Analysis
-
max time kernel
1799s -
max time network
1802s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29-04-2024 13:44
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry 2 TTPs 7 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" setup.exe -
Sets file execution options in registry 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation MicrosoftEdgeUpdate.exe -
Executes dropped EXE 48 IoCs
pid Process 228 RobloxPlayerInstaller.exe 2792 MicrosoftEdgeWebview2Setup.exe 216 MicrosoftEdgeUpdate.exe 4732 MicrosoftEdgeUpdate.exe 2024 MicrosoftEdgeUpdate.exe 2900 MicrosoftEdgeUpdateComRegisterShell64.exe 2420 MicrosoftEdgeUpdateComRegisterShell64.exe 4588 MicrosoftEdgeUpdateComRegisterShell64.exe 4392 MicrosoftEdgeUpdate.exe 860 MicrosoftEdgeUpdate.exe 3756 MicrosoftEdgeUpdate.exe 1956 MicrosoftEdgeUpdate.exe 4100 MicrosoftEdge_X64_124.0.2478.67.exe 4328 setup.exe 3588 setup.exe 2688 MicrosoftEdgeUpdate.exe 1288 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 2012 RobloxPlayerBeta.exe 1804 RobloxPlayerBeta.exe 628 RobloxPlayerBeta.exe 3460 MicrosoftEdgeUpdate.exe 1564 MicrosoftEdgeUpdate.exe 2304 BGAUpdate.exe 4892 MicrosoftEdgeUpdate.exe 4436 MicrosoftEdgeUpdate.exe 3636 MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe 1896 MicrosoftEdgeUpdate.exe 3808 MicrosoftEdgeUpdate.exe 4412 MicrosoftEdgeUpdate.exe 4976 MicrosoftEdgeUpdate.exe 1708 MicrosoftEdgeUpdateComRegisterShell64.exe 4160 MicrosoftEdgeUpdateComRegisterShell64.exe 944 MicrosoftEdgeUpdateComRegisterShell64.exe 3392 MicrosoftEdgeUpdate.exe 1256 MicrosoftEdgeUpdate.exe 752 MicrosoftEdgeUpdate.exe 1848 MicrosoftEdgeUpdate.exe 4724 MicrosoftEdge_X64_124.0.2478.67.exe 816 setup.exe 2268 setup.exe 2792 setup.exe 116 setup.exe 1644 setup.exe 1148 setup.exe 1536 MicrosoftEdgeUpdate.exe -
Loads dropped DLL 47 IoCs
pid Process 216 MicrosoftEdgeUpdate.exe 4732 MicrosoftEdgeUpdate.exe 2024 MicrosoftEdgeUpdate.exe 2900 MicrosoftEdgeUpdateComRegisterShell64.exe 2024 MicrosoftEdgeUpdate.exe 2420 MicrosoftEdgeUpdateComRegisterShell64.exe 2024 MicrosoftEdgeUpdate.exe 4588 MicrosoftEdgeUpdateComRegisterShell64.exe 2024 MicrosoftEdgeUpdate.exe 4392 MicrosoftEdgeUpdate.exe 860 MicrosoftEdgeUpdate.exe 3756 MicrosoftEdgeUpdate.exe 3756 MicrosoftEdgeUpdate.exe 860 MicrosoftEdgeUpdate.exe 1956 MicrosoftEdgeUpdate.exe 2688 MicrosoftEdgeUpdate.exe 1288 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 2012 RobloxPlayerBeta.exe 1804 RobloxPlayerBeta.exe 628 RobloxPlayerBeta.exe 3460 MicrosoftEdgeUpdate.exe 1564 MicrosoftEdgeUpdate.exe 1564 MicrosoftEdgeUpdate.exe 3460 MicrosoftEdgeUpdate.exe 4892 MicrosoftEdgeUpdate.exe 4436 MicrosoftEdgeUpdate.exe 4436 MicrosoftEdgeUpdate.exe 1896 MicrosoftEdgeUpdate.exe 3808 MicrosoftEdgeUpdate.exe 4412 MicrosoftEdgeUpdate.exe 4976 MicrosoftEdgeUpdate.exe 1708 MicrosoftEdgeUpdateComRegisterShell64.exe 4976 MicrosoftEdgeUpdate.exe 4160 MicrosoftEdgeUpdateComRegisterShell64.exe 4976 MicrosoftEdgeUpdate.exe 944 MicrosoftEdgeUpdateComRegisterShell64.exe 4976 MicrosoftEdgeUpdate.exe 3392 MicrosoftEdgeUpdate.exe 1256 MicrosoftEdgeUpdate.exe 752 MicrosoftEdgeUpdate.exe 752 MicrosoftEdgeUpdate.exe 1256 MicrosoftEdgeUpdate.exe 1848 MicrosoftEdgeUpdate.exe 1536 MicrosoftEdgeUpdate.exe -
Registers COM server for autorun 1 TTPs 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\PdfPreview\\PdfPreviewHandler.dll" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_helper.exe\"" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" setup.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\notification_click_helper.exe" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA4344C9-31F7-44C1-9802-7F90B352D5C5}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=437965BB3C244275AABA892D0F36CD4D" BGAUpdate.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerInstaller.exe -
Installs/modifies Browser Helper Object 2 TTPs 8 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" setup.exe -
Checks system information in the registry 2 TTPs 30 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk setup.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs
pid Process 1288 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
pid Process 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\mr.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\fonts\GrenzeGotisch-Bold.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\Controls\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ViewSelector\right_zh_cn.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\ExtraContent\textures\ui\LuaApp\icons\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\hu.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\TagEditor\TagEditorPluginIcon.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\VoiceChat\MicLight\Unmuted60.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\fi.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_15.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\identity_proxy\win10\identity_helper.Sparse.Canary.msix setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\StudioToolbox\AssetConfig\public.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\TerrainTools\mtrl_leafygrass.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\Controls\PlayStationController\ButtonR3.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\PlatformContent\pc\textures\marble\normaldetail.dds RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\PlatformContent\pc\textures\water\normal_01.dds RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\icon_friends_16.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\PlatformContent\pc\textures\sky\sky512_rt.tex RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Locales\uk.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\tr.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\fonts\DenkOne-Regular.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\MaterialGenerator\Materials\Grass.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\Emotes\Small\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\WindControl\ArrowUp.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Trust Protection Lists\Mu\TransparentAdvertisers setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\fonts\families\Fondamento.json RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\StudioToolbox\AssetPreview\pause_button.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\Controls\DefaultController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\ExtraContent\textures\ui\LuaApp\icons\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\mojo_core.dll setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\PurchasePrompt\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\VoiceChat\SpeakerDark\Unmuted20.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\Temp\EUD267.tmp\msedgeupdateres_nl.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\AnimationEditor\icon_delete.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\RoactStudioWidgets\slider_caret_disabled.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\Temp\EUD267.tmp\msedgeupdateres_zh-TW.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\Controls\XboxController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\id.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\kk.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\sky\moon.jpg RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\AnimationEditor\img_key_indicator_border.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\DeveloperFramework\checkbox_unchecked_dark.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\chat_teamButton.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\Controls\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Locales\lt.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Trust Protection Lists\Sigma\Analytics setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\MaterialGenerator\Materials\Mud.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\icon_premium-16.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\Settings\Help\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\ExtraContent\textures\ui\LuaChat\graphic\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\fonts\LuckiestGuy-Regular.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\DeveloperFramework\icon_backward.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\GameSettings\search.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\ExtraContent\textures\ui\LuaChat\9-slice\tag-bubble.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\Trust Protection Lists\Mu\LICENSE setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\fonts\Montserrat-Medium.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\GameSettings\friendsIcon.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\StudioSharedUI\audio.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\Modal.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\VoiceChat\MicDark\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\Controls\PlayStationController\PS5\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\content\textures\ui\PerformanceStats\TargetFiller.png RobloxPlayerInstaller.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} setup.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute setup.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" setup.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" setup.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge setup.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588718960361429" chrome.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VersionIndependentProgID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{69E11C9D-4974-41A2-B067-9F26953CF52A}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.29\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database\Content Type\ setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "Update3COMClass" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\LocalService = "edgeupdate" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ie_to_edge_bho.dll\AppID = "{31575964-95F7-414B-85E4-0E9A93699E13}" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LOCALSERVER32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationCompany = "Microsoft Corporation" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT\shell\runas\command setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\ = "Microsoft Edge Update Broker Class Factory" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.67\\BHO\\ie_to_edge_bho_64.dll" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{BA4344C9-31F7-44C1-9802-7F90B352D5C5}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} MicrosoftEdgeUpdateComRegisterShell64.exe -
Suspicious behavior: EnumeratesProcesses 48 IoCs
