedge.exe 5272 msedge.exe 5272 msedge.exe 5272 msedge.exe 5588 msedge.exe 4760 msedge.exe 4760 msedge.exe 5104 RobloxPlayerInstaller.exe 5104 RobloxPlayerInstaller.exe 5352 MicrosoftEdgeUpdate.exe 5352 MicrosoftEdgeUpdate.exe 5352 MicrosoftEdgeUpdate.exe 5352 MicrosoftEdgeUpdate.exe 5352 MicrosoftEdgeUpdate.exe 5352 MicrosoftEdgeUpdate.exe 5524 RobloxPlayerBeta.exe 5524 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs
pid Process 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe -
Suspicious use of AdjustPrivilegeToken 9 IoCs
description pid Process Token: SeDebugPrivilege 3484 firefox.exe Token: SeDebugPrivilege 3484 firefox.exe Token: SeDebugPrivilege 3484 firefox.exe Token: SeDebugPrivilege 3484 firefox.exe Token: SeDebugPrivilege 3484 firefox.exe Token: SeDebugPrivilege 5352 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 3484 firefox.exe Token: SeDebugPrivilege 5352 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 3484 firefox.exe -
Suspicious use of FindShellTrayWindow 60 IoCs
pid Process 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 3484 firefox.exe 3484 firefox.exe 3484 firefox.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 3484 firefox.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe -
Suspicious use of SendNotifyMessage 35 IoCs
pid Process 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 3484 firefox.exe 3484 firefox.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 3484 firefox.exe -
Suspicious use of SetWindowsHookEx 15 IoCs
pid Process 3440 U3wiR5s9Rw.exe 3972 U3wiR5s9Rw.exe 3972 U3wiR5s9Rw.exe 3484 firefox.exe 6064 U3wiR5s9Rw.exe 3720 U3wiR5s9Rw.exe 5408 U3wiR5s9Rw.exe 1076 U3wiR5s9Rw.exe 1076 U3wiR5s9Rw.exe 1832 U3wiR5s9Rw.exe 1832 U3wiR5s9Rw.exe 6120 U3wiR5s9Rw.exe 6120 U3wiR5s9Rw.exe 2532 U3wiR5s9Rw.exe 2532 U3wiR5s9Rw.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 5524 RobloxPlayerBeta.exe 360 RobloxPlayerBeta.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5040 wrote to memory of 4540 5040 msedge.exe 94 PID 5040 wrote to memory of 4540 5040 msedge.exe 94 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 2416 5040 msedge.exe 95 PID 5040 wrote to memory of 4764 5040 msedge.exe 96 PID 5040 wrote to memory of 4764 5040 msedge.exe 96 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 PID 5040 wrote to memory of 4460 5040 msedge.exe 97 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\U3wiR5s9Rw.exe"C:\Users\Admin\AppData\Local\Temp\U3wiR5s9Rw.exe"1⤵PID:692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5040 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc72d246f8,0x7ffc72d24708,0x7ffc72d247182⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:12⤵PID:3940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:2564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:12⤵PID:2804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 /prefetch:82⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3892 /prefetch:82⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5428 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵PID:3752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵PID:1224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:12⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:12⤵PID:3512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:1224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6388 /prefetch:82⤵PID:4104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6384 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵PID:5444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6792 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:12⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:12⤵PID:360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:12⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:12⤵PID:240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3212 /prefetch:82⤵PID:1144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:12⤵PID:696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4760
-
-
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:5104 -
C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeWebview2Setup.exe /silent /install3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1460 -
C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUBBAB.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"4⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5352 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4556
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5388 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:3316
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:3684
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1764
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzZCRjYyODMtRjM3RS00Mjg1LUFBNUEtNzZCNTExOTg4NjJFfSIgdXNlcmlkPSJ7NUVDNjJBNTgtRDBGRi00QkIzLTk4QUUtMzlBNDNGM0VBMzJBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEODZBNDZFNS01MjBBLTQ1RkUtQTY4RS0wQTE5NkQ5QTU2NjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODMuMjkiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MzY5MDE2NTE0IiBpbnN0YWxsX3RpbWVfbXM9IjE5NTkiLz48L2FwcD48L3JlcXVlc3Q-5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1272
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{36BF6283-F37E-4285-AA5A-76B51198862E}" /silent5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1740
-
-
-
-
C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe" -app3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:5524
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:12⤵PID:776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:12⤵PID:5840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:1136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:12⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16676170129957699486,2689825883910580391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:12⤵PID:4388
-
-
