cobaltstrike | f06db9c75a06300eaec988614ad581b745932be9899229a31cdbd4ffc7694bd2

Analysis

max time kernel
1800s
max time network
1793s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
10/05/2024, 20:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

19KB
MD5

324bc9f4391f4b33c71a67f8f965418b
SHA1

1b6ac7844a86237df3f39a03d4c2cc4453cb0feb
SHA256

f06db9c75a06300eaec988614ad581b745932be9899229a31cdbd4ffc7694bd2
SHA512

2b605b2d5b2e7d5759f8d4f844ce9f059a7dede64a927173b84e982b26e76bd8401e2ebc648c6a62af0c94d2238f965b7249cdf7236d3c160f630342b63551c0
SSDEEP

384:rbKrrqDpmReVoOs4Qi9ylKeGMmU8HhhbiQi7dro2paWhOwob0Jn+tIJCgMmVn:rgWBVoOs4QmyI1MsBhbvkdKWhOwob0Jj

Score

10^/10

cobaltstrike zgrat adware backdoor discovery evasion execution exploit persistence rat spyware stealer trojan

Malware Config

Signatures

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000200000002c8ca-12609.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Detect ZGRat V1 5 IoCs

resource	yara_rule
behavioral1/files/0x000200000002c548-9294.dat	family_zgrat_v1
behavioral1/files/0x000200000002c55b-9290.dat	family_zgrat_v1
behavioral1/memory/12040-12082-0x00000210F2F80000-0x00000210F2FDA000-memory.dmp	family_zgrat_v1
behavioral1/memory/12040-12121-0x00000210F3E80000-0x00000210F40DE000-memory.dmp	family_zgrat_v1
behavioral1/memory/11476-12251-0x0000027349F90000-0x000002734A124000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Downloads MZ/PE file

Drops file in Drivers directory 4 IoCs

description	ioc	Process
File created	C:\Windows\system32\drivers\rsCamFilter020502.sys	RAVEndPointProtection-installer.exe
File created	C:\Windows\system32\drivers\rsKernelEngine.sys	RAVEndPointProtection-installer.exe
File created	C:\Windows\system32\drivers\rsElam.sys	RAVEndPointProtection-installer.exe
File opened for modification	C:\Windows\system32\drivers\rsElam.sys	RAVEndPointProtection-installer.exe

Manipulates Digital Signatures 1 TTPs 64 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.4\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.4\FuncName = "WVTAsn1SealingTimestampAttributeEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2006\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackAllocFunction = "SoftpubLoadDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\FuncName = "EncodeAttrSequence"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\FuncName = "WVTAsn1SpcIndirectDataContentEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.4\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverFinalPolicy"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverFinalPolicy"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\Dll = "WINTRUST.DLL"	regsvr32.exe

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.80\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe

Possible privilege escalation attempt 6 IoCs

exploit

pid	Process
9524	icacls.exe
1216	takeown.exe
10008	takeown.exe
6568	icacls.exe
6856	takeown.exe
8872	icacls.exe

Sets file execution options in registry 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rsEngineSvc.exe

Executes dropped EXE 64 IoCs

pid	Process
1804	RobloxPlayerInstaller.exe
4828	MicrosoftEdgeWebview2Setup.exe
3752	MicrosoftEdgeUpdate.exe
1484	MicrosoftEdgeUpdate.exe
1124	MicrosoftEdgeUpdate.exe
3912	MicrosoftEdgeUpdateComRegisterShell64.exe
1532	MicrosoftEdgeUpdateComRegisterShell64.exe
1100	MicrosoftEdgeUpdateComRegisterShell64.exe
1008	MicrosoftEdgeUpdate.exe
1672	MicrosoftEdgeUpdate.exe
1032	MicrosoftEdgeUpdate.exe
984	MicrosoftEdgeUpdate.exe
1484	MicrosoftEdge_X64_124.0.2478.97.exe
1788	setup.exe
2628	setup.exe
652	MicrosoftEdgeUpdate.exe
3912	RobloxPlayerInstaller (1).exe
4844	RobloxPlayerBeta.exe
3284	RobloxPlayerInstaller.exe
3924	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
2196	RobloxPlayerInstaller.exe
4636	RobloxPlayerBeta.exe
956	MicrosoftEdgeUpdate.exe
984	MicrosoftEdgeUpdate.exe
3428	MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe
3652	MicrosoftEdgeUpdate.exe
4180	MicrosoftEdgeUpdate.exe
3328	MicrosoftEdgeUpdate.exe
4448	MicrosoftEdgeUpdate.exe
1204	MicrosoftEdgeUpdateComRegisterShell64.exe
3260	MicrosoftEdgeUpdateComRegisterShell64.exe
4904	MicrosoftEdgeUpdateComRegisterShell64.exe
416	MicrosoftEdgeUpdate.exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
6960	saBSI.exe
7252	rsStubActivator.exe
7884	j3fgzk5f.exe
5676	RAVEndPointProtection-installer.exe
7772	LDPlayer.exe
6060	rsSyncSvc.exe
3456	rsSyncSvc.exe
4228	installer.exe
4352	installer.exe
8440	dnrepairer.exe
9116	ServiceHost.exe
9640	UIHost.exe
8996	dismhost.exe
11244	updater.exe
8572	Ld9BoxSVC.exe
10380	rsWSC.exe
9040	rsWSC.exe
11024	driverconfig.exe
11724	dnplayer.exe
11952	Ld9BoxSVC.exe
2028	vbox-img.exe
5168	vbox-img.exe
10236	vbox-img.exe
10004	Ld9BoxHeadless.exe
9940	Ld9BoxHeadless.exe
10076	Ld9BoxHeadless.exe
10980	Ld9BoxHeadless.exe
8888	Ld9BoxHeadless.exe

Loads dropped DLL 64 IoCs

pid	Process
3752	MicrosoftEdgeUpdate.exe
1484	MicrosoftEdgeUpdate.exe
1124	MicrosoftEdgeUpdate.exe
3912	MicrosoftEdgeUpdateComRegisterShell64.exe
1124	MicrosoftEdgeUpdate.exe
1532	MicrosoftEdgeUpdateComRegisterShell64.exe
1124	MicrosoftEdgeUpdate.exe
1100	MicrosoftEdgeUpdateComRegisterShell64.exe
1124	MicrosoftEdgeUpdate.exe
1008	MicrosoftEdgeUpdate.exe
1672	MicrosoftEdgeUpdate.exe
1032	MicrosoftEdgeUpdate.exe
1032	MicrosoftEdgeUpdate.exe
1672	MicrosoftEdgeUpdate.exe
984	MicrosoftEdgeUpdate.exe
652	MicrosoftEdgeUpdate.exe
4844	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
4636	RobloxPlayerBeta.exe
956	MicrosoftEdgeUpdate.exe
984	MicrosoftEdgeUpdate.exe
984	MicrosoftEdgeUpdate.exe
956	MicrosoftEdgeUpdate.exe
3652	MicrosoftEdgeUpdate.exe
4180	MicrosoftEdgeUpdate.exe
3328	MicrosoftEdgeUpdate.exe
4448	MicrosoftEdgeUpdate.exe
1204	MicrosoftEdgeUpdateComRegisterShell64.exe
4448	MicrosoftEdgeUpdate.exe
3260	MicrosoftEdgeUpdateComRegisterShell64.exe
4448	MicrosoftEdgeUpdate.exe
4904	MicrosoftEdgeUpdateComRegisterShell64.exe
4448	MicrosoftEdgeUpdate.exe
416	MicrosoftEdgeUpdate.exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
7884	j3fgzk5f.exe
9240	regsvr32.exe
784	regsvr32.exe
8440	dnrepairer.exe
8440	dnrepairer.exe
8440	dnrepairer.exe
9152	regsvr32.exe
9116	ServiceHost.exe
9116	ServiceHost.exe
9116	ServiceHost.exe
3404	regsvr32.exe
9116	ServiceHost.exe
9116	ServiceHost.exe
9116	ServiceHost.exe
9640	UIHost.exe
9640	UIHost.exe
8996	dismhost.exe
8996	dismhost.exe
8996	dismhost.exe
8996	dismhost.exe
8996	dismhost.exe
8996	dismhost.exe
8996	dismhost.exe
8996	dismhost.exe
8996	dismhost.exe

Modifies file permissions 1 TTPs 6 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
6856	takeown.exe
8872	icacls.exe
9524	icacls.exe
1216	takeown.exe
10008	takeown.exe
6568	icacls.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.80\\notification_click_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.80\\notification_helper.exe\""	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32	Ld9BoxSVC.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32	Ld9BoxSVC.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.80\\BHO\\ie_to_edge_bho_64.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.80\\notification_helper.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.80\\PdfPreview\\PdfPreviewHandler.dll"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.80\\EBWebView\\x64\\EmbeddedBrowserWebView.dll"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\InprocServer32\ = "C:\\Program Files\\McAfee\\WebAdvisor\\x64\\WSSDep.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.37\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=38278893712F40999F3E7487BECEBC9D"	BGAUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Drops Chrome extension 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.4921_0\manifest.json	chrome.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok\5.2.0_0\manifest.json	chrome.exe

Enumerates connected drives 3 TTPs 5 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	takeown.exe
File opened (read-only)	\??\F:	takeown.exe
File opened (read-only)	\??\F:	rsEngineSvc.exe
File opened (read-only)	\??\F:	rsEDRSvc.exe
File opened (read-only)	\??\F:	takeown.exe

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe

Modifies powershell logging option 1 TTPs
evasion

Modify Registry
T1112

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000200000002c8ca-12609.dat	autoit_exe

Checks system information in the registry 2 TTPs 30 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 46 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk	setup.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_2CDE88B3CC9A35A2EA16DC0201366139	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_D5824721AFCD338CB437BB54334D6F98	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517	rsSyncSvc.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsScanner_v3.9.1.exe.log	rsScanner_v3.9.1.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7850C7BAFAC9456B4B92328A61976502_6A5F08240159C584DE485971DE45D01F	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_28D42038E58F42E4B1211D7D9045064C	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB	rsEDRSvc.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log	rsWSC.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62	rsSyncSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517	rsSyncSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7850C7BAFAC9456B4B92328A61976502_6A5F08240159C584DE485971DE45D01F	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_28D42038E58F42E4B1211D7D9045064C	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894	rsSyncSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_D5824721AFCD338CB437BB54334D6F98	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_686A447EF0220EBC1D36EF897F31F606	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_686A447EF0220EBC1D36EF897F31F606	rsEDRSvc.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\rsScanner_v3.9.1[1].exe	rsSyncSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_2CDE88B3CC9A35A2EA16DC0201366139	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62	rsSyncSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894	rsSyncSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2	rsEDRSvc.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E	rsEDRSvc.exe

Suspicious use of NtCreateThreadExHideFromDebugger 5 IoCs

pid	Process
4844	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
4636	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\MenuBar\icon_menu.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\Emotes\Small\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Locales\el.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\PlatformContent\pc\textures\wood\normal.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\CollisionGroupsEditor\manage-hover.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\Settings\Players\BlockIcon.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Locales\fil.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Locales\ms.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\Controls\PlayStationController\PS5\ButtonShare.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\ExtraContent\textures\ui\LuaApp\graphic\gr-avatar [email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\AnimationEditor\Circle.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\Settings\Players\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\ExtraContent\textures\ui\Controls\DesignSystem\ButtonSelect.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\Settings\Players\FriendIcon.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\TerrainTools\mtrl_sand_2022.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\onramp.dll	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\TixIcon.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\fonts\PermanentMarker-Regular.ttf	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\AnimationEditor\button_hierarchy_closed.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\LegacyRbxGui\health_greenBar.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCF0C.tmp\msedgeupdateres_fr.dll	MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\PlatformContent\pc\textures\granite\normal.dds	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\Emotes\Editor\TenFoot\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptionstatus.luc	installer.exe
File created	C:\Program Files\ReasonLabs\EPP\EDR\System.Linq.Queryable.dll	RAVEndPointProtection-installer.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\advancedMove_noJoint.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\TerrainTools\mtrl_salt.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\Debugger\Breakpoints\MoreButton.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCF0C.tmp\msedgeupdateres_nb.dll	MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe
File created	C:\Program Files\McAfee\Temp1763597177\wa-utils.js	installer.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.97\identity_proxy\win11\identity_helper.Sparse.Canary.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\TopBar\chatOn.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\TerrainTools\mt_subtract.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\PlayerList\FriendIcon.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files\McAfee\Temp1763597177	installer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxNetLwf-PreW10.cat	dnrepairer.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\Chat\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ViewSelector\top.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon.png	installer.exe
File created	C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Tasks.dll	RAVEndPointProtection-installer.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\AssetImport\btn_dark_showworkspace_28x28.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\GameSettings\delete.PNG	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\ExtraContent\textures\ui\LuaApp\graphic\profilemask_36.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\VirtualCursor\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\ErrorPrompt\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\dxil.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\MenuBar\icon_menu.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\TerrainEditor\lake.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\Menu\Hamburger.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\content\textures\ui\Settings\LeaveGame\[email protected]	RobloxPlayerInstaller.exe

Drops file in Windows directory 23 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dism.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp	rsAppUI.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe

Launches sc.exe 8 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
9416	sc.exe
10496	sc.exe
7680	sc.exe
11968	sc.exe
12080	sc.exe
12100	sc.exe
8052	sc.exe
3452	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 18 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters	rsEDRSvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	rsEDRSvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\LogConf	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	rsEDRSvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters	rsEDRSvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Control	rsEDRSvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\Control	rsEDRSvc.exe

Checks processor information in registry 2 TTPs 19 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	dnplayer.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	rsEDRSvc.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dnplayer.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	rsEDRSvc.exe
Key opened	\Registry\Machine\Hardware\Description\System\CentralProcessor	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	rsEDRSvc.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	rsEDRSvc.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier	rsEDRSvc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier	rsEDRSvc.exe

Enumerates system info in registry 2 TTPs 14 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller (1).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller (1).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe

Kills process with taskkill 4 IoCs

evasion

pid	Process
8144	taskkill.exe
7724	taskkill.exe
7412	taskkill.exe
7208	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 47 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.80\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001"	dnplayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001"	dnplayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\124.0.2478.80\\BHO"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	rsEDRSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	updater.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	updater.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	rsEDRSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	rsEDRSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	updater.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	rsEDRSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	updater.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	rsEDRSvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	rsSyncSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	rsEDRSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	updater.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	rsEDRSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	rsEDRSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	rsEDRSvc.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	updater.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	rsEDRSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	ServiceHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	rsScanner_v3.9.1.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	updater.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	rsEDRSvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}\ = "McAfee SiteAdvisor MISP Integration"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A06-81FC-A916-78B2DA1FA0E5}\NumMethods\ = "14"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5637-472A-9736-72019EABD7DE}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3e8a-11e9-825c-ab7b2cabce23}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\ = "Session Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win64	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\CLSID\ = "{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.mhtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\ = "IForm"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2FD3-47E2-A5DC-2C2431D833CC}\ = "IVFSExplorer"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E}\NumMethods\ = "14"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F05-4D28-855F-488F96BAD2B2}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "Microsoft Edge Update Legacy On Demand"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00C2-4484-0077-C057003D9C90}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-394D-44D3-9EDB-AF2C4472C40A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\LocalService = "edgeupdatem"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9641-4397-854A-040439D0114B}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0\win32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9641-4397-854A-040439D0114B}\ = "IGuestScreenInfo"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00A7-4104-0009-49BC00B2DA80}\ = "IMachineDebugger"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EBF9-4D5C-7AEA-877BFC4256BA}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44A0-A470-BA20-27890B96DBA9}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3188-4C8C-8756-1395E8CB691C}\ = "IVRDEServerChangedEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{4E50ED6A-8A46-4CB9-9E77-B99CBFED1E68}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1BCF-4218-9807-04E036CC70F1}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8384-11E9-921D-8B984E28A686}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0C60-11EA-A0EA-07EB0D1C4EAD}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7556-4CBC-8C04-043096B02D82}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E254-4E5B-A1F2-011CF991C38D}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationCompany = "Microsoft Corporation"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7FF8-4A84-BD34-0C651E118BB5}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-787B-44AB-B343-A082A3F2DFB1}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7556-4CBC-8C04-043096B02D82}\ = "IBandwidthGroupChangedEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF}\NumMethods\ = "44"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-762e-4120-871c-a2014234a607}	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7193-426C-A41F-522E8F537FA0}\NumMethods\ = "83"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-47C7-4A3F-AAE1-1B516817DB41}\NumMethods\ = "11"	regsvr32.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf50f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	rsEngineSvc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f1030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	rsEngineSvc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2	rsEngineSvc.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	chrome.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
5024	msedge.exe
5024	msedge.exe
5080	msedge.exe
5080	msedge.exe
3880	chrome.exe
3880	chrome.exe
2760	chrome.exe
2760	chrome.exe
1804	RobloxPlayerInstaller.exe
1804	RobloxPlayerInstaller.exe
3752	MicrosoftEdgeUpdate.exe
3752	MicrosoftEdgeUpdate.exe
3752	MicrosoftEdgeUpdate.exe
3752	MicrosoftEdgeUpdate.exe
3752	MicrosoftEdgeUpdate.exe
3752	MicrosoftEdgeUpdate.exe
4844	RobloxPlayerBeta.exe
4844	RobloxPlayerBeta.exe
3284	RobloxPlayerInstaller.exe
3284	RobloxPlayerInstaller.exe
3924	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
2196	RobloxPlayerInstaller.exe
2196	RobloxPlayerInstaller.exe
4636	RobloxPlayerBeta.exe
4636	RobloxPlayerBeta.exe
956	MicrosoftEdgeUpdate.exe
956	MicrosoftEdgeUpdate.exe
956	MicrosoftEdgeUpdate.exe
956	MicrosoftEdgeUpdate.exe
984	MicrosoftEdgeUpdate.exe
984	MicrosoftEdgeUpdate.exe
4180	MicrosoftEdgeUpdate.exe
4180	MicrosoftEdgeUpdate.exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
6960	saBSI.exe
6960	saBSI.exe
6960	saBSI.exe
6960	saBSI.exe
6960	saBSI.exe
6960	saBSI.exe
6960	saBSI.exe
6960	saBSI.exe
6960	saBSI.exe
6960	saBSI.exe
6960	saBSI.exe
6960	saBSI.exe
6960	saBSI.exe
6960	saBSI.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
11724	dnplayer.exe