pid Process 3912 chrome.exe 3912 chrome.exe 4812 chrome.exe 4812 chrome.exe 228 RobloxPlayerInstaller.exe 228 RobloxPlayerInstaller.exe 216 MicrosoftEdgeUpdate.exe 216 MicrosoftEdgeUpdate.exe 216 MicrosoftEdgeUpdate.exe 216 MicrosoftEdgeUpdate.exe 216 MicrosoftEdgeUpdate.exe 216 MicrosoftEdgeUpdate.exe 1288 RobloxPlayerBeta.exe 1288 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 2012 RobloxPlayerBeta.exe 2012 RobloxPlayerBeta.exe 2012 RobloxPlayerBeta.exe 2012 RobloxPlayerBeta.exe 1804 RobloxPlayerBeta.exe 1804 RobloxPlayerBeta.exe 1804 RobloxPlayerBeta.exe 1804 RobloxPlayerBeta.exe 628 RobloxPlayerBeta.exe 628 RobloxPlayerBeta.exe 628 RobloxPlayerBeta.exe 628 RobloxPlayerBeta.exe 3460 MicrosoftEdgeUpdate.exe 3460 MicrosoftEdgeUpdate.exe 3460 MicrosoftEdgeUpdate.exe 3460 MicrosoftEdgeUpdate.exe 4436 MicrosoftEdgeUpdate.exe 4436 MicrosoftEdgeUpdate.exe 3808 MicrosoftEdgeUpdate.exe 3808 MicrosoftEdgeUpdate.exe 1256 MicrosoftEdgeUpdate.exe 1256 MicrosoftEdgeUpdate.exe 1256 MicrosoftEdgeUpdate.exe 1256 MicrosoftEdgeUpdate.exe 1644 setup.exe 1644 setup.exe 752 MicrosoftEdgeUpdate.exe 752 MicrosoftEdgeUpdate.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
pid Process 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe Token: SeShutdownPrivilege 3912 chrome.exe Token: SeCreatePagefilePrivilege 3912 chrome.exe -
Suspicious use of FindShellTrayWindow 38 IoCs
pid Process 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe 3912 chrome.exe -
Suspicious use of UnmapMainImage 7 IoCs
pid Process 1288 RobloxPlayerBeta.exe 1428 RobloxPlayerBeta.exe 5024 RobloxPlayerBeta.exe 4888 RobloxPlayerBeta.exe 2012 RobloxPlayerBeta.exe 1804 RobloxPlayerBeta.exe 628 RobloxPlayerBeta.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3912 wrote to memory of 2732 3912 chrome.exe 84 PID 3912 wrote to memory of 2732 3912 chrome.exe 84 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 2440 3912 chrome.exe 87 PID 3912 wrote to memory of 1104 3912 chrome.exe 88 PID 3912 wrote to memory of 1104 3912 chrome.exe 88 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 PID 3912 wrote to memory of 1600 3912 chrome.exe 89 -
System policy modification 1 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" setup.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/search?kgmid=/m/045c7b&hl=en-US&q=Google&kgs=aaa6c4dde0a95d37&shndl=17&source=sh/x/kp/osrp/m5/11⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3912 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5a3dab58,0x7ffe5a3dab68,0x7ffe5a3dab782⤵PID:2732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:22⤵PID:2440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:1104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:1600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:5032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:3324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4012 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:1576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4180 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:2432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4524 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:4452
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:1124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3132 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:5044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4172 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:3688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4968 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:4796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4696 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:4412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3168 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=device.mojom.XRDeviceService --lang=en-US --service-sandbox-type=xr_compositing --mojo-platform-channel-handle=3460 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:1084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:1996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4168 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:4660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4376 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:1560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:3056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=device.mojom.XRDeviceService --lang=en-US --service-sandbox-type=xr_compositing --mojo-platform-channel-handle=5488 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:1928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4612 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1648 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:4336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4588 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:4748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:4736
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5068 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:1952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:2340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2276 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:4100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=device.mojom.XRDeviceService --lang=en-US --service-sandbox-type=xr_compositing --mojo-platform-channel-handle=4848 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5728 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4304 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:1784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:4632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5956 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6072 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:3244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4636 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:4532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:2868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3580 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:3160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5988 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:4896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5864 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:5060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4360 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:1920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5596 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:3228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4292 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:4976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:2912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6020 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:1508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6120 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:2628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:5024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6000 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:2056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3580 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:2256
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:1124
-
-
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:228 -
C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeWebview2Setup.exe /silent /install3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2792 -
C:\Program Files (x86)\Microsoft\Temp\EUD267.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUD267.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"4⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
PID:216 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4732
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2024 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2900
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2420
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4588
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUVFQzI0NzMtQjM5OC00RTE5LTg4MjUtNDU1MTVFQTQ0NzE1fSIgdXNlcmlkPSJ7NzM4QjA2QkYtQjI5OS00MDZBLUI0REMtNDU3Q0I0NjI1NjQ2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4NUJBRUIyNC0wQjNCLTQ1RjQtOEY1NS0xRTg2MjhFNkQ1Qzd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODIzMzIzNTExIiBpbnN0YWxsX3RpbWVfbXM9IjQwNiIvPjwvYXBwPjwvcmVxdWVzdD45⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:4392
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{EEEC2473-B398-4E19-8825-45515EA44715}" /silent5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:860
-
-
-
-
C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe" -app -isInstallerLaunch3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:1288
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6296 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:4224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:4232
-
-
C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:fjJ7GBZ9vfsFk11AR88ic7EYfi29doIrLU57bqZ92U3rUZpHO5CuBQhZQQu3LeblVzi28lJKnodiOPaJdQXO5XCTL7g-cc4UgB-pPcv4snnXT5IRHAzN0mIEheFkz0RHx275lIgB-EnEB6_60v9nOcVRpeNs5GpCElL1mKwGzY_8mLikJ89FNHTs32kYtR6_ntMUYnHVt6p_Vtm46WaUfF2GROTskgXjMk5LSbUp4G4+launchtime:1714398832054+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1714398656959005%26placeId%3D1537690962%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dc1ccbafb-ff27-46d0-92ac-b9e5e9ddfc76%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1714398656959005+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:1428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6728 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:2468
-
-
C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:fh_azOapYf6e1niYMpv3AWXONd60ygd1cC7NedQfTSif11Tyc1s0lABI2yYKeT9_744P1-u14WrVJqB0Hc2Re3CdgrGCs2TwM0Jb8H-XeYQQYCVX-evPm8xP-xmmf_MnE6sB62PmEXsFpLwNw4FjoOH01-7DzkDh_YXxXTDeOwFJY1V7J3afHmnv6PmaMTc9-j_O0LTo2ycTRhtpQfCvYeYYWiD1xPWOisfhDD1PTJA+launchtime:1714398832054+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1714398656959005%26placeId%3D1537690962%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dc1ccbafb-ff27-46d0-92ac-b9e5e9ddfc76%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1714398656959005+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:5024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6132 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:784
-
-
C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:0eDmAuJ6nfPdp7CzrqgkzS-44rwZdu9DoCNaotaA8-EiW2W0djErYr-KpA8cwB5Yc8xnpXkn0p8fdz70pA-fX30z6CuFEMuTnRLWaWdOr89rww2fZaqW8GwQNR3_G1W7pOvhoOdksDdAZlIYvwMbL6CzjsG36OdDFA8Od8Yufg3psBcJewJWhMWX_Tyok0NWyD-7HDo6jjBZgyzlqsIc5qZnzjSKYFsw5PeGY2MPiwA+launchtime:1714398832054+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1714398656959005%26placeId%3D1537690962%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dc1ccbafb-ff27-46d0-92ac-b9e5e9ddfc76%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1714398656959005+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:1804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6728 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:2632
-
-