C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:fDH2O4SPuFM9z_0CAvZDVwa12AjXjyX4Ydq64gg5AxjWuiJsu4FMHlTF0yjG6Oaz5wUuui0hr3YjiXTMKYv8OqWbcNo6vkNc7DSzIrXfM_bDcWYUsSSs6BiILJ66VJ7kUPGYY2ah2Zl6JhJ3mlszmw5YqQ8uIqMX0USQtPPTrCq-BAur7xBLg0OM6myZrwRoRsxkTuGElm5ueaHqQvA1k7VNhPiOUkjwT_Ojo3kZDaA+launchtime:1708688504216+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D218943216969%26placeId%3D286090429%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3De2326bc3-107a-4317-a36e-75eb3b19d1bb%26joinAttemptOrigin%3DPlayButton+browsertrackerid:218943216969+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:360
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4844
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:100
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4088
-
C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3440
-
C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3972
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:820
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3484 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.0.383082211\581434985" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {852172ca-18af-42b1-94c3-57e638ee9f7c} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 1964 23f732b6558 gpu3⤵PID:860
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.1.181110309\965832462" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5cce9d6-d43b-4249-baa2-11c183250095} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 2364 23f72c33858 socket3⤵PID:3404
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.2.1847242068\1180413564" -childID 1 -isForBrowser -prefsHandle 3432 -prefMapHandle 3428 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddfa84a9-a65e-4bfd-997f-c5f5e918c8d0} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 3440 23f77184e58 tab3⤵PID:3044
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.3.913670645\1827493325" -childID 2 -isForBrowser -prefsHandle 3804 -prefMapHandle 3780 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a45f1ba6-b8c3-4774-99f2-4db414a05a53} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 3816 23f5f567e58 tab3⤵PID:2480
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.4.492027369\1331954219" -childID 3 -isForBrowser -prefsHandle 4828 -prefMapHandle 4820 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad110f44-d495-47f9-a7ed-cfb316ed3f24} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 4844 23f793a0358 tab3⤵PID:5612
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.5.1374651212\541512626" -childID 4 -isForBrowser -prefsHandle 5044 -prefMapHandle 5028 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f71f9ce8-f60b-4e2a-b99b-b0b4a525f801} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 5056 23f7a43a858 tab3⤵PID:5748
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.6.1711029819\322825662" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {814c2294-f8f7-401d-92b4-029745f741d9} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 5220 23f7a43ab58 tab3⤵PID:5756
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.7.1943287574\419806565" -childID 6 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f814e89-667d-4a5d-b1e8-5f348cecc8f8} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 5436 23f7a43ae58 tab3⤵PID:5772
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5736
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ro-exec-crack-main\site.txt1⤵PID:1300
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5140
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x518 0x5101⤵PID:5588
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:2304 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzZCRjYyODMtRjM3RS00Mjg1LUFBNUEtNzZCNTExOTg4NjJFfSIgdXNlcmlkPSJ7NUVDNjJBNTgtRDBGRi00QkIzLTk4QUUtMzlBNDNGM0VBMzJBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszNjAwODVGQS1GRkEzLTRDOEQtODQ3OS1EOTYyQTgxQTUzRjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Mzc4MzA2MzE5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:5212
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\MicrosoftEdge_X64_121.0.2277.128.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\MicrosoftEdge_X64_121.0.2277.128.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:1764 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\MicrosoftEdge_X64_121.0.2277.128.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4304 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=121.0.6167.184 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2DA1461A-4E55-4B54-B84B-8E37C87308FB}\EDGEMITMP_82136.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=121.0.2277.128 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff7278e1d88,0x7ff7278e1d94,0x7ff7278e1da04⤵
- Executes dropped EXE
PID:3744
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzZCRjYyODMtRjM3RS00Mjg1LUFBNUEtNzZCNTExOTg4NjJFfSIgdXNlcmlkPSJ7NUVDNjJBNTgtRDBGRi00QkIzLTk4QUUtMzlBNDNGM0VBMzJBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5MDEyODlGNy0xMDNBLTQyOTktODIxRi1DMzAwMUM5MUEzMTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMS4wLjIyNzcuMTI4IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MzkxMjU2NDE1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzM5MTQ5NzE0MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgxOTY1OTY0MjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2Q0NWE1MmU5LTU2ZDEtNGNjNi05YmQwLTI4ZDI0NjgzOTA5NT9QMT0xNzA5MjkzMTA4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVVES3ZnNmhGY3ZmZnUlMmIyaHZHeGh4eWI2aVVCV21NS212OG4lMmJjWEdiSXd4eU1La0tyQ29lR3dDNG5hZGpzS3lzUll5VmpscDJrVHlZMEZNbndKb0lYZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NDk2MDY5NiIgdG90YWw9IjE3NDk2MDY5NiIgZG93bmxvYWRfdGltZV9tcz0iNjg4MjgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MTk2ODg2MTI1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODIyODA5NTk3MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTAwMzY2MDg2MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjgyNiIgZG93bmxvYWRfdGltZV9tcz0iODA1MjEiIGRvd25sb2FkZWQ9IjE3NDk2MDY5NiIgdG90YWw9IjE3NDk2MDY5NiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNzc1NDgiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:2068
-
-
C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:6064
-
C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3720
-
