Malware Analysis Report

2025-08-11 01:18

Sample ID 240408-1psy2scg63
Target WeMod-Setup.exe
SHA256 9865a54dc5191d22de1b27be4be1e0babe609d5e671d3a62b68cff975ad8071d
Tags
redline zgrat discovery evasion infostealer persistence rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9865a54dc5191d22de1b27be4be1e0babe609d5e671d3a62b68cff975ad8071d

Threat Level: Known bad

The file WeMod-Setup.exe was found to be: Known bad.

Malicious Activity Summary

redline zgrat discovery evasion infostealer persistence rat spyware stealer trojan

ZGRat

RedLine

RedLine payload

Detect ZGRat V1

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Sets file execution options in registry

Checks BIOS information in registry

Loads dropped DLL

Executes dropped EXE

Reads user/profile data of web browsers

Checks computer location settings

Registers COM server for autorun

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks whether UAC is enabled

Checks installed software on the system

Enumerates connected drives

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks system information in the registry

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Checks processor information in registry

Suspicious use of SendNotifyMessage

Modifies system certificate store

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Modifies registry class

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of UnmapMainImage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 21:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 21:49

Reported

2024-04-08 22:07

Platform

win10v2004-20240226-en

Max time kernel

1049s

Max time network

1053s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe"

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

ZGRat

rat zgrat

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\Electron\Electron\Electron.exe N/A

Downloads MZ/PE file

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\Electron\Electron\Electron.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Electron\Electron\Electron.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\MicrosoftEdge_X64_123.0.2420.81.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO015EB78F\flunixprogramm.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO031CCA62\krnl.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F66A0B81-88E1-44FD-8F63-902AC20EF5A7}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\SturePC\Temp\nsu37BC.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Electron\Electron\Electron.exe N/A
N/A N/A C:\Users\Admin\Downloads\Electron\Electron\Electron.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Users\Admin\Downloads\Electron\Electron\Electron.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1720 set thread context of 2740 N/A C:\Users\Admin\AppData\Local\Temp\7zO015EB78F\flunixprogramm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\AnimationEditor\image_keyframe_elastic_unselected.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\DevConsole\Filter-stroke.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\PublishPlaceAs\MoreDetails.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\common\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\DefaultController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\TopBar\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\VoiceChat\New\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\fonts\families\Roboto.json C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaChat\graphic\gr-gamealbum-icon-52x52.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\PlatformContent\pc\fonts\NotoSansCJKjp-Regular.otf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaChat\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\uk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Emotes\Editor\Large\OrangeHighlight.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\PlatformContent\pc\textures\sky\sky512_bk.tex C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\PerformanceStats\BackgroundRounded.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\VoiceChat\SpeakerNew\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\InGameMenu\game_tiles_background_desktop.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\graphic\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaChat\icons\ic-resend.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\AnimationEditor\animation_editor_blue.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\ga.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\TerrainTools\mtrl_cobblestone_2022.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\PlatformContent\pc\textures\sky\indoor512_lf.tex C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\msedge_elf.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\af.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioSharedUI\packages.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioSharedUI\default_user.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioToolbox\AssetConfig\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\PlatformContent\pc\textures\fabric\normaldetail.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\DesignSystem\ButtonStart.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\VoiceChat\Misc\MuteAll.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\cy.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\lt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioToolbox\ArrowDownIconWhite.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\VoiceChat\New\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\ExternalSite\amazon.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaChat\9-slice\input-default.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\mspdf.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\TerrainTools\mt_grow.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaDiscussions\search.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_nb.dll C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\mi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Settings\ShareGame\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\LayeredClothingEditor\Icon_MoreAction_Light.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaChat\icons\ic-profile.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Locales\az.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Trust Protection Lists\Sigma\Cryptomining C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\msedgeupdateres_iw.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F66A0B81-88E1-44FD-8F63-902AC20EF5A7}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\sky\cloudsfb.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\TerrainTools\icon_regions_delete.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\ErrorPrompt\SecondaryButton.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\Controls\DesignSystem\Thumbstick1Directional.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Locales\kok.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\AnimationEditor\image_keyframe_linear_selected.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\fonts\Fondamento-Regular.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\GameSettings\ScrollBarBottom.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\avatar\meshes\leftarm.mesh C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\Trust Protection Lists\Sigma\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\AnimationEditor\btn_delete.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133570866317626017" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\ = "Microsoft Edge Update Process Launcher Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CurVer\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioInstaller.exe" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID\ = "{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\ = "PSFactoryBuffer" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\ = "Google Update Policy Status Class" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3384 wrote to memory of 2752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 2752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 3972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3384 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe

"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb81459758,0x7ffb81459768,0x7ffb81459778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3372 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4692 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5248 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5556 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7415a7688,0x7ff7415a7698,0x7ff7415a76a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4852 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1064 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4544 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6140 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5460 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5872 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5964 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3316 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5004 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5396 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6376 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6364 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6160 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUFBQ0RGNzYtNDc1RC00QkExLTk5MjctN0MyOTkyQTkyNTVCfSIgdXNlcmlkPSJ7NkQ5MTkxREQtRTgzNC00MTdDLThBN0QtQzcwQ0JBRTRDMTQ2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyNjQ3NDVGOS1CNUMxLTQ0NkEtQjgyRC01MERGMUQ3ODc3RDN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMTciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjIxNTgzMTY5IiBpbnN0YWxsX3RpbWVfbXM9IjExMjgiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{EAACDF76-475D-4BA1-9927-7C2992A9255B}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUFBQ0RGNzYtNDc1RC00QkExLTk5MjctN0MyOTkyQTkyNTVCfSIgdXNlcmlkPSJ7NkQ5MTkxREQtRTgzNC00MTdDLThBN0QtQzcwQ0JBRTRDMTQ2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFRDU0QTAxRi0yMkNBLTRFRDgtQkZCMy05ODRGNUQzQUYxQzd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjM0MjUzNTM0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4040 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\MicrosoftEdge_X64_123.0.2420.81.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\MicrosoftEdge_X64_123.0.2420.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.106 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28EF1E1F-F8E6-4E77-ADE2-CEC4104B0B4A}\EDGEMITMP_C3464.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.81 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6ab8cbaf8,0x7ff6ab8cbb04,0x7ff6ab8cbb10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2956 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5532 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=3020 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6400 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6696 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6848 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6768 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6476 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4988 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 --field-trial-handle=1912,i,1220814135823470667,17211152072538870220,131072 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Flux-41-fers.rar"

C:\Users\Admin\AppData\Local\Temp\7zO015EB78F\flunixprogramm.exe

"C:\Users\Admin\AppData\Local\Temp\7zO015EB78F\flunixprogramm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1720 -ip 1720

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 820

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb81459758,0x7ffb81459768,0x7ffb81459778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4952 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5296 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5356 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUFBQ0RGNzYtNDc1RC00QkExLTk5MjctN0MyOTkyQTkyNTVCfSIgdXNlcmlkPSJ7NkQ5MTkxREQtRTgzNC00MTdDLThBN0QtQzcwQ0JBRTRDMTQ2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBNjQ5MDJERi1BNkZBLTQ3MkQtQTdCMy03MUQ5MDhEODNGRjl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMy4wLjI0MjAuODEiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyNTMzMTMzNjgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjUzNjQzNDc2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTQ5MjE3MzQzNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvN2EwYTBiZDYtYjljOS00YzU2LTk2NDktZTllOWMyMmZiZTQzP1AxPTE3MTMyMTgyNjgmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RVhZcUV0QzdjVVZNVzU3UXo1U0djTkt0RkR6Y2thQ05Sa1hzc0tva25lZWolMmJrMmVHUHp6UFN0andrWTl3cjhqdnVMSW1SdnlmUmYzYTluT3pJZXlOdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjA4Njc0NCIgdG90YWw9IjE3MjA4Njc0NCIgZG93bmxvYWRfdGltZV9tcz0iMTM5MDQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NDkyNDQzMjE2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTUxNjU1MzU1OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyNDkzODMxNTUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDIyIiBkb3dubG9hZF90aW1lX21zPSIyMzg1NCIgZG93bmxvYWRlZD0iMTcyMDg2NzQ0IiB0b3RhbD0iMTcyMDg2NzQ0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI3MzI2NiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe" -app -isInstallerLaunch

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2916 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2952 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5768 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5900 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5952 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:ZGmnAQYqhG8HVcNgIJFIGuSh9Zn_lr-SYrhdFY0pdki5SW8t6OE7I9iYr7P4c1pv4JYHVoM0m1TwrPCOVrhzU9cokyG2AYiEfeGivflMRt4I6vMV1mlmlgabg0B4y3oeeEjnBdbykIx-unmZ7rSj4ByteF32_7cyGrpKsG1QuHj8Dtkh1XhXafQA1KgwTvzj62qpLTCI535Y9AAJWn4yBVB-d_YQmWFoinW94yUrGik+launchtime:1712613585606+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3Dfalse%26placeId%3D2753915549%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D6de3d7c8-2b7b-419c-9ce1-313c2ab8d3cd%26joinAttemptOrigin%3DPlayButton+browsertrackerid:false+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3512 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:_ZbpvjgcMncU_kVFPsK-paXhCphwj8-OON7BR_kQYJzIXZHyMOaemNTJ-0ivdnJCL7rGKVB2zeH3TuiFvcYii0lt3UuA_1K2UOnMhgVmltS_kjPwXFczbIlJWf-1QXuVf56ce0b_TjULbse2IFZ86HxLWbREOe8LajcgdMJvkgJz0zBNO_cdSruWet3dF1d2ooc4sohZrTFL6_i9psaDgUfVsfFATTKuzKPiTwtRl9k+launchtime:1712613615340+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3Dfalse%26placeId%3D2753915549%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D90dc7ae5-9e01-40c4-a168-013a607aa7b9%26joinAttemptOrigin%3DPlayButton+browsertrackerid:false+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2348 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6036 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5976 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6040 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5756 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6268 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5424 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5164 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4188 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5852 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5264 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5764 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6344 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5748 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=1796 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6608 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\KRNLWRD.rar"

C:\Users\Admin\AppData\Local\Temp\7zO031CCA62\krnl.exe

"C:\Users\Admin\AppData\Local\Temp\7zO031CCA62\krnl.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7044 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2324 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4716 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5928 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3104 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5860 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F66A0B81-88E1-44FD-8F63-902AC20EF5A7}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F66A0B81-88E1-44FD-8F63-902AC20EF5A7}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{70E1CE57-EE7C-479D-AAED-BB94C6C6DB3B}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzBFMUNFNTctRUU3Qy00NzlELUFBRUQtQkI5NEM2QzZEQjNCfSIgdXNlcmlkPSJ7NkQ5MTkxREQtRTgzNC00MTdDLThBN0QtQzcwQ0JBRTRDMTQ2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyNDA1NkEzNS02NDY1LTQ4RUYtQTg3Mi05MDBFODZBNkEzQ0Z9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjI5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNDEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNDQzMjg0MzcwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNDQzNTk2MDc1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjkyNzIzNDQ3MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzEzMjE4NTg3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PU5PWjJaQkwyOUFiOGliMDFvZjRBcW9HOVozZjNTS28lMmJUVDMzWjJDM1FkUXZjOUM5ZHd6QkpyOWhhYUd2MWZBOWJ4QUlaWTFsWVUzRzJXMG1CUlhuZ1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMTUiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI5MjcyNjQ4MjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzEzMjE4NTg3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PU5PWjJaQkwyOUFiOGliMDFvZjRBcW9HOVozZjNTS28lMmJUVDMzWjJDM1FkUXZjOUM5ZHd6QkpyOWhhYUd2MWZBOWJ4QUlaWTFsWVUzRzJXMG1CUlhuZ1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjMwNzkyIiB0b3RhbD0iMTYzMDc5MiIgZG93bmxvYWRfdGltZV9tcz0iNDM0NDkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI5Mjc1OTM5NTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI5MzMyNDY5MTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSI0MiIgcmQ9IjYyNjUiIHBpbmdfZnJlc2huZXNzPSJ7NzZBMDU3ODYtREU1Qy00QUM5LTk0MTQtRkFDRDNFRjFDQTFGfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSI0MSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTM0MzU4OTA5ODQzMTIwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9IjQyIiBhZD0iLTEiIHJkPSI2MjY1IiBwaW5nX2ZyZXNobmVzcz0iezEyODA3MDk4LTdBODAtNDdCMS05ODJFLUJBRjlGMTMzMkNDNn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTIzLjAuMjQyMC44MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzA3Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7M0EzMzc3OEMtMjQ1My00N0ExLThDNEItQzIzQUQyODMzRkI3fSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Users\Admin\Downloads\Setup.exe

"C:\Users\Admin\Downloads\Setup.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUF24.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{70E1CE57-EE7C-479D-AAED-BB94C6C6DB3B}"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzBFMUNFNTctRUU3Qy00NzlELUFBRUQtQkI5NEM2QzZEQjNCfSIgdXNlcmlkPSJ7NkQ5MTkxREQtRTgzNC00MTdDLThBN0QtQzcwQ0JBRTRDMTQ2fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QjYyNUFDRkMtOTQ0Mi00NjZGLTg3NzUtQ0E0OEE5RjU4RUJCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjQxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MDg5ODUyOTkiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyOTg4Mzk0MzY0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Users\Admin\Downloads\Setup.exe

"C:\Users\Admin\Downloads\Setup.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://pcapp.store/installing.php?guid=2D983147-F9F1-498D-BE7E-1997EADA874AX&winver=19041&version=fa.1089fw&nocache=20240408220405.99&_fcid=1712613821534459

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb81459758,0x7ffb81459768,0x7ffb81459778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5884 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6280 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2320 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=4116 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6944 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7204 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Users\Admin\SturePC\Temp\nsu37BC.tmp

"C:\Users\Admin\SturePC\Temp\nsu37BC.tmp" /verify

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7140 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7188 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6124 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=5884 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=2916 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7220 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7564 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7944 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8184 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8000 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7600 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7912 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8160 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8128 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Users\Admin\Downloads\Electron\Electron\Electron.exe