C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:tlVhuISn3SQX4t6wlLq6fIQkUGu5HAlJA82VgdeLbDPw2voHBvL2ImGoza1Z202NPQM9smEC3vYbcExhYkGgB5NbdOzaidSEMrts0ShjiIaG4E9X8cHsgKFi4tRrykeT2qpQFeLwa576zNwc_pZeTcxTYDlKtfMeRIHNDnEIJJTunAXyRErOngCNBoChrfmit29jWi2hqFXqUbJcTdY4WltFKOH1t6BEa5KFDoxNKVg+launchtime:1714399078131+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1714398656959005%26placeId%3D1537690962%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D002e6b63-2f2f-429d-9c73-00a8082339e5%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1714398656959005+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6752 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:3000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6676 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:12⤵PID:4728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6780 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:2936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7080 --field-trial-handle=1896,i,671468440166685400,17571618260807996779,131072 /prefetch:82⤵PID:4412
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1384
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4c4 0x3f81⤵PID:816
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:3756 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUVFQzI0NzMtQjM5OC00RTE5LTg4MjUtNDU1MTVFQTQ0NzE1fSIgdXNlcmlkPSJ7NzM4QjA2QkYtQjI5OS00MDZBLUI0REMtNDU3Q0I0NjI1NjQ2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxNkZCQjBCMi1GRUM4LTRDRTctQkExNS02NUMzNEU0M0IyQkJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODI3MjUzNTA5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1956
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47BB8A8-EB60-42E6-8284-BF29C527049F}\MicrosoftEdge_X64_124.0.2478.67.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47BB8A8-EB60-42E6-8284-BF29C527049F}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:4100 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47BB8A8-EB60-42E6-8284-BF29C527049F}\EDGEMITMP_497EE.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47BB8A8-EB60-42E6-8284-BF29C527049F}\EDGEMITMP_497EE.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47BB8A8-EB60-42E6-8284-BF29C527049F}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4328 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47BB8A8-EB60-42E6-8284-BF29C527049F}\EDGEMITMP_497EE.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47BB8A8-EB60-42E6-8284-BF29C527049F}\EDGEMITMP_497EE.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C47BB8A8-EB60-42E6-8284-BF29C527049F}\EDGEMITMP_497EE.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x108,0x104,0x100,0x258,0xfc,0x7ff7e43688c0,0x7ff7e43688cc,0x7ff7e43688d84⤵
- Executes dropped EXE
PID:3588
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUVFQzI0NzMtQjM5OC00RTE5LTg4MjUtNDU1MTVFQTQ0NzE1fSIgdXNlcmlkPSJ7NzM4QjA2QkYtQjI5OS00MDZBLUI0REMtNDU3Q0I0NjI1NjQ2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDOEMyNDIyQi01RjNELTRCRTAtOTVBQy1FMUU0OTYxQkFGNUR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA4MzgxMjM2NzEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDgzODE1MzY3NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMDY5NzkzNTM2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xMzFiZDVkNy05YzY1LTQ3NmEtOTA3NS1lMjQ5NGY4ZGE5ZTQ_UDE9MTcxNTAwMzcwNSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1tb2NNTzJlV3RrU2VRQVY3T25KdUVuOW1Ma2dMb2lzdTRCY1kzSXBCb00lMmZMTmRPUzBDbEhjWSUyZmlIOWZqRGJvbkd6SXpObGI2cjVUJTJiTXlvUXhGODBadyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgZG93bmxvYWRfdGltZV9tcz0iMTY3OTYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTA2OTk4MzY3MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMDg0MDkzNTI0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTUzNzQxMzUwOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjcxMiIgZG93bmxvYWRfdGltZV9tcz0iMjMxNzciIGRvd25sb2FkZWQ9IjE3MjcyMzc2OCIgdG90YWw9IjE3MjcyMzc2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDUzMjgiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:2688
-
-
C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4888
-
C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\RobloxPlayerBeta.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:2012
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
PID:3460
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:1564 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4B0A5DFA-F340-4DA0-A12E-1C77BE682BB5}\BGAUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4B0A5DFA-F340-4DA0-A12E-1C77BE682BB5}\BGAUpdate.exe" --edgeupdate-client --system-level2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2304
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzFBN0JCQjUtMTdFQy00RjY3LTgwOTUtMTNGNEUxQzJFQTc0fSIgdXNlcmlkPSJ7NzM4QjA2QkYtQjI5OS00MDZBLUI0REMtNDU3Q0I0NjI1NjQ2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCMUEzQjdCQy04MEU5LTREQTctOUI4Mi0zRTRGMTg3RDU2RDZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzQiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzgzMDc5Nzk4OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzODMwOTUzOTczIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NDMzNzUyMjg2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MTUwMDQwMDQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZHZIRXhqVG05JTJmRzFYS1RRbXZhTWkxSXhsYmwlMmZVZ2hoU2NOdUtkN2dGdnJxWjFud3ZjYmZxb0E4RlJrbUlqSUtoeWZKTTVzbjJZNFh5RGFzYUYlMmZqUUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMTUiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDQzMzc1MjI4NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MTUwMDQwMDQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZHZIRXhqVG05JTJmRzFYS1RRbXZhTWkxSXhsYmwlMmZVZ2hoU2NOdUtkN2dGdnJxWjFud3ZjYmZxb0E4RlJrbUlqSUtoeWZKTTVzbjJZNFh5RGFzYUYlMmZqUUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBkb3dubG9hZF90aW1lX21zPSI1NTg3MyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NDMzOTA4MzAxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQ0Mzk4NDYwMTkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDQ0MTI1MjExMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijg5MCIgZG93bmxvYWRfdGltZV9tcz0iNjAyODAiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjE0MSIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:4892
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:4436 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0828C763-AB66-4B3D-9E33-A10C8936AD6D}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0828C763-AB66-4B3D-9E33-A10C8936AD6D}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{5AED3171-4B20-4521-9197-0A395685AF5B}"2⤵
- Executes dropped EXE
PID:3636 -
C:\Program Files (x86)\Microsoft\Temp\EUA426.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUA426.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{5AED3171-4B20-4521-9197-0A395685AF5B}"3⤵
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
PID:3808 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4412
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4976 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1708
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4160
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:944
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUFFRDMxNzEtNEIyMC00NTIxLTkxOTctMEEzOTU2ODVBRjVCfSIgdXNlcmlkPSJ7NzM4QjA2QkYtQjI5OS00MDZBLUI0REMtNDU3Q0I0NjI1NjQ2fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NkJBMjFFMzgtNzQ1RC00MjM2LUIzMDYtNjA0RTU0REFFNkVCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjI5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzE0MTM0OTMzIj48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDYzNjgxMTE1NSIvPjwvYXBwPjwvcmVxdWVzdD44⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:3392
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUFFRDMxNzEtNEIyMC00NTIxLTkxOTctMEEzOTU2ODVBRjVCfSIgdXNlcmlkPSJ7NzM4QjA2QkYtQjI5OS00MDZBLUI0REMtNDU3Q0I0NjI1NjQ2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2RTFEQTY3Ri05NTI2LTQxMEEtOUZCRi02MTI0OTFFMjlDOEV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iSXNPbkludGVydmFsQ29tbWFuZHNBbGxvd2VkPS10YXJnZXRfZGV2O1Byb2R1Y3RzVG9SZWdpc3Rlcj0lN0IxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDAlN0QiIGluc3RhbGxhZ2U9IjMiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NjA4MzczNzQ3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NjA4MzczNzQ3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDYyMjkwNDgwOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzE1MDA0MDgyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWZxQkpIYUJWS0laTyUyYlFrRlBuMW5sY1FNRVlHSmZDUHBJdEhBanl5TzdnOEFLYkIlMmIlMmZTaFZEOUdCYXN3VWRFRXBhcSUyYkRGY0ZSVk9RWlJjSTl5djVlJTJidyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NjIyOTA0ODA5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy83MmVkODA4Ny1lZTk4LTQyOWMtOTMzMC1jYTNjMTkzZDQxYWY_UDE9MTcxNTAwNDA4MiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1mcUJKSGFCVktJWk8lMmJRa0ZQbjFubGNRTUVZR0pmQ1BwSXRIQWp5eU83ZzhBS2JCJTJiJTJmU2hWRDlHQmFzd1VkRUVwYXElMmJERmNGUlZPUVpSY0k5eXY1ZSUyYnclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjMwNzkyIiB0b3RhbD0iMTYzMDc5MiIgZG93bmxvYWRfdGltZV9tcz0iMTM3NSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDYyMjkwNDgwOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDYyODIxNzczOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9IjMiIHJkPSI2MzI1IiBwaW5nX2ZyZXNobmVzcz0iezdFN0Q4QTRGLUQwMzktNDM1RS05MjlCLUIyNTUzMEY5MjUwNX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMyIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTg2MTI0MDA4NDc1NDcwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iMyIgcj0iMyIgYWQ9IjYzMjUiIHJkPSI2MzI1IiBwaW5nX2ZyZXNobmVzcz0iezMyRDU4RDM0LUYyMDMtNEI2NS05M0YwLTEyNDZENjBCMkM1Mn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzI4Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7NEU5NkUwMUUtNEE5OS00Qjg3LUI0RTgtOTFEMjUxRjFGMEM0fSIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1896
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1256
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:752 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUJFNjgxM0MtRTY0OC00NTMxLTgxNzUtNTQ0NDQwRDFDRkFCfSIgdXNlcmlkPSJ7NzM4QjA2QkYtQjI5OS00MDZBLUI0REMtNDU3Q0I0NjI1NjQ2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MDcwMzZFQTQtQUNDNC00OUFBLUExM0QtNDQ0NUQ4RDU0QTk4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0R4T2JqSEdhK25SYTJhdEMzd28rSUVwQzc4K1pZZUFVYmtYcERDMmNqN1U9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQxMzU5NDUiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1ODYwODUzMzAwMDAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MzI0IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzcwNzIzMjU1MyIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1848
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\MicrosoftEdge_X64_124.0.2478.67.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable2⤵
- Executes dropped EXE
PID:4724 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\EDGEMITMP_892DF.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\EDGEMITMP_892DF.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Registers COM server for autorun
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
PID:816 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\EDGEMITMP_892DF.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\EDGEMITMP_892DF.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\EDGEMITMP_892DF.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7331c88c0,0x7ff7331c88cc,0x7ff7331c88d84⤵
- Executes dropped EXE
PID:2268