C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:5408
-
C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1076
-
C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1832
-
C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:6120
-
C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"C:\Users\Admin\Desktop\ro-exec-crack-main\U3wiR5s9Rw.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:2532
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD50beb955d81d357eb45a7b79b2b0c8d1d
SHA1203edf93e2528b64c73cd4651f1af9c553ecb6c2
SHA256f4c850abc17c255023cdc5cdd9111021f474520751ee1dd95e4bfd64e27cf02e
SHA512ee043bbd66a068679cb078a17d138e0be1e2ad84c8d3dfc738425cbbb232442940819ea48c0f4ace3267f12f0622dca44bf0d83af6977c37921725fa5065b0d8
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\121.0.2277.128\MicrosoftEdge_X64_121.0.2277.128.exe
Filesize1.5MB
MD5452e0d9be9133452bcc9599a49496df7
SHA1691f98fd80f21f5e41b3205dd81aa149efe857cf
SHA25676b4c2891bb6b1eda8d7fcb509dd4e7db46c5579a1059110b7e16529adbe5234
SHA51211a908709c89534811365a7748ca8c54ca343257cffbaea21a54915a0556cb333ebe62fdf02ecc698c6d33a9dc8a9ad365032c712eca77298ee9794bda064d0f
-
Filesize
12KB
MD5369bbc37cff290adb8963dc5e518b9b8
SHA1de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA2563d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA5124f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1
-
Filesize
179KB
MD57a160c6016922713345454265807f08d
SHA1e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA25635a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e
-
Filesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
Filesize
212KB
MD560dba9b06b56e58f5aea1a4149c743d2
SHA1a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA2564d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7
-
Filesize
257KB
MD5c044dcfa4d518df8fc9d4a161d49cece
SHA191bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA2569f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c
-
Filesize
4KB
MD56dd5bf0743f2366a0bdd37e302783bcd
SHA1e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA25691d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e
-
Filesize
1.5MB
MD5da1bd5e500b99e4ac08745a9f456fd33
SHA1e9c337fffa883be4ac10ab02e28a5e33eb6e87df
SHA256e5921035e64f5167cb00b61e4a401b242b4ec267117fd59fb896807b49748802
SHA512ca04724e34aeaaaa213936f09a1be380cfacd710a5fce0e7bec767d99a687491f6dfeed9eafc7a1c39b3dcb3ee66a44442bcd5d7b57333130d6c325dbfe4fe51
-
Filesize
1.4MB
MD52677466ea215fb50fe834041ce63df03
SHA159ddde38cbfe0455f17e7287a539e5fb3aeb031e
SHA256580f4a4c4ffcad56499c43895ac8aa673e4bde03134c328429d04e6c31a4d887
SHA512ca2f5b9fdb37dc31b889ab59f94b6872ef1155f48027edcb50de3c8fc562bb33c79f88d833231a07192d90a5564502c08274aecb1b69d21163525e4e5539c270
-
Filesize
28KB
MD5567aec2d42d02675eb515bbd852be7db
SHA166079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA5123a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3
-
Filesize
24KB
MD5f6c1324070b6c4e2a8f8921652bfbdfa
SHA1988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA51263092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100
-
Filesize
26KB
MD5570efe7aa117a1f98c7a682f8112cb6d
SHA1536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA5125e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8
-
Filesize
28KB
MD5a8d3210e34bf6f63a35590245c16bc1b
SHA1f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA2563b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA5126e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a
-
Filesize
29KB
MD57937c407ebe21170daf0975779f1aa49
SHA14c2a40e76209abd2492dfaaf65ef24de72291346
SHA2565ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA5128670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7
-
Filesize
29KB
MD58375b1b756b2a74a12def575351e6bbd
SHA1802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19
-
Filesize
29KB
MD5a94cf5e8b1708a43393263a33e739edd
SHA11068868bdc271a52aaae6f749028ed3170b09cce
SHA2565b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7
-
Filesize
29KB
MD57dc58c4e27eaf84ae9984cff2cc16235
SHA13f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc
-
Filesize
28KB
MD5e338dccaa43962697db9f67e0265a3fc
SHA14c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA25699b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9
-
Filesize
29KB
MD52929e8d496d95739f207b9f59b13f925
SHA17c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA2562726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957
-
Filesize
30KB
MD539551d8d284c108a17dc5f74a7084bb5
SHA16e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA2568dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA5126fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2
-
Filesize
28KB
MD516c84ad1222284f40968a851f541d6bb
SHA1bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e
-
Filesize
28KB
MD534d991980016595b803d212dc356d765
SHA1e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA5128a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed
-
Filesize
28KB
MD5d34380d302b16eab40d5b63cfb4ed0fe
SHA11d3047119e353a55dc215666f2b7b69f0ede775b
SHA256fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA51245ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538
-
Filesize
27KB
MD54a1e3cf488e998ef4d22ac25ccc520a5
SHA1dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA2569afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245
-
Filesize
1024KB
MD5b454e47c372b2e464bee5e1a0462be64
SHA1a2add1c942565ef7e6c4d4c420a384d40f8db822
SHA25669217ed89d624fb3a2028a131d4b7a95fab4a68906a77bd612e37d49cc8937cc
SHA512573aa3cda19d7d9762da4a57ac61b4213d8e6cf96d8e103e3c9e6f366d472e656498661c7f2d82a82d9f5b2d0d55d6a9b4eb12823e146e6b01c4bf1bb9725ae7
-
Filesize
256KB
MD501d8527854ca91b35943e764f4fcf476
SHA19c29532987fce808beeca1b8acd69aff1f0d7d28
SHA2560e98f1d3260df1b9f94182c7e53314cb7585a9f185e362d66bd30f2d94a0d9d0
SHA51270e0f68c87bf3eae282edb1360817b3c123b4eb57c26c6de251b5581f296ca10b595924cb624bf2ba13c5ae94545a6e1a47264a4d2966478a2f074b07da87618
-
C:\Program Files (x86)\Roblox\Versions\version-70a2467227df4077\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
Filesize1.5MB
MD5610b1b60dc8729bad759c92f82ee2804