Suspicious behavior: LoadsDriver 9 IoCs

pid	Process
668	Process not Found
10244	fltmc.exe
668	Process not Found
668	Process not Found
668	Process not Found
668	Process not Found
668	Process not Found
668	Process not Found
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
11724	dnplayer.exe
9840	rsAppUI.exe
9840	rsAppUI.exe
9840	rsAppUI.exe
9840	rsAppUI.exe
9840	rsAppUI.exe
9840	rsAppUI.exe
9840	rsAppUI.exe
9840	rsAppUI.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4948	MiniSearchHost.exe
6684	LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
7772	LDPlayer.exe
8440	dnrepairer.exe
8572	Ld9BoxSVC.exe
11024	driverconfig.exe

Suspicious use of UnmapMainImage 5 IoCs

pid	Process
4844	RobloxPlayerBeta.exe
3924	RobloxPlayerBeta.exe
2124	RobloxPlayerBeta.exe
2292	RobloxPlayerBeta.exe
4636	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 4880	5024	msedge.exe	78
PID 5024 wrote to memory of 4880	5024	msedge.exe	78
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	79
PID 5024 wrote to memory of 2200	5024	msedge.exe	80
PID 5024 wrote to memory of 2200	5024	msedge.exe	80
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81
PID 5024 wrote to memory of 1788	5024	msedge.exe	81

System policy modification 1 TTPs 4 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe07e33cb8,0x7ffe07e33cc8,0x7ffe07e33cd8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,4710107980593554450,14338900364974395436,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,4710107980593554450,14338900364974395436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,4710107980593554450,14338900364974395436,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,4710107980593554450,14338900364974395436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,4710107980593554450,14338900364974395436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,4710107980593554450,14338900364974395436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops Chrome extension
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe0787ab58,0x7ffe0787ab68,0x7ffe0787ab78
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:2
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3776 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3944 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4108 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3224 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3212 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1456 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4944 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1472 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4688 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5392 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5416 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- - C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    PID:4828
  - - C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Sets file execution options in registry
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Suspicious behavior: EnumeratesProcesses
      PID:3752
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1484
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1124
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:3912
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:1532
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:1100
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjVGQzhBRUMtQjJDNC00NDdDLUE2RTQtMjY3Njk1MjdGMkY0fSIgdXNlcmlkPSJ7MzBGQkQ5REUtNDQzNS00OEMwLUFBQkQtQzlGNkY5RTEyNjhFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDNjA3QTM1Qi02OUM0LTQ4N0EtQTdBMi1ERkFFNEY3QURCNkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcxOTcyMzE0OTIiIGluc3RhbGxfdGltZV9tcz0iNzc0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        
        PID:1008
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{B5FC8AEC-B2C4-447C-A6E4-26769527F2F4}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1672
- - C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\RobloxPlayerBeta.exe" -app -isInstallerLaunch
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5568 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4996 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6128 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5656 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6484 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4552 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe"
  2⤵
  - Executes dropped EXE
  - Enumerates system info in registry
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6056 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1124 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:864
- C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:YYdvWQ_YmmIH_RkTZuATeFdHNYqXUgdMbTXm7arHtP93DRraZDyGtV8yCXU6GCZcQNaobhQ1jO43K-_s5cYWia30hXAv2w7ybY2xAhUj25kyQMA_--jlIF-dLpdZlFN5zkQ-b_F6Hvtgx9U2ZGQbpzuF01jMBZ5swlPO-kzG2G8hEOO0ILAEdZn2Gj2IqxGagkBb-j_6eL2ovZxcVRe0fE0my1B9gq-LJZAhCkcUdj0+launchtime:1715373788986+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1715373382639013%26placeId%3D10449761463%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D84ab888b-44a1-4c9e-9daf-4e97513cd93d%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1715373382639013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4972 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:WTGSo_imT06iRJRg-DcN80lLb3j0rA4ACuou3J6aF2loSdwo8WiWawmy-prIUdOdCVIcE7VBtEbkQGolCwv2DZHL3F5VBNV5EWUuxhx44lPfZ9b-7ipzg089hQAhpbuyP_wHlwQVrz9PLIewBhzQ2_FSBEeez04OmCqRmDyva2BWINAtgx0YUGtDi_Km6OqIPxbp9g1TlmDB95VgVIdD1Boevoxq-BdB0pmdB-ZCDyw+launchtime:1715373831003+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1715373382639013%26placeId%3D10449761463%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Da4fd8a4e-fb87-4295-a707-fa49a2005646%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1715373382639013+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6456 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5108 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=3352 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6720 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6876 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7108 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4636 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6092 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6396 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5124 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=4652 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=7284 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7268 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7492 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7288 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7824 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7832 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8220 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=8368 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8512 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7768 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8916 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8640 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8796 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=9428 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8920 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9792 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=9740 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=7948 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=9036 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9008 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=8596 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=8924 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=7216 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=8496 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=9924 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=9444 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=9176 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=10088 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=10412 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=8512 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=10736 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=10856 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=11004 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=11200 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=11136 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=11396 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=11372 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=11720 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=8476 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=7016 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=10488 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=10464 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=6508 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=6100 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=6260 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=8108 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=9588 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=6072 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=7916 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=4796 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=9212 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=10576 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=11672 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=10560 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=11752 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=11284 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=7912 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=7840 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=9600 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=11904 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=10796 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=10060 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=5984 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=6540 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=11744 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:8004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=7180 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=9768 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=10940 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --mojo-platform-channel-handle=10492 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=10152 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --mojo-platform-channel-handle=4196 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --mojo-platform-channel-handle=10456 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --mojo-platform-channel-handle=11756 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --mojo-platform-channel-handle=9664 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --mojo-platform-channel-handle=9852 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --mojo-platform-channel-handle=8056 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:7880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --mojo-platform-channel-handle=9096 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7356 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7380 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11056 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:7692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9604 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7356 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:6952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --mojo-platform-channel-handle=8020 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --mojo-platform-channel-handle=6276 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --mojo-platform-channel-handle=4688 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --mojo-platform-channel-handle=7796 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:6404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11196 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10652 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:7136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6936 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7472 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:7512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5056 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:5776
- C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe
  "C:\Users\Admin\Downloads\LDPlayer9_ens_com.robtopx.geometryjump_25567197_ld (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6684
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM dnplayer.exe /T
    3⤵
    - Kills process with taskkill
    PID:8144
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM dnmultiplayer.exe /T
    3⤵
    - Kills process with taskkill
    PID:7724
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM dnmultiplayerex.exe /T
    3⤵
    - Kills process with taskkill
    PID:7412
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill" /F /IM bugreport.exe /T
    3⤵
    - Kills process with taskkill
    PID:7208
- - F:\LDPlayer\LDPlayer9\LDPlayer.exe
    "F:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="F:\LDPlayer\LDPlayer9\"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:7772
  - - F:\LDPlayer\LDPlayer9\dnrepairer.exe
      "F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=787042
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Registers COM server for autorun
      Drops file in Program Files directory
      Suspicious use of SetWindowsHookEx
      PID:8440
    - - C:\Windows\SysWOW64\net.exe
        
        "net" start cryptsvc
        5⤵
        
        PID:8424
      - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start cryptsvc
        6⤵
        
        PID:9240
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Softpub.dll /s
        5⤵
        Manipulates Digital Signatures
        
        PID:9344
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Wintrust.dll /s
        5⤵
        Manipulates Digital Signatures
        
        PID:9376
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Initpki.dll /s
        5⤵
        
        PID:9468
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32" Initpki.dll /s
        5⤵
        
        PID:9516
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" dssenh.dll /s
        5⤵
        
        PID:9548
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" rsaenh.dll /s
        5⤵
        
        PID:9732
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" cryptdlg.dll /s
        5⤵
        Manipulates Digital Signatures
        
        PID:9868
    - - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        Enumerates connected drives
        
        PID:10008
    - - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:6568
    - - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        Enumerates connected drives
        
        PID:6856
    - - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:8872
    - - C:\Windows\SysWOW64\dism.exe
        
        C:\Windows\system32\dism.exe /Online /English /Get-Features
        5⤵
        Drops file in Windows directory
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\CEF5CFBD-B366-4448-8FB1-8E06062921B7\dismhost.exe
        
        C:\Users\Admin\AppData\Local\Temp\CEF5CFBD-B366-4448-8FB1-8E06062921B7\dismhost.exe {AA3F3D39-B5C0-47D3-AC84-16D3B48342F6}
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:8996
    - - C:\Windows\SysWOW64\sc.exe
        
        sc query HvHost
        5⤵
        Launches sc.exe
        
        PID:8052
    - - C:\Windows\SysWOW64\sc.exe
        
        sc query vmms
        5⤵
        Launches sc.exe
        
        PID:3452
    - - C:\Windows\SysWOW64\sc.exe
        
        sc query vmcompute
        5⤵
        Launches sc.exe
        
        PID:9416
    - - C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
        
        "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:8572
    - - C:\Windows\SYSTEM32\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
        5⤵
        
        PID:8204
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
        5⤵
        
        PID:8276
    - - C:\Windows\SYSTEM32\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
        5⤵
        Registers COM server for autorun
        Modifies registry class
        
        PID:10936
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
        5⤵
        Modifies registry class
        
        PID:10528
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
        5⤵
        Launches sc.exe
        
        PID:10496
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" start Ld9BoxSup
        5⤵
        Launches sc.exe
        
        PID:7680
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        
        PID:5472
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        
        PID:8924
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        
        PID:6476
  - - F:\LDPlayer\LDPlayer9\driverconfig.exe
      "F:\LDPlayer\LDPlayer9\driverconfig.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:11024
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      Enumerates connected drives
      PID:1216
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      PID:9524
- - F:\LDPlayer\LDPlayer9\dnplayer.exe
    "F:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.robtopx.geometryjump|package=com.robtopx.geometryjump
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    - Modifies Internet Explorer settings
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SendNotifyMessage
    PID:11724
  - - C:\Windows\SysWOW64\sc.exe
      sc query HvHost
      4⤵
      Launches sc.exe
      PID:11968
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmms
      4⤵
      Launches sc.exe
      PID:12080
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmcompute
      4⤵
      Launches sc.exe
      PID:12100
  - - C:\Program Files\ldplayer9box\vbox-img.exe
      "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000
      4⤵
      Executes dropped EXE
      PID:2028
  - - C:\Program Files\ldplayer9box\vbox-img.exe
      "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000
      4⤵
      Executes dropped EXE
      PID:5168
  - - C:\Program Files\ldplayer9box\vbox-img.exe
      "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000
      4⤵
      Executes dropped EXE
      PID:10236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --mojo-platform-channel-handle=7284 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5156 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:9580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:9576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5032 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:8380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6944 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:8668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7432 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:8708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10404 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:8588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6688 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:7096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2336 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:12268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7088 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:10680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9608 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:10944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9244 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:10908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6968 --field-trial-handle=1732,i,13856579557640488121,10826087907067675882,131072 /prefetch:8
  2⤵
  PID:8620

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3656

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:1032
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjVGQzhBRUMtQjJDNC00NDdDLUE2RTQtMjY3Njk1MjdGMkY0fSIgdXNlcmlkPSJ7MzBGQkQ5REUtNDQzNS00OEMwLUFBQkQtQzlGNkY5RTEyNjhFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyMEY1MTVEQS1GNTM1LTQyRjctQTZBNC0xRUVDOTJGM0VBMDh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbmV4dHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzIwMTUxMTMwNiIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:984
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{99E992A7-014A-4E6E-830E-B12B4C45439A}\MicrosoftEdge_X64_124.0.2478.97.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{99E992A7-014A-4E6E-830E-B12B4C45439A}\MicrosoftEdge_X64_124.0.2478.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:1484
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{99E992A7-014A-4E6E-830E-B12B4C45439A}\EDGEMITMP_DB086.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{99E992A7-014A-4E6E-830E-B12B4C45439A}\EDGEMITMP_DB086.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{99E992A7-014A-4E6E-830E-B12B4C45439A}\MicrosoftEdge_X64_124.0.2478.97.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:1788
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{99E992A7-014A-4E6E-830E-B12B4C45439A}\EDGEMITMP_DB086.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{99E992A7-014A-4E6E-830E-B12B4C45439A}\EDGEMITMP_DB086.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.201 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{99E992A7-014A-4E6E-830E-B12B4C45439A}\EDGEMITMP_DB086.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.97 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6cb3188c0,0x7ff6cb3188cc,0x7ff6cb3188d8
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:2628
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjVGQzhBRUMtQjJDNC00NDdDLUE2RTQtMjY3Njk1MjdGMkY0fSIgdXNlcmlkPSJ7MzBGQkQ5REUtNDQzNS00OEMwLUFBQkQtQzlGNkY5RTEyNjhFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFRjc4OEE1RC0wQUNFLTQzOTYtQkU5Ny00QkZGRTM0NDJENTd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4Ljk3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MjE2NzkxNTM3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzIxNzAwMTM1NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2NjE2MTY2NDMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyNzk5OGUzLTQxMzQtNGViMS1hOGVmLTFhNjc3ZmUwYjI1OT9QMT0xNzE1OTc4NDE4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWJ1aHFvVEpFUmo2bVhYRDJwSVVWdElKU1RTNUU1RjNFR1MwbVdXbVNQY0FCYVlIenZJTTY2d3I5M3hKdUhxcTZKa1phMDNjdHdGUGZmU3dZbG94bUZnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyODIxMDY0IiB0b3RhbD0iMTcyODIxMDY0IiBkb3dubG9hZF90aW1lX21zPSIzODIxNCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2NjE4NzY2NTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Njc3ODQ2NjM1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MTIyMzI2NjAxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iOTE0IiBkb3dubG9hZF90aW1lX21zPSI0NDQ3MyIgZG93bmxvYWRlZD0iMTcyODIxMDY0IiB0b3RhbD0iMTcyODIxMDY0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NDQ0NiIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:652

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:4948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4976

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:3284
- C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\RobloxPlayerBeta.exe" -app -isInstallerLaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:3924

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:2196
- C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\RobloxPlayerBeta.exe" -app -isInstallerLaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:4636