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\EDGEMITMP_892DF.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\EDGEMITMP_892DF.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:2792 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\EDGEMITMP_892DF.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\EDGEMITMP_892DF.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\EDGEMITMP_892DF.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7331c88c0,0x7ff7331c88cc,0x7ff7331c88d85⤵
- Executes dropped EXE
PID:116
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1644 -
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7b65c88c0,0x7ff7b65c88cc,0x7ff7b65c88d85⤵
- Executes dropped EXE
PID:1148
-
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUJFNjgxM0MtRTY0OC00NTMxLTgxNzUtNTQ0NDQwRDFDRkFCfSIgdXNlcmlkPSJ7NzM4QjA2QkYtQjI5OS00MDZBLUI0REMtNDU3Q0I0NjI1NjQ2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins3NDBBODEwOC0wRDAxLTQ3RkUtOENCQS01OEJDN0NENTNFQkJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iMyIgY29ob3J0PSJycmZAMC44OSI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjMyOCIgcGluZ19mcmVzaG5lc3M9InszQkQ1OTUyMS05RUMwLTRDRTctOEFCRS1CNkZGM0Q0NzM2OUJ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIzIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTg2MTI0MDA4NDc1NDcwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzcyNTUxMzYzOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzcyNTY2OTc4MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzc1MTc2MzY2MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzc2NTIwMTU3MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTgxMTc4NDg1MjMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMzI4IiBkb3dubG9hZGVkPSIxNzI3MjM3NjgiIHRvdGFsPSIxNzI3MjM3NjgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjM1MjY1Ii8-PHBpbmcgYWN0aXZlPSIwIiByZD0iNjMyOCIgcGluZ19mcmVzaG5lc3M9IntGQzE4NkYzNi1FRkEyLTQ4NUYtODBERS1BMEI0RjRBNkNBODJ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNC4wLjI0NzguNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjMyOCIgY29ob3J0PSJycmZAMC40MCI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjMyOCIgcGluZ19mcmVzaG5lc3M9Ins1NkI3MzBGOC0wMURFLTRDQkEtOERDNS1GNkZEQ0RBNjAxQTR9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1536
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.8MB
MD5c31297188ec9fbaa60449f769339963e
SHA18502d9e0cef18137529f0a46ad6e69a1577e6cae
SHA2562e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9
SHA5129525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe
Filesize17.2MB
MD53f208f4e0dacb8661d7659d2a030f36e
SHA107fe69fd12637b63f6ae44e60fdf80e5e3e933ff
SHA256d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b
SHA5126c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\124.0.2478.67\MicrosoftEdge_X64_124.0.2478.67.exe
Filesize164.7MB
MD5dabc3160a804b9fadd89ceb0fcecf388
SHA1b52f15e866a18637683bdf0ea4eaa326b787396f
SHA25653eb39a92ee0d2eb94f6d33c015097bddd9cfe5c4129d3ac9a9facbfb5087bfe
SHA51274fc0f21d7cf99e07c079224e2af8a4a51bff98a97bc471cfedfbd3a28d3ee681fbd63fa7239948c3c0bf4f9af56dc582dd128f8c08b54cb73389e85f949f431
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
Filesize1.6MB
MD5b18c705b3c68cc49d9bf3649abc75c24
SHA16dc8963dea0f3185368790dee2a346301b4fa24c
SHA256c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa
SHA5127ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8222D5DA-D022-46F0-9AB6-62765D8EC987}\EDGEMITMP_892DF.tmp\SETUP.EX_
Filesize2.7MB
MD55070a34dbada1aaa375cc572b5fc7d0c
SHA1e74b7ef714755870976abe3d2b4a7db0b9cc21e5
SHA25603e7a32e1f10fced6a07dfa4e6cfd92510d4bf6929d423798e4fb5ca91fe6c20
SHA512fed3fcbb64a59070b0efd677ca2edc982d28e37cdf7283f2777af8aca7d3760a7eefb8d01b3c2bf4b4ec3708a74c3412f0dede91e31dca1b6f8a4e4edc673aa7
-
Filesize
12KB
MD5369bbc37cff290adb8963dc5e518b9b8
SHA1de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA2563d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA5124f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1
-
Filesize
179KB
MD57a160c6016922713345454265807f08d
SHA1e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA25635a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e
-
Filesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
Filesize
212KB
MD560dba9b06b56e58f5aea1a4149c743d2
SHA1a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA2564d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7
-
Filesize
257KB
MD5c044dcfa4d518df8fc9d4a161d49cece
SHA191bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA2569f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c
-
Filesize
4KB
MD56dd5bf0743f2366a0bdd37e302783bcd
SHA1e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA25691d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e
-
Filesize
2.0MB
MD5965b3af7886e7bf6584488658c050ca2
SHA172daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA5121c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4
-
Filesize
28KB
MD5567aec2d42d02675eb515bbd852be7db
SHA166079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA5123a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3
-
Filesize
24KB
MD5f6c1324070b6c4e2a8f8921652bfbdfa
SHA1988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA51263092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100
-
Filesize
26KB
MD5570efe7aa117a1f98c7a682f8112cb6d
SHA1536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA5125e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8
-
Filesize
28KB
MD5a8d3210e34bf6f63a35590245c16bc1b
SHA1f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA2563b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA5126e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a
-
Filesize
27KB
MD54a1e3cf488e998ef4d22ac25ccc520a5
SHA1dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA2569afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245
-
Filesize
5.1MB
MD5911c020a364b10fe1de664c01de4534c
SHA18731aee51722d2e1604864eb8f03abe3e6d35441
SHA256cb84418aa6ff71e927125f05cd74b10cef07b40fe19a17f9ba5c3bd57f2d9591
SHA5127e2c2259dde1fcb1a10a3864b1e24f892fb28d1c0a9a8b1b32d6b512d9f49b031cf6119f55dad008f0b2a5dc87ae606ee0c2918fdc44fc307d56bc933537db7b
-
C:\Program Files (x86)\Roblox\Versions\version-24872f7beace4d0a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
Filesize1.5MB
MD5610b1b60dc8729bad759c92f82ee2804
SHA19992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA5120614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4
-
Filesize
280B
MD5f1580e9f20d814b24617ce8a9773f6c5
SHA198fc29e7fef8e6e9c27bdcd80b8b70575d9046a7
SHA256124bd8140e942d0c89fbfcd3c1db87571cca992f09b40e40ed96a43bb38da250
SHA512da01c476e38a1a0ff19807602528a6bc8eb2071183abcb5dcd72930ad795578da920e9a83126a93bdd6960c94fe7a7faf09079214fd673419d71af63516ee558
-
Filesize
100KB
MD5427582a14b1f7b12aa3fc585f8ff3e42
SHA1534090d28514363bc3189049b4b08bd140d1e3ec
SHA2567dea13b69d4e9d2830fd694889e33e38160fc7a502658a5e21697a6fae7d4470
SHA512516e620cdc52cfa38e8bb98ca8ebacb88b6cd40d00e8b9e1e1c0b07d6f844e4b084be91a816818f10bbf842557a7551653d649d66cdda0b925c9388d5e92e085
-
Filesize
200KB
MD5a484f2f3418f65b8214cbcd3e4a31057
SHA15c002c51b67db40f88b6895a5d5caa67608a65ce
SHA25679cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6
SHA5120be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c
-
Filesize
34KB
MD51b15151f04072b735636f0f75b3396d0
SHA1e15192dcb3fcdcd3fddc9d4ef9d2abe1d1ae1543
SHA256a194407e7f1287b168f81d14402daddc04c97529d9af1eac407c1bf66c027ace
SHA512b2fa69c791e0689556443df38a178771e6484d847490266af415ba3bd3456a149cf02d6f6bbc00e3729a7889f22cac78a2c28bd429e9def80192d087d18e731a
-
Filesize
34KB
MD55764d7948f6c1253d76293a35691a746
SHA14b412294c701e5ef031061aace7f556911bdc2a8
SHA2564fa2cd6bf832e4dd7222530b2f21844e1105f4f333d72557d57cac9f24a69730
SHA512f9b5c789d6a06131001bff1fe5bee677105500ff74a5d038a84c40a2859f72d436b318fd6af75297a0a80d9edcbac158d9d4aa14ce251048708cd0ab3a96d109
-
Filesize
119KB
MD5fbd838466dc9788428a9d4fa8ccdff10
SHA125c93908a18ad24f7d32ebede8734c8ff55ccf90
SHA25618e2776260a39e8c37090037e2bd8ee8989fb08d0599504bd88b12ea8dc3ccb5
SHA512de3556c2e6ef3501719a53b59e21cb1eba8e9e939fba69de5f0a4d662608cc7c4689d0da292d5eb468375b93f448462ff97d838464648f99122c6831078c4ec2
-
Filesize
98KB
MD523a56506bd3524021b39ee0244cbdbaa
SHA15411a7184bd21fe9b6bbcbf90736dc30254b981e
SHA256bf9279e457c657be65a34db2f7b30ae6ecd40e8e61868176527767fee6ec7d4c
SHA512d9a688bb6a3febfe4e7e908c0755d009a103d99b03678a1c53191377359f7eb56d51e6834fae585d1d4d75448ff55ad3fdb005f382d3febc57194b2db9b09578
-
Filesize
29KB
MD58dc08524b631aaa76d2469552975682f
SHA1ba8cf0840520119fc58797b0530e98ed5916d4c3
SHA25633c83473a52658dc8cdabaac0d6f86dcb790ebf4ea17a53a034858bd802e6941
SHA512e609f67f618e87e4a88dd4f3953ade125809835eccda0621cc31336477aa726b98ca58b86c3b8a7bfca146c5275b2f8faa0e2ff28694c9c31ccf447298b6cee5
-
Filesize
87KB
MD5b0456b99f9e4f97a7036c416652b53ed
SHA1b7c13e3e04a282f173929966159fcff5d146521c
SHA256186a5a71995f40754a0b9042ed2399f4c085e1c038643bfea5d3b290ac34b7ff
SHA512e21595a46ca4c79389c88d6b47f13cfa8d774a682ca7051dc2ab1ff6152cd374752e5db3e7d960a23a7b05f2affd8fb191e72cdce587e2f1b84eba17a7d2e499
-
Filesize
49KB
MD520980bab135f476d48a3f69148762f28
SHA175394cf4059ccf01a554278c554a5610dcb9b73e
SHA256e4219e58333dbb133997b1fa9b51e906b464190beb8d206f0f39f1db909f95f4
SHA512ab291427fb1da8b8e6b47018d18de6b9267bceec59fea507cae5c43203e4099530e3a17a12d6840a231f9f5b3539dcf5a480573d61ddea14450dd48ba4caaf6d
-
Filesize
21KB
MD58904561783875be156c55708f34632b2
SHA1bf064a6c8bd16f1bbfe14e3919984948b6a7d39d
SHA25669e4943e6f952b304c4d11e422d015f2337f491dc109be9ece42f4bee33828ac
SHA512407c74d71199c82126b86715a32202d32a6704b34148b295098d3dec343d04643b0c6905e7ae480e98897d76924698813cb1d13c83ae8a475723192009bf43eb
-
Filesize
87KB
MD5a76576559187bd860a577710d26ae7b8
SHA11ec3012089a6ab4500df94db55ca692aa4f9e4af
SHA256f5ab38c1a17138815b290ecf011fa13f8182d229db71171768496c597731196b
SHA5129eadfe7959d2eb935c69db64bcc19605994394dd2c0611e82f0240e7543caf971fdf43a76d53b56493cfb9dd02b2a71439923744e9577af929ac6667e6ef9c39
-
Filesize
31KB
MD517d77d4f4b89495b263b9c3d6d91e1f7
SHA1b1ef1fbc9eee833a6b04aa57c535064469172115
SHA2562fb39785237113ec4eed896bcfa92540fa407dd33a6ee20710d1204f9b7d67c5
SHA51280ae8fd30ce1599970ada0001d4b0fc39966ac2a46925b64bfd9829ed90e1a6f58967817f15645cac51256921d741be5ff3f001372293ea0c2d99cc6fd7942a1
-
Filesize
76KB
MD586ad3d64665e79f482e5aca008dff829
SHA131564e4afa34c9accd422bf25d3c2bf9d55de26d
SHA256932a5e2548b1989c9ccc5def1b963e18d54db7a3c22ce0534915196f1489f017
SHA5120f9e240ba566cdf3f8e9791acfe19487ecdcb0837abd891117b411e2d515af946f9ef76b00a11202db29aa509d80c97c5603a11a791d67409731889a6a91308f
-
Filesize
40KB
MD5014146f2b1333cc13178da8e64b7a133
SHA16f8840aa60b0825bb6f0faa1d9fcc3a1debc3fbc
SHA256c21cc0e976dd2f9c434b046b564afe0944de5b67956af3c03442980441ecc60a
SHA512069ef3f6ca40be882148921663d2f3e9b559f2ef89457526c9281664015e8cc0241dee629a21dcd27fa4f65611389c35fb8ac958b7aa33354a303506824c0688
-
Filesize
66KB
MD52f00e4424409ee433260aafd63b465dd
SHA143c37bdd3784f1e4e04cecb08d13e0c62e319000
SHA2568238fea3585d4d3376c6888b5202fd26a7868d9d1225503dbea04463a04eaf0f
SHA51261e5be949c5b263fbe7c7c9d0ca31f1cf88f4d8d18621e8e553d4b6ff3917b723537ee53a0025b37474d41a7494b04c69692d2e6ceca7b3747e17d5392649075
-
Filesize
46KB
MD5d2b79a1d0bd90be2d432b7fbf831ec47
SHA15eed73092ede7dd2eebe1ac41072668ee46bba9e
SHA2563f9daaca584911b4dfa7e96539469abae7d6b95d24be11b9525ddf51c1707731
SHA5121d730dad5700403bea2c8b8a5ce526709298ada0cf0fb17af264d3ce153433640b31261362c9cf53f0c832a020ca95387368f6a0e3cfb75872f231890416cee0