"C:\Users\Admin\Downloads\Electron\Electron\Electron.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=7996 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8104 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7156 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6572 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7928 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5692 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6964 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=7224 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=6932 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=7976 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3100 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=1796 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7328 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3104 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5456 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=1156 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=6732 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=7688 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=6324 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7260 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=7008 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5512 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6636 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6308 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=7384 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=3332 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=7144 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=4880 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=7784 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=4716 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=2340 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=8000 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=5460 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=4804 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=5240 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=7580 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7352 --field-trial-handle=1904,i,11338848439402370419,7113999294715859904,131072 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2401 (1).msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 api.wemod.com udp
US 104.22.43.75:443 api.wemod.com tcp
US 8.8.8.8:53 75.43.22.104.in-addr.arpa udp
US 104.22.43.75:443 api.wemod.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 roblox.com udp
GB 128.116.119.4:443 roblox.com tcp
GB 128.116.119.4:443 roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 ncs.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 128.116.119.4:443 ncs.roblox.com tcp
BE 13.225.239.38:443 js.rbxcdn.com tcp
BE 13.225.239.38:443 js.rbxcdn.com tcp
BE 13.225.239.38:443 js.rbxcdn.com tcp
BE 13.225.239.38:443 js.rbxcdn.com tcp
BE 13.225.239.38:443 js.rbxcdn.com tcp
BE 13.225.239.38:443 js.rbxcdn.com tcp
BE 13.225.239.11:443 static.rbxcdn.com tcp
BE 13.225.239.36:443 css.rbxcdn.com tcp
BE 13.225.239.36:443 css.rbxcdn.com tcp
BE 13.225.239.36:443 css.rbxcdn.com tcp
BE 13.225.239.36:443 css.rbxcdn.com tcp
BE 13.225.239.36:443 css.rbxcdn.com tcp
BE 13.225.239.36:443 css.rbxcdn.com tcp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 38.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 11.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 36.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 8.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 86.154.64.172.in-addr.arpa udp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
BE 23.14.90.98:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
BE 13.225.239.27:443 images.rbxcdn.com tcp
BE 13.225.239.27:443 images.rbxcdn.com tcp
BE 13.225.239.27:443 images.rbxcdn.com tcp
BE 13.225.239.27:443 images.rbxcdn.com tcp
BE 13.225.239.27:443 images.rbxcdn.com tcp
BE 13.225.239.27:443 images.rbxcdn.com tcp
BE 13.225.239.36:443 css.rbxcdn.com tcp
US 8.8.8.8:53 98.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 27.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 assetgame.roblox.com udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 104.18.33.170:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 170.33.18.104.in-addr.arpa udp
US 104.18.33.170:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 104.18.33.170:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 apis.roblox.com tcp
GB 128.116.119.4:443 apis.roblox.com tcp
GB 128.116.119.4:443 apis.roblox.com tcp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 assetgame.roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
BE 13.225.239.65:443 css.rbxcdn.com tcp
BE 13.225.239.61:443 js.rbxcdn.com tcp
BE 23.14.90.89:443 static.rbxcdn.com tcp
US 8.8.8.8:53 89.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 65.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 61.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 images.rbxcdn.com udp
BE 13.225.239.13:443 images.rbxcdn.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
BE 13.225.239.65:443 css.rbxcdn.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
BE 13.225.239.65:443 css.rbxcdn.com tcp
US 8.8.8.8:53 13.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 146.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 lms.roblox.com udp
US 8.8.8.8:53 realtime-signalr.roblox.com udp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 thumbnails.roblox.com udp
US 8.8.8.8:53 aws-eu-west-2c-lms.rbx.com udp
US 8.8.8.8:53 bom1-128-116-104-4.roblox.com udp
US 8.8.8.8:53 sin2-128-116-97-3.roblox.com udp
US 8.8.8.8:53 aws-eu-central-1c-lms.rbx.com udp
US 8.8.8.8:53 syd1-128-116-51-3.roblox.com udp
US 8.8.8.8:53 dfw2-128-116-95-3.roblox.com udp
BE 23.14.90.89:443 static.rbxcdn.com tcp
US 8.8.8.8:53 aws-ap-east-1a-lms.rbx.com udp
US 8.8.8.8:53 cdg1-128-116-122-3.roblox.com udp
US 8.8.8.8:53 fra2-128-116-123-3.roblox.com udp
HK 18.166.241.245:443 aws-ap-east-1a-lms.rbx.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
DE 35.157.30.157:443 aws-eu-central-1c-lms.rbx.com tcp
GB 35.176.8.75:443 aws-eu-west-2c-lms.rbx.com tcp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
US 8.8.8.8:53 lax4-128-116-63-3.roblox.com udp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
HK 18.166.241.245:443 aws-ap-east-1a-lms.rbx.com tcp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
US 8.8.8.8:53 3.122.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.123.116.128.in-addr.arpa udp
US 8.8.8.8:53 4.104.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.95.116.128.in-addr.arpa udp
US 8.8.8.8:53 157.30.157.35.in-addr.arpa udp
US 8.8.8.8:53 75.8.176.35.in-addr.arpa udp
US 8.8.8.8:53 chat.roblox.com udp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 accountsettings.roblox.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 3.63.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.97.116.128.in-addr.arpa udp
US 8.8.8.8:53 245.241.166.18.in-addr.arpa udp
US 8.8.8.8:53 3.51.116.128.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 presence.roblox.com udp
US 8.8.8.8:53 t2.rbxcdn.com udp
BE 13.225.239.89:443 t2.rbxcdn.com tcp
US 8.8.8.8:53 t3.rbxcdn.com udp
US 8.8.8.8:53 t5.rbxcdn.com udp
BE 13.225.239.89:443 t2.rbxcdn.com tcp
BE 13.225.239.45:443 t5.rbxcdn.com tcp
BE 13.225.239.62:443 t3.rbxcdn.com tcp
BE 13.225.239.62:443 t3.rbxcdn.com tcp
BE 13.225.239.45:443 t5.rbxcdn.com tcp
US 8.8.8.8:53 89.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 45.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 62.239.225.13.in-addr.arpa udp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
GB 35.176.8.75:443 aws-eu-west-2c-lms.rbx.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
DE 35.157.30.157:443 aws-eu-central-1c-lms.rbx.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
US 8.8.8.8:53 js.stripe.com udp
US 151.101.0.176:443 js.stripe.com tcp
US 8.8.8.8:53 followings.roblox.com udp
US 8.8.8.8:53 176.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 games.roblox.com udp
US 8.8.8.8:53 mia4-128-116-45-3.roblox.com udp
US 8.8.8.8:53 c0.rbxcdn.com udp
US 8.8.8.8:53 atl1-128-116-99-3.roblox.com udp
US 8.8.8.8:53 c0ak.rbxcdn.com udp
US 8.8.8.8:53 ord2-128-116-101-3.roblox.com udp
US 8.8.8.8:53 ams2-128-116-21-3.roblox.com udp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
BE 23.14.90.104:443 c0ak.rbxcdn.com tcp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
BE 23.14.90.104:443 c0ak.rbxcdn.com tcp
US 8.8.8.8:53 badges.roblox.com udp
US 8.8.8.8:53 104.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 3.99.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.101.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.45.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 cs.ns1p.net udp
DE 3.79.139.239:443 cs.ns1p.net tcp
US 8.8.8.8:53 s.ns1p.net udp
DE 3.79.139.239:443 s.ns1p.net tcp
US 8.8.8.8:53 voice.roblox.com udp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 8.8.8.8:53 m.stripe.network udp
US 8.8.8.8:53 mia2-128-116-127-3.roblox.com udp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 8.8.8.8:53 239.139.79.3.in-addr.arpa udp
US 8.8.8.8:53 hkg1-128-116-118-3.roblox.com udp
HK 128.116.118.3:443 hkg1-128-116-118-3.roblox.com tcp
HK 128.116.118.3:443 hkg1-128-116-118-3.roblox.com tcp
US 8.8.8.8:53 m.stripe.com udp
US 44.237.151.236:443 m.stripe.com tcp
US 8.8.8.8:53 3.127.116.128.in-addr.arpa udp
US 8.8.8.8:53 236.151.237.44.in-addr.arpa udp
HK 128.116.118.3:443 hkg1-128-116-118-3.roblox.com tcp
US 8.8.8.8:53 b.ns1p.net udp
US 8.8.8.8:53 setup.rbxcdn.com udp
NL 23.63.101.170:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 client-telemetry.roblox.com udp
GB 128.116.119.3:443 client-telemetry.roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:55892 tcp
N/A 127.0.0.1:55896 tcp
N/A 127.0.0.1:55899 tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
BE 104.68.69.233:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 8.8.8.8:53 233.69.68.104.in-addr.arpa udp
BE 13.225.239.90:443 setup.rbxcdn.com tcp
N/A 127.0.0.1:55902 tcp
US 8.8.8.8:53 90.239.225.13.in-addr.arpa udp
BE 13.225.239.90:443 setup.rbxcdn.com tcp
BE 13.225.239.90:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 20.114.58.89:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 89.58.114.20.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
GB 104.91.71.146:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 214.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
GB 142.250.187.214:443 i.ytimg.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
RU 147.45.47.64:11837 tcp
US 8.8.8.8:53 64.47.45.147.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 www.roblox.com udp
US 128.116.102.4:443 roblox.com tcp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 4.102.116.128.in-addr.arpa udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 104.91.71.146:443 tr.rbxcdn.com tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 aws-ap-east-1b-lms.rbx.com udp
US 8.8.8.8:53 pulsar.roblox.com udp
US 8.8.8.8:53 sin4-128-116-50-3.roblox.com udp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
US 8.8.8.8:53 roblox-poc.global.ssl.fastly.net udp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
US 8.8.8.8:53 c0aws.rbxcdn.com udp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
BE 13.225.239.49:443 c0aws.rbxcdn.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
HK 18.166.132.10:443 aws-ap-east-1b-lms.rbx.com tcp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
PL 128.116.124.3:443 pulsar.roblox.com tcp
HK 18.166.132.10:443 aws-ap-east-1b-lms.rbx.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
US 8.8.8.8:53 s.ns1p.net udp
DE 3.79.139.239:443 s.ns1p.net tcp
US 8.8.8.8:53 194.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 accountsettings.roblox.com udp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 49.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 3.124.116.128.in-addr.arpa udp
US 8.8.8.8:53 10.132.166.18.in-addr.arpa udp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 8.8.8.8:53 b.ns1p.net udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
US 8.8.8.8:53 aws-eu-west-2c-lms.rbx.com udp
US 8.8.8.8:53 aws-eu-central-1c-lms.rbx.com udp
US 8.8.8.8:53 ams2-128-116-21-3.roblox.com udp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
GB 3.8.27.36:443 aws-eu-west-2c-lms.rbx.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 8.8.8.8:53 mia4-128-116-45-3.roblox.com udp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 8.8.8.8:53 static.rbxcdn.com udp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
US 8.8.8.8:53 c0.rbxcdn.com udp
BE 13.225.239.41:443 css.rbxcdn.com tcp
US 8.8.8.8:53 c0ak.rbxcdn.com udp
BE 13.225.239.22:443 static.rbxcdn.com tcp
US 8.8.8.8:53 js.rbxcdn.com udp
BE 13.225.239.49:443 c0.rbxcdn.com tcp
BE 23.14.90.104:443 c0ak.rbxcdn.com tcp
BE 13.225.239.38:443 js.rbxcdn.com tcp
US 8.8.8.8:53 36.27.8.3.in-addr.arpa udp
US 8.8.8.8:53 41.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 22.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 js.stripe.com udp
GB 108.156.39.82:443 js.stripe.com tcp
US 8.8.8.8:53 82.39.156.108.in-addr.arpa udp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 8.8.8.8:53 fra4-128-116-44-3.roblox.com udp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 8.8.8.8:53 lhr2-128-116-119-3.roblox.com udp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
US 8.8.8.8:53 sea1-128-116-115-3.roblox.com udp
US 8.8.8.8:53 silver.roblox.com udp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
GB 128.116.119.3:443 silver.roblox.com tcp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
GB 128.116.119.3:443 silver.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 8.8.8.8:53 3.44.116.128.in-addr.arpa udp
US 8.8.8.8:53 m.stripe.network udp
BE 13.225.239.14:443 m.stripe.network tcp
US 8.8.8.8:53 3.115.116.128.in-addr.arpa udp
US 8.8.8.8:53 14.239.225.13.in-addr.arpa udp
US 8.8.8.8:53 m.stripe.com udp
US 44.240.235.135:443 m.stripe.com tcp
US 8.8.8.8:53 135.235.240.44.in-addr.arpa udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 ncs.roblox.com udp
N/A 127.0.0.1:57158 tcp
GB 128.116.119.3:443 silver.roblox.com tcp
US 8.8.8.8:53 aws-eu-west-2c-lms.rbx.com udp
US 8.8.8.8:53 dfw2-128-116-95-3.roblox.com udp
US 8.8.8.8:53 aws-eu-central-1c-lms.rbx.com udp
US 8.8.8.8:53 c0.rbxcdn.com udp
US 8.8.8.8:53 c0ak.rbxcdn.com udp
US 8.8.8.8:53 s.ns1p.net udp
DE 18.153.6.250:443 s.ns1p.net tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 8.8.8.8:53 250.6.153.18.in-addr.arpa udp
US 8.8.8.8:53 sjc1-128-116-117-3.roblox.com udp
US 128.116.117.3:443 sjc1-128-116-117-3.roblox.com tcp
US 128.116.117.3:443 sjc1-128-116-117-3.roblox.com tcp
US 128.116.117.3:443 sjc1-128-116-117-3.roblox.com tcp
US 8.8.8.8:53 b.ns1p.net udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
BE 13.225.239.38:443 js.rbxcdn.com tcp
BE 13.225.239.41:443 css.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
BE 23.14.90.81:443 static.rbxcdn.com tcp
US 8.8.8.8:53 81.90.14.23.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 gold.roblox.com udp
US 8.8.8.8:53 aws-us-west-1c-lms.rbx.com udp
US 54.67.87.108:443 aws-us-west-1c-lms.rbx.com tcp
US 8.8.8.8:53 lax2-128-116-116-3.roblox.com udp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 8.8.8.8:53 aws-eu-west-2a-lms.rbx.com udp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
GB 18.132.92.47:443 aws-eu-west-2a-lms.rbx.com tcp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
US 128.116.117.3:443 sjc1-128-116-117-3.roblox.com tcp
US 8.8.8.8:53 m.stripe.com udp
US 44.240.153.132:443 m.stripe.com tcp
US 128.116.117.3:443 sjc1-128-116-117-3.roblox.com tcp
US 8.8.8.8:53 47.92.132.18.in-addr.arpa udp
US 8.8.8.8:53 108.87.67.54.in-addr.arpa udp
US 8.8.8.8:53 3.116.116.128.in-addr.arpa udp
US 8.8.8.8:53 132.153.240.44.in-addr.arpa udp
US 128.116.117.3:443 sjc1-128-116-117-3.roblox.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 216.58.204.67:443 id.google.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 wearedevs.net udp
US 104.26.7.147:443 wearedevs.net tcp
US 104.26.7.147:443 wearedevs.net tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.170:80 apps.identrust.com tcp
US 104.26.7.147:443 wearedevs.net udp
US 8.8.8.8:53 cdn.wearedevs.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 147.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 142.250.178.14:443 analytics.google.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.166.233.64.in-addr.arpa udp
BE 64.233.166.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.169.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 dclk-match.dotomi.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 s.uuidksinc.net udp
NL 63.215.202.169:443 dclk-match.dotomi.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
NL 31.220.27.134:443 s.uuidksinc.net tcp
US 8.8.8.8:53 sync.gonet-ads.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 analytics.pangle-ads.com udp
NL 188.42.105.236:443 sync.gonet-ads.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 ag.innovid.com udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 23.33.40.28:443 analytics.pangle-ads.com tcp
GB 216.58.204.66:443 cm.g.doubleclick.net tcp
GB 216.58.204.66:443 cm.g.doubleclick.net tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
GB 35.179.68.186:443 ag.innovid.com tcp
GB 216.58.204.66:443 cm.g.doubleclick.net tcp
GB 216.58.204.66:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.210.141:443 ib.adnxs.com tcp
US 8.8.8.8:53 70.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 134.27.220.31.in-addr.arpa udp
US 8.8.8.8:53 236.105.42.188.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 186.68.179.35.in-addr.arpa udp
GB 172.217.169.70:443 s0.2mdn.net udp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 28.40.33.23.in-addr.arpa udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
GB 142.250.178.14:443 analytics.google.com udp
US 8.8.8.8:53 z.moatads.com udp
US 23.53.113.212:443 z.moatads.com tcp
US 8.8.8.8:53 csp-reporting.cloudflare.com udp
US 104.18.20.157:443 csp-reporting.cloudflare.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 141.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 212.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 157.20.18.104.in-addr.arpa udp
GB 172.217.169.66:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 cdnwrd2.com udp
US 172.67.166.253:443 cdnwrd2.com tcp
US 172.67.166.253:443 cdnwrd2.com tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 pm.w55c.net udp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 dsp.adkernel.com udp
US 8.8.8.8:53 gtrace.mediago.io udp
GB 142.250.178.4:443 www.google.com udp
IE 52.18.90.0:443 pm.w55c.net tcp
IE 52.18.90.0:443 pm.w55c.net tcp
GB 142.250.178.4:443 www.google.com udp
NL 35.214.168.80:443 gtrace.mediago.io tcp
NL 35.214.168.80:443 gtrace.mediago.io tcp
DK 37.157.2.228:443 c1.adform.net tcp
DK 37.157.2.228:443 c1.adform.net tcp
US 174.137.133.49:443 dsp.adkernel.com tcp
US 174.137.133.49:443 dsp.adkernel.com tcp
US 8.8.8.8:53 253.166.67.172.in-addr.arpa udp
NL 35.214.168.80:443 gtrace.mediago.io udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 0.90.18.52.in-addr.arpa udp
US 8.8.8.8:53 80.168.214.35.in-addr.arpa udp
US 8.8.8.8:53 228.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 49.133.137.174.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 60.129.102.23.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 87.248.204.0:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 pcapp.store udp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 23.1.32.45.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.200.14:443 google.com tcp
GB 142.250.178.14:443 analytics.google.com udp
BE 64.233.166.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 repcdn.pcapp.store udp
GB 89.187.167.6:443 repcdn.pcapp.store tcp
US 8.8.8.8:53 6.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 pcapp.store udp
US 159.223.126.41:443 pcapp.store tcp
US 8.8.8.8:53 41.126.223.159.in-addr.arpa udp
US 159.223.126.41:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 repository.pcapp.store udp
GB 195.181.164.16:443 repository.pcapp.store tcp
US 8.8.8.8:53 16.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 delivery.pcapp.store udp
GB 195.181.164.19:443 delivery.pcapp.store tcp
US 8.8.8.8:53 amplify.outbrain.com udp
US 23.53.113.140:443 amplify.outbrain.com tcp
GB 142.250.200.14:443 google.com udp
US 8.8.8.8:53 tr.outbrain.com udp
US 8.8.8.8:53 wave.outbrain.com udp
US 50.31.142.159:443 tr.outbrain.com tcp
US 50.31.142.159:443 tr.outbrain.com tcp
US 50.31.142.159:443 tr.outbrain.com tcp
US 23.53.113.140:443 wave.outbrain.com tcp
US 50.31.142.159:443 tr.outbrain.com tcp
US 23.53.113.140:443 wave.outbrain.com tcp
US 8.8.8.8:53 19.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 140.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 159.142.31.50.in-addr.arpa udp
US 159.223.126.41:443 pcapp.store tcp
US 159.223.126.41:443 pcapp.store tcp
US 159.223.126.41:443 pcapp.store tcp
GB 216.58.204.67:443 id.google.com udp
US 104.26.7.147:443 cdn.wearedevs.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
BE 64.233.166.156:443 stats.g.doubleclick.net udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 sync-dmp.aura-dsp.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 174.137.133.49:443 dsp.adkernel.com tcp
DE 91.228.74.168:443 cms.quantserve.com tcp
IE 63.35.81.137:443 pr-bh.ybp.yahoo.com tcp
GB 216.58.204.66:443 cm.g.doubleclick.net udp
US 104.18.25.173:443 a.tribalfusion.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 8.8.8.8:53 dclk-match.dotomi.com udp
DE 51.75.86.98:443 onetag-sys.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 a.rfihub.com udp
US 8.8.8.8:53 s.tribalfusion.com udp
NL 63.215.202.169:443 dclk-match.dotomi.com tcp
NL 193.0.160.130:443 a.rfihub.com tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 104.18.25.173:443 s.tribalfusion.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 50.31.142.191:443 b1sync.zemanta.com tcp
US 50.31.142.191:443 b1sync.zemanta.com tcp
DK 37.157.2.228:443 c1.adform.net tcp
NL 193.0.160.130:443 a.rfihub.com tcp
US 54.145.45.250:443 sync.srv.stackadapt.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 50.31.142.191:443 b1sync.zemanta.com tcp
US 54.145.45.250:443 sync.srv.stackadapt.com tcp
US 54.145.45.250:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 168.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 8.8.8.8:53 173.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 137.81.35.63.in-addr.arpa udp
US 8.8.8.8:53 250.45.145.54.in-addr.arpa udp
US 8.8.8.8:53 191.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
NL 35.204.158.49:443 um.simpli.fi tcp
US 50.31.142.191:443 b1sync.zemanta.com tcp
US 50.31.142.191:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 49.158.204.35.in-addr.arpa udp
US 8.8.8.8:53 dis.criteo.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 ads.travelaudience.com udp
US 35.190.0.66:443 ads.travelaudience.com tcp
US 8.8.8.8:53 sync-dmp.aura-dsp.com udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 66.0.190.35.in-addr.arpa udp
US 8.8.8.8:53 tr.blismedia.com udp
US 34.96.105.8:443 tr.blismedia.com tcp
US 8.8.8.8:53 creativecdn.com udp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 8.105.96.34.in-addr.arpa udp
US 34.96.105.8:443 tr.blismedia.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
HU 142.251.208.163:443 beacons2.gvt2.com tcp
HU 142.251.208.163:443 beacons2.gvt2.com udp
US 8.8.8.8:53 163.208.251.142.in-addr.arpa udp
US 8.8.8.8:53 sync-dmp.aura-dsp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 172.67.166.253:443 cdnwrd2.com udp
US 162.159.135.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 csi.gstatic.com udp
IN 142.250.182.99:443 csi.gstatic.com tcp
IN 142.250.182.99:443 csi.gstatic.com tcp
US 8.8.8.8:53 99.182.250.142.in-addr.arpa udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 presence.roblox.com udp
GB 128.116.119.4:443 presence.roblox.com tcp
US 8.8.8.8:53 google.com udp
GB 142.250.200.14:443 google.com udp
GB 142.250.200.14:443 google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 youareanidiot.cc udp
US 104.21.95.69:443 youareanidiot.cc tcp
US 104.21.95.69:443 youareanidiot.cc tcp
US 104.21.95.69:443 youareanidiot.cc udp
US 8.8.8.8:53 69.95.21.104.in-addr.arpa udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 youareanidiot.org udp
US 50.28.56.190:443 youareanidiot.org tcp
US 50.28.56.190:443 youareanidiot.org tcp
US 8.8.8.8:53 190.56.28.50.in-addr.arpa udp
US 8.8.8.8:53 ww7.youareanidiot.org udp
US 199.59.243.225:80 ww7.youareanidiot.org tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 142.250.200.46:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 172.217.16.226:443 partner.googleadservices.com tcp
GB 142.250.200.46:443 syndicatedsearch.goog udp
US 8.8.8.8:53 225.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 parking3.parklogic.com udp
US 45.79.244.209:443 parking3.parklogic.com tcp
US 8.8.8.8:53 afs.googleusercontent.com udp
GB 142.250.200.33:443 afs.googleusercontent.com tcp
GB 142.250.200.33:443 afs.googleusercontent.com tcp
US 45.79.244.209:443 parking3.parklogic.com tcp
US 8.8.8.8:53 209.244.79.45.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com udp
GB 142.250.187.214:443 i.ytimg.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.200.33:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.187.238:443 encrypted-vtbn0.gstatic.com tcp
GB 142.250.200.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 xploit.games udp
US 104.21.66.53:443 xploit.games tcp
US 104.21.66.53:443 xploit.games tcp
US 104.21.66.53:443 xploit.games udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 53.66.21.104.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 fastfiles.cloud udp
US 104.21.61.62:443 fastfiles.cloud tcp
US 8.8.8.8:53 62.61.21.104.in-addr.arpa udp
US 8.8.8.8:53 fastyrdr.live udp
US 172.67.142.11:443 fastyrdr.live tcp
US 172.67.142.11:443 fastyrdr.live tcp
US 8.8.8.8:53 tomatoesmoney.xyz udp
US 172.67.168.146:443 tomatoesmoney.xyz tcp
US 8.8.8.8:53 availablefiles.com udp
US 172.67.142.219:443 availablefiles.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 yourjsdelivery.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 172.67.68.197:443 yourjsdelivery.com tcp
US 8.8.8.8:53 11.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 219.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 146.168.67.172.in-addr.arpa udp
US 172.67.142.219:443 availablefiles.com udp
US 8.8.8.8:53 nostop.go2cloud.org udp
IE 52.210.174.128:443 nostop.go2cloud.org tcp
US 8.8.8.8:53 197.68.67.172.in-addr.arpa udp
US 8.8.8.8:53 128.174.210.52.in-addr.arpa udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 trk.playstretch.host udp
IE 54.155.11.60:443 trk.playstretch.host tcp
IE 54.155.11.60:443 trk.playstretch.host tcp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
US 8.8.8.8:53 stat.glasscellar.icu udp
US 172.67.177.222:443 stat.glasscellar.icu tcp
US 8.8.8.8:53 60.11.155.54.in-addr.arpa udp