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:956

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:984
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7608031C-63F1-4A95-B36D-D87E0000D909}\MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7608031C-63F1-4A95-B36D-D87E0000D909}\MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe" /update /sessionid "{5FC6F3C8-3188-4B94-8924-7F953ABD07CB}"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3428
- - C:\Program Files (x86)\Microsoft\Temp\EUCF0C.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUCF0C.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{5FC6F3C8-3188-4B94-8924-7F953ABD07CB}"
    3⤵
    - Sets file execution options in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Suspicious behavior: EnumeratesProcesses
    PID:4180
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3328
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:4448
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:1204
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:3260
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4904
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUZDNkYzQzgtMzE4OC00Qjk0LTg5MjQtN0Y5NTNBQkQwN0NCfSIgdXNlcmlkPSJ7MzBGQkQ5REUtNDQzNS00OEMwLUFBQkQtQzlGNkY5RTEyNjhFfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7Qzk5MTE4QjgtOUI0MC00QjU5LUI0MUItMDgwMjkzNzI2QkNGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODcuMzciIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTUzNzM2MTUiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjgwNTUyODIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      PID:416
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUZDNkYzQzgtMzE4OC00Qjk0LTg5MjQtN0Y5NTNBQkQwN0NCfSIgdXNlcmlkPSJ7MzBGQkQ5REUtNDQzNS00OEMwLUFBQkQtQzlGNkY5RTEyNjhFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InszQTkwNTE4NC1GNzQ0LTQ0N0ItQkRCQi1DNThCMkE4MzI5Q0N9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny4zNyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMjM5NzU4Mzk3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMjM5ODA4MzcxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDY2NTU1MjUxNCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzFkZjQyMDgzLTE3YTEtNDRiOS05NDVhLTQxNjg3MTE0NjhjMj9QMT0xNzE1OTc4NzIxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWh2MGF6dHlIdThrdHpmS3Q1JTJmdE9RWHJhcTJMTVFZUGpWWiUyYk5qVGFCQXFQQWRId2ZwZkQxcklGeTdOVVY5allwJTJiUEtXdzNmc2lhRXElMmJoOFhkbktoQmclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDY2NTcwODgwOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMWRmNDIwODMtMTdhMS00NGI5LTk0NWEtNDE2ODcxMTQ2OGMyP1AxPTE3MTU5Nzg3MjEmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9aHYwYXp0eUh1OGt0emZLdDUlMmZ0T1FYcmFxMkxNUVlQalZaJTJiTmpUYUJBcVBBZEh3ZnBmRDFySUZ5N05VVjlqWXAlMmJQS1d3M2ZzaWFFcSUyYmg4WGRuS2hCZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MjIwNzIiIHRvdGFsPSIxNjIyMDcyIiBkb3dubG9hZF90aW1lX21zPSIzODI1OSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDY2NTcwODgwOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDY3MDg2NTQwNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTk4NDY5NDc3NTg1ODYwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjQuMC4yNDc4Ljk3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7OEYwNTlGNDQtMTEzRS00N0E4LTkwREUtRTI1MzE1NThGRUE5fSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:3652

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004C8
1⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
1⤵
- Executes dropped EXE
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:6960
- C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe
  "C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4228
- - C:\Program Files\McAfee\Temp1763597177\installer.exe
    "C:\Program Files\McAfee\Temp1763597177\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:4352
  - - C:\Windows\SYSTEM32\regsvr32.exe
      regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
      4⤵
      PID:6268
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
        5⤵
        Loads dropped DLL
        
        PID:9240
  - - C:\Windows\SYSTEM32\regsvr32.exe
      regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
      4⤵
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:784
  - - C:\Windows\SYSTEM32\regsvr32.exe
      regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
      4⤵
      PID:9096
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
        5⤵
        Loads dropped DLL
        
        PID:9152
  - - C:\Windows\SYSTEM32\regsvr32.exe
      regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
      4⤵
      Loads dropped DLL
      PID:3404

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=26d034d980ce5153eae89b35abf57de1eef480fd&dit=20240510204721336&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i
1⤵
- Executes dropped EXE
PID:7252
- C:\Users\Admin\AppData\Local\Temp\j3fgzk5f.exe
  "C:\Users\Admin\AppData\Local\Temp\j3fgzk5f.exe" /silent
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:7884
- - C:\Users\Admin\AppData\Local\Temp\nsm4C14.tmp\RAVEndPointProtection-installer.exe
    "C:\Users\Admin\AppData\Local\Temp\nsm4C14.tmp\RAVEndPointProtection-installer.exe" "C:\Users\Admin\AppData\Local\Temp\j3fgzk5f.exe" /silent
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:5676
  - - C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
      "C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
      4⤵
      Executes dropped EXE
      PID:6060
  - - C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
      4⤵
      Adds Run key to start application
      PID:10180
    - - C:\Windows\system32\runonce.exe
        
        "C:\Windows\system32\runonce.exe" -r
        5⤵
        Checks processor information in registry
        
        PID:9556
      - C:\Windows\System32\grpconv.exe
        
        "C:\Windows\System32\grpconv.exe" -o
        6⤵
        
        PID:11096
  - - C:\Windows\system32\wevtutil.exe
      "C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
      4⤵
      PID:10404
  - - C:\Windows\SYSTEM32\fltmc.exe
      "fltmc.exe" load rsKernelEngine
      4⤵
      Suspicious behavior: LoadsDriver
      PID:10244
  - - C:\Windows\system32\wevtutil.exe
      "C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml
      4⤵
      PID:10548
  - - C:\Program Files\ReasonLabs\EPP\rsWSC.exe
      "C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i
      4⤵
      Executes dropped EXE
      PID:10380
  - - C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
      "C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i
      4⤵
      PID:6760
  - - C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
      "C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i
      4⤵
      Modifies system certificate store
      PID:12040
  - - C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
      "C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i
      4⤵
      PID:11476

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:3456
- C:\Program Files\ReasonLabs\rsScanner_v3.9.1.exe
  "C:\Program Files\ReasonLabs\Common\..\rsScanner_v3.9.1.exe"
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:9436
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Program Files\ReasonLabs\rsScanner_v3.9.1.exe"
    3⤵
    PID:11300
  - - C:\Windows\system32\choice.exe
      choice /C Y /N /D Y /T 3
      4⤵
      PID:10188

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
PID:9116
- C:\Program Files\McAfee\WebAdvisor\UIHost.exe
  "C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:9640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:8600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:10084
- C:\Program Files\McAfee\WebAdvisor\updater.exe
  "C:\Program Files\McAfee\WebAdvisor\updater.exe"
  2⤵
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  PID:11244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
    3⤵
    PID:9524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
    3⤵
    PID:9100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:7988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:5812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:8208

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:9040

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
PID:11952
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:10004
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:9940
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:10076
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:10980
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:8888
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:6856

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
PID:7584

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:10384
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkNCOTBGNDItQjQxMC00OUU2LUIwMUEtQkUyQzE2RkQzMThFfSIgdXNlcmlkPSJ7MzBGQkQ5REUtNDQzNS00OEMwLUFBQkQtQzlGNkY5RTEyNjhFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QTAyODlFRDAtNjY1MC00OThFLUFBQ0MtQ0ZBOTUyNzgyNTk3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjE0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQxNDQ0OTUiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1ODY0MjQyNzQxOTQ2NjkiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MDY4IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzY4MTEwMDQ5MyIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Checks system information in the registry
  PID:8096
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF176B85-F824-4D6C-AB2E-6EDC89B3957F}\BGAUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EF176B85-F824-4D6C-AB2E-6EDC89B3957F}\BGAUpdate.exe" --edgeupdate-client --system-level
  2⤵
  - Adds Run key to start application
  PID:8824
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkNCOTBGNDItQjQxMC00OUU2LUIwMUEtQkUyQzE2RkQzMThFfSIgdXNlcmlkPSJ7MzBGQkQ5REUtNDQzNS00OEMwLUFBQkQtQzlGNkY5RTEyNjhFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntDMDAwOEI2Mi1CQkE1LTRFODItQUREOC1ERDVCODYzMjBFQTV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNjg4NTgxMDM2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2ODg2MjA1MjkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQwMjQ5MTkxOTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcxNTk3OTA2NSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1oSTNieXNCOXZCUmpNSkpVWjRQQkM2WElKWnQ5ZmZBRXpEaTgyczdxWXRCcUVtYWxFNktlQjV3WG9FMkszU1MzQ2FvdHBPWG9INnYlMmZjVlZFT1UxbzRRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDAyNDkzOTEzNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MTU5NzkwNjUmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9aEkzYnlzQjl2QlJqTUpKVVo0UEJDNlhJSlp0OWZmQUV6RGk4MnM3cVl0QnFFbWFsRTZLZUI1d1hvRTJLM1NTM0Nhb3RwT1hvSDZ2JTJmY1ZWRU9VMW80USUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIGRvd25sb2FkX3RpbWVfbXM9IjMzMzIzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQwMjQ5NjkwNDciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDAzMTI2ODkyOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MDMzNTc4OTQ2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzU0IiBkb3dubG9hZF90aW1lX21zPSIzMzYyNiIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMjI3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Checks system information in the registry
  PID:8836

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:9624

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:10352
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA6B372-D5C1-4391-8862-D829C7D95299}\MicrosoftEdge_X64_124.0.2478.80.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA6B372-D5C1-4391-8862-D829C7D95299}\MicrosoftEdge_X64_124.0.2478.80.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
  2⤵
  PID:7604
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA6B372-D5C1-4391-8862-D829C7D95299}\EDGEMITMP_25E6F.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA6B372-D5C1-4391-8862-D829C7D95299}\EDGEMITMP_25E6F.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA6B372-D5C1-4391-8862-D829C7D95299}\MicrosoftEdge_X64_124.0.2478.80.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
    3⤵
    - Modifies Installed Components in the registry
    - Registers COM server for autorun
    - Installs/modifies Browser Helper Object
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Modifies Internet Explorer settings
    - Modifies registry class
    - System policy modification
    PID:6480
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA6B372-D5C1-4391-8862-D829C7D95299}\EDGEMITMP_25E6F.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA6B372-D5C1-4391-8862-D829C7D95299}\EDGEMITMP_25E6F.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA6B372-D5C1-4391-8862-D829C7D95299}\EDGEMITMP_25E6F.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff643b388c0,0x7ff643b388cc,0x7ff643b388d8
      4⤵
      Drops file in Windows directory
      PID:5424
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA6B372-D5C1-4391-8862-D829C7D95299}\EDGEMITMP_25E6F.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA6B372-D5C1-4391-8862-D829C7D95299}\EDGEMITMP_25E6F.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
      4⤵
      Drops file in System32 directory
      Drops file in Windows directory
      PID:10652
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA6B372-D5C1-4391-8862-D829C7D95299}\EDGEMITMP_25E6F.tmp\setup.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA6B372-D5C1-4391-8862-D829C7D95299}\EDGEMITMP_25E6F.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9CA6B372-D5C1-4391-8862-D829C7D95299}\EDGEMITMP_25E6F.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff643b388c0,0x7ff643b388cc,0x7ff643b388d8
        5⤵
        Drops file in Windows directory
        
        PID:9648
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDA1MjYyNTgtMTJEMi00MjFCLTk4MzYtQTIwMDkxMUNBNTZEfSIgdXNlcmlkPSJ7MzBGQkQ5REUtNDQzNS00OEMwLUFBQkQtQzlGNkY5RTEyNjhFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0OTA4MzY2Ny0yREVBLTRFNjYtOTczRC1FMkRCNjU1MjJDMjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtEeE9iakhHYStuUmEyYXRDM3dvK0lFcEM3OCtaWWVBVWJrWHBEQzJjajdVPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg3LjM3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjk1Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2MzM5IiBwaW5nX2ZyZXNobmVzcz0ie0FBOEQ3Q0QwLUVEQ0YtNDZCQS04QzM0LTE0QjM1RTdDMjYyNH0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjQuMC4yNDc4LjgwIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1OTg0Njk0Nzc1ODU4NjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0Mjc4MTQ1OTgzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0Mjc4MTc1OTA0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDQ5MTAzMTgyMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzQ0NGFmMzBlLWYyZTctNDBiZC1iNDViLTU4ZDU5ZDAwMDQ0OT9QMT0xNzE1OTc5MTI1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWdDVFl4VEJXckE4UVBTSEhBYXpTU211M0dOQ2xsWFNwaVpwU0hDQVglMmI4Wk1zcDdHUmhsQ0VOa1VtWVpKbkI1VzVBejlKVFJoeXh6anc4Tk1JcyUyYkExdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NDkxMDUxNjk1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy80NDRhZjMwZS1mMmU3LTQwYmQtYjQ1Yi01OGQ1OWQwMDA0NDk_UDE9MTcxNTk3OTEyNSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1nQ1RZeFRCV3JBOFFQU0hIQWF6U1NtdTNHTkNsbFhTcGlacFNIQ0FYJTJiOFpNc3A3R1JobENFTmtVbVlaSm5CNVc1QXo5SlRSaHl4emp3OE5NSXMlMmJBMXclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI3OTY0NzIiIHRvdGFsPSIxNzI3OTY0NzIiIGRvd25sb2FkX3RpbWVfbXM9IjE5MzQ0Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NDkxMTcxODkyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NTA1OTIxODE1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDk2MjMxNzc4NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjI5MyIgZG93bmxvYWRfdGltZV9tcz0iMjEyOTEiIGRvd25sb2FkZWQ9IjE3Mjc5NjQ3MiIgdG90YWw9IjE3Mjc5NjQ3MiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDU2MzciLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2MzM5IiBwaW5nX2ZyZXNobmVzcz0iezNENkMzNUJELTk1NjQtNEY0Qi1BN0NELUQ0NkIxQjhFN0M5QX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI0LjAuMjQ3OC45NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGNvaG9ydD0icnJmQDAuNjAiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjMzOSIgcGluZ19mcmVzaG5lc3M9InsxMzVGQ0QzRS0wNEEyLTQ0NUItOTEwQy0wQ0U4MzdCMzEwOEF9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Checks system information in the registry
  PID:10832

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:8464

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:11168

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:11528

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:5168

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:8928

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:11120

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:9728

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:5660

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:9176

C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
1⤵
PID:10324

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"
1⤵
PID:8436

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
1⤵
- Checks BIOS information in registry
- Enumerates connected drives
PID:12280
- \??\c:\program files\reasonlabs\epp\rsHelper.exe
  "c:\program files\reasonlabs\epp\rsHelper.exe"
  2⤵
  PID:11712
- \??\c:\program files\reasonlabs\EPP\ui\EPP.exe
  "c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run
  2⤵
  PID:10356
- - C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
    "C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run
    3⤵
    - Drops file in Windows directory
    - Suspicious use of SendNotifyMessage
    PID:9840
  - - C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
      "C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2120 --field-trial-handle=2128,i,9457402855995329328,4154888061711313912,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:11052
  - - C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
      "C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2560 --field-trial-handle=2128,i,9457402855995329328,4154888061711313912,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      PID:8704
  - - C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
      "C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2772 --field-trial-handle=2128,i,9457402855995329328,4154888061711313912,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      PID:8680
  - - C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
      "C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3728 --field-trial-handle=2128,i,9457402855995329328,4154888061711313912,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      PID:2200
- C:\program files\reasonlabs\epp\rsLitmus.A.exe
  "C:\program files\reasonlabs\epp\rsLitmus.A.exe"
  2⤵
  PID:11032

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"
1⤵
- Checks BIOS information in registry
- Enumerates connected drives
- Checks system information in the registry
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:1948

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:9336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\Installer\setup.exe

Filesize
6.8MB

MD5
1cd79627301bfdeb1d3fba51cad868a6

SHA1
2b71bae909047dd0374425e9df941ef93fb696dc

SHA256
74ab283991de81543bff5786ad8bebd41c243bc00beda305da00c55a60ac2093

SHA512
839860435573bddfcbb950e2986333dd43ab5df5b2a0032fb18cd25c736e94d998b5ea1fc1e1b0c1d02a28b9615653becc4b535434bfd8a7a02f5995acf1808f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.97\Installer\setup.exe

Filesize
6.8MB

MD5
7171f56da52529073c2bda6dad0fdcfa

SHA1
f29fb1d1182e46895bb3ccc38e05220087e92e93

SHA256
32c87af491ca80fc5c5594aa995669161b466957d7b444f3c388ece97b730aee

SHA512
8c81a87f1f77cbed95eff3986d14d7c05b919cdaeabfba0a1335331adadc1e97495332cb6d3969242a9d19f48aa9eb890f22b81f504af615ea5ff64b27c13c73

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

Filesize
17.2MB

MD5
3f208f4e0dacb8661d7659d2a030f36e

SHA1
07fe69fd12637b63f6ae44e60fdf80e5e3e933ff

SHA256
d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b

SHA512
6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.37\MicrosoftEdgeUpdateSetup_X86_1.3.187.37.exe

Filesize
1.5MB

MD5
160e6276e0672426a912797869c7ae17

SHA1
78ff24e7ba4271f2e00fab0cf6839afcc427f582

SHA256
503088d22461fee5d7b6b011609d73ffd5869d3ace1dbb0f00f8f3b9d122c514

SHA512
17907c756df5083341f71ec9393a7153f355536306fd991de84f51b3a9cdf510912f150df1cbe981dbf3670bfa99c4cb66d46bc3016755d25da729d01b2e63b4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D3B.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
5.3MB

MD5
dc7e9583f280caba7a8cb75d8ec7b369

SHA1
431ca19b9248a1cf6c84ed44c2e37f8aca58a83f

SHA256
3afc1fa45b6fc41850c9a0450e5ccb8319af17e71e857731d21d61cba8f8e965

SHA512
06913f5a573d1b7c6b805b3994dab3df26a9a7b75b98a8485e73d3a5ae6dc892029f186c725644f08e8c66d4ef05c22f1cac30e4418f8b59a019c5df968223d3

