hxxps://roblox[.]com

Analysis

max time kernel
1098s
max time network
1094s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
17/04/2024, 11:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.com

Score

8^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Sets file execution options in registry 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe

Executes dropped EXE 36 IoCs

pid	Process
4460	RobloxPlayerInstaller.exe
4916	MicrosoftEdgeWebview2Setup.exe
208	MicrosoftEdgeUpdate.exe
2692	MicrosoftEdgeUpdate.exe
2864	MicrosoftEdgeUpdate.exe
4660	MicrosoftEdgeUpdateComRegisterShell64.exe
4308	MicrosoftEdgeUpdateComRegisterShell64.exe
64	MicrosoftEdgeUpdateComRegisterShell64.exe
1808	MicrosoftEdgeUpdate.exe
3428	MicrosoftEdgeUpdate.exe
4684	MicrosoftEdgeUpdate.exe
4756	MicrosoftEdgeUpdate.exe
2768	MicrosoftEdge_X64_123.0.2420.97.exe
5092	setup.exe
1808	setup.exe
1752	MicrosoftEdgeUpdate.exe
1624	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
4692	RobloxPlayerBeta.exe
2428	MicrosoftEdgeUpdate.exe
2868	MicrosoftEdgeUpdate.exe
3452	MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
3908	MicrosoftEdgeUpdate.exe
3012	MicrosoftEdgeUpdate.exe
4072	MicrosoftEdgeUpdate.exe
1940	MicrosoftEdgeUpdate.exe
4876	MicrosoftEdgeUpdateComRegisterShell64.exe
4580	MicrosoftEdgeUpdateComRegisterShell64.exe
3876	MicrosoftEdgeUpdateComRegisterShell64.exe
1320	MicrosoftEdgeUpdate.exe
2936	MicrosoftEdgeUpdate.exe
648	MicrosoftEdgeUpdate.exe
3900	MicrosoftEdgeUpdate.exe
4772	MicrosoftEdgeUpdate.exe

Loads dropped DLL 35 IoCs

pid	Process
208	MicrosoftEdgeUpdate.exe
2692	MicrosoftEdgeUpdate.exe
2864	MicrosoftEdgeUpdate.exe
4660	MicrosoftEdgeUpdateComRegisterShell64.exe
2864	MicrosoftEdgeUpdate.exe
4308	MicrosoftEdgeUpdateComRegisterShell64.exe
2864	MicrosoftEdgeUpdate.exe
64	MicrosoftEdgeUpdateComRegisterShell64.exe
2864	MicrosoftEdgeUpdate.exe
1808	MicrosoftEdgeUpdate.exe
3428	MicrosoftEdgeUpdate.exe
4684	MicrosoftEdgeUpdate.exe
4684	MicrosoftEdgeUpdate.exe
3428	MicrosoftEdgeUpdate.exe
4756	MicrosoftEdgeUpdate.exe
1752	MicrosoftEdgeUpdate.exe
1624	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
4692	RobloxPlayerBeta.exe
2428	MicrosoftEdgeUpdate.exe
2868	MicrosoftEdgeUpdate.exe
2868	MicrosoftEdgeUpdate.exe
2428	MicrosoftEdgeUpdate.exe
3908	MicrosoftEdgeUpdate.exe
3012	MicrosoftEdgeUpdate.exe
4876	MicrosoftEdgeUpdateComRegisterShell64.exe
1940	MicrosoftEdgeUpdate.exe
4580	MicrosoftEdgeUpdateComRegisterShell64.exe
1940	MicrosoftEdgeUpdate.exe
3876	MicrosoftEdgeUpdateComRegisterShell64.exe
1940	MicrosoftEdgeUpdate.exe
648	MicrosoftEdgeUpdate.exe
2936	MicrosoftEdgeUpdate.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Checks system information in the registry 2 TTPs 24 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 19 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	MicrosoftEdgeUpdate.exe

Suspicious use of NtCreateThreadExHideFromDebugger 5 IoCs

pid	Process
1624	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
4692	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Trust Protection Lists\Mu\Other	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\Locales\id.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\fonts\Roboto-Bold.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_1x_4.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB067.tmp\msedgeupdateres_zh-CN.dll	MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Emotes\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\New\Unmuted20.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\icons\ic-leave.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\show_third_party_software_licenses.bat	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Settings\Slider\Right.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VR\recenter.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\configs\DataModelPatchConfig\DataModelPatchConfig.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\img_scalebar_arrows_border.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AvatarImporter\icon_AvatarImporter.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioSharedUI\MeatballMenu.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\TerrainTools\mtrl_slate.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\vi.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB067.tmp\msedgeupdateres_sk.dll	MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\fonts\families\RomanAntique.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Input\IntroCameraPinch.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VR\hoverPopupRight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_2.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\PlatformContent\pc\textures\diamondplate\normal.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\icons\ic-checkbox-on copy.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\BHO\ie_to_edge_bho_64.dll	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\InGameMenu\GenericController.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\fonts\families\Fondamento.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Menu\buttonBackground.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Trust Protection Lists\Sigma\Analytics	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\fonts\Oswald-Bold.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_16.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\icons\ic-bc.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\DevConsole\Clear.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\PlatformContent\pc\textures\corrodedmetal\reflection.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\graphic\gr-game-border-24x24.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-online.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_hr.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\notification_helper.exe	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AvatarEditorImages\Stretch\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\9-slice\btn-control-sm.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\RoactStudioWidgets\slider_handle_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\dialog_red.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-instudio-8x8.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Locales\ar.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\CollisionGroupsEditor\unchecked.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\MaterialGenerator\Materials\Fabric.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\AnimationEditor\animation_editor_32x32.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioToolbox\alert-icon-small.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\TerrainTools\mtrl_ice_2022.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\ui\VoiceChat\New\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\ExtraContent\textures\ui\LuaChat\icons\ic-close-gray2.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\content\textures\StudioSharedUI\statusWarning.png	RobloxPlayerInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578273155957966"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID\ = "{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ServiceParameters = "/comsvc"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CurVer\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "ServiceModule"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID\ = "{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
4560	chrome.exe
4560	chrome.exe
4460	RobloxPlayerInstaller.exe
4460	RobloxPlayerInstaller.exe
208	MicrosoftEdgeUpdate.exe
208	MicrosoftEdgeUpdate.exe
208	MicrosoftEdgeUpdate.exe
208	MicrosoftEdgeUpdate.exe
208	MicrosoftEdgeUpdate.exe
208	MicrosoftEdgeUpdate.exe
1624	RobloxPlayerBeta.exe
1624	RobloxPlayerBeta.exe
4764	chrome.exe
4764	chrome.exe
4764	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
4692	RobloxPlayerBeta.exe
4692	RobloxPlayerBeta.exe
2428	MicrosoftEdgeUpdate.exe
2428	MicrosoftEdgeUpdate.exe
2428	MicrosoftEdgeUpdate.exe
2428	MicrosoftEdgeUpdate.exe
2868	MicrosoftEdgeUpdate.exe
2868	MicrosoftEdgeUpdate.exe
3012	MicrosoftEdgeUpdate.exe
3012	MicrosoftEdgeUpdate.exe
2936	MicrosoftEdgeUpdate.exe
2936	MicrosoftEdgeUpdate.exe
2936	MicrosoftEdgeUpdate.exe
2936	MicrosoftEdgeUpdate.exe
648	MicrosoftEdgeUpdate.exe
648	MicrosoftEdgeUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs

pid	Process
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe
Token: SeShutdownPrivilege	4560	chrome.exe
Token: SeCreatePagefilePrivilege	4560	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe
4560	chrome.exe

Suspicious use of UnmapMainImage 5 IoCs

pid	Process
1624	RobloxPlayerBeta.exe
4764	RobloxPlayerBeta.exe
1480	RobloxPlayerBeta.exe
2960	RobloxPlayerBeta.exe
4692	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 224	4560	chrome.exe	74
PID 4560 wrote to memory of 224	4560	chrome.exe	74
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 2464	4560	chrome.exe	76
PID 4560 wrote to memory of 3760	4560	chrome.exe	77
PID 4560 wrote to memory of 3760	4560	chrome.exe	77
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78
PID 4560 wrote to memory of 1828	4560	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://roblox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xac,0xd8,0x7ff8964d9758,0x7ff8964d9768,0x7ff8964d9778
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:2
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2828 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2836 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3876 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3100 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5248 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5432 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5440 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3512 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4776 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4788 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5588 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2860 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5152 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:32
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- - C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:4916
  - - C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Sets file execution options in registry
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Suspicious behavior: EnumeratesProcesses
      PID:208
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2692
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2864
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4660
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4308
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:64
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTcwMUQzNDItM0MxQi00OTlCLUE5MEUtNzI1QkUzODA5RTZCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyNjg1RENBRS1CNDI0LTQxODQtODhBRi0zN0QyNTgzNDg1MEJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTUxMTUxODg1IiBpbnN0YWxsX3RpbWVfbXM9IjUyNyIvPjwvYXBwPjwvcmVxdWVzdD4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        
        PID:1808
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{5701D342-3C1B-499B-A90E-725BE3809E6B}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3428
- - C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe" -app -isInstallerLaunch
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5988 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5944 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6164 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2464 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5692 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5180 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6748 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7028 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7080 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6552 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7132 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6824 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5492 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5456 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6680 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5716 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2916 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:96
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6036 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5360 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5184 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=3432 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6232 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5660 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6036 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6068 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5456 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=3036 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=896 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=2856 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7296 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5944 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7516 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=3640 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7204 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7652 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=6152 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7920 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8080 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=5228 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7192 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=7280 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=7736 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=7776 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7760 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8048 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=7312 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=7732 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7652 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=2988 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=5532 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6272 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=6276 --field-trial-handle=1684,i,6398624547854501277,9120617526413992638,131072 /prefetch:1
  2⤵
  PID:1312

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2184

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:4684
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTcwMUQzNDItM0MxQi00OTlCLUE5MEUtNzI1QkUzODA5RTZCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxM0RFQjJGQi0zRkQyLTQwRkQtQjYyRi1FMjAzNUI4MUY5MjF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTE1NTM0MjAxMCIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:4756
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{19FCE05E-4096-4BF6-8BC1-1D83625CC87A}\MicrosoftEdge_X64_123.0.2420.97.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{19FCE05E-4096-4BF6-8BC1-1D83625CC87A}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:2768
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{19FCE05E-4096-4BF6-8BC1-1D83625CC87A}\EDGEMITMP_67B0B.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{19FCE05E-4096-4BF6-8BC1-1D83625CC87A}\EDGEMITMP_67B0B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{19FCE05E-4096-4BF6-8BC1-1D83625CC87A}\MicrosoftEdge_X64_123.0.2420.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:5092
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{19FCE05E-4096-4BF6-8BC1-1D83625CC87A}\EDGEMITMP_67B0B.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{19FCE05E-4096-4BF6-8BC1-1D83625CC87A}\EDGEMITMP_67B0B.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.123 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{19FCE05E-4096-4BF6-8BC1-1D83625CC87A}\EDGEMITMP_67B0B.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.97 --initial-client-data=0x214,0x218,0x21c,0x1f0,0x220,0x7ff77651baf8,0x7ff77651bb04,0x7ff77651bb10
      4⤵
      Executes dropped EXE
      PID:1808
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTcwMUQzNDItM0MxQi00OTlCLUE5MEUtNzI1QkUzODA5RTZCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2RTc0NUM5RC0zRjBDLTQ1OUMtQjc1RC0yRUQ0QTMyQTlBRDF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMy4wLjI0MjAuOTciIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUyMDU1MjE4NzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjA1NjYyMTY5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQwOTQ1MjAyOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMWMxZmM4ZmUtZjI1MC00YTNhLTkxZWMtOWY5MGUzMWI4MjY1P1AxPTE3MTM5NTg1NjYmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RWhmM3h6Mm52T0lNQ082bHJzT3hiMDB6SGk0WlR2VWpQSG42WjFwTjkwVlV4NHBRUDhRZnhhcHBGcEZhcG5IWEhMQzk0YWl0TnFwOVVNemk1OXclMmJPQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjA3NjA4OCIgdG90YWw9IjE3MjA3NjA4OCIgZG93bmxvYWRfdGltZV9tcz0iMTYxNTIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NDA5NTExODM4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQyMzI5MjAwOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTgzNTk3NTQyOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijk5MSIgZG93bmxvYWRfdGltZV9tcz0iMjAzODEiIGRvd25sb2FkZWQ9IjE3MjA3NjA4OCIgdG90YWw9IjE3MjA3NjA4OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDEyNjciLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:1752