Files

memory/2020-0-0x000001EFC1710000-0x000001EFC1736000-memory.dmp

memory/2020-1-0x00007FFB81160000-0x00007FFB81C21000-memory.dmp

memory/2020-2-0x000001EFDBDF0000-0x000001EFDBE00000-memory.dmp

memory/2020-3-0x000001EFDBDF0000-0x000001EFDBE00000-memory.dmp

memory/2020-4-0x000001EFDBDF0000-0x000001EFDBE00000-memory.dmp

memory/2020-12-0x000001EFDBFF0000-0x000001EFDC747000-memory.dmp

memory/2020-13-0x00007FFB81160000-0x00007FFB81C21000-memory.dmp

\??\pipe\crashpad_3384_CDUBSRGKNAFMHCBL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fab2003273778b7fab17d242affc0921
SHA1 d3845c6a5672447df87de94d4c6605e1b57fd35f
SHA256 6cfaf097f84807b43b1c0e5c789f6d3f751e5d6da62f4bf485d067d06be7320f
SHA512 646d00d62f9fa5e8d7ba89866a5a3fdc52d29b02dd81fd3d138a6c5a47a6bce6a4ac34c5be932b9c159db095ca058fa244bd1d1e76a6e1d45adc001f1dc2ff79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb457793614ca21da89a3df7075bb72f
SHA1 353b4288e2cf447fdfde3b388be25dd87f1c123e
SHA256 c7f86a8820c4c2eb12493e0f70af7ab5bc3122eb0ad45f9ad77556eee5bcb99a
SHA512 2b580c73f235dccd6d052af21772ffae53bb4f7c6783c24eb60a1cd0ba513a0e23cb67d8427867b66dc2340639365fb09c089059f272bc9d2ba4d2fa628fce91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 998eec59ecc592588e8d48f3c5effc7a
SHA1 4e6ee7d4f4013d4311fb91d23012cee0a3f0b2b6
SHA256 400b2b1fffede3da74bc5d8335c682896265f55d176e025ca6a390ac2a589a18
SHA512 241e1bda60ae4c54bd155582dd95447bd623104b375be794c222ac800ff2a0d14d84e9c3790fd240e594d29eb69c2668ee52c2f52f9ecb7f5e4ae9cb3b6ea274

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 911ab28612de6e53740e4498e4122d47
SHA1 a07993b2e2f019eaf9590c3d5e58710d8ca8eb9f
SHA256 ee2960cc7e88fb07f31f610508591e430b695725be0902fa53ced5c4d933a97b
SHA512 7125857f947a211d1bd3c6c0348e4e1702e3a91212ca1a3ae2450d7af5b73ac3d4df62f2a5d7c0f46dbaa689b1722900d4d133d4a37a1d8b4641e0b5885d7d3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 e744b211753f45b387e00af2aae69c6b
SHA1 23beb8357e158d3a162524b96495f293853b8147
SHA256 bfde85cbb4f9503779c19c8ed8a463e2782028fed2ee0726cc55018856baed9e
SHA512 c4ccacdfe546522ca8be841b535005f688d250a2d9a68011d5181bf07ae6466785c3dd0c647c6930ed7627d65ca928e4397fd61ae46331b41a110ba76b3962bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 c0abbbf857dbef55c9e83b563a3ac81e
SHA1 37c3d19346c03e968411ad6b9f1ab87a9dde321a
SHA256 49413bbca0b140209518f7d5106c6a912b223dc968fae38eea7281af872ab5fc
SHA512 60e1a727a989cf3b6e3d0f3b438003fafaddd8ee7ffc40020626970f8a8907cf1d1a867bac3720b9d270bfe70fa2ccc94fd978554939bcfd3baaf01709f403e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 003560d8d886b677ad76eb0ddfada97b
SHA1 a49883a7751bc04c86cc1bed16df89a6a4791205
SHA256 1bd44d2544d2a556419f21321da21d5d8cadf24210b721f1124866fc1c53a67f
SHA512 a159c51ee101ae2504d4a21c3ab6f5eeeb8e15ed7c2a261bc9779f8af2e054ef239dc14a7c40a0d657a1b4453f7988b2de26746799c1c65042717efe07fc85e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5872e9.TMP

MD5 776cabf63b0f67fbe3613c72fc58382c
SHA1 ca84d281f8c6d33616be75fb93d7fe19faed5ec3
SHA256 b07b5c64c03d8cf71c2e3205f0ce117fec2678e0325253dcc222fb3118c3a2b2
SHA512 190b764722147efa48c66c79b5b86625795e5c21dc57cb7eff5b5130cc4bcd6f18b45a307264b759cab5c36b17478ea118bc716633bb27de09bec4619361ee40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 1aae221b4b359ccbe4e39ca043f7d3da
SHA1 94520f54577a12b80120858494824dd8f9bdd25b
SHA256 017e5c56b75f846d5c7fa0d9accd6f70eef31c9c45e47b11050fd20dc598cf50
SHA512 5f5f7d74b13f72cda8516a820c34cc2e415be80d847e5f88413ac47d8f8dd77c2d3348e31a0686bb1e9b65cd5865064e1771fbadf533230dc8c76f6b09e2ae53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4073494286bee8f42ba2d48c23dd32df
SHA1 2726aad001ec6de68c2b7b8f1453bd4452c830e2
SHA256 e181f2a7161b3f1501223b82c4e3e4c079815522e6d75b32d61b489c6caa15b0
SHA512 8d00d0f0e1a385f1ee7f1093b70db5cf33ffcea7d0165dce624926a8651356a85dc2c727fb0b24a89bb3193b46158688d06bc539c248805c17647ed966e65071

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cdc91575e8347420c7d9e444611e209d
SHA1 2c2219741d23f450c9e3b2f05aa771b9eb934974
SHA256 fed80ea76f0db97514b2149ccfecf7406ca3e2ab04de5a9689cf1f072f3d2ba5
SHA512 cfc785bdf36349f3e79bdc01d591c514fca9374c2d1bb517810cbf4689d155ee349dd6fda89dcfbb3091089d2119355a9f83c488c34a1ce37619405cd33f442d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5d9dd006c9ad7411a214b3c21c133983
SHA1 d49671443a74ead6ef4ee2dc247bdd5be5580e2b
SHA256 b27257259f7414efe5fa770629b06632a31abf4961cb304e9325d2d7d9dde1b7
SHA512 f11c63e8c1abc8b34df060e710fca1dccbb52ae07e8b9ec805a85568ab9bbc536c97f28c6f3b6351cb23928bc44589e1497f2e44f7b9c5fe5307e80a01e6c465

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2b16052cb164ef90e82414f15b83f079
SHA1 ff3104510808b178ae6c3a882615a39f6df36579
SHA256 5fe954db208cf1e14de2a79aa25458e7720f0e3c184b0594c9d44cd19c0c4057
SHA512 524c17e7cfe59b733798ade581a96c0c93bd725809cb232237ac5993e79e89b13f9e1ef28be78a94497d689125df14d6b4a11095eeec9ac64a3537b9b6b6f85a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 359af91ea06df726cd81163b56c0d543
SHA1 4f30f85fdc2ee495db0d3e08b077d793c4d8f107
SHA256 0a5b9cf0d45e8a77e8a8670e736f77325c88397bfff465c49af6e0c957400d50
SHA512 997a373d1c72501168d9800189a9575970438e05f2a69aaae2665d49dca5d8b6b6ac97f63d7dda51530113177fd5df0d9b0143d324f02e1e96b25d79243969bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c8e647fc9afe215d0fb772a6ee1c4fc4
SHA1 9feae9872c9d0e41296b68a55cf5c349bc986bef
SHA256 160d4934abfec0a32995920835b46444b72e9467f00d36161b00ffb68250e8ca
SHA512 e6bd77e99f6cce9ea90d53a3c1afccb0ddb0ee4908d7a78e03fa2eb38ee71564a6fb8f9158eeb0c1a3cd234a3b6511d0cdcebf8bbeb3e0e078e7bc75d03d95e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 71aa044b9e38196bcb55aee99a06d2dd
SHA1 5d8f870c2ca025367013daa2ae1ae08990d16873
SHA256 3c8f2ea2603421d659b227b839ac5386fb75062388067ae26c48c7598b41b098
SHA512 5af6e691f09ce0fec40cc97172641669e533bede46bc34357d14087ac90b023694d7178f97ddf0773da0f4836eb8f5660859287725615126ab594936dd36bfb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 81cce712a7aeed7a081f7152e7b96178
SHA1 ff2674265269c3ef208865e0c42c4b7fb82498cc
SHA256 ec898fdb8b2f9231005a2a265bc40d6e6cad7eab164e24865bf39a9a91bb02c7
SHA512 d8f8ce17721a1e5a2dcc721d3b47530fcc9f05c7f64f0d77d5afad5d9f46e3e4a9d9d7b41d8ee661cf0a48f9dadbf09b96e5df2c297faa5ccf76826024be0a77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6ca4b074fad01544a899b41ce54d7821
SHA1 22b35f13e9de66a63f97624b6bccfbb4b6a64834
SHA256 12283c38ceca9d677bf524025fed2f4e5e2a5a643b0d26380f2a3bd12bd4cf41
SHA512 ee0dfa793206076c96a7065832124683386bf30d3e5ee537e61e3d01f5a71bd3b780963303967e85beedc32aba77a963ea232696072e48dea9fbbfc88aba11d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f7a28777670fe3fb2ecef6a1c9dbe167
SHA1 0418c064671b2af25f599dad25c65f0dd64deb18
SHA256 a6cf97e67276c840f131c38c86f52d167129a6678e190c3963890fd12033426d
SHA512 801ed99f1ee7dc0078133fbb810e277560c6f6cb1dd367dd1c8bc694b35d9eae0287c693759caab653843fb2289a7c29d99badb10b4916afa92b1c0ca23968aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7b26245f0756d172516a5b1d01b54952
SHA1 e1cb7d7de392a8d24db3117618e64384a381abb4
SHA256 d166a8b248af42eb978a728b59f35c14c8c605740986dda55462860cf90d82e2
SHA512 b3cec1c0ceec33be94ea7b18a4ce53900ac1d2aa2f1eb429d9e9e406be138e8a704d580f596914645cb10065a744b79a443f10c42b2e0ed228161facc0ebb3d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e6c3d4bd0ec2a871883bdee96e80146a
SHA1 fcc9f4f366694a1667f8896ff429fec465719d5c
SHA256 15f636ed4be19bf2137358734f205c854d4d52190559bda72c28a42403217039
SHA512 e5d79af668bfd927be54369e3847b13eeb69d2cb9406e8bcfbc6b62feb539d778d79b2f2c756ca223f3df803bfdfefed49d1013608ffe5e86cc223333266600c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 530e00501d2e53d73d551ff1c4807d78
SHA1 d97bfc50b512a11bfe0446036543d22a9e03c5c3
SHA256 c2ca77dc3b57683ad46997d76d015940b6aa8f12a3fae387c8605329f7ba7efe
SHA512 2875b6a9d1c16edce20f8e0ae9ada57bd048ce4ac752774c02bcd9ea4d5ccdf7e2e59482fcee756a418953785f60ef23e66bb3063c4a27215b20fc8ee743bf85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4bae6fe65ecdf1ee640f65b8266189f6
SHA1 e01205007b86ddeae21ade6e75a99564a6c409ff
SHA256 9a59b2e8b47518a9db9c6ba3a01d67e294303bf9d1a0838c415a668071fb79dc
SHA512 7b652358cb358dc98c7aaf0300542db1616f38db8482defddd30b46b7037404d15660fab323769d383fd4fce44633b18a72c36435ead74e7167a36dd4246873f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 553d4762e6f01c331b1066b6df98a9e6
SHA1 a9052f6c3d9f6c73580f7b9d31f65468acf4a1a3
SHA256 89df53c7de20b5d85e8e1e94f478b09e15b6d5d2eead7a0049b80d6bee4416c5
SHA512 55182bb8057c0249ff42b15a0cdb4269a9080de0a021082fa3d64b015e677dd49cea498125d4c1b78d9a06c4be0d67695188be924feb81a0f54c769174d51cd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2437e3008597fe328f9e061b0290d079
SHA1 f0b34f1bd16c7bc8bd13333ef8f535c62432d2b1
SHA256 191e8fc9eb11135e418b0c584e1a60ccb904b2d3dbbc2ce50c4f7f8d39cc4590
SHA512 c52253f51c4f0d6a3813dd11f55e26fd7e47eb2360e1c8d9d3ebf5a17a1d863125cf527f4b942823e762694ccfb31b798d83895e8d44b058cdb6b7a4e9bacbdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c35deee1a3e4d93ff1d4321686d2e112
SHA1 29344629907d808b4e66e26167f4d213a236a525
SHA256 f5aa689db612ce43ea1c78738a68528e81bdc79b80d06a0a13fd401a0280451c
SHA512 2abd0f995ccb916bd6aec9c5ed429660f6aae67cc887ecf708eaba0e530bb018bd14c65fa5ad540fd68a5f3bcecf1b4063339f4042750f5fae1d8bb889aeefbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8d143c36f2d38ca8cb5bc2ce44036021
SHA1 ba22aa84ac8575dbc98af67eabed283eb97300a9
SHA256 3952d9a2513870ec6857ca468a35164c9e91ce3d38f006033cafe66983db1af9
SHA512 31262c28baff3ce7238f717495b9fc3e388355f1787bb37e8819eff969ed1db829db89e0036dc585324a02bac0bff5fec5b4eb9bbed692ceebfa451fd33b12d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 acee1736ea34f34bfbef36cb3f9af50c
SHA1 373ca20feb8b40400497d7a069775fa52eba3573
SHA256 020e73fdf1c57ef93222d8f4b6c4dff5f341de9a230c963c96c1fa9e23b752af
SHA512 0e893767e1d534129ec0a249106390827d2304985840accb27ff15f2478833ddf14ee1ac1ec51fe9b08212f4acb49821e342da35b885e3a782aa48a07af7b2e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 69b4d8f4a4658299d69ee27c486ea8f6
SHA1 f4c1c4ba4cb1abb804bf88978d7a0082384f75ba
SHA256 aaf43f1e1b43967ae352505004f03d2ca539499687ce9c3f83d9de90eff751aa
SHA512 a5d994c3ceaa8c88d40db188fa8fecb12d48344b051c0eb4585038444929829b8a1c25bd5fb6917f2361faefeee35ba690cbb278702203e4f3fe057eb28c2c05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9e41b94ded5030e5a0e410912b1ce6b2
SHA1 f153600f1c8b6f0a52874e6d9c4d4e6de986db30
SHA256 f11963bdd70c6b6ef461918f832ada2fab8aabbe8b6ab257bd5f170b7106d21f
SHA512 480f80f9174e5a95b112f8caa8f6dfecb8e183cf0a9da69497408bcff1e6454bf4a1210bd572e271efa039b2ef9021189f319c22a90f88f720f5e79f4d222419

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 da00afdac37884f2e2c289e787947f00
SHA1 dbf1db387e144cbc1bf72087ce237048bee8b752
SHA256 f4796ada7e9a10b3714c0ea64f34a05d28e01a5c21e729ea2018167431b45211
SHA512 b030da08f04fab72d5d93131627349a1d83727e4fddc605807f8179b10874ec3a1f56fff25f38188af5bae3047c127fbb667b2bc1f2fe9db525640f863962f57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 14341ff2e25cc7927693c0e2483a371a
SHA1 b26f9e491257c10e2508556235ade789cca10020
SHA256 c16e253772fc0d00d2b9118a77bf8e931ab315f089d02d0a6707c545176a7470
SHA512 9af0be52916c5c08a902d3f2d67ba7b51fb211658decae606fad4aed58b99f1077ab0e0c1036a3e006c727178eeea18ae38e2514d7a3788fef793e3d137751db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 69ff069d754fc2d68760f9610e912128
SHA1 790ae06c5885e1bd466c06dbd15d61dbeb38c749
SHA256 a4315de251cf3c00a386bd247fd91070bf07a3de44e5c933eb7d570e96f03f2a
SHA512 5e8a691bf24168cad4a99ca9e3571f9c813f4d3b581ec664e7744651e36bc075a59ae2158bc35645e5095994dbcb52f8188af0dd30d821e94a7a371eeb0bb882

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cbccec42189df824bf68209344fa48d9
SHA1 0d76d7b8e64ac2984898251552099e50f8688f4b
SHA256 cb7277bba031e9aaf3acde88b92378d238abe861803a42a8794efcef8afe8237
SHA512 c53ebc271b1395964018c9cea2615d7f240a4b962f9e971e48718f955e158b824d26ac43d2a16a60a7606c002fda689f7ae42a5b3d880212f3675644f26b00f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 29c346d0a65b5f6f2a824f5a8ccbd5ba
SHA1 ff309fbe00f333d7fb9d2d14f078d34969ceeb0b
SHA256 4117c31983d01d786648f609a8baa7f09ed83c873f1ba31385a167b49a6be15f
SHA512 80f9fc9cd3233ecc6bc7ab98d3921891bd3ed6bd6b2b529a28b937a143a85109a59ff084808cff788eec8129ee903f96da14f0d21c0f09e1534e20ca79d678cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 d170269951b86f585f899d21ae50e782
SHA1 e981cf3277587be2e230a211eeb4a64a77aaaf97
SHA256 ca08d2665294fd7036d1c5260dc3c7a280961e4097651ddf2cf950925a1f988f
SHA512 a1769e21b012fb39d9b625ce8d8173d306af510a05c3a377f9d6b7a4894ee53933a191aeda48a7850e7d057ab3d97a49854045f514aa75584da5a5fdaa5d670e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 49e7cfee1e9b9d69dca32fd41801b4d8
SHA1 a7c501fc4fd7425e4295535c9958f7e5c332c9eb
SHA256 ada6f5ea7ed5506b67b9ba5c0e1a3acac88cad9c130def5940626469ed962e7b
SHA512 5dcff23c0910e719686e5e0d530fca0cb3f1ce97a64c9f6a8f11d2de7a3bac938b1d73e83631049e101b4e8a49617012f42b65b8262839f2172d74e89bb1d021

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a6e7d4f219b6dbbb738f178d5563958f
SHA1 ef820391ed127f13fe2a25b8269e60d053fbc410
SHA256 d2921431d7a0bdba3577722fcbc7ed20a117fd86b1c4a46c5c1ea31197f706e8
SHA512 f9e49e2c0b3c845f6c497bab38a31db334ce57bac4850c4f236933df8baf8d25ec4ba2aeee8e18365da79832ce65ea265c36010898e04653206df5de6a8a1e13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dc37a99be2a1eb3f2a4891e12fc24176
SHA1 19a938db320798d48f9e6710911fcbc5fe4ebfe4
SHA256 ebe0e756ef79d35e5b4cd5aa04c4c69ae56a7eede3dd31b21aa6ef74d2cc3498
SHA512 b41732b4815f542a102d6e2e4992701ef5136f6a57d16a118c2ee867459031a4d16f38a6623552cb298bdc1c1666fdbfb5612642c6e613ff418ac3a177e9a5eb

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

MD5 1b57a241eed58ce47249a846f2391652
SHA1 345999af03a6c515191d212a200fad24039100c1
SHA256 25913bcf70e0a8447e3ae39294cb3c3be44f15dcbccc4a0cd2aa4538e5ecc0f1
SHA512 870cc586696961c4de63643f264514140357cad1c9a4eaf9f1e631507c680359cdc760728afd46f6511155dc5c37b7c61dcd6825b185635aa0353fb18313a8c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cb3fd82084fc6c186a99c53f32c8c07d
SHA1 4d0721a94b64b2260821fd529eefebc1db85f25d
SHA256 c93b15062acbc1818d85caa2c956c24f783fcc956b43c6c6b3d638e5dd3fa25b
SHA512 5f11fe38bc8f073d3ccc8644ea99bd5bb4d18fe7ad33b72ffc0533900119623a7d1e68ae57b9d396671f3b4a8bd11244d01942dc3e7180c37303bbb6f028f5a9