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-5e534e6db34e447e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

Filesize
73KB

MD5
6f97cb1b2d3fcf88513e2c349232216a

SHA1
846110d3bf8b8d7a720f646435909ef80bbcaa0c

SHA256
6a031052be1737bc2767c3ea65430d8d7ffd1c9115e174d7dfb64ad510011272

SHA512
2919176296b953c9ef232006783068d255109257653ac5ccd64a3452159108890a1e8e7d6c030990982816166517f878f6032946a5558f8ae3510bc044809b07

Download Submit
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

Filesize
797KB

MD5
ded746a9d2d7b7afcb3abe1a24dd3163

SHA1
a074c9e981491ff566cd45b912e743bd1266c4ae

SHA256
c113072678d5fa03b02d750a5911848ab0e247c4b28cf7b152a858c4b24901b3

SHA512
2c273bf79988df13f9da4019f8071cf3b4480ecd814d3df44b83958f52f49bb668dd2f568293c29ef3545018fea15c9d5902ef88e0ecfebaf60458333fcaa91b

Download Submit
C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog

Filesize
628B

MD5
789f18acca221d7c91dcb6b0fb1f145f

SHA1
204cc55cd64b6b630746f0d71218ecd8d6ff84ce

SHA256
a5ff0b9a9832b3f5957c9290f83552174b201aeb636964e061273f3a2d502b63

SHA512
eae74f326f7d71a228cae02e4455557ad5ca81e1e28a186bbc4797075d5c79bcb91b5e605ad1d82f3d27e16d0cf172835112ffced2dc84d15281c0185fa4fa62

Download Submit
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

Filesize
388B

MD5
1068bade1997666697dc1bd5b3481755

SHA1
4e530b9b09d01240d6800714640f45f8ec87a343

SHA256
3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51

SHA512
35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329

Download Submit
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

Filesize
633B

MD5
6895e7ce1a11e92604b53b2f6503564e

SHA1
6a69c00679d2afdaf56fe50d50d6036ccb1e570f

SHA256
3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177

SHA512
314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2

Download Submit
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState

Filesize
7KB

MD5
362ce475f5d1e84641bad999c16727a0

SHA1
6b613c73acb58d259c6379bd820cca6f785cc812

SHA256
1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899

SHA512
7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

Download Submit
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

Filesize
331KB

MD5
8556afbb1722951ddc64e7642ee7ac9c

SHA1
f25a52b068eb3898dc1d018fd481af000ac9cc7d

SHA256
325870bc55b57f0f018c6a572cddec8b339540a0b337ea5efd97014e8c00ad10

SHA512
57d3c271752f6cd44edb43c2d79e7188b57561678057f05bcb145f23e2729715645f3c520eef8106221d7a981bb0f65b80e51a92f86c1f0de11932a92147a962

Download Submit
C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys

Filesize
19KB

MD5
8129c96d6ebdaebbe771ee034555bf8f

SHA1
9b41fb541a273086d3eef0ba4149f88022efbaff

SHA256
8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51

SHA512
ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

Download Submit
C:\Program Files\ReasonLabs\EPP\mc.dll

Filesize
1.1MB

MD5
79a3316d934da771d43a0eb38b43b411

SHA1
f4df6d0423d63f7e0792d1d55af6b36a94c7449a

SHA256
2a96c5474735e92836286f33218d8338591c15b3441faf8672d3b687411f01af

SHA512
b597cc7018ad0a9695c6ffeb3370e3c04e9d35d7090de176aa40531a6720e2bd0cb9f1ab1a8304ed17e0987982028a91b2d8d5cf3229a62c5d0fcd4ab1c6b700

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

Filesize
347KB

MD5
b8f08b5a671b1d91bc615a1be333d037

SHA1
2d17004a8635d9c349b43aec7996384cc7b17a95

SHA256
c5f855c4e6f7aac4547f4dfae4ec03b1d3ec51b18c69ae94d3402b27a32b562c

SHA512
c0f75d936196b65fb2eea75de1d97b9cd6d9a6777553bbcd706e1c3a29248543cc6aa2f47b46142155482613f9106e84e5b8036c0fa46893600272043fc20335

Download Submit
C:\Program Files\ReasonLabs\EPP\rsEngine.config

Filesize
5KB

MD5
517330c5959e0ea014cfb2ddadfae354

SHA1
82b72327a6d7304443e543d8bfb98f0849899a49

SHA256
f30d03e6f8b8b8e1f4a1cb93507629e465b0dcc6c9e68982816d92b5819de6fd

SHA512
2e1f95f16ff2a45e492f03a7df8a96cc984ec8965746320bac255861609a4759ab82d6b99935235dddd3c11c7e7001e495c16650be406b75fca726488f603dff

Download Submit
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

Filesize
370B

MD5
b2ec2559e28da042f6baa8d4c4822ad5

SHA1
3bda8d045c2f8a6daeb7b59bf52295d5107bf819

SHA256
115a74ccd1f7c937afe3de7fa926fe71868f435f8ab1e213e1306e8d8239eca3

SHA512
11f613205928b546cf06b5aa0702244dace554b6aca42c2a81dd026df38b360895f2895370a7f37d38f219fc0e79acf880762a3cfcb0321d1daa189dfecfbf01

Download Submit
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

Filesize
606B

MD5
43fbbd79c6a85b1dfb782c199ff1f0e7

SHA1
cad46a3de56cd064e32b79c07ced5abec6bc1543

SHA256
19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0

SHA512
79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

Download Submit
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

Filesize
2.2MB

MD5
c128d7b407d111298c6fd54b5d1d30dc

SHA1
f1b0a405660ddcef6a37155759f08b1bc50f27d3

SHA256
60bb746a55444c32b1dd73555e4ed4e3d21a792c818279d4952f302553393a9d

SHA512
17f4a4923166da9229bff98dacecb5d9824d435847c4d371d7eb441b6e836d36b92c187fba08666d3c26ce61eeeb7bd5ab675983d793ba9315c47d8d6ca8bce7

Download Submit
C:\Program Files\ReasonLabs\rsScanner_v3.9.1.exe

Filesize
3.5MB

MD5
7f014da8687ccd59759c8a984c1e7356

SHA1
9a0ce7660a23eccd645a41a5ee2973818d0cc35e

SHA256
6c1a7887dda10eb8409c8d131e6b0a88ce7290f4c5aa9784d9dc35a51000f340

SHA512
a4a15a141b64f5549d120ad8e09686448554c6c670ba56746c23abd58a71a7e8051d534d00255af973e974c084123b114027991be48f645acd7ec2ccb123107e

Download Submit
C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log

Filesize
2KB

MD5
0f8bf5e1a18fb9d567460b313cab8975

SHA1
1a3da4ea3db8aa8de2419c79ec9490058a5023b7

SHA256
d0dc1395de9d09dfe9d8a85a99ffdeee42304756d02679757c38094e89d85c9e

SHA512
1b8ec37725288c18fb1686d361bb87cad55dbb818a0c1221f04520f6cfad852fd236d4f769df9a6e6a60efc421a51c17f9dc615b4735a2ad5a891f914b028389

Download Submit
C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log

Filesize
17KB

MD5
1c40e9836c12da07b03c9fc0657c2ab9

SHA1
7c51c4be595acbc9e0af5fe25899a64c55110458

SHA256
1c73584e4bfe443fe1b82914a6552997fff9da7fdcc7c4e484e5c3e18a0b9b8e

SHA512
46782b927055259f433bde9edb8a0c00649b72fc645cb041e5139698f4fcf8fa78b1e6d161e6a144768edae0bc6ee2da03a241d40dec7f57b1aa45698d0fba28

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
1KB

MD5
b5acc6785da2b9a299363714c85896d7

SHA1
2efc724cc015a0c06797a3735188f04c6d724959

SHA256
393c04b3d96aae6317b731c0a4d56660526a08db2c610fb39fc9a121ddf423ea

SHA512
5a052b30907c00fa49bac23e3641ce1a2eefb0fb7376958430b19ede18c5c891a1ca0e9a9044d97bebe2d4d10bb33977497fc1e35eaea7240fc83d4dd8534a6c

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
5KB

MD5
dcab27b9d47874395cd8c0fb0e2e44ec

SHA1
f0519aa457c2e177b9de0b122a0bb8dfc7e7c1ff

SHA256
99300ce653daf1a143387da23d1381e5ffd74309bc9e09866f4faf9ff788608a

SHA512
90fa0895dbc74ef705ca4a6cf1c7d631f933a434583f1d84dd5f5f091e68ea978eef248db74e19e8d6b05551442e40b85259ce3b4ae522b6e9168b97234d7b72

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
4KB

MD5
2c568432b67070d16f9d91d656567f47

SHA1
437240bf328639eb75d291d527947beb5eeaa989

SHA256
59f965d41a8243e6f5448268210aec709537f2fc9a59804b08091b60b1f89bb3

SHA512
80dd3b43bcc59256b01809dc8a55d1d9ae5fc4f027543d305165b84db3ebc4bc461631286342ee6c374ea1726a31c434e2f3f1e726298b2e48be465f4e537e89

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

Filesize
3KB

MD5
2c6c63f313542d1a12b48064b1efbd30

SHA1
f36a50e47148c9ed2f3b5c2970bc6ac14ae4c6a1

SHA256
bce380f1096a4b37ce3ef64171e7b993386c04e4eb902b0b656aa3739c4facc5

SHA512
ab14a9dc113ec92d01657bff5d735d2718a7ac9accf37ab3696451d4a4ae615342448d21608286754a02b9344ef7d0d21a156441a82ba864c7ab58e8be4d544a

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

Filesize
4KB

MD5
8c1eb29cff3aed73a45606924ef6f1f4

SHA1
95718aed180d9664823c0db4f46fbac6e0a66979

SHA256
8715e430fd71b43bef69b5563ecaca869004929c4cdaf5a24f019eaaddd83f3d

SHA512
82829ac086e8df91216a5b2e44b1556dedcdb5f85a528fad08c2d25ed1743813cfa9b32b1b6a0728645212ecad4c5c3088ed80466a21ccf14c850e4a69c99aac

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

Filesize
1KB

MD5
491b588542e94fccb38ab49aa9153746

SHA1
5eeb91d5cec322c4b6d2ff0a07198e35d864ced1

SHA256
f340bfb5e01b526de9304cdd29c144b6b79257a21c97c582d2d02e151751be9c

SHA512
5067452282c0f855de9d7553434046ee2c85a998eec6d32ca6a483709707567e051377cf8bcb4034cbabeb74fc791cf684aba41681b86c0df01a54bd94f3b7ec

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

Filesize
2KB

MD5
63281932368482ea90f49c2cdf4a2a5f

SHA1
19c9655b265aedc8f3d9f2f8d192d27011a1df33

SHA256
cf3e8d35ed5eec5f7748b351160ee87ad83e76be4999a50610797a172e1bf48f

SHA512
2b3f48720e56bd1d3bc92ca213b33e77581a4fda68857be965deadbc2c99744e825b1cc461b364fa2ba6aa19494859a10aa6c6bc76db5211ab12c162af83bfc8

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
14KB

MD5
9b95060f33bb59ee4f99a326438d56e1

SHA1
3235200b7b3167c981057562d7a5e28b05e1bbe4

SHA256
1c8458d6770184c859f74f88993a157ca35804e9e7666e7a00c83ed163afa946

SHA512
24780fb372985ab9a78e57ebbb49321c6391557f5063c7fe82f44718e7258df97ad373a7dee18deb0d5a13b763590ff46fbf605344b09f80e79328d6b8a158e7

Download Submit
C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp

Filesize
5.1MB

MD5
d13bddae18c3ee69e044ccf845e92116

SHA1
31129f1e8074a4259f38641d4f74f02ca980ec60

SHA256
1fac07374505f68520aa60852e3a3a656449fceacb7476df7414c73f394ad9e0

SHA512
70b2b752c2a61dcf52f0aadcd0ab0fdf4d06dc140aee6520a8c9d428379deb9fdcc101140c37029d2bac65a6cfcf5ed4216db45e4a162acbc7c8c8b666cd15dd

Download Submit
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp

Filesize
2.9MB

MD5
10a8f2f82452e5aaf2484d7230ec5758

SHA1
1bf814ddace7c3915547c2085f14e361bbd91959

SHA256
97bffb5fc024494f5b4ad1e50fdb8fad37559c05e5d177107895de0a1741b50b

SHA512
6df8953699e8f5ccff900074fd302d5eb7cad9a55d257ac1ef2cb3b60ba1c54afe74aee62dc4b06b3f6edf14617c2d236749357c5e80c5a13d4f9afcb4efa097

Download Submit
C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp

Filesize
550KB

MD5
afb68bc4ae0b7040878a0b0c2a5177de

SHA1
ed4cac2f19b504a8fe27ad05805dd03aa552654e

SHA256
76e6f11076cc48eb453abbdbd616c1c46f280d2b4c521c906adf12bb3129067b

SHA512
ebc4c1f2da977d359791859495f9e37b05491e47d39e88a001cb6f2b7b1836b1470b6904c026142c2b1b4fe835560017641d6810a7e8a5c89766e55dd26e8c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
87KB

MD5
147fffcadc22bde7b2f6163e18defae9

SHA1
e403aae198c6b8cb39fafd92d9daac0df2256ed0

SHA256
6b5552bce557039d0894693e8b418a5803e419aff29f25d65026c7be6fcfbf25

SHA512
02e59256df047ab52a4d9f716175853ac180f70e05709648f2f2ab76316defb85f4fae70332d1ce58f1c203520b228b88735e860c1f5ed81b6583802d2ce8ecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000066

Filesize
21KB

MD5
73a7387d5d1067fd6e32f6d7f1b65867

SHA1
1f9a3def0081ba60ea069d39a9d70b724ef79b87

SHA256
0f02b4cdc7b359d691c9db4101c9bc5e183d7729336003fef33764f52a6c5352

SHA512
a56a48d9111f8a461f58d6511f05b15e7495426978989d04be78dce0bf34dab081d4cdecc222846fd24254718174f51168bd4e544b928f8ecf84c3c46bfdd901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000068

Filesize
29KB

MD5
3d4203e67107169a2474ac5119c93d09

SHA1
c5c415805aa8571293260dbf5b3afc38ab13b331

SHA256
daf0b2c0d87a9de0c8ff4bb1447bc7968ebe19294ead825c2ec0565496e4c768

SHA512
f976fd5e73a82e5b0422b2e8a7c11d6ed3382771896a0f4098b3be8619687b4321a9db958dcf3876f9bda44005559158be3508aee0cb1c21fa5c217c7b1d107e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000069

Filesize
20KB

MD5
65ea735154b4fad52043cc9b82689369

SHA1
0942adb6b44cd43a96ad5c2640b096d00bca8242

SHA256
edc11286a751b3fa3f9192bc3c468bccb5037d66dd7201286f2e020546d5a474

SHA512
4b3655b485dca25da709a19223e006db69644c6cea3fd64b52add0afcd00d15f697d1f157b0e399f683d5ec462bccd50a7f522704384af5ee1dea821f665736b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
19KB

MD5
1d05cc62583a7db7139e30dc7a7c24f8

SHA1
001c2cb08fc747cde1028a45b75e462ab333ea08

SHA256
35d0d6598bbfd4722ba330d6d957829de05c18706b4ea9443402298720beb854

SHA512
f4ebf61f3a49256e0a1c50e88d940d75891b54a6766d68346550d0fc04d65c63bc6224db35bc150a108d6dec981cc9b292aa90d7c339ff523e7d3a7f90b3d986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
92KB

MD5
e352358a2ebbf266adf18aff006dab87

SHA1
cebaa12298cb2379928e557dbb311caed359f8d3

SHA256
a87e6a38c4436c27ad92e90eec9cfcfaf72c912e32719fbb75d5881292b914ec

SHA512
97f7cf7f39ae08d2a0c2e2bd3564865d956338c2cc656b94fe3868f074dbf1028c55d9ce4d3373e1df29e3d95f9f84265c13ea42ee191af1ed1085eb9c25cb1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
132KB

MD5
f625e5625f12698147bcc70343b8d2c4

SHA1
41264fed5e74ecd53f6d03edb09af44b87609837

SHA256
042c3ed20b9cac047d6275d3b170d141dd366d43de204c018430a6af732c7e4d

SHA512
7d9a3f311f7e5717452b7765c2ea38f394d8ea7dce5f31b643f5b659357b8b81a87faf3423bf9c3651ec6f3288e0d79d75914703c0ad6fe0ec95ff5e369a2f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
103KB