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4764

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:1480

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:2960

C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ac
1⤵
PID:2012

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2428

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:2868
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0BD2471C-268E-45F4-9F3C-BCFAA02316E3}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0BD2471C-268E-45F4-9F3C-BCFAA02316E3}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{00838C91-D2E9-4B4B-89E5-1330842C4ACD}"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3452
- - C:\Program Files (x86)\Microsoft\Temp\EUB067.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUB067.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{00838C91-D2E9-4B4B-89E5-1330842C4ACD}"
    3⤵
    - Sets file execution options in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Suspicious behavior: EnumeratesProcesses
    PID:3012
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Modifies registry class
      PID:4072
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:1940
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4876
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4580
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:3876
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDA4MzhDOTEtRDJFOS00QjRCLTg5RTUtMTMzMDg0MkM0QUNEfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7MTRGRjk2MTMtMkY4Ni00ODhFLUFCQzUtNkYzNUM5OTY5QTU1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yOSIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzE0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTMzNTM3NjAiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg4MDIzNTg4ODYiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Checks system information in the registry
      Drops file in System32 directory
      Modifies data under HKEY_USERS
      PID:1320
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDA4MzhDOTEtRDJFOS00QjRCLTg5RTUtMTMzMDg0MkM0QUNEfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InswRUNEMkM4Ni1CRTE4LTRDMDctQkY5QS1FRTI3NTNDMUUyQjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjI5IiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg1Mzg4ODYwMzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODUzODkwNjA0MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NzU0MjM2NzAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83MmVkODA4Ny1lZTk4LTQyOWMtOTMzMC1jYTNjMTkzZDQxYWY_UDE9MTcxMzk1ODkwMCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1tVnA3ZnNOdlM1WEFnenNzVFQlMmIzM3p6Rm8xTXUyNzlpNFJhRGNrZlRCRmZVdjhMb2Q4eG0weSUyYktpcFFvaXk1cFlESEVIcCUyYno4dGVBV0hUM3ZLSHdzUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzA3OTIiIHRvdGFsPSIxNjMwNzkyIiBkb3dubG9hZF90aW1lX21zPSIxOTM4MCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NzU0Mjk0NDUyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg3NTk0ODE2OTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyMy4wLjI0MjAuOTciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzMTQiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9Ins2QjQ2RjU3MC0xRUMxLTRCOTMtOUJFMS00Q0JEODhGRjRBNjd9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:3908

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1012

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4460

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2936

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
PID:648
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTlGRjBCNjUtQ0YyMi00OUMzLTgxOEItMzE1QzZDQkQ1OEEzfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QkEwQ0E3MDAtODNDQy00NjE2LUI1NjEtMUVFMTg1NUJCMEU0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDttRGNXVmJZQUhQNi80cUQ4YlZIc3FXQ3NMZDNrWEJjN3QvVy96ZysyZVAwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTIiIGluc3RhbGxkYXRldGltZT0iMTcxMjIzMzcyNSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzU2NzMxNzIxODU5MjA2MyI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxMTQwNjgiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNzk3MTMyNDI0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:3900
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTlGRjBCNjUtQ0YyMi00OUMzLTgxOEItMzE1QzZDQkQ1OEEzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBMERDN0ZGQi04MzY0LTQxMjMtOUNGOC1BOEZBMzUzN0ZEMUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMjkiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzMTQiIGNvaG9ydD0icnJmQDAuNTgiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjYzMTYiIHBpbmdfZnJlc2huZXNzPSJ7QTdFQkU0MkEtNjEzNi00NTc5LUFGRjItNTRBQjFFMTM0NUE4fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjMuMC4yNDIwLjk3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzE0IiBjb2hvcnQ9InJyZkAwLjMzIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzE2IiBwaW5nX2ZyZXNobmVzcz0iezJGNDJBRUIzLTA3N0YtNDI3NC1BRkIyLTlENzBCMkI4RTRCQ30iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Modifies data under HKEY_USERS
  PID:4772

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x404
1⤵
PID:4284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.97\Installer\setup.exe

Filesize
6.8MB

MD5
31ddc9e1c11a44b88cf96c45b3551ffb

SHA1
811ccb9706f656e29d089e30a2ee1650302394e2

SHA256
46cb58faa60db59cb8d145bf6493f7c01a8ea8895f812d65512e3c7340a054da

SHA512
67e5a4ec4b030e48ac06bdf79bfb2b9bfe7778f046a739f23b7be65e143a7181954c7587eb6841636a6e667aabfa292d6831bab709cd798d1de01987bc99aaf8

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.97\MicrosoftEdge_X64_123.0.2420.97.exe

Filesize
164.1MB

MD5
300df46436ba5d076b227c32967ada91

SHA1
de9d47ef0c61fb04b7309875e2f03c8fa37d19f4

SHA256
1614eb0c2697d74f2a05f8c973b2055e9cc158d94b19105e3a9d450adc9e333b

SHA512
ba3053085da062ec32f87aec43f527624248a81b702c8cdb359c0fba7194556658b49aca8ef98d885de5da5b9b2eab3f1fac2c99891f91949d1b9a155e4a6971

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

Filesize
1.6MB

MD5
b18c705b3c68cc49d9bf3649abc75c24

SHA1
6dc8963dea0f3185368790dee2a346301b4fa24c

SHA256
c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa

SHA512
7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
28fefc59008ef0325682a0611f8dba70

SHA1
f528803c731c11d8d92c5660cb4125c26bb75265

SHA256
55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

SHA512
2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
9db7f66f9dc417ebba021bc45af5d34b

SHA1
6815318b05019f521d65f6046cf340ad88e40971

SHA256
e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

SHA512
943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
b78cba3088ecdc571412955742ea560b

SHA1
bc04cf9014cec5b9f240235b5ff0f29dbdb22926

SHA256
f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

SHA512
04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
a7e1f4f482522a647311735699bec186

SHA1
3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

SHA256
e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

SHA512
22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
cbe3454843ce2f36201460e316af1404

SHA1
0883394c28cb60be8276cb690496318fcabea424

SHA256
c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

SHA512
f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
d45f2d476ed78fa3e30f16e11c1c61ea

SHA1
8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

SHA256
acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

SHA512
2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
7c66526dc65de144f3444556c3dba7b8

SHA1
6721a1f45ac779e82eecc9a584bcf4bcee365940

SHA256
e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

SHA512
dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
b534e068001e8729faf212ad3c0da16c

SHA1
999fa33c5ea856d305cc359c18ea8e994a83f7a9

SHA256
445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511

SHA512
e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
64c47a66830992f0bdfd05036a290498

SHA1
88b1b8faa511ee9f4a0e944a0289db48a8680640

SHA256
a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961

SHA512
426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU2A09.tmp\msedgeupdateres_ga.dll

Filesize
28KB

MD5
3b8a5301c4cf21b439953c97bd3c441c

SHA1
8a7b48bb3d75279de5f5eb88b5a83437c9a2014a

SHA256
abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0

SHA512
068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
5.1MB

MD5
4f9d28edc0c431adbfcc19d8fa47702f

SHA1
37a6e145fec66acce633199ea7261bf5dd3d855b

SHA256
17e5cfe0cd5e01c1cf679b2fb7da7f3eae6cac2481c41f355c23df375ee0b48d

SHA512
bb7a5f33e2ef384347f8ffa09381aee5609a5b4997a205c972e7d431effa8c89f47e065b41f3acd86c2a395e0fdcd2fa656b57c84c3b94bb2fbde52ed2284dc3

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-8950870ea20941f9\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
d6be138f85e1d2b15373bc16faedbce8

SHA1
c3b11b3b470e10ddc12bd06d2a312410aa0a6f65

SHA256
97b32603d6ff7a57f2a4d3546db6ed88d7e8356f956f980b507a06b670a169a0

SHA512
d5a95e479839742c84d78b6a3fd83208f7484b5ba1289c794d353708c90529f5cceb27cf8d51e841c9f4afb93f8a279281a934470e48ca776fbcd40637a0c343

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
15KB

MD5
8ac63a2db2341753a912275100468947

SHA1
86ddfc17234e32213c901ed58fdc966550835d1c

SHA256
bce39ae64d6e34b27afa603e8559ea04406c39c23f6dc5e41b07ab97d81ebfd3

SHA512
3bc0598fc9c7120a77b3335f700252d7353592f0a1f94b29218f5bd07f52f1ff9826f8ae8eba903cb59f4577e6c421f2ee26edd3187b2b0265f0a01163d62dcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\03052810-78e7-4ef0-998a-c0631db9019b.tmp

Filesize
6KB

MD5
a33aee8c23423628faa0b9ae302ed024

SHA1
70570a1702451b8a3a35826a92a57e0e81b60668

SHA256
53ac17b619f43c9fade1a26dd75221f2f700d15eb44a14de7de9afd2f4f7fcc7

SHA512
6c4ea30a4f7a529eea04c4d73d21b8e8347640cc777dd2e2a36d642ea64a2ae41dee07cf1008157569f3a8b9bf9fc00fedf24ab330f3fe26d7707749090c7c8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
58KB

MD5
9b603992d96c764cbd57766940845236

SHA1
4f081f843a1ae0bbd5df265e00826af6c580cfe7

SHA256
520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b

SHA512
abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
40KB

MD5
0f81b6d61de3f11df96afa46fb362f45

SHA1
b73925c797fcb5e23b0e0495ebdfb629d16f26e4

SHA256
7171337d694e449b8c4923733effa4185a3eddb330b96e9fd0e4e3497faf5364

SHA512
1c97e4e7357d385613f05f7a16439c25614d553cafdbd18a197c4a369726ec28b372ec6bed8b87a968d74a2585e3c999da9799e6cf558fa9ce25f87010d0e617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
324KB

MD5
97ce94f48fbd93429032a61fbb9666b3

SHA1
0ca2667695016a0b26516c6bf7a7576ed1f26a11

SHA256
d551017c232f6bb8663d397510b783bb64af6b2f9d4c5857d385e265ae64f05f

SHA512
dff9bd02cb0a2dc8049df532aeb8e91d6c9cdf2aed422d80990a056384429b8954a9d6e0a409885f1274d6a649d4e13d7753f7892032bdb92c6a26a6972fc6fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
136KB

MD5
ee29820cbaaee1713f1edb4c00e22ad8

SHA1
6f0271993833ce99fa5b8e5a495ddfbd444fd3cb

SHA256
c3d54da55101cd2b4723768d1ee44af3679c1bc3107ef61aa7440532f99c07f4

SHA512
1b1c61b2997bf6ebf71fa8e61f5fdde36b5bf97c0620d0404b3da8de79aa9292a4ac2724631ebd0509574a2c7798f639190907ddb92ad9982c20896e9868e9c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
74KB

MD5
4bb4586221c885dfc2b33e6c5d9521f6

SHA1
a52ab4d34cb66f4efcf7f8e1bc9609dd6141724e

SHA256
af42662c1e129ea1a92054a725ce530446fadff87028d3a03b5a54eddf4d9d1c

SHA512
15f5186d028f4b2d94ed7a5944a43da92ddd69914e2139bb14a8220dce15d9daa93c689a70eb8236d2a86e2c14bf47ad1a170f69ecc38f7ff92c3132419abc55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
20KB

MD5
fad367b204e1016b268651eab51890b8

SHA1
c60abef2a72afd0219fd80c9657adaceecf8b2f3

SHA256
ec45e4a770c04ccc54b11f7a11305e65a2daa71c5ad491e6ba746707c24f6dda

SHA512
2434fe2f23c832aea8d918d29420db6b06e1a2a5005fb33ad862e00e35eb1516d6707c82ecf2d4dda9a4a1b60c212acecc3d22e54aca4d73739e178524003c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
249KB

MD5
6762ff2934693346fa35f167767a3787

SHA1
93ce62fa56f4a9948545fb9fcc77e0d40030a4bb

SHA256
0c6cd403af123754181d7297a272abd5aac0620e570f9561ecc80c28fc4f9183

SHA512
ca7acf904002235d9a23310ff67bd9ed0bb2871540aa6c01840fda832a02317f8a7dfdcc84a8f3498e101d974f3bb4f8e8e3ed41c27241cb3d98ac73f1d9ed24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
169KB

MD5
84091fd5e8e6076f1390b478a6fc1aa6

SHA1
6e814133f44fdfcf5061c552db4a2e4490e3ed76

SHA256
31eb4cfd6b115a4809b0d678b0f18f0ae5d3ef706283c9eafe057194ecab272f

SHA512
f718d5c5aca99c8cc5ca7bc916a59504675b5cda0b19d18088f4550c108121a211e11b620f59065b1ead98b186e37d86c6523d1c0750c57f2d2373ba5003b14a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
41KB

MD5
e02add751d41a1c3af6f2f7bb523cd49

SHA1
19d0206af4c11303a43c7997850d914291cc1537

SHA256
1b77e1aa3224366e68c46746c564c9bf497ce92e2ef09a8c7890e61d440e387c

SHA512
723b8deff033c215f7b93062039e1b9e73bea66286aeea3fe8f8bf46247cfe7e8a55218281fc74e52c2a10ceaef7c7a2f82e859a97be6b8e4860ed52e35f5d99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
213KB

MD5
859b9357bcb368fde2973090a461002b

SHA1
8ef1de73a2e09ef5b766916f979c08c0ec43f14d

SHA256
062f79fabe5ce5a62106b4ca640079d219037c4321b385b28894479182e09714

SHA512
4b3ba38c70343bd23479c00957ab87315e4bac0f42b4a661a9388df827b6e0f9927b7b56c8d89c17684e66db55fd7f73759d337c109452b0770cbcadfbf3b96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009f

Filesize
34KB

MD5
1b15151f04072b735636f0f75b3396d0

SHA1
e15192dcb3fcdcd3fddc9d4ef9d2abe1d1ae1543

SHA256
a194407e7f1287b168f81d14402daddc04c97529d9af1eac407c1bf66c027ace

SHA512
b2fa69c791e0689556443df38a178771e6484d847490266af415ba3bd3456a149cf02d6f6bbc00e3729a7889f22cac78a2c28bd429e9def80192d087d18e731a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a0

Filesize
34KB

MD5
5764d7948f6c1253d76293a35691a746

SHA1
4b412294c701e5ef031061aace7f556911bdc2a8

SHA256
4fa2cd6bf832e4dd7222530b2f21844e1105f4f333d72557d57cac9f24a69730

SHA512
f9b5c789d6a06131001bff1fe5bee677105500ff74a5d038a84c40a2859f72d436b318fd6af75297a0a80d9edcbac158d9d4aa14ce251048708cd0ab3a96d109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fc