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 a6b477fd2a8f8a2f773524399dbcfefe
SHA1 7d80eb58dfd74d2d6b808663044e4ad35085f99b
SHA256 7de163bfcdac41638190fc00a32f1937c38c35a18aae4e0945adc28ebd223ac3
SHA512 f8c96581475df161bf53261492abe09504d3e4c7206874c7d8d90bc76305f02f06005fec35cffaec517de0bb36b62e62a85e22607fe669c2c3bdf008c56bb957

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 95a312dc2a944cfff2343630903a30ec
SHA1 f706d90d1992798f79aaa93a7168616dc3677263
SHA256 70a75d5873b8f1f063222f9b42b12ed08afdb4e31ce428e8ade010e251d42fd1
SHA512 80baecd966a5001d4c6f84877641e233a4a0e9a402a3291c76a9697ecf2fbdb3ce8f4cbbf41b6eeb0a1876df25da0371004c0120a91ad1649340366de493a14f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2c6cf923259aeaba76c44c586fbc105
SHA1 13bb190121b8198a46e7680b275be9d5bbc34513
SHA256 74a8cf585b5b0465f83d72d8536877be7274c6e22791df5ffafbc572978f32a2
SHA512 52438799010702ffd113f94e1c3fddd1a002a11c06fb6a3cfa48347de2e24e3f26c5935f3de8fa9e6aa6864b134e6621afceb91ca10fe957957dc406e4ff16ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 771b0bf2d5fd1ddc5fa3a378b2d2e5b5
SHA1 ce8faee5efc1c68e0c358781537bad68bcf8aad0
SHA256 8f4c14a20bc0335134961d5608d78b4e8f81eab18ebb5a221edf8d66f58745c2
SHA512 1ff23d32fad2063a50ba326f302ebacb30d07e9a274abdeb9e138a3e1a08241f1c4619dba1439b77a32e3ca9efb3a8331b8703f641561c6ef8c39511da4671d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ccaeb9f81d9a1476d115621b1cbafbf5
SHA1 c9798f7bd07d77c712ee40acd861feb67fd91dac
SHA256 6796c286fd51789fff0f5a486a3a21b17fa920b047365daa949f0b0d0cba3cc1
SHA512 025fa0c40dcaf27243b948411b5c5762f785bcd75612c55dbfab4257af59f993926cb9bd59f5a29281881f51da15ecf140a506f4b02119d28a929a18ab83b7a1

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\2071a20b3379c50b5481716951e9a32b

MD5 2071a20b3379c50b5481716951e9a32b
SHA1 727ee72cf45db1f163e2740072d8c55d52fb2741
SHA256 26764f24835796bc0837862a162a31c7a5e047490f1231e21a037dc6c5a46a97
SHA512 c96e3fbb9ab584743bd85a52ad7c0abd70ae808bb107e7717e5e1fa19faa5882869e630aa4833bfe282d23f16cc1fe48e81732ec9c607455c08d17748e437496

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6b531212079c029b05867846d8e890d3
SHA1 61984680988fdc92417a7ca61d5796edff7330b1
SHA256 c008c66c0bdb6e2d302f5ec78ff2d75df52e4fb4253bd2a63e6695b6ab3991fc
SHA512 00415f1b40db2359ec74b4daa7452e3e3dec2f2cac139a3290acdf4f071ecc0471cbbb28847af37c344b8b8ad13b0d89b8e531581a79b1680314a4e9e6bf62ff

C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MD5 610b1b60dc8729bad759c92f82ee2804
SHA1 9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256 921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA512 0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdate.dll

MD5 965b3af7886e7bf6584488658c050ca2
SHA1 72daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256 d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA512 1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_en.dll

MD5 4a1e3cf488e998ef4d22ac25ccc520a5
SHA1 dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA256 9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512 ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdateCore.exe

MD5 c044dcfa4d518df8fc9d4a161d49cece
SHA1 91bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA256 9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512 f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 60dba9b06b56e58f5aea1a4149c743d2
SHA1 a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA256 4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512 e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_af.dll

MD5 567aec2d42d02675eb515bbd852be7db
SHA1 66079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256 a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA512 3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_ar.dll

MD5 570efe7aa117a1f98c7a682f8112cb6d
SHA1 536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256 e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA512 5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_bg.dll

MD5 8375b1b756b2a74a12def575351e6bbd
SHA1 802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256 a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512 aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_bs.dll

MD5 e338dccaa43962697db9f67e0265a3fc
SHA1 4c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA256 99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512 e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_bn-IN.dll

MD5 a94cf5e8b1708a43393263a33e739edd
SHA1 1068868bdc271a52aaae6f749028ed3170b09cce
SHA256 5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512 920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_bn.dll

MD5 7dc58c4e27eaf84ae9984cff2cc16235
SHA1 3f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256 e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512 bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_az.dll

MD5 7937c407ebe21170daf0975779f1aa49
SHA1 4c2a40e76209abd2492dfaaf65ef24de72291346
SHA256 5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA512 8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_am.dll

MD5 f6c1324070b6c4e2a8f8921652bfbdfa
SHA1 988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256 986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA512 63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_as.dll

MD5 a8d3210e34bf6f63a35590245c16bc1b
SHA1 f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA256 3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA512 6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 7a160c6016922713345454265807f08d
SHA1 e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA256 35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512 c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_ca.dll

MD5 39551d8d284c108a17dc5f74a7084bb5
SHA1 6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA256 8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA512 6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 2929e8d496d95739f207b9f59b13f925
SHA1 7c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA256 2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512 ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_cs.dll

MD5 16c84ad1222284f40968a851f541d6bb
SHA1 bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256 e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512 d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_el.dll

MD5 ac275b6e825c3bd87d96b52eac36c0f6
SHA1 29e537d81f5d997285b62cd2efea088c3284d18f
SHA256 223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512 bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_en-GB.dll

MD5 d749e093f263244d276b6ffcf4ef4b42
SHA1 69f024c769632cdbb019943552bac5281d4cbe05
SHA256 fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA512 48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_de.dll

MD5 aab01f0d7bdc51b190f27ce58701c1da
SHA1 1a21aabab0875651efd974100a81cda52c462997
SHA256 061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA512 5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_da.dll

MD5 d34380d302b16eab40d5b63cfb4ed0fe
SHA1 1d3047119e353a55dc215666f2b7b69f0ede775b
SHA256 fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA512 45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_cy.dll

MD5 34d991980016595b803d212dc356d765
SHA1 e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256 252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA512 8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_es.dll

MD5 9db7f66f9dc417ebba021bc45af5d34b
SHA1 6815318b05019f521d65f6046cf340ad88e40971
SHA256 e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512 943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

C:\Program Files (x86)\Microsoft\Temp\EU5784.tmp\msedgeupdateres_es-419.dll

MD5 28fefc59008ef0325682a0611f8dba70
SHA1 f528803c731c11d8d92c5660cb4125c26bb75265
SHA256 55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA512 2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7a90bc9d0625c1dfac3ee2db0f556766
SHA1 8566a7ba29aec0b1ef51f954b09e573c60c25776
SHA256 a08e9af3b8e5a6768342b750456725ffe60ef3fa5c2ad781487605af35257777
SHA512 1ca3b43924a83e4c0cc0cd9e513faa1853b424160135c47ee4c8b6723ed6db76f619e98adbd4921f9ed079b575fc44fe45afb9c808caed94c760cb0f03b7eff2

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 a19a02708003d0e69e9a150ad20d88d6
SHA1 178948d34f0b9077f7c387564836ea0aa09c6b0b
SHA256 51dd760b8dc9467961a211af0e1556017a0c12f667358a2fb748a555f6e10556
SHA512 7ece10a72bdabd27d6b90050061ac1e25775ad2a95da7e09601b178c663bc20006e3f3a27d26f7bf7c0a899e2d1ec7621ffaea2f288d48bdd1bfa18864567f95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e7ae8a286334a4e189716b0d761e9c1e
SHA1 9d504c3e1ca07d9c75de0dd6bc9afdbfff4257a2
SHA256 c36efa8fba0cfa61d8de3042aae99484d0fc8d9ee86fc2047f86691204603b7a
SHA512 578128cb549262945cb2733c3fab4930d8a7e1cfae8856ac2c41f49a3a7df84c05357d0ded97ccd71e4f59c458d3a58fb400448bc54b29d15f187af9d96cd4a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bc61274a5dae55357b4670a2993c1af5
SHA1 4f26a7dec851c3d426985a2eef5429ac49f62dda
SHA256 0c488f934e44752f57125b13a626addd02b9819cff3abf06e48fef72a7e88d84
SHA512 a1de2de8ca9d79684c1a9e067ed92a4717f0c37d7445fe1f5003816de34533e222a843375ed10fd733df1f5e475a81663672c38be57b1ae6ab79593ddaf51c57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bd3e1847a0298ae96e3869e2f8f193ef
SHA1 5a178335fb0d991b093b40a217b0504dd80ee3b3
SHA256 c1a991014e9b5bd2e7732ab9edc02b3d9318a924afb5ce1f535b0c7e82d3e08e
SHA512 b97acbec72a62d6033319b28fef909074a89ecf882b1faa6587593b3faf91186f31443ab9f8d1d6bc546a42d53753d5f035bd8237901230500beedf923e00cab

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.81\MicrosoftEdge_X64_123.0.2420.81.exe

MD5 cf5144a59c3b26558c05a5226c4b53fe
SHA1 bcf541fbd1bf0168a2d63ead5b06d8918b89b296
SHA256 3a848782e612b4fd77d4910acb1a6f91b1eea3336065d4643486ff17e24970ea
SHA512 2d46fdc92c09257cfafc9bdd659413d7925f405d7b78a6d9a44e353984d9fd70b7c3e9b87475eeee80f984377fdbb884055f4a4f10b7972746811326bfeb9a34

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 46dd14f3c1d5da4a371f70fb27642c31
SHA1 0a3b395d964ad8680e4d2e6b3b3de60af6be9c03
SHA256 04bd7c7843e62789c446e4da25841ab64e004190d47c7738cbda9091e9f6aee9
SHA512 4f77dee335f3e8e519e2edc5a73b9506f229334eca46e1ca046498faaadbb4df46447ff96901ae39e0e7b98c36bd1240ae6fc68696febf9c67f66ee83d5b6e76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b4346feb509c0385557e54f09be5d077
SHA1 0858fd5209d013aa9d559b2a6fcaf6a0bd2a6c54
SHA256 27c07f83ccecfa6b0ed2dde43d782831ab3351cd2bdcc98a0852d7c99238090a
SHA512 1bf48fb3e5944c825e32caacdee963824a5960e254ce0c0120cb0553fea146bc4fe7a94ad5370669d6d12de9255f5c48160aa8fa44278887b33496677ecda274

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6321e90920fd396ceb09310d4dc93c0e
SHA1 1e1517895351ce84f7ae1166c1f59c33baf0665a
SHA256 5648cbb80dc18b0cb697fab08a84d5646e0dcb37f39af9fbf635aca72e00b532
SHA512 edfa7a4668f7659054d6386f11aa865f4770ebe2311b109aa0aa128307db2c1d25fdb5c2d73cdaa87273b1e5834352565cea10170e7afb02178292aae139bbed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94275bde03760c160b707ba8806ef545
SHA1 aad8d87b0796de7baca00ab000b2b12a26427859
SHA256 c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA512 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5f2776.TMP

MD5 02b4524e83357b30cd131f39180addaa
SHA1 9d08ebd8fac7e25ccaf5f555f5344d0980ea6edd
SHA256 cd67dd43f7497fbed439db18e10c15566b977b903e18094762fbd87c5cc67a81
SHA512 cf0e3def82f74b3be3bebeefeae3d2a96219d1cc759b3492a387a2bbf9deb93bca233145180dfcff19761ecbb7aa14ffc4f43846aa798d0c8ac227040c67edec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7c8c8526753281954c734e25b526d9e6
SHA1 95d4d6b5a288fccf727eb710e26320db654ca330
SHA256 0cf78965fd678027a7682081c5aa158d7c3e5b6cf1211606fff13608b7fb48e8
SHA512 484bfe0d2355673da7a2a35f5de0f41a9588252efcc8229650e3a2113d4180aa8221fe0bbd3ff8d2a769b527b698bacc6a1bd5c8b48e51152e55c8267d3da26f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4c9eddb0e06afac932a619f8fbcd152e
SHA1 d31fa118448412999e33d03d90d10cbc7bfd3101
SHA256 5dcf3e24bf4091a988a370492ed10cdbfa08bf332e476a69a23d8203aa42a290
SHA512 f6da1d4fb4219011054476e238e8f9d42961a43dba88c49815cfd0a2ce8e345fcc6de22b8d0125f95fcc0491b5a6aedc4116851f5d2295db89990ef89000d7c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb0657c89a235116d21461896bcdb5b7
SHA1 a95c650e828209a899cea00723f023139cf8dcc0
SHA256 b912440f228498b8aaa0010ac16113059e02eb84c4af26821f1a7dd26b3b14ca
SHA512 d13ac5c5991c93a817dc64950b18e6eea4fbf27662e324e16dbbf87284f431f4994afaa746956b5cc31431966d6faa6d652d646786be8650eaf5d3699f16c0f9

C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.81\Installer\setup.exe

MD5 149e6b831dee17cc2122c64124654b5a
SHA1 c4f67f0781345cfc6fdfc5670dcbecf3848afee2
SHA256 3095052d066346ec2b48726ef87623f3e5e93400c6dd8b1e45a628fc0d72cf40
SHA512 679966f6a48ccf9cac63c36a8f6823ed1476198b08d29368db94584b2be2ba4cb1278f4f6510a520933fd09bb83594ab544c94be4c0b05f1d8ee99443fc49085

C:\Users\Admin\Downloads\Flux-41-fers.rar.crdownload

MD5 5a221000e4b504ccf7e5b0839d9ca95a
SHA1 75a08e0cb294d0753cf7f0c262b77b8a9d1ab70a
SHA256 7716eaf2ac4dcf1ac8e78ce59ce279b7dec37e70d0d3f9010e16b08d16ab1b4c
SHA512 1d0564d4bf21d8efba06a241b4c6f3cc40f757dc4bc584a39e7c26a2d21ada3a51bf7944a0e89cd6307a968af9d511c57ab2cc30f59aa9b3a24fa2b1957a8a44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3cf5c8c3e4f5dce47dd2fccbd794fc62
SHA1 3e4e3698ced748a50109c41463cac353323d6037
SHA256 2311a282bd9e86dd7b8d48c56dd95f22b9ae712d08b196378fb3b5b6d6ff7071
SHA512 fa3464e0f1f257ce718c6f8655bbe10c6c0919766b2f7354e5d369a492a11aed4221369ddbb9b6f6d1a737bc3c31f48b677dd4c1902e5ebf1af2fd1640687bd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6914a11126b64a7dd5ef2634f74e9999
SHA1 321a6e0fd25b2ccf00ebb17a3bcc0318742a1009
SHA256 eeaee01d15cfe3a204eeea61109dc0e590f91de69c84b8593071cc6b26321f20
SHA512 a2bdabb09068395fc41921e2c67b9e86f60e34330af3c9f45545a3736f06746ea46192eb1645552908855837e8022ed7c08b66f6cf7eb49d141f067394771a7f

C:\Users\Admin\AppData\Local\Temp\7zO015EB78F\flunixprogramm.exe

MD5 4d6b8b8370fd761dff1de44c1332feb4
SHA1 9e897cdbc3be6cb21c4e5b99f632a64a442c1ca4
SHA256 97dd6027040495611bb23d99581fda423e57962ceedefcebee3f15e8e6ed2682
SHA512 30eded8b7316bc95f05e84c102f4afcf71183b6c7895bf7e010954a4080bd77a06dc0e0bf0e2583e8e315c891c9eab8ed71a558a9247e3457b02ac8c8cfe64da

memory/1720-2356-0x0000000000DA0000-0x0000000000DEC000-memory.dmp

memory/1720-2357-0x00000000720F0000-0x00000000728A0000-memory.dmp

memory/2740-2360-0x0000000000400000-0x000000000044A000-memory.dmp

memory/2740-2362-0x0000000005700000-0x0000000005CA4000-memory.dmp

memory/1720-2363-0x0000000003110000-0x0000000005110000-memory.dmp

memory/2740-2364-0x0000000005240000-0x00000000052D2000-memory.dmp

memory/2740-2365-0x00000000720F0000-0x00000000728A0000-memory.dmp

memory/2740-2366-0x0000000005400000-0x0000000005410000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a7019bd8fbd9fd635e5131516ac39011
SHA1 4e7e8c11e1461944d4aea568a6f00d7280144125
SHA256 691136292508f55c42532a9310665ecba564f500256a6fa6df5b162796123f3a
SHA512 f6f7f525bb85be964ad3caae13a3ed69aa154de0bad68b1ac0ccbefc79c401318e6792a949e721ade4ed50c48964dd13a7bebd5a8cbfba6c967ea61d4ec9f83a

memory/2740-2376-0x00000000053F0000-0x00000000053FA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0f834daec908f613f28ea4300d509a43
SHA1 f5884febcafae403bdc7bb9e0cd27f6f8a9fd245
SHA256 a18279dd0ce5fd666fe4ed7ba4f589d3b679928f2c95f98c53fc25a95ae859f1
SHA512 de586637e725a141b6abc8c8073f7855ae1874e1bd736a0dc0ab96b442d53d11a099273eb2cefbfd39b931618529878f6bea62a2ce6473f8093fc0753b04bc89

memory/2740-2386-0x0000000006860000-0x0000000006E78000-memory.dmp

memory/2740-2387-0x00000000063D0000-0x00000000064DA000-memory.dmp

memory/2740-2388-0x0000000006300000-0x0000000006312000-memory.dmp

memory/1720-2390-0x00000000720F0000-0x00000000728A0000-memory.dmp

memory/2740-2389-0x0000000006360000-0x000000000639C000-memory.dmp

memory/2740-2393-0x00000000064E0000-0x000000000652C000-memory.dmp

memory/2740-2394-0x00000000065E0000-0x0000000006646000-memory.dmp

memory/2740-2395-0x0000000006F80000-0x0000000006FF6000-memory.dmp

memory/2740-2396-0x00000000067C0000-0x00000000067DE000-memory.dmp

memory/2740-2397-0x0000000008150000-0x0000000008312000-memory.dmp

memory/2740-2398-0x0000000008B10000-0x000000000903C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 b9a9e7e601cd640d5ba482f36ac074b2
SHA1 e9045a5a67d1f0bd685f2469c9ec2ed39fa9fc16
SHA256 434d18419619d5639861cefc0b32ccbc98a94f9c3764b1eeac46b5d7e9059809
SHA512 e6970fe2991b483e51da3a61f92fd95fcf45fd28c1128d8904119e6ef61ac817e3371d22c25c44bc2694a4ebef9be3a6fc93508a3912e21791950ba6ff875115

memory/2740-2412-0x00000000720F0000-0x00000000728A0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000157