SHA19992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA5120614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4
-
Filesize
280B
MD58685e5d2d439af66b26f87d6a8bc7f30
SHA1df0eb364a1011d9190aa8dfb69c72fbedb95eabd
SHA256ebea92f1954ea31b5b46f1b810ea7dc9e9ff216097923e882c6ee8440350fecd
SHA512d00c347e89511e105250814a572656a64b5f822135976e5b0ec68eee3fedf1ba9eccab128630fa09915a7ce13e7da64f0400e768438d3050ef3f7dd3852763ac
-
Filesize
126KB
MD5b80728d761bab173e3ede7d0db250f7e
SHA1dfbf512e8acd2e70f63db6e0764101a18f60b397
SHA2564ce7deee9aa87dadb665870c73b58db76e3bd8265dab1803ed159f275230c0df
SHA512743fd50db4535770d34f78f8cae9d92a91742dbe9c3ecfe8070cb91c67cfe279faef1d41ef7d20d5b7beefcad5ec551ef527f6c1a0d543752a7a88c4698d9559
-
Filesize
152B
MD56fbbaffc5a50295d007ab405b0885ab5
SHA1518e87df81db1dded184c3e4e3f129cca15baba1
SHA256b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6
SHA512011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b
-
Filesize
152B
MD5360dd5debf8bf7b89c4d88d29e38446c
SHA165afff8c78aeb12c577a523cb77cd58d401b0f82
SHA2563d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef
SHA5120ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6a5bd7a8-4e6c-4cf9-84e0-cee6666bee2c.tmp
Filesize111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7aae7244-265f-44fb-b021-58df8b867247.tmp
Filesize7KB
MD5e6ecd8c93ec4b1e217a536a8ab323e03
SHA13d584947694ab5dfe8443edd2ca56066bf933600
SHA2563393f6b9cfa6bdcd08ebf9a012503a0c7e17340ca789205b68ce1d00319d643f
SHA512d901b6eafe248761be93d9df9461214cd339f5e93f818270010840a00f2fdf9cf4cdf47eaebd196396591c8bd772b34e0d4590e7c1510d53126070ce77c917bf
-
Filesize
59KB
MD5063fe934b18300c766e7279114db4b67
SHA1d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA2568745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA5129d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f
-
Filesize
153KB
MD52f3c7b5f9221520efbdb40dc21658819
SHA1df12f010d51fe1214d9aca86b0b95fa5832af5fd
SHA2563ba36c441b5843537507d844eca311044121e3bb7a5a60492a71828c183b9e99
SHA512d9ed3dccd44e05a7fde2b48c8428057345022a3bcea32b5bdd42b1595e7d6d55f2018a2d444e82380b887726377ab68fa119027c24ac1dadc50d7918cc123d7b
-
Filesize
86KB
MD54923a7479f3522cbe9389d7a4862ac07
SHA11bc1eb916c29c8cb05f5e46deb5740b2c5e992ed
SHA2566d83cc91996c474cc23c3a20d6cc27b91e34117d0e15277512711efb9a6080be
SHA5123d0dda89630f837e20956edd8ec1a083c79f5934f10adfffb116dc499d3b78418929f5c557c395cd78ef58d8a23ed2ce3af302a549a9d2aabae333c3857c8cd8
-
Filesize
51KB
MD5588ee33c26fe83cb97ca65e3c66b2e87
SHA1842429b803132c3e7827af42fe4dc7a66e736b37
SHA256bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA5126f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD51b2f13b67a0159275446d5600718bd21
SHA15807e3639013201544c92457ff1708932ab543ed
SHA256cfc7384322efb886abe8f5deb4f6a0d29c5a2cd3c8385326052841635406548c
SHA51290acdd07e44fcce5c791a8738d0d3d684ea78365dd9ec1ae91fe028d06bfcb6b2862f293e0d86242a30ebaef1bd66ddae655ca819946a1b62c56a1d917d8a5f6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD5357dd58c665588a2a827ca305dae8bc0
SHA166b57912b64d8ff7431d4face247f1e90863ac18
SHA256561fe903fb0bb9e216cfc46dcbf554139b4ee844b7a690079d49735769c1e58f
SHA512a7816cf27f1d9516647dd26ee5bab03db851a8b13f9053fe20d1b84f10dd60cce716f80847be5b725d780a19f2df588e601ed7022d028aefdb1e624159c92d95
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize392B
MD5c5658e00a92f644f376e8a6fa3eeaa38
SHA1ecb24183fb47d372ec2167bc8160b451a6be15a6
SHA2569c965d6c08c733081c4c6311d1f2dd309433e26555ce32414090991802a76222
SHA512e1d45a4cec2024902832a95e7b927c87934fd1bd868ba52ec103d060a3581df0d2875e968c04d8143a828aad21eea85a8287245065d8e9894049bbf255802c0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5a9358.TMP
Filesize351B
MD574fa28088233ff85e04a3313b8695e7c
SHA1b93f68c943c71404bc36e19c038e5cde39114b87
SHA256d081dcf0c4dbc41b5e36d27b757df121500e4c30d7b69d83b33c276752591339
SHA5128794f1d2fc58a165157a9fc00eae78ac03d2bd186af4a7c478b7f47a5ced76e9e16b6330d2ad3377aaa0ee45652fe64a47558a812f2d08c3cd582837b5b9a36e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
6KB
MD54ec844642ec7ff1775cff44240c7d433
SHA1f8c0083e1fcb54e7ede48300f9fe9d3b694f2634
SHA256faa157877a0f59673162345a6cd80cb84ce73aef276c36da592ea967f9513a1c
SHA5120597f2fe1a14cdd80e72cd79acb2963ab5b7fc51286d1d05c2652e89e3263cdb00b4b3492f2b34242f96d93e9d532101e5ee70f028377f0e66dba63e0195f030
-
Filesize
2KB
MD5bd71057d26b29b0a2829904e82b58ff7
SHA1687a0303bdc90923755632b5296c52af341916cb
SHA256a0efedf98c10d1117e1aadb5b905ddfd9d338096f2739b444ee1e6a0af7121e3
SHA512bd26a572a5771e4564a9d03ec89f85ebd6f14be98fc55f1ba20b9e9fc88fb1ba4ea2651f696f0c534bd97a2722d781ecba4cf8c8550cdf9bc7aea6945a6159a9
-
Filesize
6KB
MD5131dc5665c1b840e2fe8fff69ee1d645
SHA120c8efeca06e49bb3f6c36e67fdee6eafefcf845
SHA2563d24a812665d0640d0be828c2b2d17e0cdc75c4700b6c65637dcd7795036cede
SHA5124331a74edd798cfc80454d9be438628f306a3c32fbdffa08b7a03b5def71999213caba67b4085a1021eab39574447fc92a1dab1f75bc27d7593fac8f017b0a12
-
Filesize
1KB
MD5420b867feb84aea00fd3c0d9f305f86f
SHA1bda32fc1f5ef777accd0d6378babf0ca1b79abd3
SHA256a653ea4afaf7f30eacc10f1872708e0e44eb3b11686b1f7b2a9402f51f58775a
SHA51287ddd7eff3c847d5032b768fbd07f36faa216aac578d8e84140c723657790ab408910b3f3a280277c173787e6423902f9471a11d0a029a804120eacfb79686e0
-
Filesize
7KB
MD51dd8a0e022018e760533b0a3bfafdba9
SHA12be3def9dc9782b10bd46a2b3ca073951f55ba49
SHA2561c7d713bd02ba78b0353e0b8f7ba1a4f34e865a39260f9ac994047db21e5064f
SHA5124842d50620e319cff3765b86a5517351aa20e1e106d040c501bf23fcd0767015909801b940b74ba5ead56e4ce48f5f92cccefe4965adf14c52416a93fe26682d
-
Filesize
6KB
MD5bdf82c809e91389e23ed959072d456a8
SHA1aa28e1e1c1d29a7382b094e122678cb947800cdc
SHA2560ef6beff529d4bb1e0730ae74064e3a538b5075ee521ee6c55fec46607a4ff19
SHA51291d219a75fba3a96e7e5aef9639d5e2f0788f1abb269998a739f0c82b122bba5fe85cf2f8996958105f63fe7ba77237e0243645f9318e123e05467d01c263d9b
-
Filesize
7KB
MD5d7ef22ba95e6ebb374eef8f4719cbb54
SHA1dac271146272e998710876254cbbb2145ba23d30
SHA256a49bf172f106d14919f6fa5bb9dcb23846320cb224c903cffd92996d620089c7
SHA512723bdc4416347b2564cf9e5d6d1d19b8e21d49fec20842263de57be1c68ec02fa4206d5811715f07c69d681ef112e4e4c0b4b1d66ec5089bb6918a03f1fbdfb7