-
Filesize
30KB
MD53738fae53a165cf966aa5d58a4b8e2d6
SHA113e60afb7d1cf08503e47fbe331084f3145fbe77
SHA2569b1647d4f752bba713bd4a11d9228ec5bb0ae7ca4af1ac78bf65fba3712da8e8
SHA51291ecce0f2a01d885a037746a17b0f11cda9de68a6b5a7a9eaaf013c92c53042da8e5b405ea778ea021465d8de76be18ef9f9fb919ef05298115f15f1c6b6079a
-
Filesize
318B
MD511ea25bbf48fe8ce45822b27915b9d01
SHA18cb1b8bd59ea985096e55223ec7cdd97c9e5986d
SHA256b933c1d55dc6da4ffadf32dfe7adb653edb8133f8c1569a7808811c5f4b52ab5
SHA5124acf07682b52a6c51a7ac9001e8d51410fc0d2699b004b020d265db67b1fa27988faef8d2e75376e64a447f98afd24e6a7e82bb5320b2d3d0d04f061c4c4f041
-
Filesize
139KB
MD5077e6aee37712e9f48d18500455f0a31
SHA113059d73be12f5aecd58c0b150e54f0054674731
SHA256af6d93dbdf4c1e1a48e63997037297926dbc94f0d2398d1e3d95daafbae5bdae
SHA512da14f54444cf4d3bf7240b499c1558167956fe58135a3ab0fc7bf806ceb1cd17648e8d23bb2a63ad70fb231a17bae763b4e648adcd4340def654966e39326dca
-
Filesize
7KB
MD5989c7dc3d0a2b9619f6837d81dabc5a9
SHA17e74cbf8d2acf6fba528822ae970dfd54ed3c7d9
SHA2563930a897c49ca6d1c8d24a30a2081f86a4a2f2e963c9a21708c9ec68bfb4251d
SHA51251f1eb7ba6d196739555476b763f66844b0d43cda9cf030ffa816b0b654e3d1f50fb5d3a2420aac926075deee1092b70c485e745f098db702b074eadccd58abc
-
Filesize
912B
MD55dec48479a88b56533ad582facab8ee0
SHA195c13c42b9f3b8a64dfc8cf52a6db860f715e9eb
SHA256b16beae1c2b4b6ea0da1ee3883850c8336cad65e436d79ed8a23ae4150df3236
SHA512f41d25db06eb01d1e3d524800711d3cd221529f25975432979c22f32683a643b43cd3d8b0e9a706f266b89d56fcefce339000bc77b65dc53513bba32ea7154b7
-
Filesize
5KB
MD56241b70548a45c351dc49fd52df7a3ae
SHA18a6e2b10194b77433366b9645646a352ef387792
SHA256d1f4f720c56c1dcc925a4c1f77bb94f9d98443b10801acfe3962c1fd90eb292c
SHA5128583add3b1076b7773d18bbdd0b9ccb72592bcdbfdada040e12bb193e0b0bf57b1ad3a263e09a4f61a0ba16e6a6e5922145b4b81f8acc704cd3989706878298f
-
Filesize
5KB
MD5ca8daecb9da4405b047bca0fc75081a3
SHA18bd3bf097c1cbfeabf137c55fa5eb031ce92de6f
SHA2564b3a9bbedea1817ac474708fd3a825cf3e03080aab079dd973a5cd3dab7e310e
SHA5120deb0e9e46ad85ab38004867dfbcd5c80eb78754a5a43fab5bb47a0449d7edadd5616737018b2d6a15ccc8923c080b20fe604c71d2249ba98abc86af0221837e
-
Filesize
4KB
MD5bbe2dc708869613761081a6c6d46ffb9
SHA1a70b408752925bb74db86ccaf11f9775f989b47c
SHA2564266a5f3d7aabfc066ad30cf46b6764fde68f76e7a0e83ac79308255d8265144
SHA51204742b48e2451229ea03359a392de1b4bda4557f590821a75a2d723a4fc9db0f11d31ddacf1d9955b59c87faafea4c393cc5371c7a6f2bc80eb4a9eb74c76dcb
-
Filesize
5KB
MD5df1ada4e6e966311f8437c31459dbcb1
SHA1c829afc32306fd12904074a52e3512bcf667a13b
SHA25671ae9cb0846a238f66cde371d0461e3278b786cd34bcb051b42102cc1b699750
SHA512ce33c27b72fc8df609e43820b0a13f76b61f63f5ff5f36e991f71077e7f586c3f52d324fa17484f5e7869bca5a10a75dd9d0a2fa7520477c9c6d32d63ee68e1c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.snapchat.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.snapchat.com_0.indexeddb.leveldb\LOG.old
Filesize391B
MD52002bc01e072acbadf39e03d54a58153
SHA181c8b7910a89c30decbdae82fa29a4a4a586512e
SHA25699b4515b262ae27a8318f2a143c2cc47365ba238f1dfc5afa4e66b08952e2e8b
SHA512152fcbf562b8b9c3a35da6e0c88ec86eba55558f34c755dced2d4bca24df41bd6a4117c83c41856f3bfe24c982b63e6244ac532623ea76d7d3540eaa2d8f696b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.snapchat.com_0.indexeddb.leveldb\LOG.old~RFe5ac536.TMP
Filesize351B
MD59808a49a0fda13e51a73f92e4c16ff0e
SHA1d5a7e633b029977f62b299c32625d5e48433c320
SHA2569ea378887dabca335548196125704925c19f22aad86a10e28248c974f91d1571
SHA512d271e1dc77eb4d8bb17a6d9725931b48bbc24574ca0d8d4fdfa5b2d90239f2eb235cfb8e39bb9a87f8d870f6a234a06016f94fc4b3b042014cc958fa5104e411
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.snapchat.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize387B
MD5692f6df70e0143a4c084c36606e36400
SHA1485c1705384a626ef6fe5e0544c8333e2d2d79e4
SHA25660e0a100b0dcb2dc20ccdfb07f72c9dcfcb59412cb6caf3e3272e0b096426bfa
SHA51216f68d0f154c4a62e4d7227ededd6a256545789d1cb9ebcaead4919d7f8018e77e5ae883a7ebf740945f0acad517216eeb24f49370e49e73af98c933d6ac56ce
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize387B
MD54f51352847b453eb87c9593a2228458c
SHA1b4e95be488c2691025fc49ff939452850170a44d
SHA256ce6ea9cc8fdaa51f3c9298199dfbaa9cfb0f2fdb7785d86df92cee1772212766
SHA5121d1e8b4849a7109a51c35221d59c1f525af26dfcecd8c94e4e8f55f2b2799dd17e663965ef4ea289cbde4d2a23a68809f591eae26a66685873d6105de860732c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize387B
MD5da19e1e6ab2b7de543bcb149824a3cd0
SHA178d28f2a18c7938d2fdc8b7e6f53ce8c99cfe12b
SHA2568f38bd6c5005d471dd0be8e1200e9f9ffe615219367cd0011f87bcf5944be0d5
SHA512d328410f36d92280cafe7bb5307bc5eb8557661710f3b8920999afc6e761316dce23f654f1f76557945e8b090ea5e9b2d9079b66470c8ba2408601edea2694e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5e6465.TMP
Filesize347B
MD5d00c23fcac048bed43e50b077063d7a0
SHA1ca389c0034289a5b3d4595d3b00b60fbd1fcfb92
SHA256c6535cb1af73388a5df6255012bcbd04531a3e3e198e34b637d41d8111701c6f
SHA51298e13a0e10de38ff2f65044f022ba3071791afa605021ec2732f550c1ff02ce89c1eefa9ddd89f5b961ad60745f04b49e9e24f2631a2c263361dfe3c4ded3e82
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1ce665d4-1cf0-4568-a1d1-9674f31fbd4c.tmp
Filesize7KB
MD5fc34260888c3fb8351388d4b18f5b6bd
SHA1866edfcf254bc373e97c7a15cb3c16517d063e41
SHA2565bfdbcee968f7bcd6dae741e0fcb893b4809140c115a7dddf3700f7f0e5490d3
SHA512e922e21d0b48d053e124b2bc88339c5b7be7161a335ed7adc3f97449f5f018a21ce84a373dd60e97588af16361db2ef7c79f963e6b11127a316a9bd642155a28
-
Filesize
8KB
MD52328944867847a1dfcef4c0683f23364
SHA1616ced6754924fce77c16ea59df006c07a27f65c
SHA256664d72cd089c73b7480122277f65c2047889fb06e830c87993ffbc4a0938a684
SHA512360b006531abb99394a9b22e71b621d9151e01b01c763213c7a3b7463280d8f656fd9e9d28216d71b8e1842d56fffa9dbd59fdf0e61cca36ddd1366c26da4880
-
Filesize
14KB
MD59a5b66e933c4b363989e1a72b9a52101
SHA1efef5ab6b3be7dda3a23fa87b389c6daa8c18b24
SHA256fa65d1f708ee9a9e97144d04d2761218dfd8116c8ba2dc41cc164174b2d8fc09
SHA512150b12632102a282ec12a76f4c47a3b4cb27e44d3f5b1f30ec9a45e0ae5a4108887d2e6ada9355a6003336f8887eb9e78e887914fc25bceb3e0f52f45d2721e0
-
Filesize
15KB
MD555ab772cb58e3726bd14b081de8128f5
SHA1de268f86f0afb637d26fe211d68ba736a64b81ff
SHA2562bfd08f1dc061ab9a09ddbe33f958208f18b48f55dfc372b97a9b9ed38fb5022
SHA512a469eaca4da490c53f41d10cf5d16e7ace14c7fa8bbcbc4ec0cb76df70db65ea11a227ab5b23a210a45137e319e24f77b1c3c35947c6462b3b23fbd2885c55c5
-
Filesize
5KB
MD582928ff4b7d4337a904128e1bf222703
SHA1aababf8c77bc3bef331fdc28cddb9e3a1cc73d6c
SHA256c0eaaa83e28f5c13ae331761d2020546eb7038d06458221a76dff371debe9cca
SHA512d4beb6e486b202ad510ceec23693d91bacc58c47cc0b86e856637039d17e531e3067a75e048007f68aa94d6e8368258a86cbbc5e1f7577870853ce569dbd7286
-
Filesize
6KB
MD55d335b610b810c2dcd99621c46ee2beb
SHA16abd0338917b3b973d0af0a7b6bd87ebdf5e205a
SHA256e98011f4f6087591632fe2046618ece60ef06ad23ff4a08bc84f4ef572d5038b
SHA5128f19e1422d732b16e2da112b3d42e5a5f681746eacb380bbc1e4d9acbce2c8cddd378dfe9b6f5f11fbe6ec8934c3e3d787db8cb0a37b2085de801ede688b953c
-
Filesize
6KB
MD5da31ac899c71a65af60d46832a6819d5
SHA15f4c3fc25b47f394758004202dbd2ea957daaaa5
SHA256afe440349de9656fb868c0535abb15625e9bae39da7f990d9197b8af11367df4
SHA512ffacee132913553ef8473dcb6a87d7577e18558dc951246252338d3aeecff9c5cef064b6b5dbd1138f98d027af5c6dbd25a878d6cae81dfaa8d109831acf4dcb
-
Filesize
6KB
MD547d78b1f72aae08dd1f7681f4a3f3cae
SHA1dd04a3009a42dac41c411edd99638252c7968d99
SHA25694b64f0458138fa7ba60fc491877cffcb5c2650620d7367df59c7440db7d027a
SHA5123a47d604d9f7ee3ae469a32618badf62828fbca4879cb2782d640d782c450fca892f6ef33f3edfe7e7c262ffa41a35247eb2ee32f08337250254962fdc671ebb
-
Filesize
9KB
MD55c1a27bd37b916e37f5280a574ed64a8
SHA18a2498fc8cfd88a973bd925cf2e56553c997a1e5
SHA25686de4a72dbb0dff994ae2435ae40aa814772d1db2c9ea9f409d29ec81a00e4d8
SHA5121046fb63bd8d892944b95425c7078307514140a7c7069f6177c782c48c0d746ed2b39b68d169fd5948d9bf09ad4505e619ee48c30c5a56454db3ee9d176eb671
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD55d59ba31ddd6256c2a52a12260d2b97c
SHA1efbea0ff5d3fddb25e30e1bb6b0c3c1c78a46bd6
SHA256dfca1a2bb4f9c8262d00d0041dab9b6160a7cc9d5aab4b7502be1fa99b016a5b
SHA51282d383c326f0719b5ff9359bfd600735e0c5dec86281eec714da53d6b339c14894e8d0fb6405eb3fe8b80b4e4f8fca7da4980bd31568ec41ebe4f7f336d27d9b
-
Filesize
7KB
MD5ed022e04c4be6ee1e1169b16f9eade8f
SHA15e7fb7dd5508e8b16fa39468b8209b16b6f053a5
SHA256539edb07b8fe964a8a335ff93e933b1df06c76f9efc075e317901f3b5467ad24
SHA51298b617d86e4ea544d6da76efc36bcfb22dfb9d2fb084c29daa7d480adabadb95f272a9d759914bc3b97e47229e05d8072af972885e62f619cd5df79d46308c0a
-
Filesize
7KB
MD538cb8cb1db013336a016c07040378bca
SHA1d5aa2430c13bac6fa11042e1796e88e9538454f6
SHA256206e71855fea0a4c798b161aaf7038cd865912cf5f3883bee77be057df7f8d28
SHA5123958bd8ea3edd51d34deb32735d661af69b6a5f0aa93cf052a4f714e4457875c1ba4d87239b17f6aa9aa88565ed91148dd1beb2d02f28cde757c2c8f70371db8
-
Filesize
4KB
MD56b8eb83a5fdcbc1d7629b6c67c1559c9
SHA173b9be1e745f134bc270de0874ac28e215d4ec60
SHA2563332fe52df2f3cf33e3936688452e5d766a9a54ba081dafa4328d11cfe8d4cf3
SHA51269b8f5552b314b7bd679bd11732cf2307003f030f21836a24f7e6df36c4a2fba8de8cce73224982485534f0efbd0602b635a55c3a340562bd18c7a2f127ac2eb
-
Filesize
7KB
MD51aa6c3756c1e54852646141b846a08b2
SHA12a15a018499437945c28adcce406b3c371a9ee87
SHA25642d3a7223119e1abdf54822dffd44f2c3dcbeabf1dc480a22a9a504e6f5a657c
SHA5127cd126b5953ca740b7fde020a06d3ad6108cfc3507a124230d4dbb5b9cea11ee5ecec3b367ae9d2734a42922e47e4ad6c48b7762a137aabe78f63cc732fcac5f
-
Filesize
7KB
MD57d21d1c9d2cf2355555137f42e3aabc4
SHA16d40bea0b420ff41c434ecebcfabc23ac17014a6
SHA25666f988f0032ca954c829f48c4304653eefee17eeb5fd856c9e2f7fa9df24680f
SHA512c11fe25cce2823386df948275ca60b672881c7d68cf0b132e69619b119702c63091e0e21b4f7a807a1831a08aad0b1e236b7bae14006c5b5e63ad6683e6dca48
-
Filesize
4KB
MD5e0dcd61c17bea011db78cd2da596ae46
SHA12281d423eb487ee9ca185936568278a9e28eca71
SHA2562b5f7af3f0608dee9ad8347f7291bc294acf329486fe849ed9f757ceccc8a674
SHA512470eac29b1bd59a15fed5f034fd6a3a2fc685fd8eda2dd5ffc94106369d9f58c815d2706cc83ae267ec94df163974f842d98826c6d5d91faeebd9b36d8fa3538
-
Filesize
7KB
MD552a88e9a80210ff919d84b243ddfa4a9
SHA1adc417de65009d0a65936b04f3d57447cf3d462a
SHA256d61c6c422cbeb6d19870645c63583312e16aece0033c40e0f7e0f3e5584710fe
SHA512e262343b7381ffa60ae78c74fc74818ecbec3898bf4412d511dd872d44da98d099c346b67cb974e49446589b1534b04e3287d884d0671592a865d67ff56850c3
-
Filesize
7KB
MD587f66d0cd46758f8aeb309c25ff0fb43
SHA1a25a14af3a0dc42b10a8d872c21cf64a067bf22f
SHA2566c88a1767b526a93cfd0b48d00bea3e138bb872e61e608f1f618501dba8e1eb6
SHA5126d25b9f319d5c072f6930f35b29a34ae6b37763bda01503c2f40788406749d5abbe8cd6b6bb76555c4aba366d92cdc82de73979d0717a08226a919235d4aa2b7
-
Filesize
356B
MD5ee6b447141b8b4dce6fd0ad85e0d40c9
SHA1dc362c822d1f16568adf91732766902aff9a923e
SHA25613a4e7f3dbae4109ebc3a7e0231d98ba844ab2b538e3f9604a9ba19f46ebd939
SHA512ca90aa69ada95124e779b2affd9bd95ee9d622d02d328cea39a87f198efc6e3a0dc49997cc5d2708d390d48021fd2dbbda1d11d75dcddbbed21aab4f2a270242
-
Filesize
1KB
MD5492aae1ef1fd4a8bc6352cb58e8651cb
SHA1c19ad5803ce36ae30a029284f8272075ae8776eb
SHA25668d1ba2398cfe5f2df65b94a8db1286dc6dccd065a6f24f36c373a0d47f49850
SHA512848c5736454dfa43ab87ea4b5924a104573f9ed0950f3b29f4f20e391db0a070f6babf7e133aa9455bb7bcdc1aef9a454252637c469767872ab97e181f6150f2