MD5 588ee33c26fe83cb97ca65e3c66b2e87
SHA1 842429b803132c3e7827af42fe4dc7a66e736b37
SHA256 bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA512 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

memory/3160-2467-0x0000021EBDCB0000-0x0000021EBDCB1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 27ee3d2d6559611ef54ebb211438c3f6
SHA1 aa1ece1db8c954a11814b4da19eb774105586833
SHA256 bcd87e26562eebb4ee2d6edfdc2e48e55d9a93e18f6ce68cff1ab115e7df2005
SHA512 6f2c936d32c2cd9239d87263777ec1dfd97daca53bf630d2f793492dae135f2c10939255e3f245ac6523b4bed51afbaed3e47f62578b213d24bd1abbe72deb27

memory/3160-2473-0x00007FFB9F470000-0x00007FFB9F480000-memory.dmp

memory/3160-2474-0x00007FFB9F470000-0x00007FFB9F480000-memory.dmp

memory/3160-2475-0x00007FFB9F580000-0x00007FFB9F590000-memory.dmp

memory/3160-2476-0x00007FFB9F580000-0x00007FFB9F590000-memory.dmp

memory/3160-2477-0x00007FFB9F5D0000-0x00007FFB9F600000-memory.dmp

memory/3160-2478-0x00007FFB9F5D0000-0x00007FFB9F600000-memory.dmp

memory/3160-2481-0x00007FFB9F5D0000-0x00007FFB9F600000-memory.dmp

memory/3160-2482-0x00007FFB9F5D0000-0x00007FFB9F600000-memory.dmp

memory/3160-2483-0x00007FFB9F5D0000-0x00007FFB9F600000-memory.dmp

memory/3160-2484-0x00007FFB9F660000-0x00007FFB9F665000-memory.dmp

memory/3160-2487-0x00007FFB9EE90000-0x00007FFB9EEA0000-memory.dmp

memory/3160-2488-0x00007FFB9EE90000-0x00007FFB9EEA0000-memory.dmp

memory/3160-2489-0x00007FFB9EF20000-0x00007FFB9EF30000-memory.dmp

memory/3160-2490-0x00007FFB9EF20000-0x00007FFB9EF30000-memory.dmp

memory/3160-2491-0x00007FFB9EF40000-0x00007FFB9EF50000-memory.dmp

memory/3160-2492-0x00007FFB9EF40000-0x00007FFB9EF50000-memory.dmp

memory/3160-2493-0x00007FFB9EF40000-0x00007FFB9EF50000-memory.dmp

memory/3160-2494-0x00007FFB9EF40000-0x00007FFB9EF50000-memory.dmp

memory/3160-2495-0x00007FFB9EF40000-0x00007FFB9EF50000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 59bba496df1077b8f386a4dfd81f1fc6
SHA1 8b881d88f1decbfd009e6f9188f75063077b1b45
SHA256 7efaaff6bd145e9205a6a23f87c63160e94f957bac7fcf0bf5695135c0c86660
SHA512 14c4d99e2b1dd5bf48569b4408fb39bf997d78b308d4c9553fac332cec70413c386c105d05004898e15a8dca2f117335772f830c4444ce7c3770cebd5196d252

memory/3160-2501-0x00007FFB9CE00000-0x00007FFB9CE10000-memory.dmp

memory/3160-2502-0x00007FFB9CE00000-0x00007FFB9CE10000-memory.dmp

memory/3160-2505-0x00007FFB9CF10000-0x00007FFB9CF20000-memory.dmp

memory/3160-2503-0x00007FFB9F460000-0x00007FFB9F461000-memory.dmp

memory/3160-2506-0x00007FFB9D080000-0x00007FFB9D0B0000-memory.dmp

memory/3160-2507-0x00007FFB9D080000-0x00007FFB9D0B0000-memory.dmp

memory/3160-2504-0x00007FFB9CF10000-0x00007FFB9CF20000-memory.dmp

memory/3160-2508-0x00007FFB9D080000-0x00007FFB9D0B0000-memory.dmp

memory/3160-2509-0x00007FFB9D080000-0x00007FFB9D0B0000-memory.dmp

memory/3160-2510-0x00007FFB9D080000-0x00007FFB9D0B0000-memory.dmp

memory/3160-2511-0x00007FFB9F150000-0x00007FFB9F160000-memory.dmp

memory/3160-2512-0x00007FFB9F150000-0x00007FFB9F160000-memory.dmp

memory/3160-2513-0x00007FFB9F200000-0x00007FFB9F20E000-memory.dmp

memory/3160-2514-0x00007FFB9F200000-0x00007FFB9F20E000-memory.dmp

memory/3160-2515-0x00007FFB9F200000-0x00007FFB9F20E000-memory.dmp

memory/3160-2516-0x00007FFB9F200000-0x00007FFB9F20E000-memory.dmp

memory/3160-2517-0x00007FFB9F200000-0x00007FFB9F20E000-memory.dmp

memory/3160-2518-0x00007FFB9D680000-0x00007FFB9D690000-memory.dmp

memory/3160-2519-0x00007FFB9D680000-0x00007FFB9D690000-memory.dmp

memory/3160-2520-0x00007FFB9D6A0000-0x00007FFB9D6AB000-memory.dmp

memory/3160-2521-0x00007FFB9D6A0000-0x00007FFB9D6AB000-memory.dmp

memory/3160-2522-0x00007FFB9D6A0000-0x00007FFB9D6AB000-memory.dmp

memory/3160-2523-0x00007FFB9D6A0000-0x00007FFB9D6AB000-memory.dmp

memory/3160-2524-0x00007FFB9D6A0000-0x00007FFB9D6AB000-memory.dmp

memory/3160-2525-0x00007FFB9D290000-0x00007FFB9D2A0000-memory.dmp

memory/3160-2526-0x00007FFB9D290000-0x00007FFB9D2A0000-memory.dmp

memory/3160-2527-0x00007FFB9D390000-0x00007FFB9D3A0000-memory.dmp

memory/3160-2528-0x00007FFB9D390000-0x00007FFB9D3A0000-memory.dmp

memory/3160-2529-0x00007FFB9D3C0000-0x00007FFB9D3E6000-memory.dmp

memory/3160-2530-0x00007FFB9D3C0000-0x00007FFB9D3E6000-memory.dmp

memory/3160-2531-0x00007FFB9D3C0000-0x00007FFB9D3E6000-memory.dmp

memory/3160-2532-0x00007FFB9D3C0000-0x00007FFB9D3E6000-memory.dmp

memory/3160-2533-0x00007FFB9D3C0000-0x00007FFB9D3E6000-memory.dmp

memory/3160-2535-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp

memory/3160-2534-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp

memory/3160-2536-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp

memory/3160-2537-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp

memory/3160-2538-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp

memory/3160-2539-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp

memory/3160-2540-0x00007FFB9D3F0000-0x00007FFB9D417000-memory.dmp

memory/3160-2541-0x00007FFB9CB90000-0x00007FFB9CBB2000-memory.dmp

memory/3160-2542-0x00007FFB9CB90000-0x00007FFB9CBB2000-memory.dmp

memory/3160-2543-0x00007FFB9CB90000-0x00007FFB9CBB2000-memory.dmp

memory/3160-2544-0x00007FFB9CB90000-0x00007FFB9CBB2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 abb721839e94bcd2bc0db3a16884c896
SHA1 3ac00115b1acb228f06c6b415f945634b966cf26
SHA256 e84f5dd1835ff030397d805bd5ee64e5878900f01f08d622a55d103f46263352
SHA512 33d78eb201d0b93d496d031e79888ecba0d5aa7eb84b198989451db5942053b11e0645466101f323a26bd2b2a53e67c1f338ed1c9a3bb94e2692438b9f88b1ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 361e28e3d4f02b26b517e4796077662b
SHA1 d7fcdc572ee73c279376857f3b34c8b82c74ebc0
SHA256 8ca207c140cf07d66794151b7d6dcff6f6f2152ecafb9b440d9d2f10c61531e9
SHA512 77d8ac501dd1a7453a74b529787653600f722e7614842e3b8b6def6373fc590a00301d77397e7cc9d7a01d194727aeac8405906c493b5b301944fce6e21307fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 ee622055201d436bdf84b5c026622f88
SHA1 462dd79a2f92b00f8c6e6914e12a8d9a19a00301
SHA256 74cbfd4d6a1ec51d679da584b3f393507be40dd6f743444ba5676c0e43019f2e
SHA512 4c4952818e65ece6a464da73053ca4a8c79f538939e9540f4ba7c7e8b0bfb3d1aaf61ddc4c6bb3f2868ac7b5eaf8de8fe04130c50b611cba75bcd1cb7176d151

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 35fe990e8a04bfdc3b444df18b0fa4c8
SHA1 889c341eb22fa731730f34b0d88a2cbe33036654
SHA256 c0d074038def2300024e56bc2df3f6c6b9ea2b407e1e2b6303f5e61d0ff70447
SHA512 0f912f3a6a1137ce4f852c75344349571c2c7d40ad72d5ce0e0a5310b33631d4a3dd12f25ee8018d843150379a8a3b30e8a6acd8225f99189d562e582c69e185

memory/3216-2655-0x0000013D1A640000-0x0000013D1A641000-memory.dmp

memory/3160-2738-0x0000021EBDCB0000-0x0000021EBDCB1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 017be6df1f2dcb24b9cee3c8c5590cf4
SHA1 a76c5b19a5e14b9d23d9aeefff6c6dcad5a5f409
SHA256 21425b93d02244449da4388334fec9f0a3592891b8fd5c9a2333728b1fd2aefd
SHA512 d43e5b1f705b1e8d7858cf9f758ea7a47eec3cf01dab67910881c1801dc135617f6847f65e4576c395a96661d15cd86a2266871cc63550f888d190b4c1e627cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 af54d33411aa2c15da5afd4bc3274caa
SHA1 05be8a14d331f7e7fed995cb5ee00bedb6cffa32
SHA256 8ff9ec81e835692f8c0f946638252472e99e95e6f2d7d30aa5d20626b5971abf
SHA512 e78229ba7e3326789fa26f34f567a31b53cc3905e1f4b08172a64caaac26ae2aed6714ff47b1d007eb3bfe104ee9142eb2e7b2af0cdb685ed71c0309816c0ee3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 58e145e082f5e513c2fbdc8402da8b11
SHA1 35686a55cfb7c4c75c52e05e0ab05c1c8bf4ce33
SHA256 487d5958b2bb387ad7411df32bf18e37ceecd954da66c709c19e051cd537b9d7
SHA512 518422246a424ef1b775cb47d54f764e1e2359fb61fad203d97fd5d7f3063cd4353df546afddac859e4deab77bfb080de18b5b3c3fd601013fa8489ad9d8fc3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 915e7b7d4da26951c373cb0ff4c3367a
SHA1 4d08d5569859809e35e1e1da8805046a7c5f72a6
SHA256 4fcb2a07b12f1db52bcc1eb9260bd2692345fa1e1152d7f1f20d6109102b272e
SHA512 6c2926571740c7922ead14acd714efc53de6f9ec45753fd09a782935fb7b5010b90c21f2fa146abf6128485e379c7410f37422c2012c1a786e7f7a1212749a10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3883c1f874b6d12cd056b9d75c4e8b5f
SHA1 2c7088671b07cbd7405e3000040e89f7ceae57bf
SHA256 60284fcdb8e3145c3bcfd2806d174e754e5a3821f4b0fa1dcdd7a4e1509ff259
SHA512 40d0f3e9a8855aa6c4d7c361074eeba6e83e34c55403d7ea4eabe292107e28a564ead48846abbb78c7cff2f4b4b6a41610e8cfb93b7c0596611fddd0fd5b3698

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 29426e080c8c30f4921f9ab0605ead45
SHA1 d9ae873e2aad8ebd57a2287b60078abc009353a8
SHA256 02f09ff116d314298103760eed4ad4c75ed9d588cb86f73196d8ad2fb0b27ff1
SHA512 c1434c658842f418af6f4456abd29311d7489d700659d0cfb02508948da23f474d18218873771908c128e18068e0670c87fc124f732862cfc790fa464240a21f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 00eb3cc40ddb591cdfe610a9573720df
SHA1 4873f3fc663408f025ab44c4ec84caebb368fabc
SHA256 fb644c0c7217b3bec297cd7d35ba79cb1097771581a387c330189979ee4d2eb3
SHA512 9938d865255307f21cbce4d55ca04c3ea10b0e8e63e5b3c29620c4aa19a67552731939fb684459e74a17282a0fc2c4f3044a05f821d7277986d37bd31f776337

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 6c5f95d6ba7c7a64b3831faa559baa71
SHA1 c23149a6e3f0e71f0d69ac7c38ad904d7b44df93
SHA256 bfa94093b4f37cc0582287d8b91e5c818ff56ed5a87b130aab2332c0d7f50669
SHA512 ba15b78d407f202e772de81d1736bab4c2589d001b18d4284f596f8fae0214cd309803e002449f6fbe6490208d29def169030c2dbb687c50955407fda241ec36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 de5782982d93105406aa185751a2f0bc
SHA1 bd296154ab1d4a53dec1fd44139a5fb6d078702c
SHA256 8ce9c408a083650d340502997bdbf9b278251a2992625f98021076f58569558e
SHA512 9176e9beaf709b060e75b77961f8319e94f4eea89f0a8e1cd511182e6e72215359cd8e668148ca14abb4b04e3970398b2f276971160d3d32a187336c97b69572

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 baa350dc564ad2d6b74768674f239733
SHA1 c785991de4bd5dcd31f21541a3438a996778fd08
SHA256 b699e0b33f3c5f8d097625798b5f84dc6b5fe3d27e1acb538761e7fb06e3115d
SHA512 e22d3f8efe9bfc22ec05c0d60e033b60a3b8b63a9e45352a152a8cdc17e38a067494160a4600688c401fd7627eaa16337f0dee27588b5f88cbc9d3f83b1998e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 de80efaf441169dedc5d7c7a841eff53
SHA1 01b2bdf8ec5d73787372305e278d89534e79cf70
SHA256 0f9df3acfde23771e0e9cd4d7cf7ca025a6874405f8d9af8065613de3a2fe624
SHA512 70688157ae1522bf9549d7d0360c5b45862c7612067a3f6ef12d8f90bb77de2c4eecb1723ac7e5b066fce0851ed60a54ad176f117e35bf58b70d560bd1ed831b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 decc7da85d5f478fb51458ea88955625
SHA1 c45526067f118db2cb5299ee83572f778c41a514
SHA256 e9cc835676d128c8a6b474ae620342fa498cd3178bdb88c694e68965369817b4
SHA512 8d51192007e897eff6f7501ed43120ecf914857ecfa3b0466de89fef4bdfbfb326bf3dc7dac42d3b17eb0b30d775e17344e9ddc433985cb2fd86c6c5bf3cc4b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 24f1f807f25697582ab3063fb649ff50
SHA1 65be3b320e80b7ce4b6d37cb726175384e35a607
SHA256 9ad1fd5761988b81063e63a2179fb2c51af6e0247d86f856dee6cbfa11329968
SHA512 41abd5ff29bffc3aff7b661485cf0c78d24f1013533525677b92a26debd307c552e2a33c4e69601d35ad3918b3111061b1a29c0cd74ed5440e3dcdf5e4331b64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9c56a1cdab8d5fe3e195d9e307e1c1b0
SHA1 407308e2e4c2c97a94f72e0fe10166d1c3ce06a7
SHA256 a2638990e6cf0f03117c2c469a12f9664e17c1d3d20bae3348af8fb88a36a087
SHA512 fc96f124efce6ace4391203526b9506b490abd218d3e84b5f9baa2175cbb062a87748c4c1d5816a591eaddcf2bbf2be0812dfd4f179d0b8f2c4a475db8d5ffa6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 429b280311aa793615896ee7b6447c26
SHA1 49e5f4b4395f016c7eaca6a6ab7ac8c509ba305e
SHA256 bdc0d0d87d5ea50c0b7f16b6f7ae3fe45a31ee85ed30e087cc09e0408e7d86b7
SHA512 f0d951faa00478df2eecfd138d461062de006994593782ce431be46ccda83853da8f07c615f31481430555e3823b83fce778d19d5f74dfd2f0e4194fe5dabaac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 841f652220dbc94ae125ec0fe3fd0e2c
SHA1 3c8d0f8ba5ba69f101b6738baaec899f0ff2c558
SHA256 9bce1a4d4eac7416adff1fd02efc9aa25c707e51214d7b1173c7432dd870cd09
SHA512 de7ac507481e00db4850180b193591681cfd320906baf3ced6c3adf1a5e9d7224b571275c9f18018437402330ec1382e6d69a1cc2d84d4c55d176c04f866b423

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 df1636b5f16b6f401125046aa1c3e387
SHA1 dc853426b9d189b1380cd78dd1c53f23ea905ee5
SHA256 d5ad229b4754d7619d6513c3f00d02fb6336e337ce321338c80c0a9c96c6ff53
SHA512 4f1f1a43a8e1b05a01117f6a1c635da5185facd02cec0fde854595299435bb3ff3ad1d5ad1dd17fe9687a26cc21554f7e1f7abd1508ee9ea0a581649a10d80e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3fb13b024ce109500d2e6ad3249a44f7
SHA1 c62471f6c8e1c8bc55850fa6e7f710a5aef87a08
SHA256 b3a697a4f5384745c42e1fc65208d2ab5779b57347a2f2aeb7f2b4be7428c91d
SHA512 5387def9195d0e9980c447c0a4f6e7351fae387096b4654e2fd65f9c9b64dee98cb7edf9e53a819755457d5e21124e095cd5ba7dae81acdcd1cbe80472484e68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000176

MD5 68b24c33a1084c384158245ee07e703f
SHA1 1f40cdfc988534806606faf81344ba79a1528ed9
SHA256 f95947735f1ba1e43b46a1ddc7229b71d37aee7821495f87f1f2d25563d47fcc
SHA512 1af1c596736b46a538a06285196d05054c062f29335080d136d325dc305d2d65d266517386d8d54a37de94036c878d9ababa76d9a5f5e8d8d07236d5ac0bb9ed

C:\Users\Admin\Downloads\KRNLWRD.rar.crdownload

MD5 0543fb19e06332230138146e743561d1
SHA1 eda5c083624948c1388ba73c33447c97ddea7f41
SHA256 a5236b3142e898d26bf6f106029a3dafc72960eb4949b1ebb59cac601364fd61
SHA512 e7d934d87b730b484c578f3db648224cc192f292a1f9434a655719015da440b4d15458348a85c2f88d0b6808ae032a3f082f12d1b53fb0a7405425d95f7a358e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7593309dafd3a467f524827d1433a883
SHA1 7bac0e1e173ffa1c0c2065b2134f5661e5878911
SHA256 89732a00844c11d00f15a90fe6454489ecee7913741fe5d19fda3ba7575c6313
SHA512 d7a9cd37037b21332727c9f3348567ad80d266e16c7a894e3d240c3f9608d05b879fe666af7beba957fee0269c033270af15f5cff07a20dd8b02e194b8829cdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dd55b43d21b7ce6e94701bbf2f9f2ba2
SHA1 1b86c087ed590d86effbec9ed39af9493b38970d
SHA256 07bb5fef320b70c4247d28f9e5e2a87770e6ecd0c688d3b4dbdddcabe69af478
SHA512 36c25eb25946b148549737458bb3055acb6c7fb3043ca7811d73356aba102543d738ec17aacb75788d81e367228837953450c334ffe378edb5dcb4f2e7003f10

C:\Users\Admin\AppData\Local\Temp\7zO031CCA62\krnl.exe

MD5 fb3a52d1045b1a0298668f2d77680306
SHA1 e16d5085977f1b895b7b2a046570b2da474add86
SHA256 8869c44219364f911548cb18da0cc6413b3277d3a8a8df18d0a521b558830d6e
SHA512 e19ce4c86ef8bf2ab25b4da67bf83acef5a8e688abfd3f96e8dec8169ce410c833df7685b6fb0b7489cf90ca51c56cd7264e8b2a94865aea5e5dacd4c5b7f44f

memory/3860-3576-0x00000000003A0000-0x00000000004D6000-memory.dmp

memory/3860-3577-0x0000000075200000-0x00000000759B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c61c77c860efa02469699a31bbd6494e
SHA1 5322f3fa8118cfd613fcaf3b2451090bde95d8d4
SHA256 f61a6b1553e12595f7f461777084431baa245bd141f5eb4233d51d3c4c622ec6
SHA512 c4e56547523caa33703cb0065fd19b1f4f6332f786dcf8d917817e57f83f2ecab5fc0216756a2155407909cd3837d816d31810006b48ed4f0f71e832db0487e2

memory/3860-3588-0x0000000004D60000-0x0000000004D70000-memory.dmp

memory/3860-3589-0x0000000075200000-0x00000000759B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe627048.TMP