-
Filesize
8KB
MD543a11addedd7098977eaeda6eedb9f84
SHA1fecb16de4888928959ef8f0639b73dda09786f49
SHA256d4e87e9f3ae2ec3c30cf29dc3e9d0bdc23e0b915645ffa12c40eb67bf4d3c19e
SHA512860aafedf005f948bac15b93965426f7fdbe99c48a6e54016669ea23ffde2eb9e8dfdca68866fa38185fb52c3e09da8266f676c1b2dae50382fffde6eea50f43
-
Filesize
8KB
MD5ce045035af42250aabe6d58c06a2db8a
SHA1090049ad6b92983850b70d16b264de2624fbe63c
SHA2566d5dc9f6425653ad673ac7b0f01a7ca9ac06e0183bfe6da3e1c3c4703e72b880
SHA51258bd5f571e4235b6a2d41d5e37be1ed01657d06043177ec1d32563293a3da20a24035871ccbd794596badbeb83cd3dbf0c87321dad92b4857fc7afe5e04a6f5c
-
Filesize
7KB
MD57da738faa6b172d12a1b89ab72d6583b
SHA1b7125154f95e7db4a5b52ecc7dededf69f3aa935
SHA2563f7f633ed492036a1bd8a2fd3b1df9ad2eaaa45adc504543b1546c82ee578635
SHA512523feeb0a862953ad3cca4fd77559dd1c1cb49914918f07fd4d46633f0864b34c96770454804f39bf8eb264d22fc0df5daea6f6cd6beb9a7bad5208f5038f34b
-
Filesize
8KB
MD505e5d6856a0b1749df96d4c90f8a95a5
SHA1a87dfe6f909bb7c3a0173a1fc995f75d11854e96
SHA2560d4c9b23eb9eaa13983f4f1c219c3502777e76e695daeb9a414216c900797aea
SHA512bebb3ef1dfc114c4945a3c0c6e1727a10f6f7c1455a5c6722089ba488cd94c2f99f9b8e4d5d0313a29b72ed94ed309fb9693ebffc5734a5ac420e6142e0481d2
-
Filesize
6KB
MD51453c8b9b5e0a549d2160c9c0f141ec5
SHA17bcee0923501dd582f1bda0f00dc1f71a7660f16
SHA256f2db3b260de1db1c4cdcbb87be06145176695811d6594d467502ff3c9eea3427
SHA512f016ade673587d075764719d87194034bc6688778d371afdd47a5e5a6248d052aa30f5c3ccedc4b8b1fc06112fca4dfcefbc697a274de4f09386135eb8f3fa8f
-
Filesize
8KB
MD554f02246945f26402b9ecbce0372d614
SHA164b1b84ca2ce50b8931bbcf22c25edccef919b30
SHA256904f631f376696d4c53cf2df81c5e048d040e08951099b77736dedbc6202f98f
SHA5121ff0c9e0d2d650c61a7dc2e882ccce4ac4683e261b708421649921c50bcec5c9d3bcdcb805f11e29c6c736b9e70f0204f1634a027047bd60f4bf0a6cc875bb98
-
Filesize
8KB
MD5528cca8eca691a89c4f3d11e3c80dc5c
SHA1e0bd99a0d47a3ec7dfc29a498b946345918049aa
SHA25640e3483bd702410fcdd2c908d597cf706527eca18758440eaba18dfd782e3170
SHA512279d27606ea32de6ba22b86298ce4caa0691398e5f428fcfa0c8ce5445e1b46564c2e6d84965239330b6d5800f12acbd7a8fed343f4347534be9358ea7169fb3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
Filesize35B
MD5343859b4ad03856a60d076c8cd8f22c3
SHA17954a27de3329b4c5eefd4bdcb8450823881aad6
SHA2568c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f
SHA51258014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe5aabd2.TMP
Filesize99B
MD5ee3956d8f30204259eb26413a64878bb
SHA19789e75369d35e6d0113b1147750e440759700ee
SHA2568aeab4d4fb1851a18c5133d3e13307b269b0b2db4ad8d3eae3169e55c2340c13
SHA5126266a34e85b6ccadd2414a9f0dd121560baea0ad2783b8ded56460190d308c132630ae5def147fe815c69c03c9cd59b1509922fe8fb8cefa5b59d7fadc40eb49
-
Filesize
1KB
MD51c5b539a6dfde8d3bad478e70c8395e1
SHA1768c6d7e4df6e01502113129b05bc67f3c3f7ef6
SHA2568f276c67070b772babc0902b3b02b75630e17a698aa1297783d9dec2bbcba31e
SHA512423e1c6b5a47fce336c6ea055218c3a0daecc57a7145c33599031b5c295fef0fefa493519d1e5be0aa8568e3a2dc667694377612aac643ec44c8c1f9c0b150d8
-
Filesize
2KB
MD5509d6f2f5d30dd43ff02f6f6cf17c394
SHA16526e307490e074635e0346cd7322511f30f0627
SHA256c40521e1e94cbb6c3e44221b985ed5aa3984088d8be6991f409d53fed528b629
SHA512eb719f55b129bda94581941e20056c84313dc5bae884767da0eb4e12d30faa461b17526d4f40b63371808b6205bac9f83b78914dd38be5cdafbfbab84b51a949
-
Filesize
3KB
MD53336bd4992c30093980f4fe620d24cc7
SHA1b820b4d004e3d84bae24a2ff80ec1dcd7fb53d59
SHA256e872279403461aba6e22f1e45dba4cd979d8c8955b1012a90e1550642d78ab41
SHA5128c489f4a4b6d6fe0002cacc1e55b41d432659452eea67480c5e6e4c292aa39355031624d3cb7dcde44d472a4761c65fbf99d69262c5c5f9f2a39b20730acaaab
-
Filesize
3KB
MD505b6c91abfa901d606a13f2b6eb54e0c
SHA1d3bcc6e83448bc0991616143d062be57330f4519
SHA2568e274288aec401e60090e489f77a0118641934650f0f44eb647db85c49b02500
SHA512ce54973380998fa427ea6ee08292142d38cb5eb240cd677eebc4c2da8c84039f403939dc1087668fab297f986311b0740e6c5d06bb1a5072f591878946cc87a8
-
Filesize
5KB
MD50c851a9f493133508e7df893fc29bd38
SHA11225617427ad9dcb7e084dfa98e7faae35c77789
SHA2562e286ed48345f23e77b1e6fa951bc0d25bd6c31c9e55cfdaaf624c1b7027e0b9
SHA512d71323ef0f4dc3f2639e986b8e89467c135da040b9aa90913aa6e996bcf5f8c64e17cc94d5c0c9058f7b9196b112617452995ccc3320508c4ea71dedb676d51d
-
Filesize
5KB
MD5ae107d7caf6c62938f00f6693fd08d02
SHA12dedb6df0c5785c1c530f87720f165a88db23a79
SHA256d5f9130700a1f34e84ff07e6f639ca4ba2899127f7d85090fdddbfc63821b66f
SHA5125454d7fee187f241197b899f4eddd993604489bd9a8d17d840103ccc95676ada3959ec85c284910e5269e68f219b47bee4bd249270631020729a44cf28acfe83
-
Filesize
6KB
MD51d3df79cf9433bad56bfdf643ac1feae
SHA1b33280353733d2c69e32762c514e89445c7fa896
SHA2560de7ae3a05bbe2ddd505dd82526bda32f566c8af6cf1aa948eab5a18feffe37c
SHA5126208be7cb7d546ab09f5ff50ea60fabbf608c34a8c4f4af4130a8975e68a21bfaffe738b7edb7a2d377d0fa25827ae01e03dffc69048dd56e58f907c86055f6b
-
Filesize
6KB
MD5a2b7e0f7da442d50fceab5f3960f1851
SHA15cdf7c0f3ea28f31f86305608e9e0f386928c7b4
SHA256fc86a2aca5f937f5147f7c9ccf644faf2c50133f4f14c13c3629e33746658ddd
SHA5121a7a0aa6dcd2c0629214037ff791e1d6b8081e97f04498c3a7ee3cb21b589a1a13858be10478c4c474cdb7bd5fd07f22f763a1c3c0986b965fc56c2f685ef7bc
-
Filesize
6KB
MD5bd21b82f4ece97b32d66a851665e9c42
SHA16d9a471e091067e1a9e56c5bbe2e2b50aca47cef
SHA256bdaea594cd7af8eb5dfac28911036b6c3422c395ad7a9b8b82f397302178a2fb
SHA512b7194cd068d0ac89907fbc02a668d3fa6aeb2cdfbde0896631d2e7c1f53dabebbdd88d3441beb366a75c5e47c90c9f4ee0c56bd73385f6db787b8203eac4fb9c
-
Filesize
6KB
MD521b6b6530fd674435f0d199536f41309
SHA1860fce042628b6a4be111640537b43c7324b37f5
SHA2564836745e6136dfafc4b20909787e833b09dc55a6a8f9575352d2147a255692cd
SHA512166d1e4ed66ebc12b0377f24720f7abeebaa701fc6182113849afd55422e8425b792c85583c9ce5f30ed26a1d96cefe8ab9521322d4fb594741ac1f310d29234
-
Filesize
6KB
MD5cfb834168a9ede006f8045f8dd3e052e
SHA1950622bdb9b0b57d62806f3766b6fd0a38bf262b
SHA2560c580c883fd07ddddbd608eac08ebf2acbc6e928a5b65b45311bbc948710be0d
SHA512e32fd2ec67cc9c16b2eb4d14a917b6ef50c7017a8a9cdb0b32f263df9e5899d1593a5a6e4aa40f8a464cd5bcbdcc4c4eace2d5494feb4f14bdf21a2508aad41c
-
Filesize
6KB
MD588799502f77300e69f13d3e526867afe