Filesize
47KB

MD5
24edf43fe24e0e2e7352dbf325da6d4f

SHA1
26b8244d8366e748da623305c3640f7067c3c22a

SHA256
26d41b24cbbeb3c94bcbb52078ba4604564b15244e1f7a519d835a46101a7db9

SHA512
9660c8e0aac4c9061c535ffc8058d999b614e891b00bb60de16ba80a4910c79525538875174c7a6cdf430676fdb403ae63be39d2cba81518bb82e48cccf4af64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fe

Filesize
17KB

MD5
0aaabfb16820b1594148b33a34733ef3

SHA1
5d55157e70a819e514681edd56da37814e565f45

SHA256
8ad52b626eba1e4a0ff0853e3699c41513041e90e5e6e2da32998ad0ac75f97e

SHA512
80d9083ad9a855b66870196851805dcc708354cfb81e7d3397f0de34b0baf0c3e9bf721350ad9450a79cd577e72d40d2d0d5249d4f0b6dcbc97b06062c3fa5fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ff

Filesize
95KB

MD5
fda9e2c67e4de13cfab86fabb12a2112

SHA1
e55b759d74f348cd977b913dc235d9010ddca9db

SHA256
d0d36247aa1580525b6328dc538077a9d47aae901933fdcd991cb9ab5b72fe48

SHA512
10bed8eb9e82aeebd79e96d5ec5fc0951f13d30d9448412773140e880233ca98b7c36e86c17fc039047cc4a4c5676449ca9196264efac3cd448ac953d671b8bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000101

Filesize
789KB

MD5
db0cfcb08efd9a0a0e89488d1fd18353

SHA1
41631cd823755ed2c40e063da274df9514ca1141

SHA256
e4829eac0d23f9a3d18504b81bf9af94b1faf815767ffa5ab0e7e0f38c1ff8f3

SHA512
54d9940ce434717483d326dfbf2827d218cfdc49f025e554e2850d40ba9d05b95f69928bd8fbd65cc49e4492ab64d9395f4944d7bef5db77a5ce69112a4dbc88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000103

Filesize
66KB

MD5
6b9d9b377ec42e899ba6c8adea01e34c

SHA1
7a11e38749e05773c6354319b10ac16f837a5974

SHA256
fdd8986eb65b0097c430928ad5560446f9c06f3dcd29411fa7c9e8d0d3c71384

SHA512
f781635ef7460ffd39921b41c8c0377eca8fd56f609f29165797413891779f6ea5035b93d8533e5651bdbe502c7e725819e42b2e8e0fc2c8759b79d8450cd668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000105

Filesize
33KB

MD5
a0ae0d9aa4c048077055996bc1a6bcda

SHA1
5825279fc1f7ce7c90884d4df3a436bdd6eb9d8d

SHA256
062b2449a3d0306a78fabd8bfc3709a1c7a7c5814f88bba2f28d3fe91ef6d5d9

SHA512
9e1e0d1b9011d9c7598ea2903504324ed9294201ccce527519dde47645becea4da5979d8c42bb887dbf5d429358089d8ed38259930e82b6079471121508828d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00013d

Filesize
65KB

MD5
cea82a40bee9c98f8f81cb4f93ad312e

SHA1
466b4dd07d8576ea73949fa6e4b53801674b95bf

SHA256
582d18fe7f2032b5a43e1d40808c5faa5c00f32e7da963a2ec1be537b63faaa6

SHA512
6a1fd3ed94e9fecd7c1a2eabb1dc96858b26866cbe4fa1b248b7df0c2d346afbbcbff228d0ff55b581735d2f6668d0db640227591334cf4d3e42e8b17eef6f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00014d

Filesize
19KB

MD5
a0461eb6e007528ea8b7323df5c141ce

SHA1
dab62c0d8c6008c37cc53a4bb9c443f045627e45

SHA256
6164562b9a07a0905239e44743e39aaaa0550f8471ff8f9622dcc68adc35f920

SHA512
c009e132bb97eb4f964174aa196263959c6ca251eaa44a808c2e084b9566628a16f65f47f4e2ab1222c5231cd0054b88bec954bf0ebd8cca35112bff73ae5e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000194

Filesize
55KB

MD5
cfd886e1ca849a7f8e2600763f236d78

SHA1
c1fc2b10d20c529c01b465a1edc0ed2fe04f0bd5

SHA256
c0b1c3c6995c24eabd1a6fcc4f00523e022b546cf1fa4fce6c30d04763244d1b

SHA512
254e37e3650b2c87b524c96f517586b690094abf7c8e0539b050ecdc4c56c2593bedab7b1a830b827ddc19f1c3e05ff4096ebdf4cc969b5bc5fd33cb34e94fd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001a2

Filesize
1024KB

MD5
a7dfec97ee1c4eedc58f61ea5f88c0c5

SHA1
ab8d7dcc98e6b0f910c2d2aed7a7f89e6cca035e

SHA256
10c8558eafcc0d4365c6c1fff7d911cbf8954983a0575216981a49e3348fcb9d

SHA512
1745e854c5c12ae0e41e0732adf73470dcce417ff88c0435b92afca6433cb9f24c9cca0fac370fda0879f53182c06e24d5c747ab9a8057351ddd8c38c959570c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001a3

Filesize
1024KB

MD5
cb8c31fb01368f92c1731fd94e218f54

SHA1
108e22748a6f85c46435158b3fc0f917de8a1bf7

SHA256
943ae866033405f25a006ecfffdf7e97873e34d954f408e53a71dbebed0bd2eb

SHA512
6a37b7b114c033f123c9836e775b29045513639ce29c7a3e5463ac9d2dfbe7f4d66906228e3e28ec05ee199f48e456709a717f96fc58c7270e8f3b671a710340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001a4

Filesize
182KB

MD5
a3f9ca49f3da1cf8b52b5a6ea16a3737

SHA1
03ec3c98ebcdd8dc9e0de5d747518d1959a4d42d

SHA256
62cf085a192916f2c30ef617d97dc7e035fbf0ba1f69acc999e1511061fd420f

SHA512
0af4468776787824c0bc09e7250467173916b79c56597ce92f8cd851d6753e7bb20bf063abd123065ec19941366720be2b36b69f59a707978d506883ccbc74fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001a6

Filesize
881KB

MD5
e8211e21e1207d68c9c0d1a3fb31f79b

SHA1
1e407a8fdb3ad939b9d6a5cb6c5fd09e4ae34e1d

SHA256
177d68b262f9ea6f30426026a8b96d0c183d1d40b7b7f2c09ef9e9420aa231be

SHA512
9d817d7b5eb0f6b612af1f39338c488a29b6aea9bda763240a5ffb7657a42ae434b8aaf4a2533aec8b4c4dd195dff7db440bc5c53cd76000ff693f807f7dd9fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001a9

Filesize
1024KB

MD5
cc78e5e1784cf34ae3e6735320a336b0

SHA1
e997a5da3a4bc70c787da5387cc4863154b958ce

SHA256
5106ac564c5302480aee4455105e47d5cb2897d3af2c8d4432b5575b3e0d1cdc

SHA512
294e9403a661f5664eca74174023608f2030280da566b5f6b515dcbdf0fc6271ac5dff8f08afb270ee6d137cb4996d8be1ddf467676f6dc702635b6e42508b0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001aa

Filesize
1024KB

MD5
16bb3cd29cb7ae03077af26fc88b88d0

SHA1
6f056febf6f81a52ac236e8a6cc15505a4fe21e1

SHA256
db89ea604e1a5db988cdd7437caed04d58828d611f7aefb632260c52111f3a9e

SHA512
6219a45aafb83066be24d5887dcf51654ac17e6be70356209090340023234eb86f4a002b74b7265ea77011f1bb8d48cea6e6e3a728e4ff93ed73f018ee50a52c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001b7

Filesize
549KB

MD5
ed996884a7d3a4f033ab633bf9d99883

SHA1
3a43d4c0c739f3477bd9bb290365a43fece39aa6

SHA256
edd33706fc8ac1a4cf779da64c2ca714352218f2acf8ea81797f7e7658b92206

SHA512
27148cab3576c44afc13221fa90965bb5c8b4afb9c48824abd3cecc853d500eedf1910221e4cdadb92c4f8517f49d7ac38c914dd1dac295e8d8122be0c52bc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001ba

Filesize
1024KB

MD5
8e463d9c2106ec36ece9740b055ebac0

SHA1
86dbfd784a37658ade3900d5ec11285f4983b067

SHA256
0e96862535abf8531d7b769aa0e55b31c347b1328a03bf25f3d577b0da41f443

SHA512
b4f734362729403303936301e1fe3221688662cc7c9d83ee5d254b16e029175a5ce630e97ef61ba3a9d2ceb1ec52ef33563fd6906c5f030b5a4671b188376a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001bd

Filesize
35KB

MD5
8c64e5b2a0c9ade3c609d48e1fa42446

SHA1
20ea37c71f1ae685e52ef917d652ad7487eeca0e

SHA256
0cb51ce1aed72786b36509817ca5af08dc49cf6eff1b936d9b968f79768e53d6

SHA512
942ba18f7d1637ef45aefcaef3166adee4cb7fb1d94a7b624596a7c5107cbbccab4c2d232095da62030dfe53418b58f3bb4f15eeccab5458cc3acf370c70e4cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2bc8f083a32d2b1f_0

Filesize
394B

MD5
55ee8b6e15cce6bf2e1c4113b602b7df

SHA1
c3f5721e0dec4b6c23e6660cb5252bac9b8914bb

SHA256
7686caafe0e551e0e74e6e133f74e6d98ac95787e637674792518067468543c8

SHA512
eb70124787da99df0b59c7cc1d05b18e6ab95a360efeb59136c2722a14135c5247e5ec15e19da389da2684c6da549585507a024b9d759e98c3bf33a438096424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\434ef04f9821855d_0

Filesize
227KB

MD5
2e6253c07b9fdccd0ce897366b5ca2c8

SHA1
afd79c45155cb95504054a04b2876d3a14fb454d

SHA256
9012ef0c3f65bf343c112cc632ef71d93e34cfa34cbdd4741dd4578dbd0ba5a2

SHA512
bd38a65386073175d3f26ef78351ec20c0163b2eb0a3fe2c909257e6afd2dddf7a074a412e7fa1debf4a0d6acc5e93e394d9e85bbdf7d5537d3de58bc467cf36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\94f8ce10ff0608f6_0

Filesize
1.3MB

MD5
3bf0359860f110340a8287ac6200d0dc

SHA1
84d5f00bc3db0aa2185ddcd77ad745f5fe67b212

SHA256
c9fd2f0b890d6f7710abf2aed6e7b90a7c7bed7ebdad0ca8edd00998c9539a2f

SHA512
e736d92601e2923975f390b56572f62b8c8a5d752489fe745445140b84342fdce8b84357451cd080c449e59bf66e624e5f33738e42a1e547ad115e63a9225ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\967c70eb720d3982_0

Filesize
411B

MD5
6e2c8fa93aa6ee468b4bff91578e185d

SHA1
ee1e5729c3c9908ca6b4fe706c581e9b78731e9d

SHA256
986a280d4394d4d64198a46a7541150519dab7c52b122b5a2aa5ab957f04a9fb

SHA512
83b9c07a3a58e7e3eff86ac04232c7c1d1c89e092406786cd069c4ddf98eca62b245234dbde9c73d8fbfc35acb040c2d167dff087a328076fca9c9529bef5664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b1dbe5162ba86e3f_0

Filesize
3KB

MD5
1c2d79bec44d88f8dd8597b4e54e614e

SHA1
c220fa041ffbe3b564a7af1a98a3d0c8dbf4aec2

SHA256
93a9e47de5284a0e62ee8a54f712dd8a35940c3aae4b43a4650c4fcc89a9eefa

SHA512
67900610e3e867fe31bbe4ba16794784c7c131e2ea87fd01bfffaa260a3ae57ea1411ec7253c34d2da70e0d037df26f6abc20e5a92f5b4a10ad61db8d1265839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c5caf4269bc3113d_0

Filesize
2KB

MD5
5fb724b2f204596f278ea1dfe3de9cd5

SHA1
7ad223fa877e99dd1fea3d2cf6a753cedb8574fd

SHA256
c943bc4545cb727ec3ae3d4f78ca29cc694cb7e5b605fe3145a12d8ba7dbc1a0

SHA512
a74ced01c059655e6f1eacecafbf125979beb10eae20eeaefd4e44f1ee60f3fd38a891a492ac9f5ab336cc13b9f90f162fe84a027a386ab726f14d657928b553

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f42c7308099a6dc6_0

Filesize
143KB

MD5
9e3a5510e4aa8da09061137e9503e428

SHA1
598d8cb2b4cd028c8cb5c5d97563d5a23728bcb2

SHA256
490a9aa71f6f7a807829aad799fe0c35ae2f7987c237973c474ee64194443e32

SHA512
bdc298f288e2c9d0a48490767f16fd2c37cc9edb3b58149e0ab8f3de1396a87eaad80ef9027d0556303e8d5fb3180665c9ffefec6bc1971c22c31764f2490e11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
7161010fec9a6b1f9bcdfe902ab85045

SHA1
7182981f4752f7f2cb0a4ea3ac21e37923aacfa1

SHA256
bf9cb96f03974085405a91769646c929da95efc2ce0b4424e5b2dcdfbe38746b

SHA512
4f7a0215f85b623d397e212c69eaaef9cd5cce00c93eba5e8e98783aaa918d477a87823157560986ff862da112152aeccf4640e8b435e6b021ec238b9b8107c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
65469a5bd113e3dc23dd80f23d83fef6