-
Filesize
2KB
MD53e55ad12fe877a832137652f655857b5
SHA18e5c4fcf12977a70dcbcc729da60e4b78667e0ca
SHA256f801cb156028d7ddda2cbe364e509b1df4a0124a1d2f28beb9a0fa45cbd15fd1
SHA512b0490bba69f9c8081c01b9e4ff2f7fc7368931bf2e160068ab77841002f7d9b90a829233a28cb023faddd8defc93e7af3b8711ad9e6c0e440b958f944eaf4526
-
Filesize
2KB
MD58b9895684ab696c1a82bc38d8843cc92
SHA1c8f587a5fe7c8730fdd5224934753e211396a03e
SHA256fbecb30d497b107dbbd5e9f7e01f4d1b9e488b5fafd286f7ae988901c43b4552
SHA51212cf1e607a12002f2a0f07f16e575d5d4951593f4002fa36d248f9075b8a1efad633e888ceb97a936218c130d4928353de7a99c66e4b8e0d34cf3d6ee8f4f84e
-
Filesize
2KB
MD5f3c206d9dab3c52a4db49af962e11c58
SHA18329eca70941055ff635795bb769b5e420f37939
SHA256b00cd5dce937c73519f3a915a9863adbc298dce20de2785b79891f36f54ed8d0
SHA5122bc2886262b95ca0914175af8d810fcfd8e30ba3460f21268a2fdf8b942479637f3593f46db85a3225a2d5cba1e9a0766398fe2065929ea20306ac8e7ed7ff5c
-
Filesize
2KB
MD51236ce99ee2ce2b12a7c047247cf97de
SHA1bb03c275450c1ff5a63e17bf7a423cfff96dc777
SHA256f8c2c5ffd5b6098bf5f5f12ffd21275c4e35f0a4bb6ca31aeffcc766980c5f06
SHA5121e8ef076b9383d2227f890e49b8baccc1774596bb109b6d56fe1cf950987f1ea84ee4bcf6505c5f7dea5b1b7bec8a6838f287073c3e54146b49abee55ea798e5
-
Filesize
2KB
MD59a2548000eda971bbe6768a5dd50d417
SHA1becabe8007975a124f72efd7f74a87f5473c4f65
SHA2567c8cc2db0c40a15d912f8c3bc18115e6f924a9f43f1f036457b04df8bea36320
SHA51256b64d42e7d540313bcaaeb4fab3b93d1d11396bde3d20545de1ca3585f4b9d45fb7e40482ed089fd2adb7eed367363a03fa3c149931754548b2ade42b2afa43
-
Filesize
2KB
MD583a3d46dd3ee601c0c33e1a5a298052a
SHA13f2b333a2bcf7105a3dbc18d1af286c8d44497dc
SHA256f907eb770292e60c35205b5428af3b57ae197d231a9a25b2a68be67c878279ab
SHA5123153a78d3fbc45f9599c2f6256868704a461c5a20094a6e0dcab33c50bd6605b6c46d558fdf25bb0278e6ec649e90f8af8a6d0a114df35841ce4b703e0efcab4
-
Filesize
2KB
MD54b4f73382a22d37655c909cb638e1f3b
SHA158b0e096d2f6f4ce5f825d59e1bcf3f95a83121a
SHA25606ca32999a525b2556d86b5fa0772c32effd961706abef6ced771f6fa86ee71d
SHA512f2000db5c49468bd876133da59f643d234239e182244716fee1ecb27b30170c0f3218968c45a19f16d985d9767dcbe463c958d0b7afd56c22ae03cc797a4c6ea
-
Filesize
2KB
MD5e541e327dc4d158b097f45613b69f2ec
SHA186ab42bfe15105312d404a5769d19cd11abf4261
SHA25605528846244227769997b42c1fa6d44541c153c1f117dd1d8b2b10d74a732ba8
SHA512b85ce7c4894f9eea40509618d11756562261c711f4783dc584722763f5f308d1e013a0f8b6073b816a7eb4a132d0849d21e5ea0bace0aeeb0c0f5ee68a5f4a09
-
Filesize
2KB
MD5e4fd7b53a8ae08236fcdd42a53322c05
SHA13fa4fc417f2930612ce6783259631fb226cff03a
SHA256a81623d4d99236e312f55a87ea72379afb289a6986043781c213b9f2fd411a7a
SHA512e3cc8d64ce366f26e5297d19132433c551cbcad62f6806080bdc931fd362cee59f8e545f0a21c8b4027eea32e58fc5d365267a7f613c1669e1c0e5a552fa5aac
-
Filesize
2KB
MD51d657aef8ba9ab00d090be46f913c1ce
SHA134d09c2e35de14026c814662f157760891169aa6
SHA256daa7375f9210e136fb8daa7966df18068952f493204a9f38e9fa3cb4faca55af
SHA512e5091c80d0bb076a9909e7ce9593a039da03af164182263b72b576575abde1092545e7c716bfa1a9c99a6954eb33ad22415d45c70022081b40668bf7882172fc
-
Filesize
4KB
MD5bcb77b6c1d485db33ec57ad4fb905125
SHA1f03cbfd0aa320ca9a51997de0dc12ab5791b5ebf
SHA256fdebeef2415ff92e912e115732bd06e903d015cccc33f3bbb0fa8e0c2be18667
SHA512b669cfd642fed1304e8a7a1cf02765f42d4f2e8af1b3bef39aac65059db9f737e4f15f809da8244472f9087d8ca51447f665677e01fe56de878e62da2c01b13c
-
Filesize
4KB
MD531e2851041172093c5cce6e815aff43c
SHA1831d088319d2c858243c27d2f7e6133f80cae83c
SHA256a7d0e92639c64898a3268a6fc1b9cdd3b6214451951705bb28dd06b9a9f0ee32
SHA512ccd72b93ce3ab8897d8522e6d69106c5dece69c2a455702f8b6f9cc2790996543f9f2ed1ab3b9d36fd58d9f25bc154fbade776d3afcc073d457e9a539fd9aecf
-
Filesize
4KB
MD5c578170bae731b4d97178657cd8a1a56
SHA1cabd441ab1e31a1c1491575ed22b16e181a0d422
SHA256dcb98bfdeff97f0dc964579de93a3c8ff1e9bfbca32c6407808ff353046afd17
SHA51297c0ed87c7fe827b53a94aa823baa1ed327707a23674b110307feb29d44c799f0f435c53f98b43ec699e97f84b7977c5cc6a5a93635edf2d3eb96e91f0187903
-
Filesize
4KB
MD56aa6ef56ed8d423e4e2f4e1a7f72bc18
SHA1bcdfb7402ba5e5df382374459992170ef719ba1f
SHA256d3840f9922b8d3d082b5ce146d575f5e2d34bc2bd6a798f9c69656800eb0f963
SHA512969bbf9e682a9b7ae92aed92296d528d956cc3f34b33d1fd248bc3ed5d6e7b7e6297e82705862e785473dd94f3022e1c2ba8b1a37732c5d5ec1975f406edf10d
-
Filesize
6KB
MD59aefdc98bbd16f21017eed482fdfab4f
SHA1fb4e10ee645926bc1bb602a4105d7c222890a4c0
SHA2564b4213aa7be8304f80a7338264236f16ac13431ce02b3b1fc648f84cff5498e0
SHA512c86c91e96a24fec80a7ee9251e34fbc88f3dd953577bf4fab3409a7b65807ea7de8344d83d9f3ce75327d64455a755398e1739c32c1f5dec7d9dca5391060a60
-
Filesize
7KB
MD50439c37b012f2112282a2c30e33f0f6b
SHA173fc5b1befbfab2375f99554cdda3421d564c6b2
SHA2565a265c54cd430075e9a3f8e5e447367d6741e2d97ea4aff8a36d9b5f04d80715
SHA5123365d86f6857d0396ad64e3c923d1d02aaae5fe0f4b0d48e86471b60c5f859930f6682c1006ae1f99153543a5948d036f7c4bad10f336fb204a1b6a7c0185cdf
-
Filesize
7KB
MD53df640ae96ecd073e4bd3ec4fc86d1b6
SHA18002f8f25a9dca1300cb901d5312915ab2aa33a5
SHA256319eab5bd4bb890c4cf1d8b9c62417170cf09c7c1ee4e0c79cff273fd4a2e7f3
SHA512cbbe42902e610633b8ac099e22075e14aebdb265355cd4a1101a5806d734168c8fbd74c3bdd3b692e551843380abf0a82045d51dd34a0e4134fb0a96507bb760
-
Filesize
7KB
MD5c04d37d3054b81526152de65ad257906
SHA15c5f80104e22bb68b41e3fea2cc5945fa92d425b
SHA25613d29e9aaf3c8b5cf01826a7a5bff614f03303e6f8c362efc4927428bd31ceda
SHA512bd7178f7517bc00a8b543f623ca7ace1717f89631a0c264dfd8ea9055cc17c7eae565b7f854abb1bc2a44716a502742ce99c9bdae0655f678757921700c0e638
-
Filesize
7KB
MD57d25803d9aaf110f9bf5b90277af5bec
SHA1c870d8004eda9c0ef17703fb6e89a61600d5978c
SHA25658973529ff0b40e17936910d1f3f65ac3f893e4c0c936725d9ecff6c2c058fd5
SHA51259d63e5ea9ac03d8faf2a9ea1c5c771fff1e98f0b17592968e91177f40d44a54399265c347937a8731bfeb9add184d2a04da0162f47daf838ac31a918c761e12
-
Filesize
7KB
MD5ffec03fa1bcb89dba56021193d4205cd
SHA1f413c7371d9f6b0aaa7b3c64abb0c00d0c155867
SHA25655a11149f5ccad6811b5442c06048c434984a475dd487a5aec8a72ef61db99ff
SHA51240b3f55d7d1bf86622496aa9a1ac54b03dd1682383dba0006aef253f56ab9d1123b602bbf2d531fafcb4b6c637f0d2685511aea4e63d615641d4a53d9db34b64
-
Filesize
7KB
MD58c0d13232b7f626754f224628480a9a8
SHA16043434e0ea677ea4d3f497e8b984870462b9961
SHA2563e248eb25d82f7679471623d7dae6c55c67180c58e592dd91decd69d96f14716
SHA51233caa8d63c64b764a4d51fc2439b8daccbc5d540713e5c09196ed66d9508f42f2e373981bd015e3c57a4c2b67401a3bc226487b7f23015e20dfb27e060dcbc76
-
Filesize
7KB
MD5847c72d3bb2d428b2f01d1b98a70e927
SHA114536f7b7b198355faeb017f24acc438042a0999
SHA2563118aca5de7a0a95c55b5d7b28afa5c38880d230e9d0851abc97b66645baa548
SHA512a769729632647cd1d07ae785db23cafecc99f3721b1447d17159e165e8542c1757e7812de9371bf2782d04839f0c9a5c91721b24cfac0bf6824c5ebb20a4b7a3
-
Filesize
2KB
MD5429437d5c613c6c0512f8fe6950e539e
SHA119b367fd01e148d03232101ca1bb875018ed1a0e
SHA2569ddf695e3fc9adafd808d8ff26dc7194169e9422f41b6a949d48f8f9397c1828
SHA512f973bf5ce383ba522d6e0997047a31abc6aa219d897d2ad7ff2c6280b742724a29a5e5adbdc9c84c08c936c4b611a31392fcfcdc0c084c9b2b256f1122db4772
-
Filesize
2KB
MD5e7f9aeb36c6eeca29e86008e3be62185
SHA1fa911831f6a6944a67b00bb5e9fbabab711ae1a1
SHA25607b0f304215d31c9abd59315441d390240b33216e3f89cf21c7cde95f395530d
SHA512b5c5320725b43f293a0537563b23296460f5fef38f2cb673954e14e970e53a503b05298733c3c91910d19e36c828856885657d87bf5835d5f2306744073302a9
-
Filesize
4KB
MD5c1c1b64ab2a4d37e6c7a591212b6cd81
SHA10334b3c7cbe795443107a1826591e271a0d2321e
SHA2561ee855d1c376295d6694bc92258f709dae1cf42ad79c0168552412258e9364a2
SHA5124e4347831a2eecf73b804e980c7b0491937316828b99e812b846d9f1ab321b36535847e4670e273172d33171d3dc0dbcc4eca956e530df21deab28bdfeb27e6c
-
Filesize
2KB
MD5fd220068b6c57ab049a30314a2708f72
SHA1e8bd43da65cccfdeed1a13d84f9a67a1abd01114
SHA256c54bb28ed295d7235ff8f7f942a901fb8fa35206783e3207e31bf47cb208bf11
SHA512f46ab1f8cf9e3aeb65d88b187182552338a76f988f9881765d75017cdf1171aa9b1aaaa2d03053dc579880c618f02b3d86ce1db287cabb820f3728279d782c5c
-
Filesize
2KB
MD5fe87436910934cbda3d7360b54e31731
SHA1d857a1d662aa966991d29070229da785558db906
SHA2561c322cc0e2b965e918c8d50c5182e06ea4bf6381b3158aacaf528699e9304cdd
SHA512a655c5662da831ff7d87029720cd6d7c0a1b7786c37f4e239a253e2166d3e3822ec578d196d17f704dc94b54426d5318b7678d69d7e7132bf38ac17ee1c6e8e5
-
Filesize
2KB
MD57ba4e8bd4fa280cfd4e038f68f23b0fc
SHA193f705047c5de9268def0eaf711ca67e92ecc4e6
SHA256c373a09be27a996033d85a8cd1a0f19b18135b8616a097f665fc943a1860c909
SHA5128ce40076fbf9d4ce9d6ff5b5aba3e14a98ff0c21abc5cba5de9d5830093e65e1505e76996eca12d88f2960d397d99d0c50f6450bd6705585b0b22520a10115f4
-
Filesize
4KB
MD5a242848b390467b541c51a751cbd0288
SHA1a2af5f8622241a33b000fcf7b8edab23e2feb856
SHA256fe5db058d82ccda5dcd6e1012ae32cb16f2068e12cf60d3d67c99f8640c52df0
SHA512fbf79f21401584d1167944d77c2b982bee0ebfe800fcf8911a5bbc0d7bec331349405873cc5285a9b950e174c3faec016b45f53ec81edf388ca5b8eae6b26d2e
-
Filesize
4KB
MD59604509058667c63ce34d255158531b3
SHA18b3c020c03680cd7329927962135e91998614ed9
SHA256cdc7366ff03bf932e70e614e5ef572ce13878f8c52e35b5da3e579eda4a48690
SHA5127f5e98cc17c298da9d68bbabdba2e4f341b37cf9ccb50ed288299d7e21a8f4c0f905f3cec47e51b127ada5826f75c07dfc7b7b65f2baa5ad20c4c04583b8353a
-
Filesize
7KB
MD534d2ec8b523f895cd00655fa90f8d4ba
SHA1b8e47608db7f2742ccbff3fb8caa706cafa567f4
SHA256c6c8b6733630f7305e34c6425ced921c52244639010fb7d4ea549012b9201752
SHA512dce628f66d5c79c1e9fd12afe6bb77eefe8f9cc1ab1fdfa99d4e82dcbba679ab753e8b7229350eae2f800894624f44e8ee894eb5c9761c4941ef575212053b15
-
Filesize
7KB
MD5ae4e356a34761c3475f7922028ca0547
SHA1181b745de63cc57d21d16cf19c4d963da99d213c
SHA256c6c271c14f261c4881041ec721a42778705bad0de6307b876ea8ac10ccccd422
SHA512c07a74e72b5116f6e806ae470daed327a3be4fd9aef65b59ce332b0b341763439bd1af2d95b346894f5a1547d05986f4ff99d7b430e7af2b0092dc21224b0925
-
Filesize
7KB
MD5ba827aeecac96ee6c8e21adac42f3e59
SHA1d3c75b196ca2d5f443c57d8d20890d5026817de9
SHA256ca8b4b295c861b050fb1ff5d2957d1bbcf91d904d0998a83eaf2eafafec21679
SHA5126938e0ca6d6de131c4dfbed3aa957b5a6cc68a4624d09248b01c60f6bfc011fdedbe8a15bbb86a580704fb8fa4cb65f45d673e124e62abd49b5e9e0f08f3e2c1
-
Filesize
2KB
MD5d07bc8b054262541fd9529af50d2fb77
SHA131b7b5929415da8c4efda43e5714d88f6e4ed164
SHA25693b7848f9486fa8ff2cba9114e99ed57a154b62f9f137a47f4c90d2eff9563b3
SHA512ea31323478266a5a5dc94a54baa8ce4b5874ba465d4f487b2c69d9049e4b8abbb64c2ee561ea86c3bd7d5001893ed5570b4350ebf17b7287c3a43a242fbb239d
-
Filesize
2KB
MD531f8d969e6cf43559573d724aeece238
SHA10bd99f09450d1753e4c4b9685c7b165684fd19bd
SHA256562985cb46ceb9b193b1284a4facf7fda72b7185d0f0476d81604ec384f690fe
SHA51249df02fb39a65d7ca1d7004467dd9e4589048522b2ad7307f9d6a15d1b618fbcd3d342cf831427a6e3a6bbde04d13850e99c1bc4915cc4b460b26eca7250c390
-
Filesize
4KB
MD5c1390202e18f352f054f6f10bf214e9b
SHA169830ed22036aae7e15b8be73d60e8f9d7ae61b5
SHA2564198bad204ee382f6e50184a35a8d47900f83f0e5f1405aacec448ff11b33676
SHA5123672c613d7ed3e7088a68f367525285dea4521192de977583436dfc024a9f3bebf3c86f95e2a6434a8ac232574c2929c1175677936b1a28e2bd4e42a9117e73d
-
Filesize
2KB
MD597ede45b6c7fae492ac2574e81fada52
SHA10a95f2b7ccba76d976939469eea2bea66b4b7879
SHA256631dbfb57c38edd2e3387c9d2407889556398b1d0d27a198f7d5f2bf4cc5f771
SHA5124294e8d19551d2573795de2e6dec2729c60d55654c28eea2fb70b6e55cd2d8d5567cb02aafa3aca0dde19350c82009ec4ef547aa6ecd83deafab71c97e11b77c
-
Filesize
7KB
MD5973b0836dff51bd2c9b495cad3792ff4
SHA1386678cee7e6f0e982a917f3bf074c713d42ed01