SHA1f0f9268bc90d993bb884a9563717eba83a08ad77
SHA256fe04979945e870a3d7d9bcd59a3e4a0a291057945f950ce985a84d5bb808eabe
SHA5121d4e2b9fb0f26de109413c98e1f0bc1bac89204baa63fc363814b9366f0307603d68db7e69934401581e7fdf41805f22df85cd408a907826eccf3bfeff92b18d
-
Filesize
6KB
MD5fb653f3aef3b2d6fdfeff0ef36bbb497
SHA1268f4c504872770127a0e682b6b79017029d8fd9
SHA2560ed823a8dc0bec998b5ba5e4e668c5d074e14616d30a1081a16ea343621bd812
SHA512abb964ae9a6c410e6659d9f66d08d498e5537a0261f1ddb630355edbb108d86574e157b0294c7ec4faa26b5b0439b83b09dd400dfbaffab93642d3003ae751b1
-
Filesize
6KB
MD5a54a1313087ae8afc08c41186c412bad
SHA176d2800c330b21ea18255799bb50d87b13947228
SHA2562a9ee1ca2629c478aede78085a3627279f9a46fea9ac178e2f78ab35a60373cf
SHA5123a88cb9248db579ecf4d5922e470fc66a07bb87d71a0fad741b0c3fd4d070297a813c677de0b69c0290f2326196456faa03eb3b53bebe01539e245e32ee35d58
-
Filesize
6KB
MD520b2040e32371f6b5468975e6b600d36
SHA12ede45ecff2c27477189d4fb3d92cf7eb63c63f1
SHA2568d0a8d888ea8740e43999ddeed60eae6d9a40a58bf0e89253a442eea8f12e4da
SHA512b21e476f63e0c974aaafe25db34a3acde984dba3416f8c3c7515e47b3174945a72c364ce777960c3cfc80a3ccb21fe163e350500fee7e53d3377aa16c477db9f
-
Filesize
3KB
MD51fbd26087231f429b17f5cc82125c389
SHA1f4cfa05435ffcba010a9c30569752dfbe9098309
SHA2563d84487a0bde5752f3a688f4919bd240c51d93e5830ce1c469c8f962b0b8bc14
SHA512a93c53355425c1a232633f20f944bb4c12998f626b63fd854370a9f9836d1eb7b534a0a7ce9964867b29f3a18b3c72de40f05ca1ab22b476884a9d4f3704015d
-
Filesize
6KB
MD5d2d1bad17bd63f0b3026b01c015c88f6
SHA16585a1fbcfb16e53b8924e61b55bbe943022b764
SHA25695716f7ed0b19173fa45f783fa17b5ab99a723fbcd44191237fd55e3197e7185
SHA512c7c0adacb710569f632df280bef2e8e8f9eb93f29f01670c5bd3ede8968fe6a9161b844bc57b881237516f41af9f5ebca6eac735ad1d02ec27bb1f5c6e0ec6c8
-
Filesize
6KB
MD5188f4671f1977f992ef688cf74f8891f
SHA16276f09fb99225a9d32b4cd5a276a824b339ff04
SHA256311069609076e4e5300baf64f9e3793bd7ea1645437e1d0d75a4b094f358ce52
SHA5128928fec288110e666fd4785cd2c49860a391ca84de871b941e24ee965699687705ae0aad79f6f14948d94590affdd82d62aac2bbc71c031c444b54daad416f48
-
Filesize
6KB
MD50746375936ccc35f202f401311716e9c
SHA168abe069ec185d5d3609f07c9055820a787ab400
SHA25631733f537e6b420335aa4739f18a32297d4f8597925f1cb4013f91102cbccdfd
SHA512084ec24dc2b6fee0c37667bc93a0d491c8496afa507cd62a93014598f214b524ce55d3de12ec58fdf726333ab68712e9fa5a57b012947b0bf1fe793ff2b71474
-
Filesize
6KB
MD5cb96e6e1ee5d41c0bfcc5ff1bae3b4f0
SHA1d767c3193969c13f28a7bb14722d15525f28fc19
SHA25625ebcda60467d00012ae068c63ece90bcce083a10d9a2d15adc0f15f826eec26
SHA512e4591d99ea643501fee4e7021d86f703f2dd4b9ec265ea43b057809e77bca3ec306ac900483d93bd22ea0339b2056fe72c9d51718b068cf2ed0b5c1123d7b569
-
Filesize
3KB
MD5d7164d2017c0961967e5c886da7546b1
SHA14ab822c6c06398d7de3791f2e238773a12e82044
SHA2569022d8b0c1c8f89a1fbca286ca61401641945f47322376b6d5f20936004dcf89
SHA5125717d327b8e11b55848e63c3c55be2799f5dc14952ef308a0dac40ca5a993f29a148baa8ffb640753839389b2a60112b95f9342fedb64cf75c665be63db9f435
-
Filesize
6KB
MD5170c00fe1f40ef3c3e0227f359771a5d
SHA134759728648bdbfaa2570be1647f141b162fa030
SHA25681d14da61e8d8a7687c4677d4b6c0aa668dc75a476b47254f6d2b98f96cb0f4e
SHA512d7a3afc14e69c667798422d75a961abd4f77cbb19c6fb3402a110375d1c7c35bc786d28c3e3eeed872d2eb0b7ea53278af12878bba2d287465303297d7f58b6a
-
Filesize
6KB
MD5e44e6dec7a6f5c7f7cc84b389ad352ef
SHA16d9625a9f682374aa94ba3abfd7d25e9b0540378
SHA256db142a126b1d336942036a5f8cd0175043275a17edbe19ef6ac31cc7c201caab
SHA512e1083974428393a6a7190b6db59482bb70e7d918d2d229f3f094b93a547b7b775d8bd7481f8ade2f5a1aa4e30e1d931ee20889dea0f4e8e0ccb4dad6002925ff
-
Filesize
6KB
MD524d10e670fb50bb05acbe5d05abb0470
SHA1657b3e62b05bee668f32116eb087d4a7299098a2
SHA256b6626a67535bbd0e7993e51211597b71e57955bada17d516af36920844fd039a
SHA512ef6c243ac09c0cac4bd4ee559e93950cee4aa4861fa945ecc721d4ea51ced759b6bd082ef57e245325efad9f9c3f00d4a3a09b020500b7ab4206fa29284de5dc
-
Filesize
6KB
MD5a0b2b0f1b9b6af4cc61526b716945304
SHA19f099095056caa558b6d0086f4201ff3a7f3c4c6
SHA25610e37265b1668501b6ceb3abf6985e9edb4056bf51f1310ca847308faa0c59d7
SHA5122eccb0fa1596590c1dd319f11f60acac0b53650ed395c1ff416faeb087fed5b7ce5c9dfe850962d863011911ec594bc718a5de0e56a1a3ad2186be0b98f8cfd6
-
Filesize
6KB
MD5b03589ce2d7df0514e6befb78eb4065a
SHA1a5444a80e93e8099509961539503369cca305596
SHA256acca576af39d22e79085f09dc3b932fa69327e1d8c6f227a7b82f7c1be488de1
SHA512db52d95dd87318381483e68c8485bad87332325b05670abf363fa6c9f67e832db0125e206abec0aeddc453f424ac053c692660536b7add087fa00203f9f1f771
-
Filesize
6KB
MD52319be76d061ae63d195998285f5733c
SHA18e87c15a0cf57341e98173cf7b72ea32470e7861
SHA25609c1f1cac293fe8816ecaac2aeb79396612a2ebfc418024fa79494156c6fe21c
SHA512f4b4f7dc4f936a0fd0d1a52ad4443419a3e1cab47e45a06063e79fbf8b58b8f692974d548707b1245bf139f11b6ba4b91fa9c1d9490cd2a2a485d97f12235c21
-
Filesize
6KB
MD5bc0bbc7cccd68f52ad1dd7d530d530f6
SHA181865699120016a58d2ee2c91e8bf5bb13dbe39b
SHA2565b184af3b6e769cac4cc348be31aabe6bc2da1b4089ac3180120a483e04254f5
SHA512a3d0ffe7013cd6869c5f8856fa36dcd012b16bc2a5eb72e98304dc484c8572d50a3ee251ccae36d78880c5ae09b77bfa2545c300e3f65d20574e78b1878b9105
-
Filesize
6KB
MD5f315a2849d12bdba5c9afd9e0b292f30
SHA1aabd444895350840b177830f69284c0be7607efe
SHA25640f8a9762ce82f588313f2eb28c9a7acc4df4deaaacdbbf70c6af20e27069551
SHA512173d28904c0e34225328ca3501f664bdf80a144f5478b38981f8fea7eabf6dab938db5e9e8da1a46e5b995eb07cf7892424218b635ffb00da724baefd26a9f32
-
Filesize
6KB
MD5fc566ea7700f8ca7b23631aa3154e048
SHA174b319de3d0e3f05c2253ccf8dc8f6b05007947e
SHA256c65c39ac2037ac1233189870755eabc8a88a131120c51240083fc1b98af49844
SHA5128e2bc57952e362f3368d909a3e4dd1679cf512d9580bc788557ad565bbb99ac3180c9ef747fd2d65043d3ba9113b19ce28e9ed838060cbc5e3199f62ffcbffd4
-
Filesize
6KB
MD53c0260258b83dd181ef29b03785d0f02
SHA17b1b42093093f78b9b0b10b1c9ce06c8a7c7f0a9
SHA256a1521a0d76a7e2041f0e44f0658c54876568d7657bbf028d34f91da05e016251
SHA5121c1d650159ae0e81cc7f73a55d7d9cc01d4442a11e2f853054d7141bdd71b688d3d26aa0a066b8bf9145f6b5e5cfae4588fbb5480abc70d96b3622b2bfd5574c
-
Filesize
6KB
MD5c5a09ea298f09d7769776198a1f4cf51
SHA13f067798838fa7c2a98f4231abee7aacb410bc0e