SHA1
62f7c7aadb11b4717f094ea8ef200d0db679ec19

SHA256
fea0f303b59da4c82d30a65df5ff7fa8a3e33c906d5dfb8d3bf8e353574fb5c5

SHA512
1fd24c88f8ba6c974e82df20ddcba7ab62fe724a9e28f5f25c145d4d676950ddd2b545ab3d7c5695da9e48524d083931f373cb8bf5611c9064a513294cbdef39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
219ff5311f6fec4114d517a290598aed

SHA1
050f42479e1ece7d121c63edcbffdcef2c67236b

SHA256
b064c8201ba268da050f10e841a143abe68d12a814f1a359d7baeefd2407495d

SHA512
e45fd5e77bcccecf679d572eaa6c4b969a58a91c54f1f11aac96f084784bd445cdc5f9191cbea983467f42e1ee657ca83a356ff83a151f8e40acfa34fd3894ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
125cf0d575b22e548e12426c451c6e0d

SHA1
77ad380127895c8fe6e959db34ee72d956308874

SHA256
221d449ebfaac7347e515cabaaf7a15f0285dc7b8be0d8a79ddae2ad10b9316a

SHA512
1beab1e7ebee95e5438ca83aab53613b98d3ac27f03caf210d6292d0ffc785bd57b364a35f5779aafb080415f1754ac41619169c3bd5aa78c38fd4ea8356e5fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
4079c797158ae2c28ef683e39955f272

SHA1
7a11747d595c2f813940e2dd662580cc6de96d04

SHA256
3b22ef66cd384d43473fa6ff743cb012358290bbef29fe91c2a3c000b5216c59

SHA512
6450651442ede66a192552c1617ab8ef9a109b32ca8948342b8e24f9869c117b9d7360e92d50520cca7cfa148fe23df9f87dc3cb12e4c80e0149872188e0a145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9a08772f8d594aeab79b0aa186618d9c

SHA1
846a75bf5b18a2fafe4c916ad2ad363840ab18bf

SHA256
2121ec7a46f59828ac00e589dc34892d6cbaa40e052862df3da37e8fba43e834

SHA512
7b70ef4d9cc76e8e48ad753c79f465b3f100930782277be2c73a0f02449bd58bd660d31ac95376c74410c333fc1767ff6f1d61edd5a7ffcf286e33ead67b4506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.snapchat.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

Filesize
51KB

MD5
71d92b3f8be467dd3eb5504f5a6903de

SHA1
272a60662aefe4b61f9d836f098609ecd907ef08

SHA256
4e62437246e92e7f34e7e21cc86f0536ef3406dd27c7de6d12082a12b5ec93b5

SHA512
262963dacfc0706c3dfb3ba32e96e2e905741cfe1439bec830770aaf6ab80e307484caea067632d4b567711cdd3e64301d700dbdbe31d0f0aaf2e00feebe73cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
e78964e81592e3f9c4aa0be31a567512

SHA1
dcf20ab6ada5c4aba881fbaaa83aba8aecb36ab3

SHA256
677bafc0e3700582804c532f4aa85d14312edab09e74313da73159631ce3b207

SHA512
ba64c65005195e05d1289b6a05a8a8eb84974b3c4ea2b9874d30bf32d8829e5649dc6e71f0830143e57713a1b38e5879e1862d3f0c17f051d2bc58bb5c690c07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
d70bc41ef48add675b95abb01fc22b72

SHA1
dcd6e117fb940ba04db575f2e0a930b8027a6008

SHA256
ee9fa823f52a3e1b4bdfc5b6c4ca22def6c2f3f5e76df1fed745139f41392f78

SHA512
68ba6eaf699a6b728922d9216ae9ea2b6fe673d134da930e11639e4aa96d2614e5394c130de82dc9ceb5a8444ecd32dc410f52d3315379586332e84887c91939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5d2a6e.TMP

Filesize
351B

MD5
dfd45b178a4a863274531e8efb732d91

SHA1
22293831f0457809e9d82815c865d8069d4d3e67

SHA256
772352a7e7d53a89e937f32e241c6a2cadc493ea89bec0ba35d11fec589d39fd

SHA512
a6152ebb9c13580165049d017098741e10b704f6d408fe6e6268d040b4652b8c81585f9697a03aebc0d2f5d04442fd68ee5256a84d27d2a7daff69d5e2698e11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
2306c8c4a66d68edfc0372af774e881b

SHA1
28f9bc402dc7492700a3350fb3b49e13210b8e68

SHA256
1a3e756496fad44c0af02c7f83d057420a758058217e374a0b807f5cf5e569e4

SHA512
5a6d0452aee625c7ccb765bd3a242e9cb1548a502e6e570986445366d42c501007a814dd3229cd3db51211a2939a2b7d970c13e2dcd968e0f8c5c2d4651c5f20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4cf530490c72a18d9cd3dcde927ab0ec

SHA1
72cabf8317228e665066d1065868ce1abb4744e3

SHA256
069ae0a529e7ff3f0e053a0d464d29ddb738c176e943493517b0d6999d259042

SHA512
b2d7b904ad536ae49ff675687adc6cf5ff00cacd86cc9d6e9d23754f095c88e2fc3c59c37535ea91cd6b57f96aaf518b97607d79edf388a704bd840c61885476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d10a113b84a37b1a9e6d83cd5f7d0f96

SHA1
53567a1530911261448cc5654d0e52b048997e38

SHA256
a7dd4064b5c9433a39f9be7a360d23f437caf2646ec9c304a03432d55e12f28f

SHA512
3f8ecfd7bc990d3af5258c71c9e4694e1f2c1f8055f5ed1870ab0e8a56d286c2cf6ba5c06f9effbad4dfdc4ccb2c9e3f711712094294b2524682cee6f66a5650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
504b8f114d58a73b98885b378db4cf95

SHA1
e743196b6b71f64dfd2d69c67a198d87acd189ff

SHA256
db15e42efe6a9fd72ab933e1e9a6812bb37aa41e1cef24d41f33457205d5aff2

SHA512
3345d31559b52cf51ce5455a83ef139167f0fb34b2c4c33411242cde96b6821ca9bb14826761c4e0d951aac10e38899edf2e4957c3714618bcd2aafee43e1622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fc62d2c6a3f0f895108e8e3e6dd1212e

SHA1
fcba30ad32e2ee2cc55bd900acc73ad1452ec742

SHA256
cbabf43cf8b89c46ec8655405d24963f80432459a7eaf10463d943d7861891a3

SHA512
7b1e058416a28c53cd708a52d248904a1e620113c248455dfddae3b136a46cb43ce6eae22140c002da85060a82b9820a01544d29d031517a2fa6edaa2a8c2631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
877ec0155149203dd18b75bdbcc8c78e

SHA1
2b3958e139e5eb1d036e75dbe8bd6879a2de74af

SHA256
edef61d57730020f61d65011336f5e8e4b332ab7295e59eaaf9aa4243b5a2de0

SHA512
593f12fb90373b263ad2c77a435511dac363c2afbbf76ecca16c15328cbad7471f2b077e0b8fc1e8a359310985be3728730672eafb53b8291b436d97620daf1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a5141963f168c8f80861de83ba07614a

SHA1
f070cd347c8eb023c5dc6f81f4afe5ed499010b7

SHA256
b4401cfc9c739f7006cc7d9d20750f5a269e3c444ef691501c71588d6bb39722

SHA512
68412b505aff787d24d1be80c843c9fa7f4c7cd7ba750e96634416b654e3fdc094f8a0b94fec0baeb8f61d855cf71c59a6423dc960a70a17c521725c2d4f54fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c3dbb76369d3e9e2504b665cbf267685

SHA1
d346582efd014bd0685cc9b276052b01ae2fe6c6

SHA256
ac28d6a728f8d3002f85487aa17bcf86943f2740e33ed19716703c63e7f886ac

SHA512
c6a0850efb263059a585b441d2ff1ea936c1d85b6dcb25b5f40daedf2ff3cef69e62d04650d49b9eebe0348ecba8c77edb997fa7c1aaa13e5d2ce0a5591aba32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
568d142598eb42402ee90260311566bf

SHA1
93c6df9a459cb01254abe105d6d66abc261ace4d

SHA256
ef094e58212eefcd728028f63c76c3331a823092d06688ed8cdbe6797d2c17a8

SHA512
ec5c28072f0da2c2e271038813563fbb330392a4de7cea25bbd1c3ec4e02e8473d04823a998177cd193671791a0a51779b1a6467efcc692c4511cedfd5b2797d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
671112eef8e933eed2a1770fb1c4baa0

SHA1
307676bae319de48d0a2670663698468dc915925

SHA256
fd286c1aac74f03eb3b5aa85f1ae557a5f0ca1241a2bb686f7791084ca589ec4

SHA512
661978671a43148d143716e2ae77423a1877cad6dd9c7bc2de752bc9441c64914275d6dee3524a7d075b8d2a4a4e827dc2ac70288f8a06d2fe722dcfcf4126c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
cabd65ba6dd0f76ec086b22d2fd125da

SHA1
f915de064d44e7513180b4d20bd11a17be3c6e55

SHA256
a0ff43a93dffa4a5f7984cf4eee6050f05fd1d3d18d11bfb910a58913518780a

SHA512
5e0e808b3f54dbfac5ac14fc5f4c0c4a6c33f804ac008f5e7a92fae61b799668d1500bbf55860df95619190f1ba5cd3823350f2a38b54313444c2c85ec4b0243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
8dba6ae45a3299832ed49ad451be2cfb

SHA1
dfe7ce49d635d87db59be4cfa89ad49c864da5d6

SHA256
28a81c6e1b9630bac310bdaeb02046ada9c54aa847f361e4ec3a4051080efc3b

SHA512
cd24b62fb89a102611579cb7160e6b553f1022bd481db438c09efe0ae2b25d5e51b3128a40e53fdc0e83456bce26e5aee1f10ae8f33c7bfd548b9d3b43f0fa6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
200daefba24a2d85b95b3ea29b2e717c

SHA1
91aed74e2ee032d2b184664a05b39496d3b6eed3

SHA256
c7b28cb3a8029c95cd0d77799543166fd85295292468172c51d0e66a04b0c7a1

SHA512
bd3b6dd19b6b9a80a3e234e41220c855d57d08f44837b0b725d0e5182f8f32dfb3273950d297699251f687b996a1ecd7273f6cc525dab7f74fa483fc7a7a6570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8a90aa5b39875305c59c73c5d2ee3a47

SHA1
cb6aca670c88f349359dc585249a2cf810d04940

SHA256
fcca3201dccb6716ec1ac341d06a88768b8f8a40050e4636810e07d52dc2d53a

SHA512
45c18164c950f0ad530f79a390d6c8705506ea6c2180b77bc9b553c83f2fd5897fe1698b76237ed997e56a16630eb447ec8271ca4d618d1557b66bc76e2f5865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6c5cac75714ec7fc401392bfd0ebcaad

SHA1
99d4a96671aead4704869976bda0069f8845c7bc

SHA256
e1a77c44f63b8cc0c760efcf2d138d23f6ec1ebf400c5e6c2ccb048a192c3c51

SHA512
173ca9bd5d6179dddf50fc1e920673c02f3df5e0f60416d384f0405f5423b5d614c3201d8bfaec332b4cde82dcc9d789632e3a0f8f715eb721891e698e171869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e024ab4dad9dd9cf403fa275ce48841a

SHA1
dd0b79b4642d4ba69a012fa32479e9ae1a8a53c6

SHA256
705931f742e9f1cd488be0c65310ce260117047e80782f6d76785c2880f24a9c

SHA512
74c7803ed413471374591952d3c81188cde1bd73292d44168f363e5a004634ca319b676d4e521a4bdefcf7292629977b7095fde5751e4c95e98779ceb61171a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
85d441a08edc883a4d9651d1ba71015a

SHA1
747ab8b8afcc9e1acf33cb29d14f2132fdac2518

SHA256
1ba9e85b247bfe167c26e3d59145a7c21dd9872e52ff502d1546cc65f69b7b91

SHA512
50b8c7c543f30d8814fda7f1286ca12af825abd6a2b80fc2474a1b18aa319e2c6c70e2d67e603d4e57400b5444921d17acf27cfafee32e47122aea60bdf70503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
eac062d2411f6080c281e5bfe4286ef5

SHA1
7073a6eeec17e6a1e775bece234a1b8c691a0972

SHA256
39451b3d9da057aa8cc4b4414253fa05364d646572e6444764030aaf0d36ebe9

SHA512
48ad8c06c9f9f5073aad7c588dfc3910245e3e4881bb451134214cea5173e34112f93d33756f910e952d738499b33fe263e3364bd8522395426c842c3250d368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
dda5150f070d20ccf69ecc545f5dfeaa

SHA1
a9658e2d9742e0f2d8e80dd7ef62abc2cb03360e

SHA256
1e0eb3f1c608a47895d14a64300ad70492ddc442333513b9c2b6617837daaee7

SHA512
4f8e7afe7d184a5aa1fea29cb322eccd2b0408aa8c44720d57d0c16936f21e7e2f35ec402c01e31a297a789ecf9e2b64afa43157569d9731bca884e38ec44bb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
edca6cc26aed9eaaa4d820ae5d2045db

SHA1
1563b4cece10cdf706b1562a35fb07d78010b485

SHA256
49cc061ec43578bbcb4ea536c0e00f98d6e808cd0ab3ff0362d52b0684935ede

SHA512
23e4ba28402e1460279e314db9713a038ff85a5893e9b14dc7fcfd4cadda2dfcdd28a210510746341061cb42cf2c54f95c32435210c0051a9b7ae8d874ddf779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
96d50a5d473364d4f899b257e296a5f7