MD5 5932d6d113d325324b1873f38a6d5370
SHA1 2803d26f10534bc5c17ea6c99f3a8a9db37189d5
SHA256 f3e57c447b0931cd24fe7f860e9a13d6bcda3930f0b5177a60c006617a2612b7
SHA512 d3af092efe46edd31091dae5738c0a90629ddcdb88aa735d08d0311fbf70a6033eae1cd816e1694afb866c9a3321738dad2ce2540a059e9ccb5af0220c7c7a9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5a6aadf9e48b64351486b4922a674b3f
SHA1 2d399860db1bc02fa8b0cdc8be8c0e98722a050a
SHA256 1fdb50a5222451210e1a27eac6bf6af7e615d267573f7cbccb3198758fd50348
SHA512 429e1592de398ed1c362f7b3ff5f9c425d6962f52da0b38879eced94c7c21bdb09453f70dbc27b00886abee5782e3e55d514c92ec8799f2c7371ad6c32063709

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f69a5a4ef5fe021f86a03141f63fc5a5
SHA1 f3dc7a5a75833085e2a89d9627acb7b104b633f5
SHA256 ad8e9568bf7008cda0dc7438b0d2576dea896f26f2e9ec374334fa14632c842d
SHA512 9954150e03071fd4545761857bdfd7a1849f409fbfd27da980abc94c56f9104a1468662259b02e795a8874631d3e801a70c1b3543a957b6d27f736482f602e25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b74c1aade36c0e2875483ef5a2b664bb
SHA1 0f0caa8e808c0f6e532998d2474f8a7cc055f471
SHA256 d5a7a1ff1b7653258ce346d7d3288e2c1a76410ca3051a7ae5c5f3599aac6f2a
SHA512 a8af1e26a511b9816c51e4a19d321eb1404460e609a89ba46f41e162277c2e981d1ddd3231e59b54ce47281ef8e722abe0eb23e8cb0e48831b0f707a59b820f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e426b2674fb532d81bee0f37fdc6ac25
SHA1 1377d233b3507a0d632862738f9629ff7d0a2e35
SHA256 2f94188b9748d0e0dd47e292f8bb7f057b068bedb63e42d7f91534fffbb56376
SHA512 501977d3fac2f7a05e774e6645321207e728948ebc8000a2f162dd9280bb45b2a68cb057560d266d2aabfe2762355f4ba831fa80d0982a217b8682a9738e8c19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d51ac421ce21e75e1381abb3c84118c8
SHA1 e594b2b361320e3b674da92375d758b3e52305c6
SHA256 94bfb2faead7d85a508ca10fa156e9b333420b3424baf99fa6cc4cef3c5fa770
SHA512 9f908ece96ea993b282c522d929e0298b822ae2da04d6ef9d604a9980ef0ae7787b00123482d4226029d17c82027f68380a501dafc23f1a62e2a7bf02109da93

C:\Users\Admin\Downloads\Setup.exe

MD5 2ca97c40a611a894af26c0b7a7a6bf08
SHA1 eeac616238f8563d4a026f5f88bbffe8232c4065
SHA256 9fcb07f511eaa6207de08ca4ff52b8c8a71fd522386dd5624f9ffaa80b4317c1
SHA512 3d830378cc89b417b16c3cdf5cb499afe796fa7414b059c77d2025c648ab85b5281580da238347a845ece7d577a3e0793ca002bbdf0cc1878c5cf0e152d768fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1de4c4cf2034c08ba948a6f5fb98278b
SHA1 c75a956cb1ed18381f2873af22108df58d0e621c
SHA256 36cec7f77bb070752f30ac25b5f6b7c4998e6e5d41bb98a512e5720fef62b768
SHA512 84285a70f97976dcba13f98c8bcc1102382a0f3cb88473d2960e71e9c7905955d2c1acfbf2c714bf988f4504451b540f498d363e731904585559ba4828f3cecb

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

MD5 b18c705b3c68cc49d9bf3649abc75c24
SHA1 6dc8963dea0f3185368790dee2a346301b4fa24c
SHA256 c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa
SHA512 7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e78c13f7c25870e0225f5b3759efd3ba
SHA1 ac55d93ca1efecacc91a5099aaa56e0a49284428
SHA256 0b29f9bbeb541179fa8dbbf5543e02234e3ac44078090c4c21400c98af79aee6
SHA512 0e09973d8364574013c3b8637df0cc31d17e4a4ba12cf5909005df559a7aff29a1d7976fbacb4fd977bf94e388af624666a91dcbec9c3522023d3c87e7ca6607

C:\Users\Admin\AppData\Local\Temp\nsi27BD.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Users\Admin\AppData\Local\Temp\nsi27BD.tmp\nsJSON.dll

MD5 f4d89d9a2a3e2f164aea3e93864905c9
SHA1 4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a
SHA256 64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb
SHA512 dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

C:\Users\Admin\AppData\Local\Temp\nsl13E7.tmp\inetc.dll

MD5 a35cdc9cf1d17216c0ab8c5282488ead
SHA1 ed8e8091a924343ad8791d85e2733c14839f0d36
SHA256 a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df
SHA512 0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

C:\Users\Admin\AppData\Local\Temp\nsi27BD.tmp\nsDialogs.dll

MD5 6c3f8c94d0727894d706940a8a980543
SHA1 0d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA256 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA512 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0ef9eb69a5662c818407f20469956c61
SHA1 d9e3d47a574dfd3dfdc5024469a1eda67d4d7812
SHA256 dedbef29260912e0b00f9dc0350ddfac38d078d60ad946933e7cb8d737127cd7
SHA512 c0f92c2c192f5f95b385e2e13348b2b56c14eea5f12671767c1eaddb012d23aec80f88731eb2fc84600cb8095d3938c9a6a353e0cb06a5994dd10e35888f3d3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9f334b096009d148264eab6b0a1bc931
SHA1 5cf3cd4168e983b530acb9d0740d069716312e1f
SHA256 dc6ce8ebad5d7224bb007fafff07791a53cb4252717e8e53cc6d7c17c26d0179
SHA512 73e9a6fbe884dc08e8989b8af04b1e83cf3abca9e5f382ace1dd9b07d7b2cd5cf0a00703c3a377adb19a5d5ba7360646ca61cbda20a5c4a078d1d14b626b982d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d72597cdb02b45bba054d85ee9ced964
SHA1 94a6bc085d78e1964fb6dc5dbd583ff88c03dbc5
SHA256 748e10e3fc86afe0cbea753deafd1a213f2e9afbb91bb8ff39672aa64b19e400
SHA512 170f591c58d6a74dc5ce350359c2b4b282bf56c89442989f2b23fa072ad4bd5856b74bd4818c8a8586f3421aec59238c6898bbe0221a272bac0637ccc38a84ad

C:\Users\Admin\AppData\Local\Temp\nsi27BD.tmp\modern-wizard.bmp

MD5 cbe40fd2b1ec96daedc65da172d90022
SHA1 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA512 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55d5d629558551dc5188ee919f0084bb
SHA1 a1221d31de149d1ec2418b8314e465a415881753
SHA256 b6d080970279c716f7279cb8defa602a2a70ecbeff6854060f550edc7d5e58ad
SHA512 0acc6b1f28b42b21d6adafc4aff701c30bdaf36bc4cfabb190871089d1350d40f466b7456c18fae0013588efcb3b2a5d9a6a7fe7c4def06d42333cb002880b6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f86a28caa53b2a24b987e17cffa85d6a
SHA1 a5f08755c7024cb82b52a9239b135dd28aa02da7
SHA256 4bee5c529129eeafcc00dfbc1523c955efe56849d14573f58b048e6e19e58b3f
SHA512 df77aa5d0888950bd29e998917d653c5f559754fc2c140e48fa9189d8d470f6efca83daf38699dc79bb3743ec6e2704462fd59770c8f340643fcc17733c11a5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1632204085c140749916617469c0f4ff
SHA1 1eb57ea6da5e48dee072ce7bbf41b0501ac3b08f
SHA256 f215c9d9324295749f5748cad808ce253e57f4623cb83db53b961ded0017b296
SHA512 1bbbab2ac127190a8feee1c0c15b35c08bbe0872276cc2fe48b9803e6dec83296ff72f23b2114a1b27bbd1d2ff97c08d7bc8b2af4354fae061407f8063776586

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000180

MD5 c15d33a9508923be839d315a999ab9c7
SHA1 d17f6e786a1464e13d4ec8e842f4eb121b103842
SHA256 65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
SHA512 959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\be846fd742c11398_0

MD5 bf638d207361bacacdcccfb66129e88f
SHA1 f11cb41ce6456c1132e8f7ae3de8e470c955a277
SHA256 3805bd2678af2933e78d56d23132671f9dbd61f7749eafad6b5dce0fbc4ee8dc
SHA512 e3e7b5757e93041daae5b5261be34e760509d7faf165ff67ad284512b7046468c3ec0e4e62bd8c094c1eeb70e12c9b2d36084ca6f042ee5ef30bb2bc878b3909

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3244ebccd0ff0a27_0

MD5 f176bbd6346683e404071b4089c48ee4
SHA1 685928785edb7733d5d0200df0acdb57c80d5d7b
SHA256 5da79e03b36106949d6206323ea83756bba986d272a7a1ab1bc602a9e27601cc
SHA512 d613f02c0b8c41ce0607f21132f74cb67a02104adb06ff4990257b2af78cb8706a092f430df3ff887c392070c493fc463741ce0014522dca256534abbdf6a1fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000182

MD5 b60fef268ebbaf639fb5bff1f300b275
SHA1 ee38092bb8705836f6bbf577c50a1e905756a3a0
SHA256 547f01b725717cf71f431159443b6689f66975da142fb1e4f23c8728331924d2
SHA512 7d4f43db846639597e36ef611981c9766daaf6020bd08fada8e907cad0df7019764f3f274f40774e65309da8b005c36c21422f28976628dcee780405e7e3cf90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 680e3e672fec1e78fb9c4e341c25b768
SHA1 c23b5e1383067be58d1e8600bc31308c5bff8a06
SHA256 bf2394df15b5f76ffef185b9dbd06841502e0c0021816092a6777e44f65b1082
SHA512 6041cd445a577769ad5c81686d2e992cc3f252d854e2c3240ff23356b00e5d1c69e2bb122ac9f5de1f81ed00e3ddda45c9158dd2c1e1ee52e344b9ecbf228bb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb5691c35561ab39300df128407147bf
SHA1 b1d0d084ddbbfb8d7ef45d1b5e5370ab0bda64ce
SHA256 fa9835fb1a7beed495f0f3947bd04c08ec4cf11eaae7378d94cdf04873b3d86e
SHA512 401400c9fc18757628e1c13aa946a5899ac655b3f8873fc9c0f73ccbbf676eeb1648d7755f0927b04365a5217bc4b6fdb7af655111e34684853b3edccf2e2877

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000169

MD5 1aab84ca73e27c26db20e30c260dc11c
SHA1 957b97193dab5b1c6c437765c41e6bf76dea7bfa
SHA256 33f3fdb2fa4a8111ada9fcc0c86029b596fd37622c4f49c0d62bdd1f3a954d45
SHA512 64e8c16e42fcaf4eab7b840ca646bf6c78b65ebde6ee53852073e63d6fa175afdc42e588feed13d1137b16ff26198acdb0b95d9a156d7ee107aeb349155e8540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00016d

MD5 9eb21aae3561bdfcdc516e6e29a0b895
SHA1 892c2e89bbac78323091288e7412f7a5cc2c9887
SHA256 f93b5a009187991456fed019d226a35cb9f9421c3fe01fbc7cfcb0a3d0c4c312
SHA512 40ca020187182903f8527d29523bb0792be70f4789f450be5483b73a37a902d37e36afe0d8edc8806a4160777e7a0a4e06067f0867b89d63263ce0b19eb1444b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00016c

MD5 733edbbaeaeee23517c7861d02ec8db5
SHA1 fc65fd229130cdee77484c90e1bc24ad4f374dbd
SHA256 a6cda535c689ddc3e8493e9e87ce474f5ba006e5a133f420549431a802030ed3
SHA512 df848151e9cfcee8841827b7702de27237e88d57b3fc45192cf26b44744437bf327db5b880fd7c1188c27979306449bfa3226299ca9902ee7fd5375a606007f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00017e

MD5 b7ad0028b9fdc5add8e2558d651667b4
SHA1 d46e56bf6420606feeed3e95d0434028052a9550
SHA256 1d7978c3e30096a4592bb4786f78147971d72f8a7fb7db71156536c1fd34b412
SHA512 3e1802c920a3739ddd28c090488ced4a564bf168aa4d536bb3ea6afaf69ebb212b08c79f025bc627a9b4c19cdce7a0a03e12928b877368f029f78d8d20584cae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00016e

MD5 246f242deff397b2fdd507c0850c3513
SHA1 c6f3059eb9959500b2b7bde6439927a41d0b9df2
SHA256 9aedfa240c90621c18d7a40d11d530cbe4621a0c459384204f5aa4e0755d923c
SHA512 ffc2e87a79133efe2d621108492f560771eba798d2b09e406f729c02e8c110386ab5c5a581abc2918ff3365c013a7b217719094290a3b53fa60d81ef7178842e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00016f

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 557d486c15a1386cadc8dbeaa8b0757f
SHA1 4e269a890e6d30fb843b93c2deef6091c642679e
SHA256 33f887f293b15012060c51df6a63d256bcd8a9dae94e3768e0b72e6a6f81a50d
SHA512 23f60b7ce407e7f3158aa54cf08ce42331481f8cfb1b5914e7c08ad0b2c4528d0e18b5ff01c601e34ca331a04a7de45d3c1e980265c68957987abcb03213b8a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0db41db6e3225ec8_0

MD5 c5e3354e1a5cadc4084c0b6c0b9bab1b
SHA1 c901f85b869cdd13af5e8e504fa4f5e3e9d53a6b
SHA256 87c85a774d8c3e83c210659fead40bbdd4f40aaa812c22f130f0dcaf86068184
SHA512 56bbe9cd1bf0218075102524d1aab1995e5bc4b81040c07bee7cdaae82d5671528563a6aa9d77f8edbafe01f71860eb3bcc34dc337a18ae43d576c42c8d25c3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3b7ae11c3218693e_0

MD5 ac9084fb44aa2dddc25ccacfa76dc36d
SHA1 80b32239c0ea2b0c13dcb6350877948d3a8ebc72
SHA256 90bf7854f42571565190a3b43d900007e6019ae23e30dfd6d7c4de8bda3976c4
SHA512 1e21cc6322024b3cf9ac1ebb87b0c1f3429a7513568f9a6cbd52ede883ef2e30495483192d4690c7f488fc1b1d51801c4bb3b9302ddf400eee334edda08d74b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b26f13006f3ae319_0

MD5 0382b7b82349ab4e45593fbc0b8628aa
SHA1 a68451402c359d265c3fe8a76b967cae7fd58cbc
SHA256 06a7a9ea9c003db0c33b33e9b7e6bc945342b9d18f4b851fac25c576d7791c76
SHA512 f5a246f76a3cf6a16f4a9aae1f44508dba09494d3fff92fd3a4dc034ab0dc866267138c293c214415d1a7eb5e58cf2194a1b653f140b71bff35e5fc2cc145edf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\445904192da822c8_0

MD5 394008666c22c4e9dabc17b23e5d7a3f
SHA1 ceb2f374f340e66de0374d7ff1ab23b8f07d21bc
SHA256 d980792f986c275e5684cb6cb1b5f44baba870fc644cd866fdf3c7a7651d1648
SHA512 737dc30eaf3ffc3430ae87693ea73805f7978bd4afab0bcf7024064468ca3808faad47cb0e9c579a231b8a901d6653626119a0f64c35b098c86d4c1bc554e2ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\71848a3da7ea1aa8_0

MD5 96678ccbc55e80acc35767d7b270afa3
SHA1 ea69b5cb4e00ae6f7aa8137e0b1d3d6efddcbcf0
SHA256 05c41b649b224719ad8e479c0148bb2640e59b9f348001e93cccc8fc601f3591
SHA512 560cba476ec67912d9941351e7cedbc6a3ca357e612954c9958ad2d0bdc65364a90713daa4225c0210f6da22fd532d06e5804a25f4ce64569dd5a5652ce5878c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2e1e5c804abdac55_0

MD5 2850f580a2d1cf718e2ca276b4e3e859
SHA1 e998743da99e37b86465cd13769d41cc1e77241a
SHA256 0e88e0699e935ec851411e3a951e6c3be4f9c58783859a8b716a7364f82f1a0f
SHA512 78a8d4ca9fa768f353c37667ec11a0598d43d293398edbae65b37ca8508bdb3f258d1ffafdb2579e106886c42730c2a4511ea2300e23aa861306882cc48ed3e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a181c4585a599d04_0

MD5 548839e9b4b8489c30883274de91a54c
SHA1 9248e68982614a53afdbac6b77e2bb0b59720182
SHA256 f9bfe870fd9097f916875dd36bc12104e0ed88426aeabf5ce0f43e06d8edef4d
SHA512 85aa54a304cf98c1b4602523892c9fcb3b4f669ba22b5ec70c58b0d2bef7a345d31ca9a68a8b0b35ea13f717ffbbcb6f767d5adfddeae065ae8f82fa88356793

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ae312d4d6e1e186a_0

MD5 1531ace4366e4576a030c4766f1b9051
SHA1 e778bb013ef8af04715140a6c4958c05aed60358
SHA256 e54c8640d9e3e6fe75909858cc613b487e9c235ca36c13f3013b6948dba6e992
SHA512 237b927ffe4b91a2a107c79d744b3c5f026c26080f0e6ac668e126384079bbd562ce03bec5cea8731484e424f0c7323cbe3b8cf7c05461e66512ad54fbc22f37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ee46582361c18fcb_0

MD5 efd7f686427cd7dc1efd4ea01ae8d78f
SHA1 337bed13366b239ce0c7434dcae2dfce3732e799
SHA256 e7599c45d927c2136b9b7d292e7d67d41fc0ed33e7c0cb8c3a94b30951dc1798
SHA512 d707e9319fe27e6e4070da1bdab1e4f8eea7d5eafcbebc53c341b7f1004492cfeb6d91ce737c4f55f8bb4a63558b978077247a1ebbc583df0d24ac231b8b6b0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5cf333f30af9982e_0

MD5 63462594febd06610f79212eacf96841
SHA1 63f41d3e63cb772b257fa1732e16929f54e1a6aa
SHA256 4835627c1bed0711505e62c4d45d181c70ea63ead3f8177d990cbf09f312de5f
SHA512 1d58cb97055cb1781b8f2a6c2df85d39ae9d670b7a0d2e25ce1c1a3a32b96ae2285482f67e95b910bedec02eb4502d0a98303f88013815b171ea18fd55e71d68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4640e9414daf791d_0

MD5 7c4a3f07491db62f68888f7c371d5dc0
SHA1 94e13306e0a851868ae251ddbb6b0011dc82ad9a
SHA256 1afa9df11c0bb946b1c37a9ad65f9775c2307562e4f33fb7b968221ed52e95ef
SHA512 932487f6e74cc33f24bda34ef61e2c8ce066d660a72ed088ce228daff12d129c07a4607a447b4ca6a80c7752712048f79705137b0ea1f19374aef409c5a704a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\03114a5f9aa8edce_0

MD5 9a6db1320e152c0243ee1e44054c19d5
SHA1 fb0f66090a3d321a853a23d0436f887d7b6cc5b9
SHA256 298ba71db97c0cb46611589ee2fbe09097fd970dbfdda8d7de8d6cb56c402f07
SHA512 a887c12e5c14f40db11a2154e2bf058f006417dbb330ccbdb376f061cabfff88783f662afbe816d9df1e21ac42948368aed4e5e673654a8a00655360d6f99f0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3d4cd3624cab2b56_0

MD5 4f248558641c70b3b9898830f6884f9d
SHA1 5824935e2e90222df9c91c0efc1ff0b39aa11c56
SHA256 5b841d13621c5e67f1a7a06fc7fa6a58ad2208b1cb55c1072b0af4a1cd2631d1
SHA512 13309923599c545bc30c4f5a656e92dc910b81a7c86ca285fa1e279693749539c083abb8948642a2ac87114ca3d38f3bc1ab47c789e420c962bbbb89fe7da14e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f35df1a0072762d5_0