SHA25602892700e4f5aab096739d62ba6f061d829a2a883ff4b8213151cc7dabb66683
SHA512086c31819a55758927808590ea11bc7b14dc739b8f4fc36956ea50e230bb84847d3e32e5d1c5e2a09ea86e32cb1afe24420507d5ecfdaff9b6418719a2ed7700
-
Filesize
6KB
MD5bb28b2379ffe2cf7357d59fd0330e3bb
SHA16ca5b8ced19b4c31e7df95f6cdaf09356739dba0
SHA256e1ddd5814692961822c4ea4cb84a89ad463f80f8e721cb5598e92ceab24f47ae
SHA512e872c7155e84fe4aed41f26b439db0ebab1e79d1f880741c13e0909a21fd8c671f68913b26a0879581abafebb4494f75e19cbb203a594efc49a118f2bdeb771d
-
Filesize
6KB
MD59a574e1bbbd336ec8cdb4cbb0ee5a0ff
SHA1d4c8198e835ae7298046144e8dc2d8b37e94e31d
SHA256bbd367543c494bc037e9fd2ae241f08cc5b2f3f695ad90065c8f37765000d6ac
SHA5126e9a2390fb8351b3cd4e282fd8740ff75f068372b96bf3430d4f0015e5f87e151af934be6888c2805e5de7e7fd8dfcb527f80a15204576f9519d3e2f4e022e97
-
Filesize
6KB
MD54f4d3eeaeed13af6c8820a3f69e283b8
SHA1d44599cce47da58b1f38b34120361ee65d57b193
SHA25662f1c6141c5da9b954da90bd9ac1917f1c0b581dde2d6ab49708db065f63a13a
SHA512fbf7b8a333667aa39ef72a07201912d3457fcaa125eb46f1d61893255253c024ac99891157b3875759e8a9014851554eb2f35aea941eeb34a04502680e4b9c06
-
Filesize
6KB
MD55e59d42c472387f55cda9fd9c1c0d032
SHA17f23d88b09fe9edafd7e9bb763f709cdafd40b9d
SHA256d5f6f775cf60b00e3425c7cbf10fd50d8e378fb6b1c6ff5e6daa80aa3aa8f8be
SHA512fdb23518d5944e8a9de1c10ec25775c5eb60b848826d904315d128efc3e4b6ccdcab5506ce7cc9344fe231e70ba773520ca51097d8cef69dc5519748f0409553
-
Filesize
6KB
MD5abcd0448ae1248885ca1b0b8727bfcc7
SHA14243ffbb2dfb2af37c7141bd1dab128765dc2beb
SHA25647db80febd55e11d872d90cbc09dc046879cd51c455e79a11d97fffb02b671df
SHA51220392c0506e62baed4af3e00474afd7bbaee2b7502f6cd7316d5125f8b077f477f0c3e248197ea149ea9876d47c72110ea6f5f059f11db0a381c3f9837a547d2
-
Filesize
871B
MD595332d775d17ed3a48eeb1ebffad5d19
SHA15da4445f6ece96f144abb8342fc774caf32633a4
SHA256491220c54272fce819c13ffc9cd34df644a8e4b62211e46cc52f318409020f73
SHA512afc0f1ebb010e6b1ebda6aa50c01e80ab52026e1aa1a71e85bb1931e558092aa9ac72d09520c96f458624de62f790566b9c753db737e4ac092729ff774fad5b0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ef067232-d537-40d4-a033-1432dea78947.tmp
Filesize6KB
MD54f48981457d96016aeafd83c099dd23d
SHA166aff4771b2586aebe0243b9a7cc983b0a5ee848
SHA256c836b927f39eff034e3cd579dc6546efcffb4157af76867d724dc7d9b94b153c
SHA512da7c57b1a8ea3a88a3b643b2e581bfcddded815c9935c652e266e6610d4171f7c5192936ca124a61f618151a198a983d1f3777f994f97a13eff15f37a0c969af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f9e41f12-9d03-4f48-813c-bd6fb9c28a56.tmp
Filesize3KB
MD55eddb3806ac6b762278251b40d523fea
SHA15ff34a00b4c0855f3584a5c91be2f14a8097ea77
SHA25671f4f47bdb075ddeb3004ed4fb991ef952506f5491bddad800401d2ae616872e
SHA51240574cedf8fa752660ddc0b9c0dec99c735285fcf415fcb3563625472df2a3680df309957c7e50f68a3487612ff85a9fb350138e7b8ef68d96b26a4a2f637c3b
-
Filesize
11KB
MD569ae8b1f228ecb1f233e0cd8fdcd850f
SHA1a6909448cd79cc803387e73755296331e3d4131d
SHA256ab3cee75a2c4cdf8d9117fded928d912dfe2c6c0d6257d7f29412c304b9a7cc2
SHA5122588c4abca119a6e028da1e150ad39b20d52f9f77c5ae08b1564024895ff4ebe063067496907675b57899462195be1edb231e8c61af647b8ca56a3fa75e73184
-
Filesize
12KB
MD564c8d68901c1fbfdc459ce1f4b6d53b1
SHA159853d0ecb59784a7e10a8c73cadf584259afd1b
SHA256caa2ee6b2bce4603ad014ab4d8cc772db8e59a48957aa05cc8fd2ce25b32c28a
SHA5123f283f6cf57850056a392766879a9ebadeaede54331293aee13df39010e4e19becedeb9855120f7fa298bf7dba31da8c150cdd91e7634af13b2477e70ec22ec0
-
Filesize
12KB
MD54cacfc4e2651b26800d795451cb7bf20
SHA1c65ab2c38f78bd50155ae1ff6052ab6e68989773
SHA256a57568420108adadcf47a249d5617fb51709b2be491c0c6014c6641d4c71faad
SHA512229ed8144391c5c88f87d72d78f5024ff06df9b23208da0c79430b36cf3ebf5aa61c6a536da40f8249ce120aa2c45fea41a4ec643f4c28e476466e0f377f9742
-
Filesize
11KB
MD56aa3b7c39ba66e10e063c0f916d03d97
SHA1567247d9118b8b251be3aecb1d76ea6d8375886b
SHA256718368929e2dc399d4dd62631b2a94d01e3ea65a689d93f4d5ede8f2e224d9cb
SHA51295e5c2cbad0593cc55ba2f0aa5a91434832f0b970f54667f3cc40f8e06d24e985daed3e33860a1949f0c2bbed7c5c0c8c19ff0d999d4ee6557d6fe0052932703
-
Filesize
12KB
MD54519e58c83de335fc8f9dd3062a82a96
SHA196c4c72079d4885db82dd343ceb20a844b170ade
SHA2560d2511d8b6ea23657b4692a3a2417b0198a26a068241a63d25f4bd023c753322
SHA5128db33a5f69cb59b65dc0318bf7507f268a2efe0b8e233971a03b2c787f4542ee02942355305834472f417c0856de66df41680583b029010a591dc68298831b9b
-
Filesize
12KB
MD595ea5c5f2903bd41203712f9581655ba
SHA12b22758abdb15c68d6e22f989136249353672da3
SHA256aca1990a69620aaa87f2315dc012d3742d38a3dedf8f79a559e72dedb45a518d
SHA512753346165a82289dd676aed2f930c62a36fea36a03a89407f2a2b16cad7087d903eb5a6a0073aca9cff1dbbe2bbcce8135a2f8133798c17c57a201e35ae63393
-
Filesize
12KB
MD51c06caaed3bc36f9004cbb7eef3c44cf
SHA13798d37e0c4ea40cd1a499be55eb99b792c90ed1
SHA256c46a2e91835c9a6ddb76d8467368aced86fd97d51ffb1611c36c9894d8f0c2c8
SHA51222e02f32db0b30c8573da736872d99b7b7b715dd8cc13d8312a67af62e280e9248202d34d5972344d03c8a8a0cee145822fc397b18cc91f1546745e7520ae3f6
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD
Filesize13KB
MD5b4cb2593ad15a969e43642bda0ffc4f6
SHA12aad93d7ec5a5ee0606ed10209e56d0216ea741f
SHA25664936dd98664a66c0ce03abb1127d9eac8e9608923dfc245f184843bc116e9de
SHA5121d4b81c526db331f89e9d9ceba399f3d82a2dbb217824f8f7fb636d39b5233eb273d26194090b3eb469b3971a565b29448bed87768b2c90f06ba539bd85d1adb
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD59479c2970021dee5d092bb2b0caddee0
SHA1eff8415adcdf6017b8c500de53addb50c7a99cb4
SHA2565291dfaa505a5fd9e4ba40173ff0c727b15f553babfa3651a1bcacdbd6aea0b5
SHA5129759b67ba9249a1365f9789281b16d840021c3dcc3666fdecffe8aa0268c6c65879c240516c47877f94b85c37fbdeec6d05f26a371e07f1de3064b1bdd7b5f16
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize5KB
MD5dc6f34556c42ddf714f608644dd4dbae
SHA18cd47d48fe377a3731fb3cd4076cbfe1ab41c466
SHA256bbe5dcaee7aaf56256ce0ead49c42cd918d6dc8804d0b35e5a6f582c79688f20
SHA512de5c12ffb6baf39c6cf331511e3bf3e7a706f828004d06269f905108bd834bf1daa6acea5af872b16b6829e164c7ed1181997957c04c2c04c341385347cd01e8
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize5KB
MD57bc77f6dbb12bdc2689ad9f592e375ac
SHA1a36e30145933ad48dcfa8e8978d936cf33034a13
SHA256c85c11356171674ce890ea8eb51e9bceec21919078dc8150a506b6249f3ea0d5