SHA1
fc0b237d8a1c610452d6ea16c4af45b998f4b22a

SHA256
207403463b833ab410cf24640c100069a04b0a2875e92f3d4e066043acdf70af

SHA512
cee2cc5a5508212c0274f2874a918310671d6d6b5d3e703f7b097d337f3871b97e802647fc7892ef0752743c7ad3ce88d78e3f1533de189d0ab96ca6604559ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dbc28aea805f57ab54bfc48cec68c712

SHA1
1f7e872ac7bf4c153ca2c436c5c56276d8610434

SHA256
298a2c26f298330b2dee350736c73e62157f8126fcc0e44cb7ccbf8bc76eef03

SHA512
77d514b0b0c6f6f0d13d8169d0232517ecbabc176ed591bb24f97176ad2f128ab98fd12837c07ad5dcf740e038af4760ff31cf84eba2f1a5cba9a5c91ef158dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ffa4db3593afb487268f9bd00c0e00fb

SHA1
fe39a12d06cec20c13f12633a092cd1e4e2f49bb

SHA256
17ec72d6c7ddf927fde1614a738245816c2e43fb0d04565f8ccf836076828451

SHA512
b21d075fbc4c050346b996081b29b85a448bddee5dc0f1c56592b1c3a739698c429767953e5f5fc75cac85b15749b17803e2200494786be6638fb0f9b0a1d03c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bdeb1c23c98ab4915a96dec0d8a7ae2b

SHA1
2734c77b58cf1dd12679741fca9c8e7d307899c4

SHA256
a37994e6170fe3e193de018c338f0863803eb7685d3999291978ebfbe4781661

SHA512
c968d0068c2918db58aa0d5a1f9f5efa64f7cd1ecc3c4329702661ebdb146fcdf7044a9651df3ba20996469d29207bc66b95bf660ee4eb0fbba98abf8c8da80c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d024cdefe80001585d3cf2105bccf4b2

SHA1
0e701f135e08c260483f833853e4048956951d17

SHA256
0b1bc6e5664613f49af886649f86ba5eed9b3d0b61f826e829a57d4c1e8ba1cc

SHA512
f6c1588838751aecc25bd89215ed2be277c6be8a8a658fb47ac1218043dead3594089a64c85f75a75556c19c9b516860c7689298ce2276cbb6b16d70d28dee35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b7eba12813c27dfcf68eda8b4077aff2

SHA1
bc20eec0ade6b831dff2773192da7986c1ab0965

SHA256
0a68f2fa9e0389ba019627c67b9b0908498604e4b82adc51b2cadcbd6886e84b

SHA512
44bf257c373c8f6d792969a49da117bb3641e3fa2bfac04becafa4363e3f2ac5b2d3f00ccce3da2ac6aa1f5024c768fa64d5419fd82d7521269e1a34bbee0a3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9de40e24050c969421d2699576d23e47

SHA1
a9086260997b9a800805031c8aeee7d11829bf91

SHA256
dded71bd8c77d8d53a340df2f83bed8dcc72db4a5d8c2c9213ec95113693947b

SHA512
7687dfdfcccbaf7df83ddb994be6bdfc1a8a4105485d06b259f78d1d840254df6d9c0bb0911797454c06c3f9ce7d2df91cf43f1bdcedf7b2b39e7419d18d6059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91ed291523bfa5bf1b386b9322d2fc05

SHA1
32e1ddd7cdcd51546d7baaf2f83254525d4723fd

SHA256
58ceb8e29674cc168020cf4dfd129bc37076fffe9413dcb8fe7c3f45c4646acc

SHA512
25b02bfb3a0cbe21a43c4336da6b2d57a341511a1d1944a6c1fcbc66d0e0ff41ad3e7eb1fd0026b024f653b8e1f95a50443be7e64606fb3966479c354c0d04e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b362dc60a7549e84a0a13c2448b80284

SHA1
e3894a3d01c96c08a608e2868acb222a3b6fdb0f

SHA256
8bad64c55858fbd2f1a4a2d0e926012b6efeef63ea92f6034bf0b6e9764c3451

SHA512
11cb76a76b7d2157617e28cfef8612519d1ebf3e65fef001b2874bd5684c866722ec36a4fcfde1f13f88c0b00f8aa2ddabecb7c623131354aae9ccda2b71224f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a81434c695bf6e885fe8afa889f57ec0

SHA1
ae89810e70b8a9da7bb83b0563b78927c4aa78d4

SHA256
f8ca826eeba66c6ef452975d5de5dc5cbd897ba319bf88e0f05ae8d0ce30cef3

SHA512
54fe9fd56ed71e091e017324bec1da7a2c838923a29d978f75ad85b31851b643bc555e511e3c516ef5d6c91da33093200359172ee789f11d0418e5e21335e6ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
976137da230046a91eade596cb093064

SHA1
fdbe764736c6f4aae02c240228abc322a9d01dd7

SHA256
ca1de43e138053e8cfc769f1045fe0685a94fc597849cd32ef3717aa8134afb3

SHA512
3b747a16a5eba14e159eeb67386e0aa8d54864de3ae818303c22a06e96df1e61ef85ae116ad5326f72e3371197ff2d2719000b47d9edbac8b73c7bf3b5352b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a6a0b1ada03179b92ef91d3c147e475f

SHA1
318e87acbf4e34fa467d9899e1448b5216d1a05a

SHA256
f8a29eda3d1d034f85e81c5b3bcb22c3f41ffaff0ccdf2ec4ac220100ef0959f

SHA512
736536e1caf623c2c4c09da25da8e6f21fc17966bfe6baad2964c13a304b1a1fa0d6bd6044d6b367634cfe0d6d28121d1c8036363c2f57db01eec731adb66473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f66659575e3706b72447d3890aca5765

SHA1
b68c2db1956aa5c2e4402d7d911efe4af217e868

SHA256
511b0898981c51e76c0f44474e6c37b3d6e3808dc5190d60b9c35b29b7a8374c

SHA512
9691518d3299289d3cb7d4b7127bd94b07c2694c03e725638a4e2449c9927ae717e6b20067176f25561aae2e170c3fa4b1c207b9ee0830898485d5d10f179a13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
33962024b1822dff22245b132e1ca59d

SHA1
26572ad643c28fd7db1fa8ee35bf09a6687dbc50

SHA256
8949b1214e25b5ecd5943876cbbbcd7fba19361b092ed1a7fdf4542972ae61da

SHA512
d52db573a48d8423d5f9a8744a89c70e66bf00edb21cd6f07a99815a9c80e17d4df91d88ddcf81e75a67b9f2bc4be2a127f4bf83c100d58713fe5633944e6ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
96b9df82b07e4578e0ba558e6dadc7ad

SHA1
9e205fedf77860ee0516da8bed9ff423edb889cb

SHA256
1e14e9089c213d0ac41ca81a2ba0c1f1e027c803d578c8984000a3c1773323ac

SHA512
280ace3d228c04fda66967f34d3d4e8eabece1a907339add1f5a003ffdc803f37841db43d51cf7b3876ed531830a59b617699171d50b18d5f061d027b38e6d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7850f3a069a2edf261ba3c0b5a09044b

SHA1
e3fa8883fbbe0d10fca7876b771377aefdc024ec

SHA256
7cc30b32205c50e1be3de1e43a17a89e247885de3b92230e4b768ecab726304a

SHA512
2c495a379557e0391b060a0285cbfd0c78fc7304e1e3f1d422bef7a1274b70d0aef352c4bfaa1dbfa11310c87738aad05bf368c6178dcb8f1cea6c4e5c072d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
46fed3fa5f72435b0ac208bdd8ca00f3

SHA1
c90271b3086104504333645b349f42d66f579646

SHA256
22ba9e9f2b46c796f7fcf71876a9a99c38d3fab28ebccddaf128612c6bee3904

SHA512
3fe577d8280ee1d727eecd0a6438324c6bf1369e769451a436b241ce9652f3e1d45ed506befa669ccb0bf5097dddbd20971cdf0295ebe69bf3ec00bb2d1ed76a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2e99c051c6c560833f5def0405b6d79c

SHA1
fe6c61ea49184b699116658480da31f35e52a805

SHA256
b7c28ed0d378c2b1c71fc7dd2f011348902e64b9c1bbadecd24c8d4ca6e1c77b

SHA512
ae69246fcb8cd3d7f783f25ef6d44bbe5171e833d615f7fa147261b6e2c54870c5832d08fbf4ec1c7fa981a7a1586ccc71f5ab6b9a2eeafd9b47aef77147cd63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f4e0f940abd2e201148a988a2661ec45

SHA1
6f48f1b697938b4a0cf48ba40d7f60cfa95d7baf

SHA256
9e4d73ef8303448ca44b8339a3761883b9028979007c8634523b929cba928a8d

SHA512
60adef1d9157d37e1d94150069a5eb8b2f6121f34d7a10592d93c10415441e161febeb141639b7926435fd677b3624658ffe765620d2caa2f6a031467872eb23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\6f70cb5d-169c-48fd-aeb9-aca268e7d5e5\index-dir\the-real-index

Filesize
1008B

MD5
47de2a8b0fcd7081364af0220ae402d3

SHA1
6382fa670fdbd4bfad0bedc8997a211fb7ae35d3

SHA256
f4b407ca19bcb7fab98a4eb2ce9ab6cbc257cc0091481aec87c0d07b2a4de1d9

SHA512
df05b6c06055f809a5987902726345c2c6b73be0cb9de2b308da7976d62532390e280c76566298da4b4ccf6656d94d27611f1bbcdd79cbedf41fb62fddcb04ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\6f70cb5d-169c-48fd-aeb9-aca268e7d5e5\index-dir\the-real-index~RFe5afc53.TMP

Filesize
48B

MD5
0f7d434f693b1b78af11c21fa7bb2cf1

SHA1
95a9d89e1d8a4286b2ceb37d967620fed2d23d5e

SHA256
61bdd4734843d8b49465da531385733028d74c0679755878dcb8d55a1a99fe66

SHA512
45b297370dd2b9301b1b3f74dd900aa9311696f8e453118d8c132e6f31ec233fc97de71a53c7a11ee0d7b3d6544b85f0d333f05311b564511097188241be7b4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\index.txt

Filesize
227B

MD5
14294e7820be3ffdf769894a639f6ab2

SHA1
5bc91a7e63105b41991064e99cb758ea0f431968

SHA256
c8451465ca9e1ac60cf24161f0cb539b14a4a6da43959725ff887ed825dba9ce

SHA512
610aeec23cc3d5062cfcf5cedf82b8e9713588a08e644f876f0214d2b0a155e9dc68975f6ef80cc1f452194a503d7c25a065822f786f690d6baec2e0f05ceec4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\index.txt

Filesize
223B

MD5
dbc1e03585176a35b534811c2c5370f2

SHA1
66849254c2cb82f7e95dcb0e436055de68d53ae9

SHA256
c5807f5289239e253763aa65afa908f0634c32efd4095bacfca8d139e0756ae2

SHA512
dc5386d5b9c69723c18f6a6f9f95e2ba89978fb6c952ff0bfdfa82c879f931d77928b3b7e719bcc7370d4d1848ebaf46fa4de9463a5be1fd788273b37a36edf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\index.txt~RFe5a9ef1.TMP

Filesize
131B

MD5
d48172e0b8f683475b221a4278e0a4c5

SHA1
b59b94d58db62f824d15cd75d35341802f000caf

SHA256
0cf3b9e9aebb145330554ac859aea6f30ac77dcaf170ac661103a890b42cf2ca

SHA512
888036557e1426c1825fe4bd7c1b5f40d9da75c3e3f9b16360f3d9e08a56248ddfb59022f06fc68178e4fb1bf99160772d52ae883bdca8c1034af2e5dd4315d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ed5c8b8b12ef5c6e376060a6ff64b30e

SHA1
30e448b5c3f2bd46bd1d1835b4d493f7801d811e

SHA256
0452fbc511943f32f70b1f2a7335186134af70cc181f0d63e00aa9897f0b7068

SHA512
26e966f5f9077fd1e988b9f300cff1454b93c74e166049d1f6d8eeecc74fa61a4b67f1d74e1986d9fa2e90d5f8d9a50e632bbc7e655d0796a321fec8d8f9f452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
c8dcff9c8c27ec24166521ce7c1dc77f

SHA1
7680893f13350270f89872b510c1901e6d135af1

SHA256
a481c4f639b95603dd5689bea3fd6efb027512519c215775cfde75586a8a0dc8

SHA512
9ff8c4f52d71de7143e8a554a451b0f6477a73c72a608bcd4c06b2c3df809a24c4205b860b224e4854989367c3c89e6b0df2e87fac6e3fac25c64dba55f8dbd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
43c4b3bfd0ab9424363e602c2351ebb2

SHA1
60753d477043bf41f1afe00fee226e51bb80cf73

SHA256
91a3a635a647a33b85c8b42a8a4297172d1f4e1dee24c4b38422e40c9ee20c6d

SHA512
e5965b37095efb3fe8ba3962231b0f6fc36eb78cfa11ec4245bfcb112578d96a9053e4c1ac6ff66f14d72f412046128b488d2bc90dd9329bd57cc008f07e1f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
f4a8e9590f990670a5b636757f9cb126