MD5
144854e84da83ffea974a51dc947756b

SHA1
50ad7fa26be4433392808f4e3f0f79ffc273cd78

SHA256
8c008eb45d08a7cdb74767dc72e2e47dd33264487749dfcac472f8d9e1311c12

SHA512
515d5343fd3da1fe397d6722bd6b1ef8fb5a971ba8f7ba351e5c022883f3f4a9b145c70e0e7c54e5b424047adaee997095667df62464781a9f684e74d752db11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
141KB

MD5
e37ff0d4416a8481f3aeb89420492e16

SHA1
06f80ba46de90e82bcf70554085c4a0fd3ae7e3f

SHA256
b1557195bd8756b03e934fd9c844925fab35abc621688ca41cdd9040d5cf1d1d

SHA512
bb5cb5261d2aebed208b70e192cfdd792159d483344e2cb6291d06888c6aee9a69e85ee89f1e77751df771fc5c02106e1cd4649252082d3c0def5fb55850c1dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070

Filesize
87KB

MD5
b5bb52f0efb77f447ce85e743aa7714e

SHA1
a594fc4d3ffe5ff6858348e52d69bab6c6968314

SHA256
aa672399f9b963341d1c7f5b57c22ea98f0ee245b78a4cc25be0bd7d3cfe566e

SHA512
cd86d08f4d1343723782306fff4ef10bb6e240467f80f11c37049297704d55a78f14455d5bd5ee08d8c922a693d5426e2427c1dacecc4925558414e5caa2ea7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000071

Filesize
79KB

MD5
536e0809c3726f870147a35ef60f1aba

SHA1
44aae6429821623324cf97c791c3bb96c084e9a5

SHA256
b1d05fa5e783b4b22e1297423cdd65a0b0321960d6a0e7c3fbbec0c7a94169fd

SHA512
5da611a3d03a1c5d6332de0fe04e6626e68a4cbea575cc6bb06236c9b0bb1283f1b12fa73b879af2525ea93ccf323ef9fe25fe09a84a05f10818aff46a61a919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000072

Filesize
47KB

MD5
f6e08f8a73e94fc76b6611d29ae814c7

SHA1
913a0518ca1c7b0e823f4a7d7049ab537c26fa1b

SHA256
edaa264b1ce64ca77af029ef8939167ee6ca7095efaf4bff477fd35478e32d95

SHA512
265636d9e7d322df27b24b8dd416c8a50683ed1d57638da66dca6fbecf1c736bb0271bab7fbf6bd2da611ab177b256ec918af41f03172ac91a73e18f0787527c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074

Filesize
17KB

MD5
986755864903c92155826a7cbd4bafe4

SHA1
336ea6987616b58e5380517ba79917b39f3ab58e

SHA256
5d630dc3b58bc756824c2dd8ed452b90fe32ae59c2428387d756a15e90da3aa4

SHA512
cfaecb02d5531f0f2edeeb2ed42895deaf60f1d4a30f9bb2f856600c20e10979ae82172cd7e4c40230f5248a8d83c05bf59846bfeabb8cee0465e752c29555cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000075

Filesize
66KB

MD5
7561fee7013d57ab3e83fb31ea51d44e

SHA1
890f11b3222770e94722bb3b9bbdf54ad03ba944

SHA256
0dc6c10630a6124003ae33e0d10849a7680fe869d110e9438edc26545f37367c

SHA512
913882d5878134b9c4964489fff01a3e0e75ae7466883c217e4d15ffba698a84e0e17f910d57ceec0648b00d9709fdf5866573172579f6b1195cc6f2c5fc2743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000076

Filesize
79KB

MD5
ed9b4d5f525de1af27b3fbf60a4ef653

SHA1
9b59359a8dc0e3a4943e8b16ff6cab05babce0cb

SHA256
d24d34de91c0eb0b3daf7e34428e6e45dd29c0a02dd1670006ad938e38d9af83

SHA512
445da2efdb0a3fd30c959f3229976327911d0755006be61f1e5f8a80712dc6052829aed3fdab4e58867f54f08e7fa3489c3989811de1c4fb16759d413a8274bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000077

Filesize
26KB

MD5
26088c06661d1fb4a002e2609404851b

SHA1
31293824e0579bc790426930cf73e9a0c71c0aa8

SHA256
8e9b4a4680b498db825ef610e4e7c68bf3dbfe95383031c7531f1e6dbad454a8

SHA512
3527d553940a6c91b5cef149df40bd5537e46d16442b5bce1e593e743014d3f25250ca8008d912b87b41745006e03e1c942be94a1590b36c1db72bd8ba23e12c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000079

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
94KB

MD5
1569749348194a8e88a005abb10dac16

SHA1
17e251f5a1c6a99d4336971431c249d5c42ba157

SHA256
6e62f37efba256ffd3c51efe8a5caf2bad057ad4cc244e33ccf4f11059d858af

SHA512
22f16016aebd250006344b8816a669a1eae5669f7798317a6fa7b5b41c2dc652bfad4caf9823b576237ff1cd22a881e4585dd105cd144b9830dfa87ed4cca32f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
64KB

MD5
475b50689dfe5ac600b3de04ace088ea

SHA1
fbb328c285b985d98e436e1a2025dc2ef814f08d

SHA256
bb3580399452f7fc44aa591302242cc83e1a1c5daad646fcc2d1d3e81b9b7bc1

SHA512
55bef283c23fe00a25ab86c8e62df455236bb4a114d72da8986d0ab51b46567f195d35f94de1e133ae61e95d121de99938aa02e80abfd38c3c841fde9214c381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000080

Filesize
54KB

MD5
81436adcd5f1066ea9c715dcae02f693

SHA1
8cb59e7abcbd7992dfee284b9730180388bbf28c

SHA256
ae4c30f14a6d50ed46cc4218d5071d3c45e1e1fc570c783e059e1e00bf24da44

SHA512
1791926fa16bdf5b9c7e31dec3bba435aed9d2b33992158ae244d5d35ad7ef523c5e81542f0b23b7072da4921a2e17b3106f57ce462a9dcb67069efb97889dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000081

Filesize
28KB

MD5
974c159e70b711b491f1738a84558f47

SHA1
8875d116f4fd66d2eafcbc7f8a40516b7b506137

SHA256
dec160fa56f2be03898c190060c11da82a2eab754a1a5f4e965795c0f6cd8841

SHA512
415c7455d2af49a612b7d5d1f25422093a70ac7a0330279cf490f9f3d5d4b7c96c6a5b021c140713b9d44cbe37077852f1fd09008ddc3fda66a756ac107261d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000095

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ed

Filesize
19KB

MD5
fc47b08617b08869c9c5f5f6a5c07f53

SHA1
70366b3a8cf99a7b1c135bfdb0b2ede1fad91e6f

SHA256
fe93c85d8bd89371a90833d1402865d3c5a6866b7d6048570407c209a1b8dc9d

SHA512
b519f8a1a915bc2c7f15d9881bc2f4278ade1a274467a769e3f3ebf3239ae836649c9aec92e718c798063d5f841f5fc1305c3067fa961226c0791111bf123573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f1

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000105

Filesize
3.3MB

MD5
7c2e5ef59e9589422bcd5bf3726fbcb1

SHA1
c4dac6966ac4cd3500d6a7fe44138a0db639d507

SHA256
6870e8dbcfaf543500add1d303de528c34e3b1f4d4424b0097c4ffb408a44fcd

SHA512
28870d9cb07f964ba0ecedfb25762cb4530bda869cc717dd4fffcd176085f03c05fd129b23e826dd6ac33ae6af8132bf9dc317ebffb52448b83236ad2349ca45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\05a3c6da25ac3d19_0

Filesize
278B

MD5
5f0df4e30a3f010800ff2ff8c96bf8aa

SHA1
b2644e099dfbd4cce671643917e97192d7bd10c1

SHA256
dee00469d09363a2d7c2c041c05c1441517c0d556e9bff759efb1bbd25f4c26c

SHA512
1a1ba4ba71803419c675cc564996404f16e2c86e4dd08866ec95457ba26a158be801e6d91865df87845e1b5afd2e5a57d755e0e9646f6aafc36db56a37dead9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1bc441544cf7960a_0

Filesize
280KB

MD5
0ec065432edff6671aa00304ebd4f130

SHA1
72020cc1b8e69e6361156e136c239935c3d18b16

SHA256
4e54e24c99aa091219b9af05a4960cecaa3849ab28f347a71c822d97501b1229

SHA512
256f668a964eba949c55a470dcc0845e805df50f2e72b81e9ee3ff8615aa3e5d3e4c83d761cdcb6962089baf9ead204caed9c696604ba4de1b46206b7df03518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\52bca1ff264bdc91_0

Filesize
139KB

MD5
efec219e4a72db42fe1ed82ee269391d

SHA1
f9129641a8dead26534f1473d77fa0f605eef9f1

SHA256
2efbafb7930416b0caddbf7c185c1880334be412b1346c57a8717b424afff063

SHA512
74a56144becdd53177908c1f3945a14d8febb4b353893a8f2ff2bdc92fb8d0ef256e989f5a19b5fa7f54a25a097fbc7c5036d9c382264e9e6b986d684e47cc14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\62f4888f026243a4_0

Filesize
33KB

MD5
3e3e064b3ba0a52f6193d16b2a148822

SHA1
e10803fba300307b818394f8251253bdd3fb8158

SHA256
2c4c305c11410ccc179aa3b088830a1dce3950f38c22841aa25df7d2b0c1ec08

SHA512
4585cba788fba79e8e27f10462936f4e219d69db3810521a29ab51312f1222c057651916420aa1c318a51ab57ef5df6e503d6df5c7824a0f25810388b965f28c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b18c738ad76971e_0

Filesize
46KB

MD5
b54e518e8eac1d955e0594c447737d86

SHA1
4e153d41c12731835e85c2d390ae66fef55604db

SHA256
b3a855f5a817559fa2aa8b013b1cdf0f6224477a052aaa7ec4eaf65e92258dde

SHA512
9d0677ec7642a9087d7eebe64fc2da2d86d643c0655a99158a432c88b9fdfcadcd1b4d9c5558aed6a02ba77dbea262424a9ba61278b1a4110489b7718646f72b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\79624e4879f6cb49_0

Filesize
241B

MD5
51ef7dd903eac01e79fdf5947a838a3c

SHA1
f08ec14279d972150ebd3898e441c590df569e74

SHA256
361824623e043bbc20dca9194bf2546698a9bc27600230e9de36c37188fc1dc2

SHA512
82ac8451db7d4487316273d9c412827dceba45b954da87d65428282596a425cda0f5e3924ab65e66c32c03affdb92cb46ec6a0018600c62effe7fa9c94b77283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7981ae5de352b8be_0

Filesize
16KB

MD5
726fd6c64f8d2649ddf3751bce658c0e

SHA1
f7f8aa5150f6a5d13fc702ecad2cc9a3245642cc

SHA256
f23c904df9e2988a13684c77b3483a2416c3ffdb93dae3b685655da5b080893a

SHA512
dd476411c7ada635f0a41c577456d8f78175145d273f1d6ca009ae00b02ba3617389da8371014d21daab3713f63f976db74d71ef2d02dd24672d09ed1be193b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\874c2337ba28d3bc_0

Filesize
276B

MD5
3907580e8c0ef181f5c669bd03c3b172

SHA1
0bcbbd51391691ae55bd292b12356558409d3ad2

SHA256
32a0a59c5c747983bc9dfd5937cd81201ae5c1e42e9b7b9cf397f5079a62159e

SHA512
1e7e83335277a7c5fd64df57a1251cbdc849a1947bb9da6f9cc597bb362c980df3117e7382887d512c57d89f38e3aea0aef6308183215c07f6c856566b0793d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\96c87ccc79fcc6c1_0

Filesize
292B

MD5
f691a0c068d2873895e887dfec304bb6

SHA1
a78b1dda976997de9a057660bfa2cb4e37a3a4bf

SHA256
39c1aec3f8bb8f4b9a79c2fe73ae48f607f15faae5e09289b884b32e3a84a281

SHA512
7b22470fa62d5f4207da945aab7bc364b5af5dfedc92b9c57c81a1e8cd5ea3b537bb114affdf14362d0cbcf02029ca770e56406f7d074142fe2c9195fdf6b000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a19e12eb660e4818_0

Filesize
3KB

MD5
bcecb3374dc266e81d194f961c104923

SHA1
8c50dd709c9c8c6493f09f088e499cd824c7dee6

SHA256
4d6ef4bb5cae8b629a9295e539ec4afe45bc5aab733d0aead43cb8682c82d1ac

SHA512
4da19511580c313030974a435c001ec9dca1be7e63d11d8538e60e1aa07ee3ac58e53700afc7cd3fd1d41d6fe4d62a3862777564b6eae92e1e5b868ecb547375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c10d1912eb744857_0

Filesize
298B

MD5
0140b5818303295a290601d4c65d2fb3

SHA1
5717c58da724849e8e40a214578bf151ffa274f7

SHA256
a83f51bfd01774007d7bd2f9fbea9307c88ffd86d3cbe04176b0da365f7b67ce

SHA512
ce76271106d267ed4e18f0989a942002180d353650007480f4fbcd739bb0a63775942e5314f0472c44b10de31d3254cfecdcf6c47d9fc57207f2e614471af6f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cd4b09397963acb1_0

Filesize
268B

MD5
8f841b93e5e04a15fcb6ff4211eba253

SHA1
a0d34e0c8359abf43b513b78cc3993914e27bcbc

SHA256
de950b39623efc89f35be510d1c13079627c33fd49c90d2c953b8dc469587a5d

SHA512
bb9d6df0ff9d7dd3bab8e05f6bc67e27dee9d301dd2f4a3b2c3d43dbbf8daa877cb26db30fc1d3c8812db0c91394fb164df02ade436f3943dc9a14abd15b8a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d916ee5ec6d80aa1_0

Filesize
11KB

MD5
53a74db21a93bf1e8cac1cf01b23cbd1

SHA1
5564d84215a7ef4d6e62098cc952a33009a8e6fa

SHA256
08d6705c882bb63d18dd5eab2cbc605e275fda02540eb3c3c60c52f99ab5b894

SHA512
e8f50ff0b270390bbb56ecc5d5a8921c0956d674fbce8fa54b91872e69df86ca28f5e53060fd9428dc86e09422697d84aa88f437387b9b2c971dbb36f97c0307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e0507e992a50e74b_0

Filesize
273B

MD5
55f859310668c18690912d3f6c8e04ca

SHA1
a042986e2059b43f496b46eeaa03f8a42e4d4f92

SHA256
89447defe55d5df83875850113563e3ccb22b1fc961ad76048946be4d05af413

SHA512
bb2650074a2e96d8836e4f767822c3166791dd06161f96f4e951996114eb628aa40e51a109e82aae6ec460b819848d130c874efa1fae0d98e832b1c2de9d10f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
f17aab4b069d5f474589443769f3b04a

SHA1
7f5ace1e28a90a3c5aae44cdec1b78061e8f3f41

SHA256
48b0574ea5c521b5426cfb326fb93211a0b3fbee6331c56553a1810f8b7b4f0e

SHA512
fb7dbdc5d1f4025e761c132da8a68bb7940c74278fcb99e2dabc8d54e51a90bcd839bffbf71f2f29e861f106c4dc002737756288561f373d5cc245ae8a72bbb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
1404c77fe4a10e8fba3a962fc1f441a6

SHA1
9d3fd879dd417a00bea5ed9efe787dc48c67f95f

SHA256
07ea07b8a2e1ee885033c0c7a8f83667e92bbf41f85a932418e658191ecd55ed

SHA512
4452150594c33445fc019cc64cb4b36fce9026ab317a1e89a9afc36a1bbb07754fe729c797eebe241ee7c94af5ad8b7dca2e95c6a836b6b4e8ce7ff9f5074447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
fb2748ca17e00748630e7a08d1becd4d

SHA1
6d65380b8d0d8dc5de93e61f25c7cee31bdde7f7

SHA256
a2839aee201bbbeb1cd05a84521905c724f0b9f78e87f05b9b89a53b50584a4a

SHA512
891963b4bbeab4c88133b4f1968da42ae15640f5997079d91a00bb9fec103aaf243c206b806801c92eea3f22408be3f168b8b628fc080b23e9f9b1372995f560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
955a6562ba13446f605aafc384609bfb

SHA1
383aa2add8086ec6ec5e9319402e634e56f8b157

SHA256
1de5069322dd217736beacb728a521d4c4cc956cec05a3e86b506b41d4b72cb1

SHA512
99d2ef1204fc2c29fb8b7de28f0d3c99657cc98ccdd72128785088ccdb4b54b551c6837b8d90b9294f79834732b5537fba5690d8f4328485fda20d6082b752a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
14f4aa600face386a9f582323dcf7a4a