SHA512d9255542f596104af58c932bc2d7f630364f635ca350fc37264ea6c5b47fd45ff735d0a6f7f0470359e4c80823528c7bf001c444759574f9d5a9d577634d076a
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize5KB
MD51b2a22594bdca8c1520feacde65c95e1
SHA1ace170f5b44af43d5f7a5313bdaab69cb0301ed7
SHA256aaef5e2901d763361c41d00dc3ce2b34fb1bd5db78a9b7befb3cc99e0438c352
SHA51258b0a3e5fcaae18702b0c900b9b1e3b806d513815578ca290e7d058dfa0c0997cfa614ed6d1e9b2650807d1b3022c9f928217b757f1fc3c4a2e349bf00c9d6de
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD528dcbb184c9516664d120b6ca3e20956
SHA1adbf55f8cb7202908e66fa29fbb545ed06d59e48
SHA256c049ddf2c1ae311b2ae9338b9e7e1220175b4b62d7fb00b08e9ed5553729ed0a
SHA5128ae8e3f73ad8f580ceaae7041fc7e0a4bd367368475b98b5a918fd0fda9391a854349264c8cda100763e2044aa45a1c95042dd8f6784a053d3c248d5072d9c3e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD535f9bab9434555a887a986e537fde813
SHA15b6deb8580f5c2a1a23fa153d88641e79dc59823
SHA25668dae4058846c04dfc27c1aecb4645a760854ad4dbb1025a2a590d39ab5a5994
SHA5129995d16d13994eb11993c1168bda6a0cba26bc9dc1e8374b552e5a7c49eb6d23f4280bcfe548caba69821b374ad6cff8e4f1e8510cf0b93729eeed9f50c11eef
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD50993d42beae17f004a7c46e3cc3a5237
SHA1f4ea55861cde2457038ba8d3d4996aa78003ad16
SHA25658bd52b7dc85a1e2ab03fc9901ec22e7700e9d49e52d381ed083f3d5efa120a7
SHA5125cfd824affd9267ff663d1996080064c5460dad9c4dfcdc954c762ab76acfa30c8a5f9419bf0871a90efadeaba9b2883a23cb4d5730ab3201f2dbf27cdc431c0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\pending_pings\75eca2fb-a5c1-430c-add5-a00067cf6d78
Filesize11KB
MD5997afb94d51200ff38c2339e48f8ac94
SHA1375ab8f9dbdd48bc4e67d81e5849e1675961b022
SHA2562e396f030c6dfde55e1c3d87a753ea3f306e82ce378f16e7b9e65dd19d64208e
SHA512f9e97515ce427b24cfc3edf2d35d3c3587c782963618927ada1cbae9c841f8443adaa66158ee726d0d0662efd06c9f64e59dd70dcfd0c5e6ba521b22efd85a5c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\pending_pings\c808db68-084b-48dd-962f-84f9923d2c68
Filesize746B
MD575bc0307ff8c1b0465d3d338b3e0a0c1
SHA1308582827c85e62f1d48108a1b8983c632c7f903
SHA256fa752059523eb4be36182bb6bea2426d60f27746ce27da734b55741e3f2f84cb
SHA51240c18825211d35b79d06fd03c8eaaab650e604537e5f201cfa60129302fa30219184db80122490c1f2fecdf2ea68265d9965dc20935e60331d68d1bdc98af494
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize9.0MB
MD572b7237568023b2fb036e20841aacfbf
SHA11d28c0b2182a5562c41b2a23d6cfaf09c945d179
SHA256ba7f863845f4ee35535f857f087eaa867487cf9bb75dc3adccfca63c43d8f5a2
SHA5122aa62c6e212668fe682e0080ee61ce1e076f17c118e0b2e04ca32d39f07495578b9b9855d7c001f3d45be11b433027f1b8e14af45d24d48d608fa942c89373ba
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
7KB
MD54c376fd503e413d143474003d344528a
SHA101e78a049dcb0ee8ef3d03dad7e41bf00e4fe39c
SHA256a9546fe6f0fe08caf5f2cf6f4ffdb673944613396b981234de2487abcec33693
SHA51252248fefc805e8a21e9568681d264ddee6ebdd5f27f9aafaa1ac3d940593283b862c626e07889aed00a81e62805219d5696dc2d0889d2d526198fc54f19b3d2b
-
Filesize
9KB
MD57ff03414464965c0a1c6dd06513d63e8
SHA1419cb04f68f7172d391fa4ebe03d6468e9db5708
SHA2562a9bc4fe6d89599ca3819204cf01f79c8e16c15ea036d0832591390145317fb2
SHA512a315ad1ccaf194a56cdb7063ae75f7a1e07ae4c13f6df7cbc1bc084d7cd44a1d33d86a50296f47f61c6c8e755de6ceb3e04fcd06ef17a1923f7667c4ff852381
-
Filesize
6KB
MD5a43f320710027f57806a2f054959b752
SHA1224783d9058d02734d1347f9c4c42b5011327a8d
SHA25675c0e72e8a0d6dcec9c7d0cf8ef6d7600c5adb9ed6657bfe4a5fb795afaea1e6
SHA512b4dc2843c4b9808694e4408747aa8cb139dd41bdae69bf556237c51b1c8159aa1b6c80d4773d903e96770979c25535ba40750d8fa629ec93b8681a47f5498471
-
Filesize
6KB
MD58fb520e3cd7fa5691144219e47234326
SHA11b04e5aa99ffe081e92af7a741195b5abaca473d
SHA25625d580b2a16ee61fced24d1c94a2510de558be98b92ed274c027f11c60f7b8e9
SHA512ce303c9526b4f7a303e903385b3cbd3906b3df8c026692b63459579895dda33bc09d6060d1ae696e31f0e0a47691451d59f2330e03fc98fa538cedf2d74511fe
-
Filesize
6KB
MD57c3891c153a9142a7a7e77276dc77ae3
SHA1ab26b97fbba501ddeabff9a7c3616f7fb88d5170
SHA256061e8bcac3d899748a8f6a0f513eb236b75c50c06b9ec57fcd91e89c9d54318f
SHA512495b17b30f5e66b2bc92bd57429e696e9c3272a325ad75e12ef7f38a79b62fad35fe0027a112ee2807485b799ce9b1bd42b9c997410900d163ad36efdd67c7ae
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5bc703e6370fd828eb3642124d2ae3e29
SHA1a9bff10ddc298b84b85544b20ecf77126dd6e482
SHA25657166b5b2332f9af374dbd54ad687b6268276c416832aefbdd2bafc5a11d1e57
SHA5123697823f286f59ddac45c8d896d36ca5c8e1539fcb9358d36a04d63512edae80f78b0529b6242c8cbe6a3d4580b6b2149579df5a089819edd1c1921c7f31f13a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD575321f3a1699e170a0d204aee5df6a2c
SHA15158f5e5eb05b6162dff14c545e26456039b6608
SHA25654f0329e8adb563535ec593c9d2eb183496ab82b36b09612c546ddbb74e155a0
SHA5121de6b3f138677071a6917200c0d302f34ff53d9bc7ed1544aa8f55d8a08da185024b58e7ff46e46a366e840122f6ec860850248306c3814acad2f8871dfd06d1
-
Filesize
3.2MB
MD59f04bcdd340daa9e3115b40e36f18a4a
SHA1c3c331996ec49f1a6c357845a93f63957eed5c00
SHA256531df8563b5f76a978ac69ef49b07dd87933eb5a291746698fc381295248cc98
SHA512c334866560442dafed0df3f9e3bb46b35be77d412dcb1664491fd6adfe6629e35e8aae67d6f49ae78f4d9be29d22594a4519af3fed69f5220359bbc7e5db7152
-
Filesize
2.1MB
MD5ded8e57cce95a72f80c9609463562728
SHA19f3309f4d4bd46f51bc5e05b66a6181647543cd0
SHA2566636cd9b1e4f4fdf34d107f6927dd4b3301a7ffa37d4cc59adf78f8a45fb09ec
SHA5120e7140709d4f4bfd5d60d3b8767d1fba0eaf75efc69b310662520937a3bdee532eb4263f5adcbed2183dec2bb20cae5c77635fb5d43dfcfc327c992709465ba2
-
Filesize
1.1MB
MD5d05afa3d70ece2fea158fda186af62a8
SHA1f524a0711fc621a53a9e3643517dce4c540b8427
SHA2566d571c161bba7175e72cac759c6bf614995cc5dfe3374a94ea0427bdf1812689
SHA51236df9f4b62de832b9758b25102cc5bbe1c8af3f4bfea76b9c359d404733b62659c3078d49b78aedbe0a1f5eea8d8033db6f8bc597dcefa413ff65055518e79e0
-
Filesize
83KB
MD5f300b0f010b9d0067df0159a90b2f2bd
SHA1b7c1403a019986140346cc2d1584ac239870ca83
SHA256b32e38e103a83a30b37c89dd39620df908f5f2abab0b7b2a0531369b59925a27
SHA51270f8e2be7a2d7c9c608c06ea09d06d4a9614c5f672a8a9f945fb01da9bbdf4dab2d4630d9120e68f6b86290452ff7e9fead2e9d68a878fb4568238e2cd5fa47b