SHA1
509000d1d1b0bbdae0ef6e6e064e544e5e3688a0

SHA256
25f4108bc6df207410649215322e5e17608c5cd820a3e7b55568c96dd41298c5

SHA512
7e5c5effaffe98a87af885f088d837175ddf1be3f65c7ed87b0049b59a57bcde229c4aaa587095fb8b516531f84e7bc89ddf75cb82b783e739c92d23c8cd915f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
03a1610af2e0cbbd56e59fddcceffb37

SHA1
224ca1b1ef492129d29905a06a6bd43e01472a1a

SHA256
9df5f0355e1a8c1fc169a9f8780d70c842eee6a3a609dbe02e78ae3a1d860d2f

SHA512
a22a263c61be313665f116ddb0eae24621f774bba81c5a3041017fad8e8be4b7e6b94829bb0b223288795b0bd5996d29d7be53f4835b0581e344d6534a2cc93f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5bdca1.TMP

Filesize
120B

MD5
d367cd3632eb51b54d3988239a825d0c

SHA1
ca0016127b47236f55c7567542645056f35f2efe

SHA256
a76cf81f6fa2e724765a18fce0700dcc3603e187800e92acd3cbfc99a5d26fa7

SHA512
2fbed78868b931f2fd7d4f081ca66cfa0f648caf208d088f2cee6464e9b4af7707ae479d389e16aa46f7f94628adb8c93bee17fc572ac127425cd16e30dc151f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\02c6ea06-a6c5-49ed-9cae-1aa7953d3975\index-dir\the-real-index

Filesize
456B

MD5
292118f27c2b11c410e1b26d792cc66c

SHA1
00918c8e3cef1b33b79b13b1f6c19d5ce5ef6e52

SHA256
69bd2dd9df4e92d883ba28e803f16be0668a20ea87708cbfd630c94ac54582a7

SHA512
aa6a7fbad06d009c9a87b6facd56f7c793a96e0b24b4ef141122512fe58c72d90603a2efcf5b1e643b24ff43cfc904b744d6de6ebdbfaf0536e10e093e11ada3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\02c6ea06-a6c5-49ed-9cae-1aa7953d3975\index-dir\the-real-index~RFe5dda26.TMP

Filesize
48B

MD5
7bc51c0652248b639ffafe219d6abe0a

SHA1
d8c9840889b6290897ec35a93f2496a123b73cc2

SHA256
335f605e5696ad36ea891636e7ba8980f0d87c581e5e6be4308162047a7c0390

SHA512
356eb32b5d669b9a5066ba735178c93917868ec1cffe74f787e476c48e1131863a5566e3686436f3bbd0e167cb15773db89fc0247d363136e656439c7f80b5f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\fe672886-b6fe-4a23-8a28-9367fcad6ed5\index-dir\the-real-index

Filesize
72B

MD5
127e01f4d1795deef2a0d53756270ae8

SHA1
15631d4930b395443b3992b27e3f12c3932508ba

SHA256
bfe38f9e8fa675c423926acffd2e76ad92246da316c27b50bd34c9a4353e292b

SHA512
15cd813886bebbc559d8a26651c261661ab98e5e43c0b10e85ee4801e979179dff82e90e8fe9f42c5bc4257c1909ddd3965c750512e30bbbea0e82d091bba200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\fe672886-b6fe-4a23-8a28-9367fcad6ed5\index-dir\the-real-index

Filesize
72B

MD5
c79d7aa30ad8faad33d59a6a44bb4ba4

SHA1
0407d7ed3c347b1319fc2749f34680a3f4bfc10d

SHA256
e74ee855b5fae45a8e99149ca78f5ac725f839a88d11be6eaae8cead0ec4c272

SHA512
be22ad4e2b45c4ee0279e3b01624fd3c5c3606b82ed9fa28b07855d8ab957dd18e57e7bde697d223b6a78e210c35eda2f96fbe7c080acdaee3092885ab117bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\fe672886-b6fe-4a23-8a28-9367fcad6ed5\index-dir\the-real-index

Filesize
72B

MD5
4c298f20c7ea8d19471d65b64533c3f2

SHA1
80c1b5330f6d807a2fa42fe3027032a2dac703c5

SHA256
a0cfe660ff4451b839a8b3522fb7e09b719a9191cc2521936f610f0a1e4b1d0a

SHA512
0210a1a5231793b8e328d827b9b568133e81896393b903f8ee16960f7603a0157bf83f056266ee63ca18976dc67fd5750fc878cd559f0b30dbf5362fa4d7deea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\fe672886-b6fe-4a23-8a28-9367fcad6ed5\index-dir\the-real-index~RFe5dd842.TMP

Filesize
48B

MD5
f237a65fbb50771c13db2585d612e69a

SHA1
81457ebf0d02d070061fdbea4ab37b00ea9565d8

SHA256
37dfa2fff8496c82da78112b9a50fea1e0a01a80e8ba4ad99ab850da8291b625

SHA512
f6fb1d3ad002beafebc9e84e529616aedf2ad70e954765369f6fa4d6c1ea90e2aba12a740ada9b6e425384149dd310cbb8f84666e3a74ee1d94f57a31ee13eea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\fe672886-b6fe-4a23-8a28-9367fcad6ed5\index-dir\the-real-index~RFe6803f5.TMP

Filesize
72B

MD5
237fb83a693b5eab07c7a94b669ac267

SHA1
3f32f61faa73554f5d1c7a14793d6062f0969968

SHA256
30c96868dd8e4aee475a1fae64323e950dfe9c6ac00f2991eee887b73e330bab

SHA512
1e5fd648f2010976803a4f63bbbab715f6f6484eeab6ea8c06dacc537ff28f966fcf656c3d349df5801596cd6b05ce7bd3611831f3ced293ba6305527e934520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\fe672886-b6fe-4a23-8a28-9367fcad6ed5\todelete_b82aaf592933a8c9_0_1

Filesize
15KB

MD5
0f19726d0ed4e2a1d21b0468f7a16f82

SHA1
6f93306cbd75e876740a79c6a52b7b9527267fee

SHA256
750ceeba22bacaf3c1565ee99a1c20680f8d65b12d78386b15da6637d76d86d7

SHA512
8aae38c028ce1989e94d9a2b90f1a64db22ea3876f649bfeb22a0490311d60148907425e733463a7cafbf5ee4ae46af700d82925b84632f55e55a3518909d621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
197B

MD5
ebbab9fc92718d71af050ef4da8e0a9e

SHA1
360cbf41a06626717f6f7d88274d341aff8b1694

SHA256
04fdd9ecb0d1ae813d60d2f015aee9170f5fcec70a82592ea2e3d66f7650eb15

SHA512
5c7c091d3594f105551a1f65f035bd3f20ef35358e9a0ab6459e8033ddf736aa8ae8853a5063e84a913b9cc85556ebdb89a5e300f7e42971421246a17dcf3961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
194B

MD5
0e761d064b242bb4e1054c4a5acd46ae

SHA1
ff36db7d7d13777556ee264436ca115ca1d95158

SHA256
80c27280c092519b8d812e1dfa539c561956ef5b24510d3ed89511195211dbdc

SHA512
26f4215e11da72bfbdeb8b7295d8ebb1448bef2e17a8400f8a65b39956ea7c51a0396fc1138a28fc27ec021a020095b87e40845d5cafe3215705e489cc732719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe5d8a22.TMP

Filesize
131B

MD5
9e15692a633ea3ddaa49c3e91569a4b2

SHA1
d0a2b547ca11f22d26b5ed42def120bdd82e6a4b

SHA256
633806ad808486ad58c74b6eac19f41531cb329e132824bfbbb17de0b19a290f

SHA512
5731a5e0179dfad701a77b8505e5e9bc2eb0fe65687a4e893141d7134ba86100abbd9c2422023c3b5842bb5ffe97b9689a51579220e33093a5d2a1ff740e6fa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\32386d62-6649-4bd5-8c8c-5abfe9bcd793\4a09f6ff87f28e69_0

Filesize
35KB

MD5
dc8421291c653cc72fe6cedca6ae2431

SHA1
7654632c5a67a598fa0bdad261886b88d1dc89de

SHA256
441a5a1c3b1480756b2bfc9fa6eaf183091c20246815b3e887145b5b4d6cdac5

SHA512
0ca7b96c1ecb32ae44f58255379f16783c714e25785073ea1e18091a366aa5735c784be78d0e3faf5d1235fb79f18eda2d706546c6fdc1a3a558cc0419c32100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\32386d62-6649-4bd5-8c8c-5abfe9bcd793\4f2733c6a6e23ea4_0

Filesize
37KB

MD5
868fd4dc440552c1e19bee97df94b39b

SHA1
bef2bb88667c5b73fa43839cfb266f2fb79cbf66

SHA256
1bde7f356c0a5b9d5636d73d1d819206a4b93441bff2af66eeb00ef3e6fcec4f

SHA512
120a206d501ba38248d20d892d98929bd53be6a57be035af4da2053dfcd6fb3743a2e21f00846a3a6a8c0e6d39a7dbb57c3e2b04697cece021039ed9d56a6093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\32386d62-6649-4bd5-8c8c-5abfe9bcd793\5f93a40c536e8d6a_0

Filesize
1KB

MD5
975cc97490ff7208188c802f98edfcf5

SHA1
3b77c453fe7ffe1c743cff760298d64e51188d6d

SHA256
88639a6dfe287111085c227a49a2f85c55ae8e134b89e002066074f3d6b1dff8

SHA512
91439ebf1a2fcb00edc25e1a2d280986b107a4dd5641325bd884c12792cacc8270a78517ef00a784bf0a0cbc65137633fc1cc9edefdbce4bd8361c6fd8b41662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\32386d62-6649-4bd5-8c8c-5abfe9bcd793\8241ca06bac42763_0

Filesize
1KB

MD5
ec712b2209ff0aec87c4879dc7693d89

SHA1
e32c65d51c013125ab0525e30826477710847316

SHA256
61d2a9bd2e38f3c8c4a9a187c53ed311ce89f88d57b32a2cd93e21701a5631e7

SHA512
566253391bfe4f1a9e7d81f38076ad1b6b01e7d1f523c4e70f1b7b525a41b57735a89be70902336d9052c6497c200171f1dd1421b200cc51ea54449787117f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\32386d62-6649-4bd5-8c8c-5abfe9bcd793\a8c3eb156d2244f2_0

Filesize
35KB

MD5
62595b8f7c852d57ebe65a6abd9734fc

SHA1
e9cc0a562efcf49edf26036ecb3c2abf4e904fc1

SHA256
452df72bbef3f19a64e394c033debf024352d1e5f9cbf8396b572279ce6aab70

SHA512
84bb39a902fa81a37f75c893228e8dadd479511637b74aca8d71c4533aa3c46bab591ff56269e6abdc2f715fcc97adf55362d70adab3673c2b8a3d1687566328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\32386d62-6649-4bd5-8c8c-5abfe9bcd793\f83368f3a5002ec9_0

Filesize
7KB

MD5
67c86ccf7f2c52d13b07cbfcf557ea82

SHA1
3e5dff3a1de40dfbb7a28fa208fdf45659e98fa5

SHA256
a0efdea6a00a88d709c5d1a44174b6b042d176280957bd10667c84b258472727

SHA512
9cc00a8f2a002683fbec03aa3b9917644be98714fea9f638078514b121c6001ac7cd2c3e6ee95514d83be839d23ccc6e6ccaa03ecf2a79b62dabead4df0702a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\32386d62-6649-4bd5-8c8c-5abfe9bcd793\index-dir\the-real-index

Filesize
3KB

MD5
4a9b7b9a2f8c016a0f81eb56bf52465e

SHA1
19237ce650786bb2edc60349570a9c3a5990efdc

SHA256
0376136a91763e8cea768fa91a83b43c6fa7f887c7fb4e796b5af401360cf1c2

SHA512
4b0a2aa9303abfef2d71a8ee37fd7591dc1c317f02fcce93b55523469672ec8bf766b4e5b7b5fce5fc00b3ecafac7a28c286f8038887feb15ff152d1559b6cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\32386d62-6649-4bd5-8c8c-5abfe9bcd793\index-dir\the-real-index~RFe5bd761.TMP

Filesize
48B

MD5
d3a4ed5456c55c073f93c75088f999cb

SHA1
9db972e191b45909f3bced992524e8c31e537015

SHA256
409ec89a79570a8e4d511786239e543efbaa2a689b6a48af2e49e30c831a9b0e

SHA512
cc9fcc65868f57151f64a8415df5576dfa38f1712c9209bfd9275d67b2314f81b342cb73acc54c75c4d13f4a94da47678c07cf2db04b2c0dafd3443ab28e280f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\index.txt

Filesize
218B

MD5
b6bc6bb23e8dd699f31b1efc9ed62eb0

SHA1
74ef38cd230d050387232bc2658e1243481839af

SHA256
086a7a8d6aeec37034a22493dc55f4ee5d50cc0d7d3fec757884bfd6820b3d70

SHA512
2236a56dc937bb1d025f2b0b848f4e093375d142e5e46274840b0418509f0e7ac2ae1836b5d69c72c89c452fa85daedeef44dad8e5441b4dec14ae3380d598e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\index.txt

Filesize
214B

MD5
64adfe4d1379ad40c31f6f83cde9aee7

SHA1
cb35adafc85fa02ec95445974fe9a208085ccf95

SHA256
4bee916527326d0d4a7b64245e229be050820dc600e6b7d3cd3bbdc70b47a0ae

SHA512
5fafc98e4c0eadc43f868753c3c7301abea369a8125619836a18f2166d7801957464e94d0a3a9c139f45051b6979ce1438267cdcdc8abe844b5576a0f621af83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\index.txt~RFe5b4ad1.TMP