SHA1
04517b2ca3d5c01560a833a6ec9ecd408f8edd9b

SHA256
eddd4aa24de49c5c685b5aac7193c7c8c3d908c0720bc025f7ddcdd91f6a32a2

SHA512
522d892c08c54239b22f0c688f9366e8be3daaf995169b47136c4fec23166dcc5fd3c3169b3bb5236bd01a264855c7a8e91e090ddcc749503f0c4fbe36610db6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
79874746c4bd22bf11031f18cdc3327a

SHA1
eef1b984a996406a5a0d608ad050136d10dcc22c

SHA256
fe8f36382984f45feda830adbdfb6e6ebad3e6d00e34c007aa155511223210fb

SHA512
b25fde8d7614203f91d8d953d407f5ff8d386dd66ed9fde13bc52032000fbe3ef35c0fc6d56cc90a1afc038ff039feb3ce236b278a9a617a3930407700e5b126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bd345df39bd7448c4ec53b965c4b1cee

SHA1
41aa73d1b22f2ee60d949847e0fb95d33fc8a6ea

SHA256
c04a320cdb57cd592742d816f549640665423ad00296ab549b78bcf552d24e30

SHA512
3e5c4093bc1c6a9464e595e7cdd8c5c80ccc5e637bb0e44bd493c131b147dca172fc9bdd1a66e9b959af7c5a15d138ad39f065c3a30885b2318be551b143c7c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3dd30df76e0eadd35cf6e8c2e6993771

SHA1
582b4409fcac1b6b2411e66e759f665b5756966e

SHA256
10883ee18224817e4bc8c3d99b6e855924c5e411c11969f14395491114873836

SHA512
eefad4b8db333078aaa6da114c97b2359a3203b24d70751b0a1bae36a9a4a0eca28c955f0e5ffada3b53bf860766158ff482e1993384e98c53ffd03842b407e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\_metadata\generated_indexed_rulesets\_ruleset1

Filesize
899B

MD5
54b8963605e13d9f85e145b3933e233c

SHA1
e6eae0d378cb72ce897a976dfc25ceffa9a0c900

SHA256
21ec97d6415cde5c52ecf20b183b9a5b2f76aecc8088b9dde49bdf195d1e9038

SHA512
3c4dac3f506789627bb858b67a94b8e7a87cf41fc801c7f3f2b827dfdd7b73ddc31ee342dd565a4ef592862d4df1c7c2192568de2fa9d465f0cec690d1f792f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\_metadata\verified_contents.json

Filesize
4KB

MD5
5a2ae9072e5a82a4d9f6ec0b12423c1a

SHA1
2d589d5f413fa91eaca26566d5dab8085aa830be

SHA256
d8ee4b1f5f91b62de0c994d2e11640c2bf9d84fa18bb68730a416c7262972450

SHA512
f0d46503aa6c414cb169be464999a6d9634280f18456a2462922c9846e291d3bb5f09854d496138770dfd72b0f0eaf8cebbeeae15e711771b3e4d387826c9f98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\assets\icons\icon-128.png

Filesize
6KB

MD5
a3c4a97b3abf5c40532df4c73b6a0aed

SHA1
487bcc26a31f4545cada98e13532510784f3d9e4

SHA256
dc9ab4985526d23074e9cf2ee176e68dd7a5cd282c147df32733da083b7ce8a6

SHA512
71c82630413b7d9e8f2541bb036b1884c2e88ba5abee2e6abf79744951f1f2e65f7a3d82fb59c274ad7f02b3e49ee5fa2f20973410db3cc2ca92e6bb3dd42fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\assets\icons\icon-34.png

Filesize
1KB

MD5
15b14e66c46e0a83449fea81f4d0e59c

SHA1
c3512dc47f25eb700e21a04f0925aa9d6996f08f

SHA256
10a9008f1b5e61a13f2fc225e9444f17a30036f76855826ff0f881de880db15e

SHA512
c0296a9252e9ea8336a28a73fdeb6d90a3fbd13cb5699f9b90e8b2e3858f041509e8886d056b402c5444e9b36a5950fdb8dc93dd46c15a79d84e1e579b5cd887

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\assets\images\arrow.svg

Filesize
782B

MD5
098267b50a118f33b7492712af4fa9d3

SHA1
5662445b9138d268cced9ab71670ea69506e52a5

SHA256
0ec47a14edaf377afdf77304c710ca0021201cb4d815c2883fb06b0253a0286b

SHA512
15300c0637c00480416ce5ad6191015df45686393bb3bd3c75243ae60a2572b1a4d2c5d411628aeb271b73880d4f091558f39c9a68800523a77ce9f5f86266eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\assets\images\attention-icon.svg

Filesize
2KB

MD5
42783644ebb2a199b3618c043b46f0fe

SHA1
c372cc134ab0970a6aaa15f529363aa3a5cb9aec

SHA256
ec38ff640365f6003f28fc3cc54d78c9883147610ca3c395edf4adcb2af91594

SHA512
7eb2e91b12eb1398d22391480574079f22a3928640be3f0d7c4e5230db5f2ef1c48977c1a7e6877f1f4e9a3a236c4410f875fb0f8006a312cb30189d6bb9e9d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\assets\images\close-icon.svg

Filesize
283B

MD5
af135c5a307c0929934ab179965e9e53

SHA1
7798a6f73e13fa7226363db06ffded4644028524

SHA256
947325c209b02cbf029b7197985fbf55740d1b4f65242757889827699f646cc3

SHA512
e83c06bbf1a253235c681b9bb29244891b0d8449e809231e5adb2251bf0fad6a1ec8333e1d31803d5104d45c10e72621ab68d1dd4666e7d0b75c316c2c3f3b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\assets\images\crown.svg

Filesize
1KB

MD5
0f77ada07f818277112ef9ea68d42851

SHA1
8dff529ff78faf8724400c3a99290794f5be411c

SHA256
c9899b5a377fb16bfd7e641092dd1d6d986ce80300d14b1eb8107d78029865e1

SHA512
ccf41cfb6b96d33ac64123482b0794632a8ddda983e03fe9ba012ae6920fa80205549e828619d95059aa2eda7379dfeb722e480b9a961b7bc57b6302a4fb15fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\assets\images\info.svg

Filesize
1KB

MD5
59e2f9e145b1500bf20fe634eacdb14f

SHA1
8b30ef06bec1cbd4704e156f2a7fb01803d9cd8c

SHA256
69739b12cc11ac6e4b417061d3fb46f63cb070a756fa55463ef018ac684248a5

SHA512
fa125384590c831b85f4454a80ffa60fa9dc70d2c95ae4083e045a0cb8ba64a5bf7d3093e8a29fbf1c798ecf777e08824704d9f52523e2453451c8877042b9fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\assets\images\logo-blue.svg

Filesize
6KB

MD5
acc37544364375fc67b44f027773c94f

SHA1
3ea1628a0c300ddafa885e6252e76cd18a952355

SHA256
8c05fe44d139e67155501cfa73c8ec7d683dc0fc42d17869eb8c2e28c8072d5f

SHA512
178a6bd3a043546175468957aa14dd81f2fa8928d6fcd787eb4a5bcc590557bd2a0cf376f5b0aedc7f5215337d5d9ce2dc8b9e4d6bfa66361a2cdabe815fb2d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\assets\images\logo_with_name.svg

Filesize
6KB

MD5
7077be1629422619bbe5057dea2afcf6

SHA1
dccf730b9bd0ba9fb7c505f350aa2428457bc952

SHA256
0d28843ed45447345a2437b02ac99a6426de73143015d70bf2eb43ccd4fc75fa

SHA512
48da879c4223098c02814106279abcd6e5cd4a4379baf4cfeffa2fa7a961c4d8791ce10bb79a6643c1fc63d9b57e969f4fa2e5a2dc47e2ac60a1970b2f67f24f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\assets\images\no-scan-notify-icon.svg

Filesize
9KB

MD5
85be03700bee78ba5dffd47c18f5f796

SHA1
49dd78d61b39a013b4759b8789fff70e720d48bd

SHA256
c289ac227906cd11b2178abc616f7c12ce72e70b089ab86043b857bf44f434f4

SHA512
8e440d8e060cd8c080ed45364e84e124b30ed72878e7563c7ffc5813aec7fd6487dfeac4e237674cdfd7f798da9d1b3e2c7b2a23ac888fa890176606c312eb93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\background.bundle.js

Filesize
1.3MB

MD5
b6b00d4310fd23fa3e1d94af5bcdd4c2

SHA1
88e3dbc145cb0b65795508136c921bc77dc90f06

SHA256
abc1fab0200c29a94e1301a7eef2823640b82e521893bef0bc868272382a40f8

SHA512
251fd4b1c975e06c490e8dfadefa3207eba94d39bbf80ab9a565efb6d5124a99aebe4c03e041f2de6cdb34f45d9b252d132249526314abc997aa4f4d07f6420b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\contentScript.bundle.js

Filesize
534KB

MD5
883885fc1d090cbc70af72d2fc335a36

SHA1
fe0d38738d5c3b6700efcd668567bc0ec766e61d

SHA256
f401990b49aabdfc551a7479fea53e5231451e5afe2f0c73cface57d53b20998

SHA512
07d04b85f9cb0f56732d85e3c7f5043c1ae58379b30465f4b0d82f3d7ee29c97dba1f6349322f3254627b7770cbdbd462cbba086e5ec425170851df471e8fa8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\index.bundle.js

Filesize
447KB

MD5
f1c97f2132c11fcb682bc12d314d1445

SHA1
244eeef80eb528f668b0d41bed6c4922ce15d065

SHA256
4549a2db13a3e2200752e94e2d7890f67b39f7d3cba1a6d00294d3f369ec8a69

SHA512
db0019e0798c00c01400fb0f8dbf456d4cb7379b4268bd79fe8d896f5b72c20dbbd1eee8c2b51c7cf9d490d4f2ce7f4dab0755a0b081d9d3c1eac338a9c260f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\index.html

Filesize
410B

MD5
336fd61de62addda84cc9e5c283b7e67

SHA1
6b5985b920c40c61fb320f70be5f89233754699c

SHA256
6476c7b35152cbbe4906e94dada4e68faf052744cb0da74589679b86d49edd15

SHA512
2f641a563c6283ee3582c597c10be2336a18cf5e4a1e0c1a3c8b661e1ef49774145f15630b90cb5c1f9bd9439c6d64dc2bfc160763ae3d949eb0eca805bfbad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\manifest.json

Filesize
2KB

MD5
d90375baf036b63105f1e57e70344db8

SHA1
577c65ed69fca16f53f7373ac6267c8a1d1dd302

SHA256
6487112764657dad599bdaa5957be302f9e628f06352e78c31b7bbfe878d22b6

SHA512
5e011e91cec7189da8286f0d37ec49c9d71d9beeba60a158f29e967e346ee6955fbfd7a7494487f1564c085c5d7f76550a036360bd7eda28676154805424d002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1365394833\CRX_INSTALL\rules.json

Filesize
939B

MD5
5736d36e31b7bc0d59788d30260281ea

SHA1
c2810c0335d1760d2ab337db349c362596df06be

SHA256
79ecc25acaf4d184958e339a9e48a1f0d187f82a676843dc6a40ff907e1853f3

SHA512
046686a280f60d50791ff8bd13989ba4bf058f402bc3d45c3688bc60e8ea91e6e44ec3ae8bf66f1e47b66b336ea8b0f70f20ff1279f6dfb377d662d633296c7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\cs\messages.json

Filesize
87KB

MD5
8c5c6fd0ff5566b17891299e6ec912c6

SHA1
1ac1fd6eab6652963f187cf038a3c3cdd41b3515

SHA256
2f66acd9e90fe321372c9d81bfc8192b6c88d07179432f88218fbb522c49966e

SHA512
f2efd6d802fa283a1a1c3373888db8bb4f0e872d4f15145311fb27958111ce839b748ba7ab226f6ea8debd8903a8b3f447e7282ba692c6467998d317cc74a296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\da\messages.json

Filesize
82KB

MD5
64823d82253e95f7d072ff7d2ddf557d

SHA1
7d8a7ded1061ceceb7bf2f2e05818d4bf3a845eb

SHA256
55d7aa51e49c0ad85518c0325ef9cf8d20ab408f8e27ce70bfac41678696846d

SHA512
e2c489e125573fb60699a7a698299818ba338d3c0dc3210558b633dd5d890c100943407e0ca86ac3a5fce5fc09b38cacd3348cf0c3eed0977cc63b23c8eb5c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\de\messages.json

Filesize
86KB

MD5
bd18275dfc35df1c0bea0c8ecdaaa846

SHA1
f3a6847fea76af06003cb2394a719171ccd473b8

SHA256
a6d0e88c48ed51c27588f0888b705bb87dd13ff4c9e30ba22ba5a6c49d078931

SHA512
4a5b83fb2d090ac24021cbdbee8d2c9527f4949cda42f8daa61335d91f127b60d67c3e3fbe77f1e979ab2cade3a9610990d6bc984b6bc09593ae7e29351ec03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\el\messages.json

Filesize
140KB

MD5
b97e385a1fdb8f2dfe3026b128348d42

SHA1
729ac5da03cb8e3ba18ae46dd8721604dfb328b5

SHA256
7baaeec52068bfd9672ca378a29d22898aba080a46eb649fd6101f86461f919c

SHA512
464e2767d71d2176b0989adae313a0c5cbd826ccf089f6deea7180fdfdf1c1bbd3b956b068dc6d52512a2a5b2408f2675bde3712c70728767535d316efe57c83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\en\messages.json

Filesize
74KB

MD5
0c3a2c0cf001efd10738bf3a1512a2be

SHA1
6f0851b7f66f1f2310c68a3c7a505293b7a251c4

SHA256
0a68ce59ceb6575383b6132bd958cc958f15a06d7db7a59bc74f589b20a395f2

SHA512
384be9a0426dd8261092b8227ed8f1d477b83dfc1a1799f82a1cbdcc9b3852d2fda259677bc5204db44545e9b3496a155c2f033bf09160dc9669ed3f2bda2b72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\es\messages.json

Filesize
85KB

MD5
e784323ec9c9690491f2d62141836c2f

SHA1
3ccc50fced47b08183671a460006a32c5b4513ac

SHA256
87a0a5aa4b27e12a1fde8263017e929668a1f0880b54f456d99a5559806aa1e7

SHA512
b42a4fbbb9d90a4f97c6fa4e658f1d8c5920750c3d0aba91c78820d318da121ef0e5741aacc83988d06fd4500c237fe873eed2cce2fe8e1de93f1114986049d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\es_419\messages.json

Filesize
85KB

MD5
3b5e05ec5d73c1e55624a6c7f51af10c

SHA1
296c5c266295cc47ce1d13fff9f0dcddbc715df9

SHA256
9fafa0c86ca1c5ac3bf1f23a30212f2069fb67b042c6975084b40503807f3b02

SHA512
5a0ddc285ea459f319da866a1566319ea95efbab52e106415b3dff776df1a7f8c3ed66ffbfe3cf0d1376e1979b729bb99e07e3086e734889bc7fb847e03dadf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\fi\messages.json

Filesize
85KB

MD5
53ff5c711f362dd30205cf93f1f51f86

SHA1
611b9937413ce70d10be0ac606f004d9bb716dbd

SHA256
f5e0794e60dd0fe149f34916518802bbd528bf4cdad9388e70eef13946995f07

SHA512
4dec49f2026466b4c2108b68f645a6aba7ecbf30ed696a731e96962f966b18534c58e9196383d9c34c52f86dcd6723731245281f9e80d3b2abad2af98d584f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\fr\messages.json

Filesize
92KB

MD5
0d0edd8e008c87577b52783d8e9a1646

SHA1
f4855dd21f9cb1324488958f3519fdb0ee9f9fe3

SHA256
4f30803138ff93735d812cbd3a1e8c1fa0cd5d3384089aa1bc20d27786439ac1

SHA512
489d38d4c291159e8d6c15fde89fdad4c92d56797d720e91485478d018eafefb7ba0b08f8f31c93bc23979bd63de7da143ac938011583dbcfa87eb8053327b4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\fr_CA\messages.json

Filesize
91KB

MD5
5c5db79d5444a9d7f6fd800bcc23fdb8

SHA1
48bc08c2fe2c71d0593cb600e9ea6d68df992346

SHA256
bee534eb4364a49fcc7bdc07b3ce9eb537e95edf0fe254b7ff870fa185cc3e51

SHA512
00a0435104a0e0601dc1d5033dead78b80840bd2b5694aea2e9debd8354819f89139d74826450aa8107d7a70c5455a836f452b4a1335a33f82ba5938b8cb7288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\hr\messages.json

Filesize
82KB

MD5
0a79ba9ff40da35fbb8e48b11c0f2b14

SHA1
8995930877aafd26615642e1dbf1737a90ddbe68

SHA256
2f3e9c8f641430e8f53db65080a9460c80f43c0d0833db17269570905de2afdf

SHA512
764e0f962ee424c6015eed694dcbba16cb82f62f14a72e250e0f26abcdd127de5bdfa037d7d24612fc2df710fb6171654b9cebbaff1427f2a70ead97dc9f38df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\hu\messages.json