MD5 daabbb1d6a8799ff14d8223a08af62b9
SHA1 77cfcbc193af9b37911c78b29513c277cddff7dd
SHA256 03e354df295df8908a90dcc40ba6433fb2a03e021e3d9e3e5b1678360978ff85
SHA512 028dec6cdd8e16fcfb174617981a945dcae60192ea5d308cc16ad8706be8c40d5d9d23bf7c1986ecbc7e87584717ed1d4d566a61a614f606597eae2cdd610077

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0375b63db0b3a360_0

MD5 415244f1b561da1e6a85373451be52e8
SHA1 00557cd46e71a4cfc9e092418fe1cd2d6b52906b
SHA256 65e8829a92157b63e13e40e99eda77840ad2b0e63766c73a6e8c2ed2361d7985
SHA512 786610cf10251c73f7b738be3abd438737c8f4813edb07f15f6b3462c443526000f918331691e4da4999a38175970698e0fee421382e60a2e6093d2c9fddc685

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4e3e282c87c95a0df441abfe669b2f84
SHA1 9d38c8477b746fcbfd42c9f09900d0de6cba0700
SHA256 94e3f9fdf2034bb6d145dc32ee942ac1f7d20538851f4ee0f4b35b87ac37d68e
SHA512 102f2da7f3250a0b3b9df426a5def228d45de45a164a5a54f471e5693ef834c52f0a851b7031abd2c75233dd8f9cf8fb9e433a31671dcc3230e954a2a8780d02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 074814123a6c600015358482603b44fb
SHA1 7e67911428b9264e8f6843dc7be38700e42b67b1
SHA256 bb174ef4ef4521b6832051b35d7c3343f2bb99cf203f2db7a0a822e5bce09d51
SHA512 25275039c60bb1f1837a5349fae26f66ec9dbf3ad842fae956ab458013208e4fb1a7c2809d6a09d365a83dc8b2e34e019f1669191192235bfbc8bed3853e2b3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\65015c952bc6bc39_0

MD5 ef99b0af34a760f38d3e5d3bae060498
SHA1 74db5d5f7c8581b53ca39ac091da80871c370bc4
SHA256 f0c92f95002e74e0aa6c9ef780a2856c0117dedaf5445f9306c821bcd2f822ca
SHA512 fdfcdec83a83dfe0013c22b8dcd7c068d5cd64fd2ddc01adb1a7c581faac63233eddf7fcc23a812ed467bb91d053e327337ce8e4cabac936407e4e42578c40df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\47d9706e74dc64dd_0

MD5 319d3ca0ddf7ab9818cacfe642679017
SHA1 e720a3e4556e63c75267f5a02438bd4a3d6ea27a
SHA256 dce516b6f7e5c4300a2e54d6a3ffb70bd9c878bf317193d569debad18b82acd4
SHA512 dcb00684c1c863a593f144eca51a0649e907237aad283a2d54e70d99255933f4f8e11da203a82b4cd9c447d32960fcfd35191893ca0bedfbc875950e4b9e97e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ed1673da69894a41_0

MD5 052579dbe8225a6f47a4a31e4f6ed5f0
SHA1 2e4c38329e4ec1783f11246699df94fc9418e071
SHA256 07022eae613687d6ac68dd52c40e0583048c894ac85c8660fc76e39cbf913ce6
SHA512 d9eafece2d2365fc4b7e7270439d05e878495a647f840dd8d8acdaa90fa2fae8e7fa06b0e43254d7eec809a2a35ae0d28583c3521603b52b6b08c3b97b4d1186

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\104464baf633a441_0

MD5 bfc54f32151ec3226da197f0844eb392
SHA1 955670fcb0763d0c811d66d60e70519922507689
SHA256 b93bba497a3af99b96c9ff3e2a586515db5f9d592e2bfb2f564551506251eb3a
SHA512 8e355bb9842b4c480c33cf3a6e45fdc49b7b63b4e58f815a6dc1d38b2b23b00ca7e64a43564cf63f99f956c651b296d463083afabe5676ae9a384ed13b7a0b8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8d148872c0191705_0

MD5 6ab0c42829868c23dcc263e663656807
SHA1 a6a6c05e9ba21a21c9b5f81f2668e1de9aa3d72f
SHA256 0f80c6135f365041fae3fbc2b4f6492043aa63b9c6c64ad61a2bf10201e06ece
SHA512 407e2fd2e600554691d1dc288fb995cdd665711676a86bca2ba3185ac113e192dc1674233c0425b68805c0b768d348aae5f7431247e81bbea7976d23d4d30e6b

C:\Users\Admin\Downloads\app-release.zip.crdownload

MD5 6629154cc8d5f3ccb7eea4aa19021742
SHA1 64ecf8639aaf21d1c71c2c0d3369e45f0a681a56
SHA256 90df5144670ce8326131bd6d15eac6bfc9f1e779c75819b29ceda8db620422d3
SHA512 aeedfbeec264d5a53797f18ffe50024e8c9b0f70a905dcf4d80de224a40c08713ca26fbd5af2c547c3c26ef76fccc7f78a109ced45a6965bb198f8da51fe1aa5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b3e8c0c2f621965f18acb08d5e3a12db
SHA1 b8f00c6203a40d299a792af8a5ee4c5c9edd9da5
SHA256 84cc2399eac0e44f7faec884fb7473717ec57177048b58de92c7aff91b74693c
SHA512 e66e93e71d5e7ad18f11f88b2c6244d5ab7819a9613eedf327ad40722b83478ae6667de324c8113b62a95d1c5460f717e0598fa344291b54234a720014f2a93a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 670d11000b5f4bbf1af967101372ea46
SHA1 b3753453b3764345de8876845a94f8a5eb6036a1
SHA256 a243469342b231548640e54bb9141ecac7053ab4e4085d4db3f2ec23b20d8289
SHA512 81a032ca1d3d37f02c12cbd5af13d41b83fab84f3911a6f165e3cd208fb3b3cbe44475e79cf139d23a7679f1e266d43d6370e26f34627e61b4469e425a0ef449

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5ec652b994ad83b8170ef8c25c469245
SHA1 4ac6653d41275d8beecd0bd3365532f7e940570c
SHA256 666d7fea24471da04134d904096a4859fec87ba10c8178a90cef647b19aef70d
SHA512 453f675daffd3cd4d6076922ddd02241a4612a9ee34fb1e63d66a2a03c1ed417f598bb288899c985ef8120266e83680b51a50ac18c40629cd71f2f591b32699c

C:\Users\Admin\Downloads\Electron.zip.crdownload

MD5 c7bb96092112ddfe949ca9cd39e5d7d2
SHA1 1badf937c2c29f631ae036508e945dd61c84ccb3
SHA256 f283c5361a9de52e07bd7260fc76a9768cb4ebc71fa247e0c313d064a7fcaa7a
SHA512 c7a69a7c12d361ae9ca1586559ddc401fee95e5386c5a51e3271789486e41bf08680e91dca584830d6342cc0ba344fc13aff663b75e7d9e7d9d4f25ad912c7ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 59fdf226b6f4ba8de46a98ead5735e0d
SHA1 f10ff6d00bf7e51314eb94a567bcd9190d70ff3a
SHA256 0918269473a44963fe64f6f5794489184ce70a9b16de2af65e45ead130920802
SHA512 1f2169d88452c0324246dcb34ef6bfd9971c14a988ba7a6366e86a27093cb4f63cb8ef2657e07090041c4df83a8577ecece781820ab50ae8ba01dca79eea85b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a4d7be804ed3a91c4c439039fa0c689
SHA1 1642891840bae08be7703ae1c55e84847b020b37
SHA256 bcf4a91dc7888ad8d787418e0e66a222089b3f37198bfbce7de7b8f25c96022d
SHA512 4461465e9a639d42c925e7dd975b52027bc4d56ca45c3857373587ef16cf2bf7d91ec6bb901d4ec5438f2c821f263882582f8a23c70edd3861c3a940f594fff5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 54b8e2b328bbb13f7257f66cb05e0efa
SHA1 7859d58be45d30d7a4a067dbc635b70fd85a720d
SHA256 71a25d65c3eca7353983e31c16c973fd4a25d26cfb5a75bcfec8341c6a0fcf9a
SHA512 477a5668baf4dd163d7e8f1f9dd49e472cffce1815f153c55e98efc1264108eeae0c3f71a8fa618602285352dbdac21bde3d88569d5ea80f9d9e8203a367e5e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a60e44b3b71c3912ed575b947f565bcb
SHA1 2b1a9738d9b6daf36fafe669c2c7b270e699264d
SHA256 efeaec5a6070eba6608cd00bcd7339c56d4b59d5f7ced4b3a5e094628ce19d97
SHA512 d66b06973784365ecb1e96f75e0526d8f70bd1be6bd42ddf8a4259024b7091d4c09df5e6b5f8148664ee168d29320972d505f39cfceae029517ae52b79fb6ba6

memory/5936-4577-0x0000000000590000-0x0000000000F9C000-memory.dmp

memory/5936-4578-0x0000000075B70000-0x0000000075C60000-memory.dmp

memory/5936-4579-0x0000000075B70000-0x0000000075C60000-memory.dmp

memory/5936-4580-0x0000000075B70000-0x0000000075C60000-memory.dmp

memory/5936-4581-0x0000000077D14000-0x0000000077D16000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 477d768a59ef57c04763d64d79f15320
SHA1 23dfb5d9c9553dd1e444253a7cbc395d18b3f0c5
SHA256 cb6d716bc97c5b79912b49ccd57c1f93e02daa06b7e2b34bc23d6770b9dacb02
SHA512 e2c2a21b511f43cdb33ad25a2cf67981ff624e0ef503d404934691a09e5ce4fb2063cf9c04b5287b0bb6925d1519b8fb546d4ccee97fd072923ac126dbe2f532

memory/5936-4600-0x0000000000590000-0x0000000000F9C000-memory.dmp

memory/5936-4601-0x0000000000590000-0x0000000000F9C000-memory.dmp

memory/5936-4602-0x0000000005730000-0x000000000587A000-memory.dmp

memory/5936-4603-0x00000000056E0000-0x00000000056F0000-memory.dmp

memory/5936-4609-0x000000000A310000-0x000000000A318000-memory.dmp

memory/5936-4610-0x000000000A620000-0x000000000A658000-memory.dmp

memory/5936-4611-0x000000000A5E0000-0x000000000A5EE000-memory.dmp

memory/5936-4613-0x0000000006550000-0x00000000065BC000-memory.dmp

memory/5936-4614-0x0000000006500000-0x000000000650A000-memory.dmp

memory/5936-4616-0x0000000006530000-0x0000000006540000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c92d9fe21cb8c3423b991ca535514fd0
SHA1 2fdc0aaf95bbb3ec73c1b0be65328834fa19068e
SHA256 24282dc52aaf77b0590fc9774e3080b7b71050d17b15ba375824cd194b20f3f8
SHA512 6a26a37ce145b783cca24c4c78548dc8a8ab993009dea0055b50ea2a4cf9e2e30d7d81b0c466da833fbece9becc3733287eb10bd6b8c849489380b052a63ae55

memory/5936-4638-0x0000000000590000-0x0000000000F9C000-memory.dmp

memory/5936-4639-0x0000000075B70000-0x0000000075C60000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a825f8b840055e2e284d40581fc16031
SHA1 1016c13856f8e096a88969846ce673a4358c1013
SHA256 6f534125193531b5ad5832258487a1e9b9f46e15aeed0f3215ccc4264e21a4a9
SHA512 1bb368d942ad5fb34892455dae87329af47ef1f162cef59dc34a766d5cce964ec6e03cca35f0c0b5e77fdf7771e70739f5afdb53f76916860bf312f5a150b525

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 91c84dcae822776a13effd7cdfe4c58a
SHA1 cadb134677d7e8f1374c03b26e2bde63f4107cb2
SHA256 1242a8f951d8ce23cad5cc6a340b841956630a970a2eb11917c248af153c0d47
SHA512 cef9b59f02056da01bc217db83204ae51710f1c7a2671725830efdf72dee9e9763cfc939fa5531fabaf795b6d4a12b1b73497785f83c453aa8c7719c4d10d634

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 f94eed036990bcd2d96fd2ec3ff3cb0d
SHA1 ef191cc408e6e35eed2245f404f09688a19a1619
SHA256 fdccbd30000792ba81f1eac9cc2b3965a338e3b36d351aa6d27c090459e282fa
SHA512 a2d645bc6ca745ca287d33581d12630c217236944897511f071c49c2ed122ac335a980404b5fa9b2eecda024b255f7283a89b8f8e0b9de56513d9a77eaa8d879

memory/5936-4691-0x0000000075B70000-0x0000000075C60000-memory.dmp

memory/5936-4692-0x0000000075B70000-0x0000000075C60000-memory.dmp

memory/5936-4693-0x0000000075B70000-0x0000000075C60000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c25edc3bb2ece5f889b785733c358b3e
SHA1 60ec079b9267b1ab99b555020aae1cb62d855f8b
SHA256 307130df38d5b0928fda58be9c07139f881f6a78e9fc4ae380853afd88928425
SHA512 4105e810ebf1ddfac9f3fbc476156cb6123c81410daf29a31b5da5f107e9cb4f828b0e58c376dc48c52d1e05cb696c482dbb545590e2d4702442a628c538cbe4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8486773e81228c5adbe400e58d08953b
SHA1 f85ba0ac88fc164970d4a74ddad3c89b8ce56ddf
SHA256 e65595727a0d49f4a11926ec63f91644b055dd3181e37344dc3c98a8d35b862b
SHA512 4fa328e60fc2fb7ab32d3ca48db3c4a90cc7bd898da188eaf57ee0a409e3e9fd32388f2c4f1f086d68738fc544c38110d0cb48ce1dee4c0ea4c4f485a5dab662

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6ac45db3b9e786e7f150ff8645fe3cbb
SHA1 4bec687cb0ffa637c4c89d3c293007aaac30ec9a
SHA256 9340ce750cda9d41172204240bf40d4ce7a39a0228db3f4bfb2b7994d16a0d96
SHA512 bb97679d5f1a8e335553b452dd933cecb4b85878e45049accddbbc594dbe21bb718ed02639b12d95582dd775cd4cf71000a08438f651c830a9158fc27102e8d8

memory/5936-4722-0x00000000056E0000-0x00000000056F0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG

MD5 a04da6acae70ed73d235cb8f50432cff
SHA1 04740007f76922c1757db4167daefae4052ae88b
SHA256 e920bfb450512713e4b814c7dfbf4dc8b60a12ff779bb2153172e1d6ad51edca
SHA512 4452b0fb4db2f77082da243449d36d877c6f0364c42bcf7603a3cb60d9ddc4d1ce7d0d96d4bac5ec157fdb142db4b4730029fe7eb02fadf19819edb43041ac01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 10989e266dfcc5bd7a34f1a6419d2164
SHA1 85a8fd5258c24556281be183591caed3e9361345
SHA256 3b9940d4251feaece3342735451408a938de8f660c38fa6992d55cda4381da70
SHA512 f8acb4a515ef1ff122fffcc7aadc86df8f012f6cd6e59da2a0fe92d56079cfb4286d5c2b002dc36639e879e77e220a6f211b7025b6b524f6e91ac0581c0e32cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ffc2cbf71b7cf99133c125001797d42
SHA1 2662b6483fb335b46bf6cd4e21f58321a8e7123b
SHA256 370b266d7a254dd4630cf3b8d9341191f47dcfb60a67ac0c9ded9702217a4d1d
SHA512 86c426e4540048fea09b6f08951f68fb23d33efaa7129585b6144ae3b938e4bd39a46be554c3c740b7d71af36fbb56fa2754d12239914f035bf4b45e564da739

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 9e2e06ecc206bf191da41d4ddcdbd809
SHA1 7eb73bface76cf8233fb025748fb5bcad4f104bf
SHA256 d02527ebdcdd5493a3dc5526430cece158842cb2c1bd02bd3676881d19905e84
SHA512 499029a30b15f722870985c7bba78788660a253d7f553edf054df54a444ecb2f936d44dde46e618d133a40a819f8bbda215879865d71fde08b03c0704382d8e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0c301e354253985ad856e88825401c0
SHA1 069af8b8685d44bd19984c2f845109cb7a0dbdce
SHA256 ea75039652aae0fb81a7c4f1ae2fd3da099b4fc633a3406022290bfb18baf900
SHA512 93b6653096b8d42bcab5aa4c5bcd28bf2b27d981fe759f215977e2520688dbcb8115d8f6668465787c41d90cf04e0e4c26cd17e148294a207d78de5062a9afa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fcd2bb938f1792d210631f2da2b90f3a
SHA1 f40d16b649d7b874cffb2e387a7e8ee6bbc52036
SHA256 4143fcd9ee6205174912b5afc0729539503c371e42b636462745806dfd75769c
SHA512 57946d995c95f2076224040f4504c528835d6d9d3ef53e20a9997c17799266391a3761abd28fe2f4fa7ddeb45e3d0674aec634d2fe34bd51aab4bcc2efae26d8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 ed358ed7e9a994cd0949db86c452dbf8
SHA1 e3a61a4bcb7c558fa2d8af79bce5d17f53da0efa
SHA256 45bc5a16a21daaa422e130bfa3e74bf3457a9a2a3decb47208d5e05f346c4405
SHA512 1f108f98a77954f96c2d33034638bb8ca2bc6379cbeb0ed88dfad1fc9a27e8197f0f9466e51f2d9be46652aa4f802098b6c45169b275ee831dd60c2716f99ca8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0be630ae0c577a7f7a361a1c91b3963b
SHA1 7b38216267e89be3bcf669ecbedc19efda9b1868
SHA256 a917adf2b6fb34edad100a8049022ccdef1b0ad7dd15f601c4ed3bd6b9d856dd
SHA512 97c2b6a9af89924027166823d26ce1fa6f731fe915f2435ecfcea0b1749cce5d009d8ed01cc43691c8d3a2400086eef75a2aa0a86c485e27295b60df1b1990d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 fefeb04b420f854fc2b221680cc6bdbc
SHA1 23804bf7deb18f231a776ed6e1787c71fefad5da
SHA256 eb1fb8b090b0dfac0b9e3a17b8dd2a20e7e349599ed351c55cc8e1c0216e1102
SHA512 412f3d314d5e37689fb65e87c149e3104c7c953e6c92d7411eddb9d75584ac244dc5d08ffd7e7649ee9304f80fde3ef50d5e03e0aa4ca36bbd0b9708bf09f8c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\52c181884ea46cc9_0

MD5 bef46168cab106ac8fc9d1bbd2a549bd
SHA1 99f432a77a8474bf9636ee830be88b800b3c7e1d
SHA256 1294e127015105d1ba072e7ead3aa43cd39522ded34f9743ad508a6dd0347952
SHA512 9c181ac7bd5530dd41c4637fcf17a37fd7fcf80fbf69a9677cd123c76cec95b1cdb5182eb728b0d66697c87407fa0c0afb94b11c1f7ba9c656de9d6977b885dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ed0a679d1f40f943_0

MD5 bd7b2acf7318a7518ca7e9cbf320d8c3
SHA1 347ae0ec172af7ffe9c75b41de1c79e0e0faee6a
SHA256 bcd281b5db001a5f6a77d9f7e64c24f368105ebfdcc19d3ff89c16284e986caa
SHA512 083605f65ee298db14179f2de59840877dd148c5f9b9eba3c88e2ff8268050c2fec6a093c849a730393a8341f07be9efcbd2a0708f49cbffbb89ccdc12c7d4fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb529dd8df719c73_0

MD5 e1985bd12671c5210c1ef80b576419cb
SHA1 7b3539b91962214f5e7b834d8afbeedbf687ab04
SHA256 2b486c33410f47ffcbda222a407374c770ac43035ecc49c7083a8db61c1983d4
SHA512 a375f612cbe71903eb491cd6654345b40ceebc425401f2b3b6c5dff2a80fadcb45d7ebe80ff7df7076bba9c2a5e3a0dc3a834a29b2b7d97ec47880cbff63958a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eaa463b23c9cda74_0