Filesize
125B

MD5
d1842875b047e51610a9987809b5bba0

SHA1
f9b4344234b2089995c18db52f261ca54cdbdc46

SHA256
28a399c05b5e00df0124a52006f523cbeb006c51ed87bfbfa37b7f42656d6a71

SHA512
baad09e5162073c5be015d942a96a0cc4fe3b6d75076b6a6a436a246e36a1500fa6982ef5317720161e5347e5994d1d11927579f28b57ee7a4f824e9103dee0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\71c3b9b4-6b1c-46c9-b379-982d3a52b0d1\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\71c3b9b4-6b1c-46c9-b379-982d3a52b0d1\index-dir\the-real-index

Filesize
1KB

MD5
2946f72c82b81215e40b6ea310bb4c73

SHA1
af3c757ca758b16457c14d55da6ab7e44710f8d8

SHA256
dbac285d185789b27673b331fbb2bf705d23e661c3b558c46fdab577da5ae028

SHA512
fb62e6a6a9176b7ff2a9b5bc206b50d116f7d6e8972f90e2db46d343f5bd6df7105072fe0b584d9bfc5dffba94d91ba702eed52796808f7598859069a506f655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\71c3b9b4-6b1c-46c9-b379-982d3a52b0d1\index-dir\the-real-index~RFe5b5531.TMP

Filesize
48B

MD5
cd6d3651f212c1cb73187101ab51d568

SHA1
e6aa7939d0ee463da0735e6c1e49cc3b8cf21d3d

SHA256
273e520ddb8885383e39cc61a361ac663eac145f26f3b428674401d29f6f0d1a

SHA512
ba496788615d6052785708b40c0354e915086beb7f9b027e1e77c85dab7afd8d06a73e797470517b9b52c442d9a8b4cc8b878b9bd99de0933e34ab023e71cad0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\f40807da-9e97-4df8-bfad-42830debb2e9\index-dir\the-real-index

Filesize
72B

MD5
b5c5c6d09c9b5601b7b7ace04b8b845f

SHA1
37f8c4bdc381656e61b5a659c4c2c6b3e7749567

SHA256
791dcbc8e1b7d80aa1e53b6afb052fdf59a260091d0f2e6a084bf1164106adfc

SHA512
cb2c224be8b860dbc6a201822d83f37c6a936ef49db85ebda8829cf2b9ae20a3134b59db31c21b415ae2130e19dafc4765712efa804ada320da1d1bc94d64466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\f40807da-9e97-4df8-bfad-42830debb2e9\index-dir\the-real-index~RFe5b4802.TMP

Filesize
48B

MD5
71c96a3b1fe411f7796d4d9202310c65

SHA1
49405862a1b4f192351374e23469743f41eb1b97

SHA256
bd8559b040a01032599177aac0f6953cde2ff1e6a9dba72befca2fa11c98c89e

SHA512
b73305f278c05cfd7b47630f095f1ac6ca5d8ffbaadcb882227577a7c325dbb4d8a54f716f2e9bf6ceab21694ef1512b77a358ec3c53eb0b28adb779946a56ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
237B

MD5
0aa636bb520636f37db7c7941f0e3aa7

SHA1
09913bd370245d45ef3234a1ba5ff3de0dd2ab69

SHA256
659054266841997fcff7136f3e791db857597ce00d85b7b85325b87d05e4661c

SHA512
2b14808d10a11b23dfd697c3ce9ae5dc3dbbc3f583af97ec1db35f7e7f7a2f94cf760d5d8199644ddd769ba745a2422c750b5ed65d7fe40765f128c141737112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
234B

MD5
36aec5b5d7892e6cb524bf579ea6674a

SHA1
c3dc84ee264adae6d479ed6c04761c3cc10f6728

SHA256
a0427852e10652cb4d769a5aa7abd706c1ac0aa7ebf433d1aeae557757efb764

SHA512
5057aed29539ce6d8aa5d184021c53e03bb32dafdd1ef619a21e86f1c641abb97edc915b57498692575b82007fbec252be380fc68657e5acf8966336ee88f43d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt~RFe5af9e2.TMP

Filesize
142B

MD5
e0d9206f43404fb3fc8080e0e5f4014d

SHA1
03ca78fd80343c093f2138187b116d39e49aabef

SHA256
ae7c3fc5ef7071beb8d7c5672625ef17203db97a026d9ea2305b9b5fcd8ddb20

SHA512
536370403bc55b4dbe83ffe77eca81cfdf54b00bec0597f1f35c16e8a819d9620249c44ce083bca7367c01976ab49555b47f46ef97a248982f8570b349a7a3ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
216B

MD5
cab144feb7c65ab6cbd989da277ab880

SHA1
5d16acf852a666709da1599a3dcc385751051e5b

SHA256
5713f3359e7d837c8c73896c060f0919de378beb8f74ea5d3667e903e2526ece

SHA512
82c680e64145c8d0d04337c32502d3494e9e3289adc97e05f01198dc2e4f3f7c5cb68cca9345f16c3ddf3b73275e72fbcc9dd0b03e6bb4749ad627b3412ed35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
327aeb4cd4d9e5977babae7187900aed

SHA1
60057ce8ec0ff523b0555afc47f3d00e6c3f7421

SHA256
0d3e119e097263c4dd79625e32c3b1da1b414812addd1cab89d32c4e8c38b57d

SHA512
dbf81d06a74c77d9bacf0b927e260a304094491ee5a5c17b0f65b9057f3cb5f506480fa6cbf3796838e406d6fee837b9c09cd41fa3b507727bcda835e4af3f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
480B

MD5
02fa4ed7b3a772ecf7646736a37a72a3

SHA1
1b0a17fca8e78eb335a9a300fdd48eaeb916ab2f

SHA256
8a6d163764441a24206467fa29fe92b303134a2a6873b87222a2e5489632293d

SHA512
c3b7734e2a50ff52f39f155ac23fbe1d395928c2f433b74ecbe70436853dabe4f6bf5a5ed020a41f66a9bc38f7db8156c9f03ba35cb50cde122d09fc229f752c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
835f2eb687e06b22763dfcd259418db4

SHA1
260477bc57a53ca7c719ddbd754c7ca045aa53a8

SHA256
1a8169561ea43b614c6dc08144ea80ffb8bb16f06931c7a1b39a6c897b29829c

SHA512
abd06636fc8e93fb31ef958655534da7f7102ddea15d0f9ee9ef1523fbaf7a0198396b6403d04d17232c5f0ff3fea279c77263fb20a257dd01a8550c3ee7b2fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5aed11.TMP

Filesize
48B

MD5
a456fce829f38ef2d8540db18b59ff44

SHA1
ff12342e9bab96418a9e37dc9d78362b23fddd0d

SHA256
9981c56d3f811be2d8d058fa3101cab4b6d38fb3f550171a23f83c5b51d99559

SHA512
75b47c14eded93a5d1b93189f38a97d979d6af69f9ec50e06b043aabbf3543e86362b9b03db09a0f0d5ecbd561fc3bff22a4cf2e8b135c5608a5ba61666854a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
6d70851fab137b8e79171dcfa5f9bd54

SHA1
848a4251c205f5f4902b3dd1e333f93e39cc7903

SHA256
bc770945f2a03ebe673a7ccd1018c6118e4053457c683fd7016ecc06f25567f3

SHA512
14b5f86da2554a5fc83f64fe7ad9866e39629bb61e3503e992475998632b3cd1b07002757f47485acb72d405d02dc21b992ad417d73a0ede0524f88b735a556d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
6850fb08867c1d0b7bf21083d77a8350

SHA1
344f61fbf8b32506842a6bc3593106d4aa4b4379

SHA256
5d8790e0cda3a31d473afc56482dfef4828ed9520cb53f5abd42226cd2ce6826

SHA512
2a9c5bfec183b031dccbd0a0016abdb2015214af35af5ccea64a36236b03bbc5ad40aa803e5712ebf76803628d1f6e6db0b525d66d78fe84f7ba4152c6bbfcba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
8509237169a879f9696ab2b54ca66108

SHA1
688239486c3598368bcdf031003864186dae4434

SHA256
dca8e83789f47e8f8850bba3614688245fc2d06d6d8b87157589c72ccfa84c86

SHA512
85d009cc9c8c7224d28d2745c64320a1248889f97c998e701d743973dbb1448fc0becdfa3683fae866c36d3e8b48e2b743b2cb60e942ebf431ecf412eca27802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
87833e6d8e451fd4b6d8ed4619706612

SHA1
36049991d9eb8882d82411870a4898fd35046acc

SHA256
92fd16df498c5affdd83c8c5e05ff9a438e1508fb9145b136d051fb936fb4f6c

SHA512
3dfc9910a13a6cf72a125f2e9d90b459536e5ebc2f2a460a414a3ba5287415a27c1d3d119e094c705aab45f24a5032d80a374f75d42128b49829ed29e04cd861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
130ab54e32587546708e6f8ed741cd1f

SHA1
dcd7facb980898a70f3cc8e9bf0aeffa27a1da41

SHA256
4b46e948a3396f528b22b4385d9b8988add3db9c85134c67e2f019382ea24162

SHA512
13e7fd2ecc647e6803d779cf69f12d88b6a67a036393d347f737fc51d1951920d6b010b9d2aad654ac0878486a0818b565f88d136fd61cdd94624f862bc2a9d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
c8fa1d79956d120dddcdbe7cfffa86d3

SHA1
9c6cd88fdfbc77c987cc2a4e2ec2ea5556d8a397

SHA256
bc836573e0b1b5e4d6c7ed11f2aeec69b5ed35b460762def1a1096be59d056f0

SHA512
68ba8be6edd7ffa77c6fe42a0e51d49b4c7c5f338978f86473ba9aa06a1061da0c320b980bdbff3ba1911fdb4e72d92dbd3a0d7f367af6b05fe0ad5e9bb3e800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
d28c810faf3688eb670852b1b8c49cd8

SHA1
00b43805a547e659fb5b426dfa5c391b4e0d9efc

SHA256
7ff997d5c01c576c8e994b7814108ca15e39c6cd8f16d2b8268492fd5039fd9c

SHA512
76a64faa40af0f2c4f2159b2b9528a8675c1bfec87cf0249df23481a76cc1cb9172b09cd7e532837fb02e03a440eed254072dcc46800ddcfb285f55c11edacf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
72388cb16706d83339028ea6bbb5288c

SHA1
e750fa4c8fd2abd7fb294a2ca2ad4694ef6b9b11

SHA256
8899a2c3e2ef920d213ac41bbc334b8f999d7d14489272c09ed42af4364d1df7

SHA512
ca9bbfb8b3f7d585c02e4659d3758ab3c7cfa8fc78abfe6519e30ad0c4eac51126b648cfbef88f3971bacb9fd8919eb6618747aff5991693890066cb512d4766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
adb0dd5ae4e252a639780cbe7e9c07c9

SHA1
e5fdacc9e027e5ff4c3f529897ac52cb22b78a25

SHA256
25aa46fc379b503e59d8ff3c517156c82ed6e0c6b2d6e0bb1250fb4fb6ff9ff9

SHA512
88f6fa50909c660852b51644a85b07362ee96a90cd0efb644b73a04698d2f25a46378a4e300fef771c7108f55bd70957382f95c4bdd5296ed77989283cbff452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
0264c3ddc34e924d8b107386c4a4d1ff

SHA1
6c6c90c34fa7231496e9fbee8d4e266e5b06957f

SHA256
0e18280fd47ef55b69f6daed8a8c15313eac1b866f4f2d0a49d5bb3e263ac152

SHA512
03a9d7e9a23bafcac1fa64d653f35de0cee3d6cd3657a3d3dc2b65370d6fcbfba454f68557efcef2ee29851f8e0f199624f2c02a242004d7376f54f8c8e21da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
e8dd24b2033b67efaff2f657eefa7454

SHA1
261f3a5a161e3fbfa0887bb27e074476c03f6e7c

SHA256
29b9f098e6d98d29952f7d4776908c0ed9bedc74eb012357bc8ff2820a31d346

SHA512
a0c4bbc4a6d525efa3d2d9a57d689398ca6e0fbb6be9c72db60d1c45f19bf10b0869532e8a079ee90263a981f14e98db6573ddc0738f74a8b450362df75176c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
fe4dbd47d069354249feaa74419ccff3

SHA1
73433bcb86218920b7cae91c88afa1e9ff31ef0e

SHA256
0f664b9af0f3752c043d2e7f3f89553bf4cf7a606b21294bf0a9a71ddf43b5c3

SHA512
ac4865be46fbd4574a37ba9ca66aee6615bfaf09af790908379d518afcfe5292403f2a9e5189c2dbe4660cf4fe64d25fdc054425110be024de2f7b5597c60005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
e4f1b2b63bb68d90aabc5aa2a88c8af3

SHA1
24b2763f7fba14f2b2951f48779d7da18e8f4463

SHA256
ebe582873e8dcc7480e6ab6cc43087de3fc02ef0d0db7557f039faf722bdeb11

SHA512
7f4be2220f23fed9d5405b1ce6bb325c100f417265382a5ee0ce46758dae7ae8755c2a111304e4059fe5da3187260bf4bac2869f1bd7c2023a7dbfb9a4a07637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
118KB

MD5
b8b16254ae656800916ba962341e5cb9

SHA1
4f2f545b9cd32ce9b849056c91834a13f6506896

SHA256
8fc8ec60ec9bb4b3b9e7bf0cf86cf597725c3827e0c65f4a0758ad4193581a3b

SHA512
58b68dad6f9bb35f493b050c7bda92b326a7505bea812661e68fbc06a585a8777b6f7c88d06fb4e53b8788b26cd92df943eb48a28f879999ccebc782ace9257a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
115KB