Filesize
92KB

MD5
c4b6fb1715907c06d905e05eb99ad256

SHA1
ae993d7f4b9da0e7bd774ef2063e211841bf46c9

SHA256
c0a65a9c1ef5230359ab6c2d74d9bb69a658d38c5949ecc322b896e8b95ba1c7

SHA512
fe2a7beecddf0976181343efce0d15f0ce5e2087fb3a8941452dce718e92f2c9d7f56e42804e25bfcda5f53a07170df828cec949cdaa0bc9d42ea3ee96fd0dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\it\messages.json

Filesize
83KB

MD5
bc20290b3c8d90a8bb7da36d970946ad

SHA1
c510948167c51e4a2919fcfae50e84ab3cdaa456

SHA256
33643d3986e8ed6ad656c10cae4662c92a95903a00233e56b2ba43a094a38b48

SHA512
850319e579f49242a2f775c672daf882df116b0d38ea9cac6d6288359811e64e5423a0d0c3611e10a7f64e9569417146c7c9f69c21eb56eb4b82c4216218d72f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\ja\messages.json

Filesize
93KB

MD5
e276fade2b07dffcd458e0f2fe31022d

SHA1
a94e31ea67e1d1f9dfa12fc0da3d5abdfe4b25ad

SHA256
9562fefeec3e975b8da43a82746581fb4d4fdf2f61d37f5afc8af3c23e12057c

SHA512
b337c02ba6dd27fe5ee0d8c3eb2c3d67ffbd6a6e36ebf09f3674e42308f2c99a4dc977334295a4f435cc7ee64c6f27a74dff48e74493fdc1dc4f64def6163a87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\ko\messages.json

Filesize
87KB

MD5
bae506158c6444d4d54ee505e9159e5c

SHA1
0bac9801f479af3664bf4d34889702844241be03

SHA256
47c124301c955f2cf8d35ebc23c7e88b50cd1da54e8bbfbe0437635bbf5ba440

SHA512
5d90623618b85f8e9fa4a67ba1301fd656bb1d4b474a7e289a9d438875c978c566c44f8f1177f87a0d2e8f5c2ce0316f2c50b5ae2c72a2b33dc93cec0d51975b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\nb\messages.json

Filesize
81KB

MD5
6a65cc4806bf067b9a2ee7e3c4c14e61

SHA1
79827a4756d6cf45aa638879d00c5dd50b2e15fc

SHA256
d191db06a165cff18fca6d2f73ffb58f3ba5b10c52ff77d089c97a5e4892a5e6

SHA512
549885e78b0d28cf39bf8763c8a044780a63ae681c1297c0387d6e4f1dbd4ac3335081453f89863afe33c628e317f8eabae81d31ea5f19bcc55fc21e5a8cd6f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\nl\messages.json

Filesize
82KB

MD5
0fccc72666217ef97295f3ed074beebf

SHA1
a46b295c9c515d62bc312765162c77bab9aa61b7

SHA256
03042a19325058fa179d0f77994eef91e9282063fa2b5a202249ef630744bc93

SHA512
37599ec80d11768171b9f9a366ad0d1b41f96a074987e9e014847d571ea99df189484f1a77d6858441d6098c11ffc278fe635d1a4d26398160d6356e8fff7f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\pl\messages.json

Filesize
88KB

MD5
88eda8badc680d9bb6b11f0c1bf36d82

SHA1
669da6e8c49b1e5769d932ac00b98fe33331208a

SHA256
936695715f05e73c3242c79f9c9a87676edefcfa1ade03d319eb375952c9c205

SHA512
55834e310ed3bab2e7c7c3f1aa07145b27c14978dc2d8457a456937b69cefcb3882e63b748d2e760b0ab1b97f6012b3c2686259c442a9394e9bd34202617d729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\pt_BR\messages.json

Filesize
84KB

MD5
70e55405dcebe4772576aa0e10e20d32

SHA1
a5dd3f96b70a98c2f19ef37868daa941de37d68b

SHA256
fd4baaa95740ffbde28626cfa708b913b3c5b801a17e098046e18e68bd594b72

SHA512
1f1effe153ee666463ac3a905b6576881d50f1e0dbd6e54d42fbed6954d3db5186a1ccfb28d071531099cc1c457a9033e22c8078ed3b65e757483f8b844d45eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\pt_PT\messages.json

Filesize
85KB

MD5
3956cec584afd7416af5de4c4ef33d88

SHA1
faf5f955eaa6018b612dee42cc538958415f60cd

SHA256
c3a77e80afe5b186c8052eee82c200cea780e0b3e3704c2659935193eb55ee3a

SHA512
b97afb03f3f04ec29a581b1fef7e96038c4e7c6d16d919fc123e1641e2bf58fc91fde1e92f7ecd7f5ab99b7027ba2f1bf6024e6ecc0973f8080cbef6ef25d906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\ru\messages.json

Filesize
135KB

MD5
c80006a22bf2c0969546281f72fbf243

SHA1
67a66fd234f7e79699b521b66474d788aa83b8cb

SHA256
71a4050b25eb9edbf9e487cd53decc23093770c135cd2b0d14853700545520fc

SHA512
a5ce4399ab585ebfd34828b283f07f23ae7722e47709b0cde015eb2c46e676a19a13fc2249e28572fdea891fa30cd5d58bbd58316b801b3c91c4d8e6910e483e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\sk\messages.json

Filesize
89KB

MD5
8f2c18e2a051a53e7185b55b2247bb86

SHA1
af7ff3772426836599a94f75e62338fdfd6ae316

SHA256
7ab379d665ca2a312d6239d4dac708795fc5908ab91f11f6e019f6cc1da079f3

SHA512
105db86e37bd08dc12a565673e9c8c0fcf52b29d883146e8a9e64c62e23f7a1ecb3df58ce4c76abfff1af8780dfb11062e0c81b4529f9e402f9a1261526384d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\sr\messages.json

Filesize
82KB

MD5
902339e3e08d9b51bda781c116919065

SHA1
08edd441bb7a6fe243ef99f45dabb3f575da0c32

SHA256
05d26726f205b6b1fb417377cb5a7ff9471195517c20bf382a73b45f03cf35b5

SHA512
7d02fe8d91962a2cc5b1ceab18a7af2b36fbf7d107e89c0ebf0f102bd6baebc2f9b9582378b7f1f3fa79fbe6b0c00fb3598fb39b5efea5e820a5c7e9b52debb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\sv\messages.json

Filesize
82KB

MD5
149e3da2a5ec6487a3a6100cf1fa0041

SHA1
45a810f4b2993b855f75a7b0f635c4b34ab721d3

SHA256
42e3e168c68faeda1ba10fc3ab190a6b1cbec93614c1e3053e6bf7dadae1c8ce

SHA512
029c0f7f8cfa94edbd5072d21544224edeb48fb3e6cd776ae4f466e35af55040d481929cb4c23cc8954a785f425429e10deb6ba4baf77001416dde51c6b22364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\tr\messages.json

Filesize
84KB

MD5
85b89e76e757c91681de625e2e1e2143

SHA1
170f735e8eba9768024d119e03aeaf0d9ebb8dad

SHA256
babc4b4777477e6975eee6bd72bc208b01894e6d5ca789f2819c0d94255a6dfe

SHA512
af8118e473e3fbbfbd21fad367209945b5cd2b7e63cb4c8f2ba3ab74a1705694d179b7a482d4bbeb87fbe3df0c6118fd90e1ef8ae9ae78f2f18f4c62a255fed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\zh_CN\messages.json

Filesize
71KB

MD5
9fdf4828944199a682617fa7ff2ecd54

SHA1
877e8023357ac49f165c33781bd36686944d13f8

SHA256
a784a41771a528b3f04ab1beb4aa64c9b3d26a540bbabdb8ebec4787e844742e

SHA512
33b0bcf6e3c2d7e1ca11b0d996667038a45861cd25d11bcd67ffc071ebfbd9f4f137cc8a284964d5c660eaa05dd2221f96fba55bcadf1df460a178e130fa9e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_locales\zh_TW\messages.json

Filesize
69KB

MD5
5d7b067e7a48e210eb1cdd3ea4b29fe4

SHA1
64df2081c292726ca28a55627891c2560210858a

SHA256
4b420cc80affe21d22495fd8ac53272009c0a040d6b298c15b750213cf92d058

SHA512
a0f0f7ca7f0c464c51e520dfdd52d25a8f154d7a5294770d851e33c477e78426af831aeebfce3085bfd030802ec2bf9889fa05ddb5832ad6ec5e88b135847f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\_metadata\verified_contents.json

Filesize
35KB

MD5
145d61ca8783999b5fd8822af6574857

SHA1
b4dc83258909690875884c19657039984c2dca0d

SHA256
cad61c20ce59ef2a4a874c1ef18b27e5bff47bdbade1417d4a5fd487c48384a1

SHA512
a5ab19d2f08b2ce141a087d283731574925cb83e48bd5f00c5027cd01e8d3b8fc326638786726450d203165edd0940d308335c2cb0c18fd9257e9b651fb5269a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\background.js

Filesize
377KB

MD5
208862e9770ed17a101792710f9e2e87

SHA1
ee1f8c5ed97313fad70102a45f47fa7d202b7878

SHA256
5cade1d392301cec0d71b5bdcda6f25db4884ee1f43bf09b3670e1ffb246d69f

SHA512
88f8949817f955271fb04772334dc4fe4c14016a1045a5ca8015f500f3936a45024e6adf5d7e2884c3f1c43c1496d7cadcbae130212ec4306debc488b90806e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\advanced_protection_signal.css

Filesize
3KB

MD5
1fcd79ab120030b34337f6611ca7428e

SHA1
9f1d8a9f1438459a0230d329eb5e380cbf84bdaa

SHA256
239379029e7e5c44477660a741769a518fe3a7537b8928c601bb63f9345e1879

SHA512
667ea07b040f6b31a37e1b7bd0854f95076e6ed57880fa049bfe67096ad74badddbe38c5d5f5aca787eb3ec3eaa55db588297926ca2e4bb6d36dd006a0f578c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\advanced_protection_signal_toast.css

Filesize
3KB

MD5
f1f6478550e175389e7f2c12a45d916f

SHA1
471f65a7f167ebd5d6496df0b666abd5221ecb5d

SHA256
327423bcc9c854e4b924a0113ea871ed250e7b7faafc792aef6ee27200fb152e

SHA512
33a644ce0d0fb98e4a9dbcfe4739395eb5a6a6691eeb079ae51885cfd17f0bd5c15438099ef05c6dce5edd2e7981010c3e9590189681297b61c21aa900ed303c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\download_scan_popup.css

Filesize
3KB

MD5
d0bcc3453f9e0a99a228e3164fa320b5

SHA1
43f48e0c4cad3abe4fb0617739e1a8cf4ecf1055

SHA256
b681ad96fcd0d09a1777d3467fbf82b9ec2a89115345b7791d4b53d143a1d10b

SHA512
efc2a48b92c333d84fe4d639309b8f9860f2245ece5ef44649ba8c0a15f1f1fe38689dbe925145ecbec2243263ab3a1ce92fe7dbea57dfdaf4ce3ac6ec1b3114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\dws.css

Filesize
6KB

MD5
77fe61a67340b2e405a53b1bb2a36b08

SHA1
a3e5adae2eae324602213599f5d4634c7629cdaf

SHA256
2862498a8f2b625f9c862979f0d9f3f35c6a7a004110bd027a20777af4b565b2

SHA512
afe11398b3a36053e937994093993df6d0c0721ed34432aec6cd773d2c50673b8ce8ea10196ebe67fc3b4b47a445b60550da1e916ead7c0fdde85f414588df78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\how_it_works.css

Filesize
5KB

MD5
8e5de7a69470253815082049d710bb76

SHA1
cc325c30f2822fda0f7b877a3b8936cc7703a2e1

SHA256
294d3a3fe1f469f68c312fcde2315eeee7cd1c18a3372247d3fe9a88111f95d0

SHA512
f426d316302ccd88ceeedfec042acd4a056f3b48ce45883eef48e1f91a9611f992873f2b6a8c5b820ab6a6763c8ca6e0e7c2ed4de1ec9ef1a2a3c22965d8dd17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\iframe_block_page.css

Filesize
2KB

MD5
5ca6f489275255766887223b919ba28e

SHA1
74be48dde3ea402883d80bc27c7b76103d97a245

SHA256
f75c6cb88d60dcfd122763341b9ebf6a20313b06b7b9ae13f461024863f55416

SHA512
a76ade48ab7ad2c550bcb39ad93e052fe3a416aec9d52fdf749e0af11088d4bdd7050957111dffa6d50ecc6c25fb61812780c45272b9b0579dcc627c64c7e0e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\interactive_balloon.css

Filesize
1KB

MD5
62a449df10eea0586f61bef393297f24

SHA1
fd9b3c40201457de0badd1ed6bc893d62904a59a

SHA256
c6bbf75bcc3148ea0467de755be65ecc1846c363a8a01d8072857e668464a6c0

SHA512
f991664c130e553dabd670f61368c78946aa531982a7fde98c82f65141e29c932ced2585684d3a687cc4ee0f0ceef5a8ca76b79c0fda04705ac5427d86d9c935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\no_native_toast.css

Filesize
4KB

MD5
338aab82ef09b970b04ab622832c9681

SHA1
0170148fab100bb52eb04140cee31b9d77f9d5d5

SHA256
6179e9b5f95234dcadba85dd1d751d7d4d55c21a257044cb157f3876602150c3

SHA512
8b90c4274218782b6359b0eaa2a1f493d78d4c2bbdb9dd8230cc31f8fd5e4cfe89f97eb5d625b5b0a7ec6336e17115de039acbe123c1a21a984c0048fa7457cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\score_meter.css

Filesize
1KB

MD5
a00989118e2b2dd8e726b8125fc88b0f

SHA1
d0a6f3306325bfd88d1abe0c61cbdcf1d8a5fbfa

SHA256
7583459d88181639e207e43c5280327cea90c1c79a03536e5cc35219802caa41

SHA512
ab16d8b672dfa52467e94b8ed9ed5bbd7a715ea727b73e69b690f24e593d4b80a4fbd96e92fa3daac24e159c6eeb5959f202a228b291255a0ffb7161e5f4be93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\settings.css

Filesize
14KB

MD5
126b0bea7ae83126561da2b2817dcfc2

SHA1
29cf4be58eda289ab11d91ea50c4a11ea1c6e82b

SHA256
0110bfb2ca6e430f60510863960e3d649d36e9b3210f83657f17cba7c0b4e659

SHA512
9666d7bffc73d627bafee8578d0311129a00d1895686101bf3929e5edffa232aa77405839182d8d1e2ae8141a5854fb567547ce050222658c8dd5932c1916d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\sidebar_main.css

Filesize
6KB

MD5
96c213147db30ec773aef9b9d517c81e

SHA1
c5a612da39f85ddbff8c77429bc06df27aa5f060

SHA256
56d0176db39420985cc8123d823df2591dd8d72d4ef852be1868dbb2e425d5fa

SHA512
d3bdf24cb34172e7abea3b2c9d2d99d9a1047b004ef8ac62a8e82520d7575268309083b195f243d1c598077607ba410dfe0361ef85fd0686d0559c9b53de37e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\sidebar_rat_detection.css

Filesize
2KB

MD5
515f2c181c0d50ac7cdea016e07cccdc

SHA1
364dad0d600fb2a77b3e23ceedd6047f00ad181a

SHA256
510c5ebdc396830081b105c23ffbf027e2097b87f8acaa58bd97d7ad169e8034

SHA512
ffead86cb4f659ee7fd38fdc24f2cd174afd2990dafe663f6d75375f0383054512853a08d82b4c080f10ae023e51c0e238bb8644484d9f5728000e0ddada57ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\site_status_block_page.css

Filesize
15KB

MD5
2e79c2acea086b5ede068ac23b2fe399

SHA1
f2d404bae86445b1b1e8d63c32c874da8ec051e4

SHA256
b690c367d533cbd89b1bc6c28f9c788537af50f76cf5ace035e4177661d254e5

SHA512
1ab486b09fe2c4ffaf389306c2abdb49c9eb294ad27cd440acb98c2c6fa34a0f425166765eac1c4c09672ed97ff5d69ecfeb45ca88218af15e4023f72f92b5a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\css\topbar_iframe_block.css