SHA2569d956ebf21162189474e047921529d6da05b42f99574253f951c306a4948a617
SHA51206167da6d0fdf8a2fa0bdd7a1a57fefd45d9a02aa8cf5b5b15e13f665d70e345ff275c72730d66d931ccd532fd8516938d228c7eb15614e1ed371f1bf093d9cf
-
Filesize
7KB
MD5112b8c7b7d0ca47c601a5f09cf0ec2ff
SHA12aadfadb4ba8c9f0360a069972ecd032fbea67b5
SHA2561c320aca30b9e2becdb959bc352f0b615284bde2f3b23719db83f5dc93959195
SHA51297e6be1e1fc4e03299a99bc750701be38a42bab2db86c04c8cb6695a0b5332ef7cc048dad24996567e477fd303f8e454cd3e96090112b29eed4b2380d30cc8e3
-
Filesize
7KB
MD5a8d2e2bacebf30d82dbf74a1d74e71ca
SHA18fda790edc6ee5892e784a9ffea3f46308ee4e42
SHA2561210bf990c1087aa7e06d1baf39f2744a1daed200d233b692748e73378917f57
SHA5129fd9c8bf4c11129b635ea4d8c63054b30edc27a342f7eb7f67ccb0e6fd3ec469b2a746e0b24075bd76829b57fb0ac08187148bf310d3a0666df368486f2e3185
-
Filesize
7KB
MD53168e84352302a904f6583cf5f658910
SHA1cfce2157ba7a0bdf6ed4f6e151cf4e3974c7be70
SHA25678794314c1269f0132f07de764d88e3e7e97b55815e652ad2e44df883c33a3ca
SHA512fdbedec880e2d3605c2abc15d127998349f46c806a5a55e44ef39c5a670bff418503f264e0833d5fcf89992373ac5be52574a941b316dbd5597206b2e4c98714
-
Filesize
7KB
MD5eb65329ba898d39301a0177bf46a7f6a
SHA1606c4c52b9473cc2c55bf96529f762e23276cd94
SHA25617346e6d38f5128689eba12e70263167bd9f818637cf8f6c71f887e74767f553
SHA512d0193f4609855b418ac118b21b773ec10a3584b741404325bd51057f978798290316bdd796b875d355c55c2ff95f41a12ff9b37fc06525775069313f446015b3
-
Filesize
7KB
MD59714a0b515eb1ed88891e5907c800ee5
SHA166546d9d192952893b368b9177878d44d132e4a3
SHA256aab7b020d4eac24543cb50b8af90f60ba48fc17a60098baeab2eca3b23c1413b
SHA51282278c71964b6311bb90da36c25e4f1c60b69a59253c00b29f3382748c6529daaf0575b2609f230fee8ca968eee2ad486a89b11156453608c50db6925732d732
-
Filesize
7KB
MD5392643d3e4e2d5a9c43fc642f82c7de6
SHA13efd4278737d3ac087f60052ba754275c55b5f99
SHA2563cf175860453795d42352f0bd4c36052576a1853efa72d974b622fbebf24d014
SHA512a3bf5cad4505a0f2c3eb90fedfa1fab475e60258cbba554f73d619a475225016170b34d37d17cc3c78685abafed9fae8d2c338a376e5bb4c57270f2d68ca8bea
-
Filesize
2KB
MD5034081d9c142d626cc9459a834141bf8
SHA1365a6d89b19fa8608610810696d8abbd4d5ef265
SHA2560ca080eb1fd8a3cfcefbc7243dd6722c753f0186438addeb3d3318ef8f9199c0
SHA512437e8d0cf9a5e9bd9ae926ba8c3f3de129a712b2d70d62a1c0b94029f4e16d4bbef0dc30af0576af0ae8b96c97c82b73b494bfb67ba0e9ee7a3bfe9bc82a81ef
-
Filesize
2KB
MD5261a4b8e26e5f123b086d411aa0130da
SHA1cd7c790786008e201237cd07683f92d7a6b0dcc9
SHA25636f80fd6f0d4ddd1f63126bd6a58e750426d5b2a10f2dc6b13c8c26d69de1014
SHA5124c77a50850645137fdad9cefc7469f8568f79ab718fd2c98ada65a3d8e68d3457852cd84cf494411614288b2d16cee7de52405ca03d2032dd831d520e616a97b
-
Filesize
2KB
MD5388a1222e6a7d4acd29ea6def04c8f2b
SHA1489ef146c92ca340ebc1cfe3e724f2ee98088eef
SHA2567bb07069b941b8e5ba0b646e8d7df78330378cec2b9d45e6bc714e928dc1cc07
SHA512db3abbd1a142dc12883b5f17ec2e0cc58f7c1f2155d7b60081b454b79e5865097987898d1637fea34e68ca926b33a5b9ecb12c280fc7b3e38048fd4c02d7de5c
-
Filesize
4KB
MD588aa69c53e6a10d52af1a91ac326eb27
SHA10fe024a6ea261de3ffa48d67a7ca01ef304a0157
SHA256edea0a9b8487451cffb8c79993b0525f28b3da04d3a815f62de9a7c85109c879
SHA512b81452b3d4c6395c95e9c315a84bdd8ead3465c103a96457deb470e4e4d15a61ee1c94e097611351258a4b663d521fc08a2c54f0ddcb531c98d372dec91eb6f0
-
Filesize
4KB
MD580e09978619391a5d7a59e5784ac5674
SHA1fc4f45f1fdf067b2ed86f5cbcfe248a1b3ac6766
SHA2561cd726952e7b25b7eb209f6b909eed60a75eace21f0f521e46a660309bab85b9
SHA512c6856cb71100927004c1b0455975b08378f6c22d240b3a78f8a6608bbe042026e7b676d060f7eb28d860b6b9264653338f38d0648bb8204c8be808993a27d02b
-
Filesize
4KB
MD55c0e01b554c48a170fe5028ed8129bbb
SHA1fbdad4a978774fb23c613bac71219ed9f0ca9330
SHA2565ae3e30aa3951fb473bb562b81f5c289434a06a38cdfca1359fa3cae39e15b00
SHA512126b832f9df76b4b377ecb80f737a172ee208bee915d3584af14d27cfa2ab18385a1f2e238a075b4eee2a27f59779dde523e2874d31605894b6c2817dfc7f6c7
-
Filesize
7KB
MD5ce41bd7c01750dc619f9e9a43f5e98e5
SHA149f2831a2d2002b74ea1ce9282f08aad4fb393a5
SHA256470cfe6d97d615563929136086e89a2167c8a9def2504017ab7dcf1b5dfde69b
SHA51230514417c7e81024dc2326a693c510b38833d073e616581290e0e8631bc53b72a7e210adccc1477c44640740f6e6d4404d5d51d97445210879d80dd8f4d49549
-
Filesize
7KB
MD51116f8234f6b481dbba2f97291a347a2
SHA1c5d993036a535c911210906c1af1803ba20e8b29
SHA256679a2b20a3ed4c3fb636534e856e91aa1f7581e2b15df9bfeb57a19ff6166f4d
SHA512f73e47f1e56760be949b6d8db0f640d663aaf9d79c0666fb77ff49b75d970ef040c19ba909a4b6e643ff4ebb58e024175b4c348dd5c5c38b3e4dcf047c08dd68
-
Filesize
2KB
MD5fe7baae5cce3421ef7e73d77ac13338b
SHA1ee6a0853a41d2805247f5ad3d627288e25aaf8ab
SHA25695697ea1c11f045f1d3e9e1504c657ad350ad40ed5e8dc89d1381fd6815de22e
SHA512ba43ef8dd1648e3b84f7cdaa11d3d671f08acbc5f6fb8dfed95f3dcbacae7d634dc18d23c25928babd6726eac633a98ca9e6d4d0d1a117d371dbeda18ced4059
-
Filesize
2KB
MD5af4710bfad69bee637d5b6eeba619fb3
SHA19e9dd1a16f6ee4136fb2e69acced2458902a70b5
SHA2562386cd9ffdd337b95adf935a4ad2d5aad34f8f229a2fb1dc27f79e9daedbdf1b
SHA512f11081cad603b92b5b3897cda27e0cc4fc037610e8ddb4d366db9bb8ce7ac5b7e345f25bdf7a38ab57baa9c19fb0f17ffbaa97186786b2000f77eea62b2dbba0
-
Filesize
7KB
MD5d1895aa021c34c334d7202fd4fddd64c
SHA1f4c6f98dd7218e3630d3d2efcfaca41c9c3ac1c9
SHA256776dc37d9637857cbab9abe6e44ddea4595ffda9fe80d6d34c15874404cc9b42
SHA5124be1ee9c41c3a9b9660c706e3e9a936234bc38a5b24a666308c3733b92f99d2ca2257ee402d2293c1e290c391a67c1307ca63aa79116e5bf2523c00b5dbd4d12
-
Filesize
7KB
MD5c283a45ccfea35f19ab43fa769a45eba
SHA1f8e06aea824dce39306bb4b5ace588367c255e6d
SHA25643cbe602a14fba664489b68ddcdbf036464c0188caf2ea54c29957c9128ffbf7
SHA512fa86e6c209dd5b94427771e9e8b3e54acb3bb3817bc2015dd905efc9818c2dade7fa021809feb3ea736649ec28bd1f0c6c05b31748f2d5c4fab6cdd4c46642f8
-
Filesize
7KB
MD54fbd25d5128e91f6cb5832c05367b29f
SHA195de69eeb915cc2532327aafd689bdccbf058356
SHA2567a69463725d60821f7c6f61e4164d2677d739ac29ca5049559d8b4320055d7df
SHA51219a3567906ad12ebea91e59b81383418b424618cdf7fa4a4fea6c626929e988270fdeb638d2ded608130b4add83f3a82e98fcba0b8c9a81f4fbe1aea9b500ac0
-
Filesize
6KB
MD52552c4ecdb49ec296d5d9e7150f3692f
SHA1f4cce7f7e087c55f3edc2dc654b691cc73fc7fbd
SHA25636449db1e24f06301d390c6a23dced18a786158ae518d10fde8d38a7d634f119
SHA512d9c3da8aef61999242cbd4c6c7ca1d11578ccaa7de183c5869bb63c50c383a34a28fd683918ca077739af9af425c787c724b6abd718f1fc00c04218f430e4961
-
Filesize
2KB
MD5d7179f9b2906dd27a43cdb2e55580698
SHA1ec372dcd287fa881b9f3d5d3d136e8da5c2f8048
SHA25604a48c96f06a1ca29b0324b0e9772cd533d1208d7c35088acf436e8ff6ac2f01
SHA512f30b2c362d7f04e026a3b5015f13358e8ebc55768d1792c6b21c58fdfe4209869bbeac3dafdfa53908c565babf15c18cd5e832ad4ef36eeb439bb882d5781362
-
Filesize
2KB
MD5fd2c3b1082167567b39ed367ca095e0b
SHA1f52190c6be2a195c5c8697e136d910a0112fc9ca
SHA256bc152a78585e629df999a7ec3c49f30e1e689122a4fb8664f5e68696f4e349b2
SHA512ee0e49fefd3c1ce73fd0e8be667777c28749f200d83b1704091e4a1fb84b38788eb4256c97a190595a0aa4ff6ee8a3d9ee32cf935f868d62e5119d6e5ce45db3
-
Filesize
9KB
MD5f704cf7d9ba2071e517231e1557be4dd
SHA15efe20d57429449f13021ca904b990b20b45247c
SHA256410b4b7a758a9cbb7768c26c35d0dece4001ff3c8b660a016419dce0afa9eeae
SHA512e769855fcadf4067f9cd0373d314826fa22decac47383c301faf180f24ba9381d24c73fbbd9a1e82b7b4766e1ac9c142e2c534411197da9f4d7a8e0beb19c33d
-
Filesize
10KB
MD55dec18c3ff5bee914795022295128ead
SHA1d96c70d014c7f1efa67217e333cef508d816a340
SHA256df683b50a8295655bd38adee820270666069324127be6e5d32e5a599ddf33f79
SHA5127c31db374489e1a21ad6274cd285b75fd2798c70fad2418edfc3bd820378daa45a6e3133afbff872a4834b2ec63cdfe423b6be9f5676d3eeab56ed3279f45701
-
Filesize
8KB
MD5cc8b9dc78cb9374c63bdbd18ca2de6a7
SHA16a82fbbc1ff8bac788c2998ccb3415f6d0b92f2e
SHA2560e5158c22cd6b5bcc06915d64dd23fb4d55f331d1f45f72d51eb8f1173782c25
SHA512da19ceea39a79eb049c45ae94072d506ccb31fb19893f7c94ccb7df96a6564ab62c00cd18b03c01cda7e71c7ef1e137dfc3078bdd110f5788fb153dd034da173
-
Filesize
7KB
MD52ac4e4f76376fe1a802c3bb337044e8e
SHA1d23e7149e579fa44a17ccbf376aa539dee373f6b
SHA25639cf538d686e5194cba22bac953323a1b9a5cf0d8587b8f5cbcf2ca41742d91f
SHA5123f405e633868f0f78efe28c8f1f4d53d96e4c5e4f88971ee69358c6975af93faec6081f384774f32fc1e207c3743e691b8e3f3593c75b906299d8deeb053123e
-
Filesize
7KB
MD52c8cf2d77ef098cb4a06aff7d886e556
SHA160e6ed8108793062f6aa80d1d632416fd281e011
SHA2565fc19e7fd4302a700eff2210ca88e9f0808cfa1f2969cf9fe098ce89ac91c864
SHA5124f0e43fbcbf2887b3ad0b43755183f1d629ba98dc50676cd42d5267ba7fc465220e0413b864c3b854f55d1e7eb2fa7cd16a0e06adfbbcd79731f90a6fa3c2122
-
Filesize
9KB
MD5002e0b86fe9cb354154fb05ffdb0bcdb
SHA11ddffcd01de85c5fda6b37bd8220f51244076ac4
SHA25610d95d16d5d723208a05f6686fb25ff0cd48f0f77750032b67e279eb4dd9c627
SHA51267b223dd16d1dfca4b8346f474ce0eb68109f3a57abaffde73ac79aba9b6e37a900815c98e90e12c9077568ea25fa1ea6ce9b6de02c4e07309d888583e9a53ca
-
Filesize
10KB
MD5aa28ea9875fd3390a3b71081884095d0
SHA1d605f16b45093b8fcec3040570877a5fc331d59d
SHA25641841a6c3dfc412b91fdf697711c63b9e4e7e35dffbafb7a09ae9a33401530f7
SHA5128ffe7f97b39ce40fb1fa194c7d97ae9f004a27abf02974d1ae4989b4f78f5b9d8dff5e17f85ff54427c641755448f71a2560866d5fe767bccdbcfd0198db49f4
-
Filesize
8KB
MD54282ba21f9133aca633bdeb014fdcdf5
SHA1a9f8870da97ea4441d44d83bb42921e53f1343ad
SHA2569d591b7e707149e3b6008e8b02ebf269525c517470ac28ba454f06fa3376a91a
SHA5128ebd1d4bf52e76a91bf845e95aae7ffeb0f3267a61f8df09da903e25aabf7a79bc9e4e510357bd70f1c02861578545f4c2a0a3f31b19d4d5021c63438e9a7cb2
-
Filesize
7KB
MD5557afaa33f7df356c9dd187ffbcb604c
SHA12ba495dab169632308d210f3c36e79a26a8044ef
SHA256a7a88de5385cd2d710930f50c0ba8cd4620d3d417172326b2783995d4de7140c
SHA512ea8e5cb7786276244a1fbfa2f3398a2e7910c830de8d967b443a011c375c6372937da804620037b4e145391cedcde2ddeb9eb0bb8aedb0415db657e95fcf4e2a
-
Filesize
9KB
MD56e4c1767c8c248ff7c287f335ec19dab
SHA1500e8b97235468b6bc45a802f01b2daffc7ec397
SHA256a2e129184f7b5f4a7e1e927c64011f78adf6402455374847e1e14b3e23917f82
SHA512459367afaba027fe3cc8a65864d279e9d46a5eccce541be70508cdd348a5b7dba183bfd8a777e1b18bf03f065795e0791b5181047e0b0417e80f7c334f7c46f1
-
Filesize
9KB
MD53facc03a326a3c2ed0c04795e68237bd
SHA1416c280dc2a5bed2b6b3219f345d70d95825072e
SHA2564eaf70e5c0d859b33cf0ede5ad674c955c161778324b800941f579a8bd78e408
SHA5126c3575de8f7158f1bdb4f18d8133f2ffe2e902688df165b9219432c78589141c44c337ec94b80dc85c77d94e9aa6def5ece2fe0d4dff7c6421d7b745c67809de
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\4b828b93-aedc-45cc-bb54-07208ac58d9a\17418f9155e01b91_0
Filesize1KB
MD5203f5f2b7c261c93610e1b2d3884922c
SHA1350fc332c3615b2fa2682532a64b7af2deb056e0
SHA2565302c97927991c708c07a941f199feb38d642ab74cba177d84e51174ae8573a3
SHA5126a53dd7c15a54e27437e2492163329af46dd5fef7bb92dce7d9e183f88ec76f8f9e147f97b1457ab07b781d347e5c650f959c52f801941c5e8a9e07dbc4ec176
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\4b828b93-aedc-45cc-bb54-07208ac58d9a\8791d6e674c5351a_0
Filesize1KB
MD59db5cb12ce733e99adae3ef46f5672e6
SHA133cd9474d099e8030dd85df13ef48779b6099de6
SHA256a8005fc9d6fc748553ffb49133ddda329471a7b02650c61bb9fda6915b104f11
SHA51230931a21bba25c5d5d91d17e0b082bf61b820e8cf67e908ef34a36ef148f8de53806fa264c67ec6136c4638133ff2e0f6ea65924febb52a41920cd71930c7ba0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\4b828b93-aedc-45cc-bb54-07208ac58d9a\8969217121be6eaa_0
Filesize12.7MB
MD51771bcf612c3b5236467fb0db71a5b3f
SHA1ab25b648bd6b6ac1f2fa975d12ea16ffe666b105
SHA25697789dcc2be178623265558692ec395f1b79130387ec3cd9a77fb297d3c57a80