MD5
7cf56ed766201d594099c8678cdcfce7

SHA1
9d4f1b1570ccabd0e1064aa831a2f03bd036b135

SHA256
d8d6268ae26d8b5d03ea2dffa85ff1dd6a1078e781dcb48e98fd81c9efc6fe2c

SHA512
b227c564c69858934b5c8dfad2fa0e1eb0c78c3eaf1bdf9453e8d20011421893f1935eaadc6f9d23adc769a3e56fa6cdda4130024706a08f8751dc68c8b3ccba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580e24.TMP

Filesize
98KB

MD5
1d027383b716103f66e5ee99dbcdabe8

SHA1
48017f5ad10f6b61652ed64d53b83e92a79c60cc

SHA256
4ee1cd43a5567ce28ec4e1201e97090a242d6354043fb0f738ed84f1f59c2b6a

SHA512
8584b07c2ee424230cc3c872b42dec87a5471bcd3f38d1833602df0f98b9b28593ee89f1bc2ef17b1d56974b14ea38f97e6a2d1faf885c921aa8d9e98fa575f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\f3b8e82c20c4bb3f94a2d7bcd2a82cd1

Filesize
5.6MB

MD5
f3b8e82c20c4bb3f94a2d7bcd2a82cd1

SHA1
89618596be7cb90317eaaf2d09b05d522d008260

SHA256
7de6a5a45227b0f21ac7dd50af250e37f20b8bf2d6f4aa53a7f643d77515bd07

SHA512
82f15e37366efd29879add4f50cedbdc27d4eb885e190dd54c8e89787b51d59ccc21473f431292da679c7e8aa7cf2d0ce7219e1503d59a0f356e078f9feece55

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
347cc70dc69404915b6a0bc9d464f282

SHA1
3647535e1164d4f4b5995d474f25ee97e179aaad

SHA256
c014ccb7d3b4fff94bba7d7e6db29395a4c288ec18ab373e2624258d1d62a336

SHA512
6dad472b15b718ec61d3ec855b76888150ce98c783bf5ec26814f0b460efa13191532340187a6d229c78c9c59c93feb686f6a8ecc90e0e947b8204ec21626a6d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
3abd482a171bb6a5c9342339553c6381

SHA1
eb016408ea45b03515d556f77827e1deff3d6ffb

SHA256
be113fbae30a8b7aca9a0b52640dd3730e84ad073f81259aadd8ea3b5d9f78c7

SHA512
d557447ef1a097f7fb1b1f7cb9c246ea611532b213e545b71db50bdbd5ae574ebdb0df4ebf8372d284e0eb0393a1a6eb283ec25a2672f46c3e540dffc4fed15a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
754e45c73849c799d08d1744e1407c51

SHA1
fc0790aa9087ec4df982e44176f12e302a246c0e

SHA256
4f27820b827408f1edd872c172bb123f728e20ee3ffbf432a1a84fc31e2109ef

SHA512
e1b7433c20184879b574266d7547c764ee926ff93fd939d938871262c175bd3cd400e28a263b0d85a37a13e3fac07fb710bbbf8fdc3ddf0bdf55e42ba7f47a59

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
b7d2ace233255c79084f5cbad496c35b

SHA1
db9845bee574d96ac134a3f521af3f50d370d9ee

SHA256
8b6fca3a5e45b6c11e024cd6d0a75c41b038974611cbef16448288c3fe690a04

SHA512
b514e8d199b5d00d0c061b0766ab733a97e9d2dec1aa12fc4666f3bfae470b90bbcf576edbfceeae77699fe16f268e56da950ecad81ff1133f0cc5197a32a8a9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
49bab5594bb0b7e6f654a2cf21cdab17

SHA1
5977c8d675faca1f9607e6a27bce903363cb6b7e

SHA256
c4c8f1d03f538aeeb12c3013e564358f818b9e1d725f69e71cc156d98f91bcbf

SHA512
e5e548e6a743c67b8964b96cfaa4897755eaaea9697ad64468f1fc141e149b5423de56ab0c4c6f9037706fd7f34a0d9f065f3594fd0479b9b628c78596dd23f0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 271119.crdownload

Filesize
5.2MB

MD5
9fb66ffa1e1f4dedfd16eb3a8170bafd

SHA1
69b5d57ddda6b97adde820b9ceaddae9c33d53bd

SHA256
7953b28b736795aaa54e6cd5cb591e794e2f770c1045ca2e33af5ff19f480eaa

SHA512
4b141802e7a4cb6bd4a7498d30086a9d83c62d37f2137f4910ca7d3fb7009079d4dc59b95050849cfc720210b0cb44bf588d15c08e3ba830aae19c0a27e8e6d5

Download Submit
memory/1480-1152-0x00007FF89F3D0000-0x00007FF89F3D1000-memory.dmp

Filesize
4KB

Download
memory/1624-1027-0x00007FF89D0E0000-0x00007FF89D0E7000-memory.dmp

Filesize
28KB

Download
memory/1624-1025-0x00007FF89D0E0000-0x00007FF89D0E7000-memory.dmp

Filesize
28KB

Download
memory/1624-1024-0x00007FF89D0C0000-0x00007FF89D0D0000-memory.dmp

Filesize
64KB

Download
memory/1624-1022-0x00007FF89D0C0000-0x00007FF89D0D0000-memory.dmp

Filesize
64KB

Download
memory/1624-1023-0x00007FF89D0C0000-0x00007FF89D0D0000-memory.dmp

Filesize
64KB

Download
memory/1624-1021-0x00007FF89D190000-0x00007FF89D19E000-memory.dmp

Filesize
56KB

Download
memory/1624-1020-0x00007FF89D190000-0x00007FF89D19E000-memory.dmp

Filesize
56KB

Download
memory/1624-1019-0x00007FF89D190000-0x00007FF89D19E000-memory.dmp

Filesize
56KB

Download
memory/1624-1015-0x00007FF89D0F0000-0x00007FF89D100000-memory.dmp

Filesize
64KB

Download
memory/1624-1018-0x00007FF89D160000-0x00007FF89D170000-memory.dmp

Filesize
64KB

Download
memory/1624-1017-0x00007FF89D160000-0x00007FF89D170000-memory.dmp

Filesize
64KB

Download
memory/1624-1016-0x00007FF89D0F0000-0x00007FF89D100000-memory.dmp

Filesize
64KB

Download
memory/1624-1014-0x00007FF89BC60000-0x00007FF89BC80000-memory.dmp

Filesize
128KB

Download
memory/1624-1013-0x00007FF89BC60000-0x00007FF89BC80000-memory.dmp

Filesize
128KB

Download
memory/1624-1012-0x00007FF89BC60000-0x00007FF89BC80000-memory.dmp

Filesize
128KB

Download
memory/1624-1010-0x00007FF89BC60000-0x00007FF89BC80000-memory.dmp

Filesize
128KB

Download
memory/1624-1011-0x00007FF89BC60000-0x00007FF89BC80000-memory.dmp

Filesize
128KB

Download
memory/1624-1009-0x00007FF89BB30000-0x00007FF89BB40000-memory.dmp

Filesize
64KB

Download
memory/1624-1028-0x00007FF89D0E0000-0x00007FF89D0E7000-memory.dmp

Filesize
28KB

Download
memory/1624-1029-0x00007FF89D0E0000-0x00007FF89D0E7000-memory.dmp

Filesize
28KB

Download
memory/1624-1005-0x00007FF89F3D0000-0x00007FF89F3D1000-memory.dmp

Filesize
4KB

Download
memory/1624-1008-0x00007FF89BB30000-0x00007FF89BB40000-memory.dmp

Filesize
64KB

Download
memory/1624-1026-0x00007FF89D0E0000-0x00007FF89D0E7000-memory.dmp

Filesize
28KB

Download
memory/1624-1007-0x00007FF89BA50000-0x00007FF89BA60000-memory.dmp

Filesize
64KB

Download
memory/1624-1006-0x00007FF89BA50000-0x00007FF89BA60000-memory.dmp

Filesize
64KB

Download
memory/1624-1004-0x00007FF89DDE0000-0x00007FF89DDEA000-memory.dmp

Filesize
40KB

Download
memory/1624-1031-0x00007FF89C6D0000-0x00007FF89C6E0000-memory.dmp

Filesize
64KB

Download
memory/1624-1032-0x00007FF89C7C0000-0x00007FF89C7D0000-memory.dmp

Filesize
64KB

Download
memory/1624-1003-0x00007FF89DD40000-0x00007FF89DD50000-memory.dmp

Filesize
64KB

Download
memory/1624-1001-0x00007FF89DD40000-0x00007FF89DD50000-memory.dmp

Filesize
64KB

Download
memory/1624-1002-0x00007FF89DD40000-0x00007FF89DD50000-memory.dmp

Filesize
64KB

Download
memory/1624-1033-0x00007FF89C7C0000-0x00007FF89C7D0000-memory.dmp

Filesize
64KB

Download
memory/1624-999-0x00007FF89DD20000-0x00007FF89DD30000-memory.dmp

Filesize
64KB

Download
memory/1624-1000-0x00007FF89DD40000-0x00007FF89DD50000-memory.dmp

Filesize
64KB

Download
memory/1624-998-0x00007FF89DD20000-0x00007FF89DD30000-memory.dmp

Filesize
64KB

Download
memory/1624-996-0x00007FF89DCA0000-0x00007FF89DCB0000-memory.dmp

Filesize
64KB

Download
memory/1624-997-0x00007FF89DCA0000-0x00007FF89DCB0000-memory.dmp

Filesize
64KB

Download
memory/1624-1030-0x00007FF89C6D0000-0x00007FF89C6E0000-memory.dmp

Filesize
64KB

Download
memory/1624-1035-0x00007FF89C7F0000-0x00007FF89C820000-memory.dmp

Filesize
192KB

Download
memory/1624-1034-0x00007FF89C7F0000-0x00007FF89C820000-memory.dmp

Filesize
192KB

Download
memory/1624-1036-0x00007FF89C7F0000-0x00007FF89C820000-memory.dmp

Filesize
192KB

Download
memory/1624-1038-0x00007FF89C7F0000-0x00007FF89C820000-memory.dmp

Filesize
192KB

Download
memory/1624-1039-0x00007FF89C890000-0x00007FF89C899000-memory.dmp

Filesize
36KB

Download
memory/1624-1037-0x00007FF89C7F0000-0x00007FF89C820000-memory.dmp

Filesize
192KB

Download
memory/1624-993-0x00007FF89F530000-0x00007FF89F550000-memory.dmp

Filesize
128KB

Download
memory/1624-995-0x00007FF89F5B0000-0x00007FF89F5BB000-memory.dmp

Filesize
44KB

Download
memory/1624-994-0x00007FF89F530000-0x00007FF89F550000-memory.dmp

Filesize
128KB

Download
memory/1624-992-0x00007FF89F530000-0x00007FF89F550000-memory.dmp

Filesize
128KB

Download
memory/1624-991-0x00007FF89F530000-0x00007FF89F550000-memory.dmp

Filesize
128KB

Download
memory/1624-990-0x00007FF89F530000-0x00007FF89F550000-memory.dmp

Filesize
128KB

Download
memory/1624-989-0x00007FF89F3E0000-0x00007FF89F3F0000-memory.dmp

Filesize
64KB

Download
memory/1624-988-0x00007FF89F3E0000-0x00007FF89F3F0000-memory.dmp

Filesize
64KB

Download
memory/1624-982-0x0000021E6B210000-0x0000021E6B211000-memory.dmp

Filesize
4KB

Download
memory/1624-1040-0x00007FF89C4B0000-0x00007FF89C4CE000-memory.dmp

Filesize
120KB

Download
memory/1624-1041-0x00007FF89C4B0000-0x00007FF89C4CE000-memory.dmp

Filesize
120KB

Download
memory/1624-1043-0x00007FF89C4B0000-0x00007FF89C4CE000-memory.dmp

Filesize
120KB

Download
memory/1624-1042-0x00007FF89C4B0000-0x00007FF89C4CE000-memory.dmp

Filesize
120KB

Download
memory/1624-1044-0x00007FF89C4B0000-0x00007FF89C4CE000-memory.dmp

Filesize
120KB

Download
memory/1624-1045-0x00007FF89F3D0000-0x00007FF89F3D1000-memory.dmp

Filesize
4KB

Download
memory/1624-1048-0x00007FF89F530000-0x00007FF89F550000-memory.dmp

Filesize
128KB

Download
memory/1624-1049-0x00007FF89F530000-0x00007FF89F550000-memory.dmp

Filesize
128KB

Download
memory/1624-1047-0x00007FF89F3F0000-0x00007FF89F4F0000-memory.dmp

Filesize
1024KB

Download
memory/1624-1050-0x00007FF89F530000-0x00007FF89F550000-memory.dmp

Filesize
128KB

Download
memory/1624-1052-0x00007FF89C6E0000-0x00007FF89C7C0000-memory.dmp

Filesize
896KB

Download
memory/1624-1061-0x0000021E6B210000-0x0000021E6B211000-memory.dmp

Filesize
4KB

Download
memory/2960-1223-0x00007FF89F3D0000-0x00007FF89F3D1000-memory.dmp

Filesize
4KB

Download
memory/4692-1303-0x00007FF89F3D0000-0x00007FF89F3D1000-memory.dmp

Filesize
4KB

Download
memory/4764-1072-0x00007FF89F3D0000-0x00007FF89F3D1000-memory.dmp

Filesize
4KB

Download