MD5 6484519a72904724937a130f145a9167
SHA1 1fafc63098b1c2262af007de89dd7c2a643776c5
SHA256 5f64808ce0119368416b1174eb0cc158cb601ce85a1be5c404b6f3a4962cad30
SHA512 8452fba234608f660a85ae2566662823e3939c8bc43d9b9f5a485dfc7cd349865bea5bc0254691c1bb32cefb33236817789c6df3c171d65cf46a87b49102aa03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5454226da5598cd4_0

MD5 25544cb4223a25a9db0703208ac0fc3b
SHA1 d7909e8f1f8f71d5e983d2eb709379cc1a3b7a05
SHA256 4ea72a8dd0c0b55a8fb7ac9ff18a808debb35b827a5cc5f9a088d810e9351995
SHA512 94dc3283b644bec7327459d753425135f387007bb66ac09a27db1d98fb4d69cd17a24e4f5b1911d1faf5c139d65cbef87ffa76f54064720e0aac267775aa01f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cfc826b7b7da1bb5cfa2298cabee8358
SHA1 fb88df74300f9f0e5e0919141b2ca28de000926b
SHA256 0f4fe612c6a3d14f0c5f4ca58a8c711429b23d5238d3e338354f9a38b15c3f9e
SHA512 4422e941b759b57a3b86acb8cfd9240da62fdb676dd3c88f84eb4bb96fae7618104ed47b7e15afc0d1e6095243a6aaee37d2ebafe2ac83d3e42384b49c3e52d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7c4c8bdd2dbb333e7f0cc8aec79829df
SHA1 b0578a0370e34187e3ccf0ae94fb88f391ddc219
SHA256 c0660b65721b9cadfbdfaf9e4fdc3ba6096187ad85de7f2f990cd9e4a39be0d0
SHA512 9434cef8a968addac5239a796065959a4adee3c9ab4aa3d01d8fe8121f877b07a90d56319ce1a7bc855367c3480a45cec8778f3496cddbe6cdf7dc039ff052dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001ba

MD5 a141303fe3fd74208c1c8a1121a7f67d
SHA1 b55c286e80a9e128fbf615da63169162c08aef94
SHA256 1c3c3560906974161f25f5f81de4620787b55ca76002ac3c4fc846d57a06df99
SHA512 2323c292bfa7ea712d39a4d33cdd19563dd073fee6c684d02e7e931abe72af92f85e5bf8bff7c647e4fcdc522b148e9b8d1dd43a9d37c73c0ae86d5efb1885c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b1ed8dca82df10bc8615ab2f5edca720
SHA1 254a8552646fd2478093668cd6eea158acea5843
SHA256 04c28c02d616af98da828996a206618d587ad0649a87ee0eef726dc74171a404
SHA512 16120e33e17ceab99f5894b941899cb81129b00697245e570f24b2f8b2db1b458d64fd77a895849c4c05db9af0c8746b0d74de88932ab33f4b71bea4d01035f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bac0a4543d5b791b8fb281c1d5a5e890
SHA1 ae658a5e62086a4b54fcc1c833f6a01cd00e15d4
SHA256 e3e65178f8aabbabce160c746806798bd6b21b1c01e7ce987d4ff8bf1d8cfe2c
SHA512 8a14069121db72e76f773cd1e58b099402136025b9b1b507465c33e4b53b64993898c3a5a28b8bce2ce281f49492550d6e8fd6ee0abb93d30577cf5c58a4b288

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\59ece0dd-5d74-4367-84e1-a50828bcff3f.tmp

MD5 097df8d6134ae3570e7f39ed9fd56f5d
SHA1 a020efd55d67a1a43bbefd06860700bd09037cf6
SHA256 6897c25289414f8494ce196122e660550bec99cbccf3b902b4c5fea77f1d9003
SHA512 bc656eea1b3c0ec084458bbe96be6ebf70aa65380d7b4e921a7c416a6d6e294357ac5f2c771457a13d617c62be80ac07807cfcba2444b4f5e113d3535854345a

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 21:49

Reported

2024-04-08 22:07

Platform

win7-20240221-en

Max time kernel

1049s

Max time network

838s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod\shell\open C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\WeMod\\app-8.16.1\\WeMod.exe\" \"%1\"" C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod\URL Protocol C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod\ = "URL:wemod" C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod\shell\open\command C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\wemod\shell C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\Update.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1504 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe
PID 1504 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe
PID 1504 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe
PID 1504 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe
PID 1504 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe
PID 1504 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe
PID 1504 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe
PID 1004 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 1004 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 1004 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 1004 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 1412 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\Squirrel.exe
PID 1412 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\Squirrel.exe
PID 1412 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\Squirrel.exe
PID 1412 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 1412 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 1412 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 1412 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 1768 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 1768 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 1768 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 1768 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 1504 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 1504 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 1504 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 2332 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\WeMod\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2332 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\WeMod\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2332 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\WeMod\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2332 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\WeMod\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe
PID 2632 wrote to memory of 3032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe

Processes

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe

"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe"

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe

"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe" --silent

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\Squirrel.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe" --squirrel-install 8.16.1

C:\Users\Admin\AppData\Local\WeMod\Update.exe

C:\Users\Admin\AppData\Local\WeMod\Update.exe --createShortcut WeMod.exe

C:\Users\Admin\AppData\Local\WeMod\Update.exe

"C:\Users\Admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://?_inst=nY1ISe9HSMpgSrJn"

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe" wemod://?_inst=nY1ISe9HSMpgSrJn

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=948 --field-trial-handle=984,i,864806722815716998,3212790759271467905,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --force-ui-direction=ltr --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --mojo-platform-channel-handle=1308 --field-trial-handle=984,i,864806722815716998,3212790759271467905,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1520 --field-trial-handle=984,i,864806722815716998,3212790759271467905,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=948 --field-trial-handle=984,i,864806722815716998,3212790759271467905,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\WeMod\Update.exe

C:\Users\Admin\AppData\Local\WeMod\Update.exe --checkForUpdate https://api.wemod.com/client/channels/stable

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe WeMod\Support_1712613037304_Out

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.wemod.com udp
US 172.67.25.118:443 api.wemod.com tcp
US 172.67.25.118:443 api.wemod.com tcp
US 172.67.25.118:443 api.wemod.com tcp
US 8.8.8.8:53 storage-cdn.wemod.com udp
US 172.67.25.118:443 storage-cdn.wemod.com tcp
US 172.67.25.118:443 storage-cdn.wemod.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.201.110:443 redirector.gvt1.com tcp
GB 216.58.201.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r3---sn-aigzrn7k.gvt1.com udp
GB 173.194.139.8:443 r3---sn-aigzrn7k.gvt1.com udp
GB 173.194.139.8:443 r3---sn-aigzrn7k.gvt1.com tcp
US 172.67.25.118:443 storage-cdn.wemod.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 104.22.42.75:443 storage-cdn.wemod.com tcp
BE 64.233.166.157:443 tcp
GB 142.250.200.3:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.178.4:443 tcp
US 54.70.189.255:443 tcp
US 8.8.8.8:53 www.microsoft.com udp

Files

memory/1504-0-0x0000000001100000-0x0000000001126000-memory.dmp

memory/1504-1-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

memory/1504-2-0x000000001A8D0000-0x000000001A950000-memory.dmp

memory/1504-3-0x000000001A8D0000-0x000000001A950000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar2498.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

memory/1504-75-0x00000000223E0000-0x0000000022B86000-memory.dmp

memory/1504-90-0x000007FFFFEC0000-0x000007FFFFED0000-memory.dmp

memory/1504-94-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638482098099970000.exe

MD5 1c9da682268453db59f11b8129f827a3
SHA1 d34e82203d3be584ba02e15772de6a5fc0f52978
SHA256 120c915fd6c5b15eac234a676c94722985578483ee7883406ce6d40e76cca94b
SHA512 810589a1252d3f598289852e2889ea4ec745e7abb92463518c20901906449907cef94c4b803d64f86c36215634209ee74f6cdbcffe16382dd4c6faeb7c4aaa38

\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 750294620c347fcd51c9c7d3a91df1f6
SHA1 32f96f434b87f27ab55cc561d0773d0892bb49f9
SHA256 26ca155b98e36912ee537b55671e2bd5a75107d168168375e58a8b713ef2358f
SHA512 4e0acd0c093ca7b5b42b51e89fc90d58d3306c4847ff2f6e1cd5e6a1bea1a656c35528a017d0a4ab8d699c7d3e6756d0f61f031d66b09a5180a62d00e7568f87

memory/1412-109-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

memory/1412-108-0x0000000000D50000-0x0000000000F26000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

MD5 eb57d40350a65656c93c83deb4d62782
SHA1 aaf2dd180f11a3ba3c8da53f635910e0fd7a9c64
SHA256 0b328db09af31969dcd7987f65fa78c0fd6f01b4e51b59752dfb875a21b5d832
SHA512 ac65249088fea1e810ca0216c7cd842f5bb8cbfec78f6b7ae4566ce23fc643dad312856ecffd31525db842595d93fad20f78372d79da02603400c8dca524420e

memory/1412-111-0x000000001B680000-0x000000001B700000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\WeMod-8.16.1-full.nupkg

MD5 59a0bacb9d0f7e5f1b195dfd683d0e72
SHA1 986ff93d69ed07ed967fa36be550f1a58ca2286d
SHA256 752d53f6529940694965ff22a9136a80b464a2750e326eeebde66eac4c08ccd5
SHA512 921690b07f50368630b59bf25ab3f2d649b2c7c2b344f7cb66270987645004a5f4179f42850f572b0b197fd534e12a696743b82538db4d3dbcc2109691bce5ef

memory/2396-218-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

memory/2396-217-0x00000000003A0000-0x000000000057C000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\Squirrel.exe

MD5 dee4a16b8a08762e6d7abe7f71ad1b5b
SHA1 09248ab4df71826c4b9128b091a0e2cba6f63dd0
SHA256 7168ee307189a338fe189acc983899d552fa2652579bedd627ea83c91b33369d
SHA512 0ce9fb7fda310f77bfe5b6150ca0ff466e6c530e8ce77fe0f8ddfad478cf935d779c94ae912aac74bbd05efd86c6d7c3a5909d235ede56ae8d205404621885a3

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\WeMod.exe

MD5 337f0c70d43d402a28cfbddbcb821a2b
SHA1 c7d148c12b401a7fed082747ca565ff987db74f8
SHA256 41cef8681a124639bc6475c431180dc6312d13a4e9a94d1b589b7e0225b25cf0
SHA512 4e1dd04bc799ea3fb372137a33fa1d32e2f294a1573dcd4ccd0f1af65e99e86d469063b2859fab6e17548d8802f9cdc95d81f2aed32bcca7dc87efae790c89c8

\Users\Admin\AppData\Local\WeMod\app-8.16.1\ffmpeg.dll

MD5 3621280d3e04d9643822ef8f5dc0fb91
SHA1 6a552d28c3d87908fb583eede8a3eab44ebbd259
SHA256 5ac630e962666a21346cf7efa20eb09ac2a45ae3110eaf6c28ad3ddc87533ed5
SHA512 9c655b0d5b72d57d49b5c94b406b5abdc2e1d668f40a7e754134655e333abf50cc96204b0d516dbcc4c74831ca7f3577756f7d6f0112bc610e8b3e59837333dd

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\v8_context_snapshot.bin

MD5 b32cbc4a5ff34f441e8e0c264aa61849
SHA1 435d88a3e50ff85b6030c4c6e8918161fa340201
SHA256 4f72c7b625b64d38f819a970cfff5921ff4080e27de84b00b9a7cf8be15277c5
SHA512 7c13eedfab9fba821d5a26e5ba81444a84b48aff13a7cd508c03f7ea113997c2edf7126e5547e16fb3e98a942f0070a5d597c25971afbde92b46125085b57b4e

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\icudtl.dat

MD5 76bef9b8bb32e1e54fe1054c97b84a10
SHA1 05dfea2a3afeda799ab01bb7fbce628cacd596f4
SHA256 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3
SHA512 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources\app.asar

MD5 539471ef86f782e5863248b43637b986
SHA1 d7622bb8c7d9c2000557831b266505aa66b9cf31
SHA256 9b2744abdcb0eff53c2763de1f6d3008037cca5392661a6e0893c05826603c39
SHA512 e5e16dd0fa89d1dc5e810f1bee50ae3c15dbc10702efd1b3534b1dc56ac965dd89ad5b5449554700576a41ee623bb0bb85eacb50e47162bd0adc71c59a9a651b

memory/380-235-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

memory/380-234-0x0000000000190000-0x0000000000366000-memory.dmp

memory/380-237-0x000000001B570000-0x000000001B5F0000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\WeMod.exe

MD5 962ad3ca5b38e18954d2992912369d49
SHA1 99a9c9d14f9f2ddaf7fd0818cc8b829c858b141d
SHA256 cfeab93bcfd99a583a0dd47197c0ead1c54a4ce94d19d777cb004eaa9a18f909
SHA512 0340397f3326a237332704112125e522fef1d967e408493a5674fc0a997fdb3e0fbe308dca9d5a9d4cf8d21addcbd9ad2e9a5f7e9e09239384a5af76152f2d52

memory/380-244-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

memory/1412-254-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

memory/2332-264-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

memory/2332-263-0x0000000001030000-0x000000000120C000-memory.dmp

memory/2332-266-0x000000001B8C0000-0x000000001B940000-memory.dmp

memory/2332-272-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

memory/2396-260-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

memory/1504-282-0x000007FEF5570000-0x000007FEF5F5C000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources.pak

MD5 f5ab76d2b17459b5288b6269b0925890
SHA1 75be4046f33919340014a88815f415beb454a641
SHA256 4f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c
SHA512 6ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\locales\en-US.pak

MD5 3f6f4b2c2f24e3893882cdaa1ccfe1a3
SHA1 b021cca30e774e0b91ee21b5beb030fea646098f
SHA256 bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f
SHA512 bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\chrome_100_percent.pak

MD5 d31f3439e2a3f7bee4ddd26f46a2b83f
SHA1 c5a26f86eb119ae364c5bf707bebed7e871fc214
SHA256 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
SHA512 aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\chrome_200_percent.pak

MD5 5604b67e3f03ab2741f910a250c91137
SHA1 a4bb15ac7914c22575f1051a29c448f215fe027f
SHA256 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
SHA512 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

memory/3032-287-0x0000000000B50000-0x0000000000B51000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources\app.asar.unpacked\static\unpacked\icon.ico

MD5 34ee19ccd44f31cd831dc50920f19890
SHA1 24545d2f4741fb5a4649840486ffd3597b7ade5b
SHA256 136cf9b3a30268d1d439df7b9fd9104cb1d83be7fd2b562c3e9a47450ae0df3d
SHA512 ded8ade93c143dc8abc7a76b03b4015a8637b2ee13b85dd70655d5857289f19ebef76562eace56a3ad3c2418fab5305bb0b6cadd0a412ddb781b8f496e82c74a

memory/2632-337-0x0000000000B90000-0x0000000000B91000-memory.dmp

\Users\Admin\AppData\Local\WeMod\app-8.16.1\libEGL.dll

MD5 8b2fd69c70b2b1a64558893bbc9c1423
SHA1 f619e5b9202063221ffdd746aa4b630d07e3bc3c
SHA256 2eec2c76aa01b0562be3f76c539b1a5086a437d66254c7237c6562056f767fb8
SHA512 42ad67059380fa4be5d2481d2db282716cbe0dfa20d63ee88d3802c022c9fb088b313c686b849b5fe890d5f89f7ea3d4ecac0c64e201335fa74c5bde29f0ad25

\Users\Admin\AppData\Local\WeMod\app-8.16.1\libGLESv2.dll

MD5 b309eccc727895e3b3481f9326bdcb41
SHA1 149f033e550de20f41311c46bb23fed09bb9201f
SHA256 9dfcd4d9b417f70e80c0b81b9e55a6be9800900d0c30e34fb6db12d5a094497c
SHA512 cba32db9d50c4c79b4a740b083baa5a7b24858d7608f0671a4abbc1aa63a738352fbda219ec7690e9b386eb1bcfb7765daebc1950c18e6c8bfe46a9387668827

\Users\Admin\AppData\Local\WeMod\app-8.16.1\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Roaming\WeMod\Local Storage\leveldb\CURRENT~RFf76a14e.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\WeMod\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\WeMod\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\WeMod\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

\Users\Admin\AppData\Local\WeMod\app-8.16.1\vk_swiftshader.dll

MD5 1bc5d8a0419f8d8ac2b2b7a74e9678ec
SHA1 c64f2f7f3b4b174866b4db8e720d809bed557b91
SHA256 f58c0177b48538f6ec2cfa3675cd9420ed82a50ff49185e7dd581a778c48b48e
SHA512 434181b1b4d5adfcaff457c31a0fdb4df77cf01da2cf4d7090e9f387f44006fc829b372f10ebb64e795e4f38096eb7678ab3c3ce539074d93e6f7b7845a3a79d

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

\Users\Admin\AppData\Local\WeMod\app-8.16.1\vulkan-1.dll

MD5 18b618dc84321794a818a665770d3720
SHA1 7dc7990452bd3c2e26dfdb7f14fdc38310b2ac79
SHA256 a7888b8651d16156fbe389ae25581332b7518f50535cadc1b7da554c98ddcbfa
SHA512 166d96a69ce08085d40d4207c2cb02fbda2ae51e2187c3e67ca08b6c05c2b31a77c39dd920ecc028f12854399eb2fcf48954904c36800bcc42a92d97d96a3a3a

memory/2748-445-0x00000000003B0000-0x000000000058C000-memory.dmp

memory/2748-444-0x000007FEF4B80000-0x000007FEF556C000-memory.dmp

memory/2748-446-0x000000001B560000-0x000000001B5E0000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\app-8.16.1\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe

MD5 74bdec2a1b6ee5cc7276f47d13edc48a
SHA1 71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e
SHA256 7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19
SHA512 a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30

memory/2508-451-0x000007FEF4B80000-0x000007FEF556C000-memory.dmp

memory/2508-452-0x0000000000360000-0x0000000000450000-memory.dmp

memory/2508-453-0x0000000001FE0000-0x0000000002060000-memory.dmp

memory/2748-458-0x000007FEF4B80000-0x000007FEF556C000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 b10664206c67c22168d75f2814d92e80
SHA1 7f7b31490faa972af0de1d8f6e6121f0cbe85211
SHA256 c1fb336edaf274099c94bd36ce270095d72fe2cf9550dcd543d73d1d4d498489
SHA512 3269ff3df819f9a8fc07fb32e979c6f2ab9b6666ff94ec8a71fa8e96b7f7b95093ff6eda306cdf838f36a956ecec85a3662666ba70901267e642dbc3e51bd881

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 e744b211753f45b387e00af2aae69c6b
SHA1 23beb8357e158d3a162524b96495f293853b8147
SHA256 bfde85cbb4f9503779c19c8ed8a463e2782028fed2ee0726cc55018856baed9e
SHA512 c4ccacdfe546522ca8be841b535005f688d250a2d9a68011d5181bf07ae6466785c3dd0c647c6930ed7627d65ca928e4397fd61ae46331b41a110ba76b3962bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed3a46e589d8d0f0b924076d7349bdbe
SHA1 001a9c0a5ea5c67c10bbdcb58121d2599eab2c9c
SHA256 2d128066dcecd1bbe620a849612d8a4e569870b59a0ee6a390d92c06ef884e98
SHA512 2704e991ff9fa5bf9c5e2ecc248c5582831282c72b21898982f9ac639ac22303b238f9945dbaedc6170137f2335bfca8380482e49cfc64dec0081d3cc7189913

memory/2508-516-0x000007FEF4B80000-0x000007FEF556C000-memory.dmp

memory/2508-517-0x0000000001FE0000-0x0000000002060000-memory.dmp