SHA51264e4d351490f853c336080825ab023a34c3e6713f5f9036e32d9b63db04a232a4aaf1f0dc9f9ecaf0b0fe8050f3ce6eb45454db70a5ba339456f30432d875896
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\4b828b93-aedc-45cc-bb54-07208ac58d9a\909e4fc2fdb38e45_0
Filesize35KB
MD5c1cf1756716ed46c9cc1c63ac3ce6091
SHA1b1647a792318d1c231d6817f8b9fb736aba42f94
SHA256a5e04b5aae0a91b5a0ac9c937a675394f4851ff08d413ad348cdbdafcbef2e13
SHA51214fe4fe757a6da693ce15bc867d9f3620a0f917fae0c4cf466ca19bb81ce76c9bdde70ff61e07319147b37e9899be8e783949866d2454b0f61bc998d599d053c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\4b828b93-aedc-45cc-bb54-07208ac58d9a\a7a934c50bc1dffa_0
Filesize17KB
MD573ae17c16f881f8e5e8ef4b45ef0b4be
SHA16299cefd270d5f552405e8a7bf22514aa0c399b0
SHA25636be4c3c346b86f8194bf4f505553a4ecdb27f2b5127a3d4030a821a45012e0c
SHA51258249c9ba486fbee85c18ed9279fae14263e85b860a791618b8499ed1413fddb0fdae0229808e328de7f511fb71a014b2841471f031ec305c64e473969750520
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\4b828b93-aedc-45cc-bb54-07208ac58d9a\b2beaac8f0d59565_0
Filesize37KB
MD5253f1c844e13379e479920a403ad0948
SHA1d25ea967ca957e311ce862f48d6d0d89251f8735
SHA256ff08850027aaa9ec05cf1914f19faee2696749c51d1816d3d21eb77289cc88a8
SHA5127d5336e72f8118e3449c2ba67533f5650a6687f88c04bfe42819797a8ab35c2096444a2eed0af8125fc54321425832e225fd973ab0e17428f3e2eb19febdafb1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\4b828b93-aedc-45cc-bb54-07208ac58d9a\cec615a85ad19211_0
Filesize7KB
MD51ec952651f142db7b775843862bab044
SHA148d08f6fac95e82de0d77a7fb1560e3cc413aaa8
SHA2566efc21e93e58e4d7668ad3cc963db22f746ad957e2afa5b4dce5729a7a1411e6
SHA512e18ac2ad82f85bd25c8a5ca0e7fef9ddd833cb67ec5efcc3688876f251003baff04eee7e37bb09785e5ae94ae69417c0fae1347576067b4bdf612a9313738bc6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\4b828b93-aedc-45cc-bb54-07208ac58d9a\cfb437cfefc22d68_0
Filesize35KB
MD526ba354bc727550e4bbb9533c949426c
SHA1a9e6a2c4918856c1da07a53d2aff52a804163b73
SHA2562fd97f7217e7043e8d88b5f3980e46b33cde74598b29b21a7e5c95f3577fba09
SHA51284e093f8dcb0e68f4f59e027d26452104cb69f437bb4f5fedee858c9464d023ed75f0ae550d4f478a4adec214a96a22bd8ebeab7df88c894944d742c44abbe79
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\4b828b93-aedc-45cc-bb54-07208ac58d9a\index-dir\the-real-index
Filesize3KB
MD5bf2e82accaa0a16abb21274dbe2583b8
SHA1edd7053a9215e4d4ad70852bbbc9470efbbc90a9
SHA256273dbe8d20f23fe871de12731e1b2ef42168b5ec4e0a669e880134315709384b
SHA512f68649cb4820a5165447693a37265c79fac4744cc0fccd573bec5a014ec0bb1b058d05ec2e2860721d32250572e33d33c58395ea01bf34f8a3bfb4bf68432864
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\4b828b93-aedc-45cc-bb54-07208ac58d9a\index-dir\the-real-index
Filesize3KB
MD540c13b93f9535bc5f207b3ddbe24a43b
SHA12eecf01665c3a9734213988322f682fdedf10df3
SHA256c413c605f876d3eaec1c22b038d38e9182a332b116e36a1f7dc5b6adf76b9308
SHA51212a7bdbaaad5a3b4ed13b88d327e8376d43035eaddd0b47ecf31fff83e8b7f1fdb1f75bb4379e8f8c7e544c06f93df344b2a08c60d77a69cbe75a87e6db29126
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\4b828b93-aedc-45cc-bb54-07208ac58d9a\index-dir\the-real-index~RFe585e28.TMP
Filesize48B
MD5d976d5fc69156bb7a3eeaa39dce9bbff
SHA142876c10bc25ba4f4f2b73f623a1732727884aa4
SHA256ba188b132db2ecc1167e3e0788bf060dd6e1c279996199c7a7182c9a96a7a63e
SHA5124ee2d27b462b81d0a019f5b32c59866ececcb82ec01ddbf8272e5e498037d823927d30bef44d4e2ca54b23d55e72ad9793d073996286fce396e5cc9399022388
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\index.txt
Filesize218B
MD55f565feb2ca3d6ad03dfa2bf00403ee4
SHA13de1234b5e00aadddc614edb50c8783263779dad
SHA256fb8b157eaf9bdeb7b6676d3c383021c0ff747e81e9c07f681bc1414cd0d3c973
SHA512ec249b4ef4e1e04b43757abff63f4a2de280df2b9a741e24b06484e03115c822b283de454cb146f08c5cd0b9864d151a26aadd891cd169b219ef48f76e834ced
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\index.txt
Filesize214B
MD557b4cff3e35c21156fbf8a0b07a0fb4a
SHA1ca312dc00e61698c250dfe8e3490e45a412984a7
SHA2567938d5e31ea106b0393d2e16d7664621d38e119a34bda0fd82cbdd77ca064eb4
SHA51256b8ed3b779a6de125eaa689dd01caca30480ec0355b9efe0480b767afb7918cb516443cafd77cb60775912456718c5c55d980d7be76412bebb4ec4cc13afa09
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\index.txt
Filesize214B
MD545ebf9bfb4402e1a9e030f9f7420d545
SHA190e4f8e8ad5824fc5a583436cd80b1debf366d8a
SHA25633c1651d039eeb33730e23a9f1a70940741d5dfcb1ad91b69f5d705b51dbace6
SHA512aa2af11c488daabe1e1f93d08e721ddacbdc62da6a822287a40061176dd054ad381bf6263ab40d040046448d243de38ab7dd269afe523b5e7fe211cf4e897fbd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\index.txt~RFe57db3d.TMP
Filesize125B
MD50fd001ae1959c948e31a599d65839ebc
SHA157454c915c436bd9333f71ee159363d9d190fea2
SHA256fa19fc87273f144ccf6d091e48ec8cafc1a89e9e9cbcd8b0d91a099d48a5c2e5
SHA512486cf65287a2be578f1231b13c319e84dbb0ecf6f7856418e2d0d1d683e1874e20a03e1f5ba6a4cbd1273e14f64d47c3ace10270f91be1821c1ed0fb6ca00c54
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0
Filesize408KB
MD503cbdbd07f6a5bd5f2779ee7ac877818
SHA1e362b9045ffe0e3ee494c3e5891973a256a1e533
SHA2561a509a8c2d3c33f5a6ac5cd7a0365a3af3cb3465ae7c924fd043cb5c6f6a9a99
SHA51293dc52d9ed191c591c4b6b67cef6fad1f2162498577c87604f35f4759c1fd62cdc1e58fb00fee96ff5ee6206bc8c2a06bf3a0960eff0c0b83f7a34e1dc12d635
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1
Filesize791KB
MD5144ace42a04db59e16c7a80beaffa6ee
SHA1a27f293aa985a15b65d1c3693fdb8b6ed977e907
SHA2561a5d8880342529156a8be75473ef282dc3a596b35b84c86f83945533afc7ba1b
SHA512b28784a9f677aa9b2b8201f0f5dea574e1ab661b0350769ab3ed780bd045c529f190418a41f5fcbc3a8a9713c7d1d0541f9ca5f8b27adedeb88c08823629237e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD5d41e2a7578bdcbd269ba95b9097732de
SHA15da0859c2ea3e49cb59084077ec599d8ab63818a
SHA25600a724d4a961514de9c350568163f6deecd6da939fce5ac96b343f1791c4c083
SHA5129ded35765e722533a0fd401ce9eb97ff61cc2fa84212c4da7681407899bbd4457b4b85dd7bcea74a029fc22a0564ffdda9362f391bced7b0eba48828793f64b5
-
Filesize
130KB
MD5b856fe89c0d2118ae271048acd0ec344
SHA12bf02f18d7cc9697288756de3617365b02360bd1
SHA256247534ca24a198fc4feb89b814475e802dd87ae54f6f64dd581e0b209b5be4bc
SHA51257566e009b2da420b9adf3060202fa3b17cc5f08dac06f4ecc020a4e1359e80beecc022c4fb078ac9424fb8f798baf4d5a0b067e5f3a763ae6f752f4e8484bc5
-
Filesize
130KB
MD5cf68763b3486f108008a7d59203ef25a
SHA13ebe951d4a865976895abda96b2eee08999bf8c8
SHA256bec7049cb9394bd03ae1bd597bf9165fbbb0eda87f128844eae241db5d027429
SHA5125a6308be1f9d3a66819097c4b5e678ce13566bf93cb0caadd3982f312ff2c9914df8fabf4fa3c92c5d1e74ea927b24907ae4285860379b144e11e1976a79759e
-
Filesize
130KB
MD59720eb1657d004c5d559e19f4c22bee9
SHA109279a31f970d0c3caed2ff94b9bd9373f36637d
SHA25660ac2b8b15d121380b2227da4fccb77bff66f52f9091e09fd8409d9710dfb97a
SHA5129fb87af39df2d7bd85e09b73e05b3e13185db570fb6cbdd4681bb8a5301a7eba6700644865624b2eb545872d0e185ce335ffc43a080161914b0e781b1530b25c
-
Filesize
130KB
MD520f7890a13d5a173b94b24d2f0b441a8
SHA14ee54845fd6330f3da3942ab8ad695ca42ff03b9
SHA256b3198e4ab4f2e6066be23f070cdd842092886607a178bfad62ab273125fa5cef
SHA512afa7969092bcd8b45b580422e266c9970484471268be559c32b10b9317fbec9de6f110811e71e9ffb527823c65012e83cdd463ce70f2fb40ecffc04fc2e95f9e
-
Filesize
130KB
MD5357e8063fb9bf382bdef27568baa0f50
SHA1121c672cb9ed3098adc0ad6012f87ad206f08d24
SHA25613bf810035c14329a67f8ade9370e732d1a5132aaaa23fb16f6e2ebfab0886db
SHA512a64ccf10de7da4820f6248260d40e0a16d8f9db271136fd390650ec28135f4b91d88c0574c5c585de55224dc9236505bf6f7b6e1a3c48cd900db070baae25191
-
Filesize
93KB
MD5dc4c721ea81523571faf485d8dc6b9b4
SHA1c736246c7a6f930f6e6c4571d27f92815eaae389
SHA25689e82ab770f9df4116ddb5b1e1d0021e3f7b4d6e3b82081fe9a1de9fd22560e5
SHA512f86b5a8badc5acd10645afb198ac9019e0a912381678187e2275fa69025ef54e49fdd8e1c8c49012aaa17be414fe871445b7ea06cb8466325365a6f33f804ad1
-
Filesize
99KB
MD53524be75c01a0958320d7e79b308eff7
SHA1bd4b88b7825543247435d9eb017397de76e9d523
SHA2564dd206633f3839c22b8f9f31666e074075eb3697cec1e13e05ff6cb9d35275c2
SHA5123b104bbd6467b9024819eeecf032137b1d32d6acbe1fe506b838bdc1078105bbeeeba8e6706abd277654fd1faa47d7228f8637ac9960194c0a3a00bb940d4ad4
-
Filesize
109KB
MD56a9f1f92ec819b13d688c216f3812191
SHA1cb8e6ec353ea04901fb3acbcb71b65d210f47d83
SHA2569e0d40243547db11fce254256a4f8fe9f68f916f1597c8017e1fa365a1911413
SHA51298f0167490970dd790c7d8fda6cfa099f2b6fb1e0f1bd7abee73302f34de2dfbddd5a79d1584ba0f6ecfdf98575db230fe651ab77b9892f1813df1d566ba9a08
-
Filesize
99KB
MD5cb86419192f8afce2246236d4f4987a8
SHA18653dbe785e9612f18d33ed05f3257bb2fce05e6
SHA25671309582752dd3f9e7823de98ef3039c957161599b21fa15c03eee38e7bb748e
SHA512ad68413f06d4c917ee65d0b39554e980b6e8dfec4fb901c18fe5aa94396c1e635a4ec6261b4c626294d6734d283a904b7f5a266c09755a709013bcbf355247af
-
Filesize
104KB
MD5f45241ed1e910e5c703b37468fe0f1af
SHA12059ac481f6082ad218ac95f79839a87cf4e480f
SHA25671f23d2d928d79f8984021c608e5a9d1b8eb598d231676cc96ecee3e83f68b3d
SHA512a6862cd975f52473015a5b56f036aba639667f09be444ec2c15df9b9f6b5572fade07cb8f7535704170c2f5ed2bacc4d014f6fb4d94713336dec459999408a9b
-
Filesize
112KB
MD53b782f91afea3beb8f08bbfd2f3efe20
SHA1196542f8167585d9fe16765cfa9035f6d5376843
SHA256fc4f56a7568d65079d600706b11bfcaeec4dda4ae2bd5da34ecf524411d52a11
SHA5124ee1aa512ae172af27cd685fd7caebf461426898e95a7413e4da462a05b2a2b29bf4e310617d803d67615fcb2cf43aa996d4e6f7bb63e2c5d78f162c868718d6
-
Filesize
88KB
MD5d6bb4ff5f0a8c322cfde55a5e240c55a
SHA1c6226d1dbd0025b2f1dc00ed42e9fd68c4f6ddeb
SHA25633b413e3302e353dd8dc79de0558ed334558be531224e4435878b1fe34add33c
SHA51239c03722d2dca6b8b0c6b1183048707a3c094da07169af55c3322e8d2adaed5c8bbf87c0cadb4138be1878662adedb092585703efb38820ab5b5b9a5b4832513
-
Filesize
5.6MB
MD5ff6b65de0e41d5bcb3b4ba09a6990c0f
SHA1f962a1e4ec9c7d2ec4625be854fcb505e0be4427
SHA25641f6a727a284fc75e82310a6c7ddb1b609c89cefccf3a25196623d4f9c524e36
SHA512d6f6d8d62ec74d6b3800480152b98d66d78d5c528e305064bf1347bbc18177c2708a626cf7969377e9abc6a4e018ecaba046b3042419001bcc239ad263c0d435
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize13KB
MD5dafc6b47b09b5768e3dfad610be355d9
SHA1045a02024363994a9724cd5154fd7f9f33266738
SHA25643ef730d109e475a575e1e4bcf5278d417051627fdec896067c175b2735ad15d
SHA512b30f93bb0daacb1c6675303f2b40ac990806ea044c4ccc740c4b408620f66c7dd93125c98c7a1a88da6d63192143f3478964491bd18dbaacdaadcbdce54e27e9
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize10KB
MD597ccd63ca5d6f4115d67ba2f87ae8c97
SHA16da15c70a2ff3de00cd24fee75dd5da4821af129
SHA2561ec35c499c03c58d8b263cd16023951cfcdaa3d3cf245643055d65e054f856b9
SHA5121d25fee90b80521a63e34d12b5e661dbca8fcf8738d4e47e0e6f1a5ef722f246fc6b74bae2d3671c222a98d4617f8a36a7002ba3d1f418d507f71ff4f63c4175
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize14KB
MD523ec36dd5bfa3db40ba5d395d45d3196
SHA156926a51f24c68954b2990389b692354b2ed6038
SHA256a449595869e601c4632ae2bf546a82bd7536b85ea170bf5061fa6f46ecd08d37
SHA512cd10d1fb2bb976d4f7468b347aff47b1b3fb40a9c86ac2e30612195e06e8b2f7ba0b3d7bddfbcc7ef9a7164f0b0e39bccf0bb99b2940a09c33e730edcc74112c
-
Filesize
5.2MB
MD5c52eec089b9dab56e69fa5f4d9350d8e
SHA1e89b321198835baa1313dcd1b7eb71fc75eac6b7
SHA256d1a0d760bf92479e176dbddb70669d9c3bcbcf8743c5601517682ee300a202de
SHA512894f3ece52ba0fdb7bf5eb3b4a473df66230be894fc47ba2f5189a06ec5db252f0a215d6062514c5b467cdb498555ef03b2dd26d6a8d76a25e121bff67fb4677