Filesize
3KB

MD5
edfe810ef2c497973ee67dc2340428f0

SHA1
5544c3deb3603fe28c73e8e0f70c105f6692bbee

SHA256
9ddce38a91ed1fd82d8b9d96e797a7a5c743b38299b9f0d0cf21cfe6faf05bf9

SHA512
6974f85ee4781587cc142cddfd36a5110336293adfcc82d8bd320915de5a937dbc1ae43428032847c6c4cdaa919c1fe6edf4fcc0ee731b712171b0c858ae980d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\ff_policy.js

Filesize
96KB

MD5
97d6a7af6a8c3ca3226c4c30f58542c5

SHA1
06a652511aee8b2bac68475ee403d0a5f8f798ef

SHA256
6b2b9a46b31b51537acfa1ffbc2311a65f60e564805d6188486ef871291b16ed

SHA512
4a02e8207cf80a9cbb1563aa2128442fd8565c96c7427621f07a809cd3b4c50ac5d9f2a8c6d6e0d9bcdfbd8dc4bfd8ee37df8370c8057a9747245a794633b9c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\ff_policy2.js

Filesize
96KB

MD5
c5ffc5c9854a54bd7862ac7c0da18c17

SHA1
0b1504d28ab0655727eb90ff8f793b3261e02181

SHA256
6f931df87dc983e8ad8738d5d34960aa35899bf27e60917592774793c56bc27e

SHA512
ce6c79d08e928bdb69f47301f9c1e4ab8f8ad3eff271d688ae78cb1a2263672626c3af5ed97db02b10ec8383cefdd2728ca59b1a1b914e65efc71e4de657b727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\fonts\OpenSans-Regular.ttf

Filesize
212KB

MD5
d7d5d4588a9f50c99264bc12e4892a7c

SHA1
513966e260bb7610d47b2329dba194143831893e

SHA256
13c03e22a633919beb2847c58c8285fb8a735ee97097d7c48fd403f8294b05f8

SHA512
ce9f98208cd818e486a12848b2d64bd14e12d42d84b2e47436a3c4420a242583eefc4a9b42401b51cc204146c6133645975682e4bb5d48527b3796770efa3397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\fonts\Poppins-Regular.ttf

Filesize
154KB

MD5
8b6af8e5e8324edfd77af8b3b35d7f9c

SHA1
01d319c533f62ea29f03b5df8adfd4d93d2d2a38

SHA256
78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527

SHA512
cbe58e542d1a0d61edc5d0fbcf70aae127c73d5354d6f566c7f1887076063cc85440e8cebb2a76272d7c15558482a9524c6ca5522de89c1e093a580f204ff945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\how_it_works.js

Filesize
94KB

MD5
172873e23bfc6c6a0b270a3d3aeed566

SHA1
c2f1fe769fdc7285947c5cea626c83854a5df35f

SHA256
54fb1474a7fb6ef9d9d3d868b6cff982109466ec6c2f6b0c8c71d10ed31339ed

SHA512
97e65676cc6218ed81492b644949a6c3510d66a81be238c56d12c83ab66d9623b1f827ad475015fb96906ebfb8c08703bb51c5c590843f82cca02b468df0942e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\about.html

Filesize
2KB

MD5
dd0cd300eee1e02e3c169357b8658110

SHA1
e017f762115bf370c8b4f2f90e0658324cc8a93b

SHA256
c0d7c21c3991f53bdec8d0645fc354ecbc33d7bb65cea2767020d509d9bdf4de

SHA512
49ee5d85e927c3a9acb2ade005ef99d426848dac1a700b10b359d99ee33072831d53935e086a1c5b45f2eaa013bb3fa5de5e7fa3efdcf66985a5b29573706a63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\balloon_message\advanced_protection_signal.html

Filesize
564B

MD5
f48166ae870ae1235ae9524556fd3ad9

SHA1
0add4427744c154e1c030b0c9191a08006273e37

SHA256
742fa6ec8afc0936124dc3e642f1241cd5750729864d4bbb1ecd7a1e806d15e0

SHA512
7b766c6994308d9a8fc3ccf5c64e611b5a763cb9424358cc8f03e7acc2dd693c1dfb3fbf2a4d34cc5a2250cf0ee5e70c990662548bdc3d1137bbe59d487fca78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\balloon_message\advanced_protection_signal_toast.html

Filesize
1KB

MD5
66fbf205033d6012ea53852489ad53f7

SHA1
16635a0da98aba32cb90f461066229278b37eb1e

SHA256
3a5a37596f87fbbec98b526c78e532e7e35818a27ec054638c9b30c138075110

SHA512
c777b5ab4197ca3519c9f9d9abfc5a766426f52bfa4acc919844d2eefd29000d85220cad6ad89b751ab4a0c79adad408ca414014693e4fa10336a3ffedaab8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\balloon_message\download_scan_popup.html

Filesize
855B

MD5
571c7ff2f447ff481a533d7b7da844f8

SHA1
a2d3f289dd9ee2adc11e26d58c2c746eeebe24c0

SHA256
ee278114755d401526f2546eb31938c59612ad0509854f48b58ba084f7872d37

SHA512
5fb2e9f29a5f8f989a943e7a0d289bd73a675698144cb46ef68502f1214c782e575398775c84cad5974e70bb44032f42ac570bed0e47c28371fbfe5391cdb705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\balloon_message\dws.html

Filesize
2KB

MD5
53965454e58598618bb6f8db665a6234

SHA1
af333ea5f0efec4550ac63ef3225db37f23f39f9

SHA256
ef967500a742c1c730ea57984181d26d1ca767eec4111ea6185bfbec08b966f6

SHA512
915ccbd4634017faf2abd69d1b7e5a5128cc9caf217f89c64cb8b786df568cdbca0708c11f51d9ffe981d35fd38a6f88bcc03b32d1392c9b3b0cdd8ac2b2bf5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\balloon_message\no_native_toast.html

Filesize
1KB

MD5
f4d8a4034627ef71e909b91c4f6ec3eb

SHA1
d16a1c5894c979e8ad8a0cbeb2e6edcc5c0cd303

SHA256
581c1eb7fb4ced4f1f38acf103dac1877916b19c88e5944995a29f4a125fcc60

SHA512
7c01d7dfc99d602d6428c3506ebeb049e154ac86a5b29a84c7fe284421adabf827a5ae59350bf4ab9ca0f5942f76d52434223ea8a1b42680685e4469897d94c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\ff_policy.html

Filesize
2KB

MD5
49f1b6807a50254e0c94706205df1ff0

SHA1
a6a3fb78cb22fb7c6220cd0db701699e324a09df

SHA256
29edb822f86f3e95b4164413c2472d779e9422fd0521aaa835e4d0d45830dd86

SHA512
b6194adf6574046c0cbb5c0e65b65bdfc96741938667c6be6de39e1a09de86776697a6afab91bcd2c5c8cb6fc64a89502a78cbb2782db54e3fdd92715e8a3739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\ff_policy2.html

Filesize
1KB

MD5
5f77472567379524ca8a6063ac3bdcfc

SHA1
720281853b760245622e795a27b5bcad3da62f12

SHA256
18e1698c83bcd8b4be11807703fa96154cdc94938b92a96ac6c098e2ffb84cbe

SHA512
a7a17ed2f922022f3d9f879a4f1b182daa83ac383c930b5da8cf2b04ee661d94f7abf88d92bba54d1591bfd07ce5ed98a45ea9bde898d2b52e289f050d90981d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\foreground_sidebar_main.html

Filesize
501B

MD5
169795a357565de1bb66348c81ebdd98

SHA1
9f0a33b3ec5c2fc05f67ae4da9361d1d776342a3

SHA256
b618545cb49087d585d37b5c0a92ad307d2f85238208f10cdfcf51204d2213cb

SHA512
dd70caabdab07f8905b780c3982194e70a3ed221c01691b74dcfc7fd983a9794f067ed6f72e4c63d7c910c0ca77154cf1620df18d754045be26da9ce09e32028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\how_it_works.html

Filesize
5KB

MD5
bc2bb83175dafe065d571a352b466fd3

SHA1
8d90df48b9e6fb324562d687bb838958d2b74c97

SHA256
7ba194b337de48abb6b8044a0a7833ff12a286e6ac0f5aa71f6426592dc2a641

SHA512
3a0010a0a677dcac78b4d7d3a1ae35b0612271dc486357f484a642bd949aa54fe8f1247713ccc93f429584dc850b790cd2473ecac05ed426f087bec4c10a743f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\iframe_block_page.html

Filesize
408B

MD5
5f79955b3effeffc3bf27d356c1b460e

SHA1
caa29518c909dbeb7728834ffa80f041413252d7

SHA256
d0e292e4c787a0855e6c6531746c77fb3b857634ede424e2d1da23cddf2adaba

SHA512
4ec2eb5ca65d0b89d412fd13abb1808d5e298c25d972060257e06313829ec61b3ccdfd68ab20b00f5ae0a889166954ec15e09592b4e9d0b18a7706ccf1315aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\preference.html

Filesize
9KB

MD5
eabc0d18d4c835cb5aab383a7d0644d4

SHA1
1910eff32b81f64c136dc269b562015c289df74b

SHA256
276ec48998dbbeafe87ff11b751505a95fe42970275602a5ed849e75f6ac6433

SHA512
dd6cbcc98f9c722fec2367491764086861d3a1c6b1a8463cc508395d60e1eac56c8af994dd4b7b86e750e8422b670ef710934b2dd9a4d696f647694edf3823f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\settings.html

Filesize
902B

MD5
91495cce423dd124aa46bbaba4bb6029

SHA1
5af4d821b924062682d62838c5a6bd10d40ec886

SHA256
4ac9c3a4e741492ac10f22a12e73588a1c07a0f66c4dda46cd550f048f3e890d

SHA512
3a7d70aed4b4aa11613ba03d610f44e8f83add19327b52eddf0e1b9e3de81d3e67c056c8003a0f8b92e4d730d2bcfe29eda498971f817b1cea242d67b9761d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\sidebar\sidebar_action_panel.html

Filesize
527B

MD5
91f3bfc7abf0d3c3bc6d2218312efc58

SHA1
97682b8d77df1ac201eacba36616111ab01ff830

SHA256
76c86d0b47383779ca9a0baf1a3361b247793a454e1fcae486e09a6450c42a9e

SHA512
2ed36aa8454b4b1b8a65377e74944fcbeeb29626254b50478e8abff10e4d32cb03de92a1d6bba3226d9bb72ea01f9d5a22638eb263285540e6b6a0f151774756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\sidebar\sidebar_main.html

Filesize
3KB

MD5
d9031657755fb83e2336f859934861ef

SHA1
7cf5cb55b7b5c071c86a72e26009a77552dd8d5d

SHA256
9e2529d821bcaa267d3babdc49263d76691c8974692d33083c73452190935642

SHA512
b2c16f1a444db8dc8d80e3d64d5de797864c3930fc3ba81f178caa6f3005ab13afd19d6fd9dbb1466311222ad673ae2e2980ceb6cb37a012026fb1b85ed8b849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\sidebar\sidebar_rat_detection.html

Filesize
937B

MD5
6645448df7fddda81810bc29a065aa72

SHA1
0064edb5e691d63bdbb1a803c6e66cdd34d703e9

SHA256
c065b567717290a6188740d9e2e9ea81bd3d23b7d3be92c0fd4bf794621669bc

SHA512
0f1a9dda211a5e43fd83fa4acd8eed8b02f82dbfbae3162288e5ce2245631a519ef3ce92940dfceb4bd4ca26ae8b9ea0ef5482d405a9b4ad9fce994d266c7546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\site_status_block_page.html

Filesize
2KB

MD5
2d7f6347bd2a528d0938bc4ef6312bb6

SHA1
397f31e99ba0d3ea954d00bd9305369b30816e1c

SHA256
dd513b8fe8e99a5d1f72a731613e7013096a9cceffeee7689b444b1d9baa9ea2

SHA512
e173c791b354eb6ef7b56f29c5e3cb0c0294e752dfcea88b0fc72266383ee97ddaf0ac7a8b60db5951567ee19e7f26f67344976128eb6b959852d80cbe95f020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\site_status_site_report.html

Filesize
1KB

MD5
25142cccfb7232f0395190c8bb18c6dc

SHA1
176c801b72c1ef7f5b0e54492ff9a49e16a0bbb0

SHA256
574c5e03279ae4d5b842fa3fdb7324f77a95d23e76c7c06a7a12be53acb2ebcc

SHA512
3c085bdfcba35135748a7c296d3e8ef25ea5258f7738c58abc4815c61fc6119f932f68e385ebf63dc16e19edf13d58786e4d650156db3d5c10e430e003449ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\site_status_typosquatting.html

Filesize
3KB

MD5
bd56f05050672aad218d979589a32887

SHA1
f0d3f2858fa531721dd84650ca08e5762a8db117

SHA256
9c2d54d1485be028008959015cad7dd1d7f9a2ecd5adaac820059c1262c13351

SHA512
c95e3fd336765595a5031f04963591c2dd7c85eb49b6877e3707b507415ef3e5caac869f719c6de29339f6fc77d3a073cb01ff12be00caeffb7473e700ba88bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\statistics.html

Filesize
473B

MD5
0fb8b621003b72f5048bf81893b3c903

SHA1
527764d5b527e8c296cf8227ee0adda6b457de54

SHA256
e3c22394e39b89ff3ac4835ef3fa88e739f7fda118114c25898e64765f07b0f8

SHA512
cf2dc74c5d778a336c8ae25b27a33ef4f6fe806ae0694349941101b701a4c2b268942a4d4a0b665ce397e8846c5969330fcfc6cbc338b55defb95b626ef0deaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\topbar\topbar_iframe_block.html

Filesize
684B

MD5
470738a72aa4e217ee66bf1a53d27c6c

SHA1
67a7a67e956f3a47c25264e0f5c7c7f9ff21eb1b

SHA256
ee1fb0d784cc5c5da7d7e2aa6c26f705218205a8a8c03d038cafe59f4410f50f

SHA512
277e3d439824b9c3b9a84cf714d25b32d2a2a6fa80212feee54c8181e41ac72f8efaf2b155105bbd6c353913817476ae4e5dbf9941978f38c201644193c61e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\html\whitelist.html

Filesize
682B

MD5
bac4d735fdabc6bee1d9353b4ad71b87

SHA1
b84c4256e556d8077113971db17c7a4575810637

SHA256
5af01e6ee63a6feedc1c3c6b6cb995325ad428f76de2d7a0815414e07561b553

SHA512
4b26e7308097546b1dcc34e99d4696efa7e510ada1bbec70f1fadecc7a8f8b2c225465256b15e69bda285a3565c7c3ffaca84764a38fb1494b0d4318d4b01def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\iframe_block_page.js

Filesize
1KB

MD5
caa59401fd4cf428f16cca0734ea567b

SHA1
c1dacece2b62b40cbfe9be213858924f0515a44b

SHA256
005f69129394c010facbe81ebfa59598f7e844d2f7e173965a7f99c31d29a79c

SHA512
731f8b89b651bb0a7257fdf45106b0e9ae6bb5bede0e65bc42f641de1d76a509f1a5945009c7e0f4c4163f6b2367366c1712c64b8a4dfb8fd9a5a0314bbbb05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\action_panel\ap-overlay-logo.svg

Filesize
55KB

MD5
444999a8e3a0f392e6f1cb935d89dd8d

SHA1
1c8a585bf725e32acb8ee8641a615638ce5ef33c

SHA256
d852932ea3383467c93f17faf05f90848b124c245c088cf67b8f49c0ec929883

SHA512
4247aa4e2f9dced3816fec128960f21e082e9dbee84b439b7311a07836698264860b9d47565add576b25a0ecb3e48fe904b12b24aca7a8948295c929b75b45ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\action_panel\ap_jumbo_rat.svg

Filesize
9KB

MD5
7d7baf0b5707fd387853c8eaeb7b2fad

SHA1
86622c1a7a867226cc9023aa6f810214b5db2b71

SHA256
3973725865c3ae769d586406ae0b8b2dce72f3e9ffc5c7d4ecd713fa4bf4807f

SHA512
a07b6959e16baa67dfc1450c535124dae50236c6759f35e4180b7bb8619b3c52357557ae63be5a8ed97672fe28c2c55bca647f45d0ec934d41688f15efe68005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\action_panel\info-circle-icon.svg

Filesize
556B

MD5
16991d6d8d07165a6bf5921d48a33c4c

SHA1
107bd9d4dfbf3c50a080d7cf16325aff0bd4f7f3

SHA256
c1f809b57c384262f0289aa2049a8fb206f897361a0b62bfab8c8ce4fabb1b2f

SHA512
230d5eb8c61dd916bb74297853ca8ba75a9e837a823304f6ab194c1b4bbbe6379fb2799cc879e5eedc3947e445ff7ca37910ca87eef4bf168c73b05d271cf0a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\action_panel\x-icon.svg

Filesize
672B

MD5
7301d2e8ceb505be25e2d20ce3c92466

SHA1
46eb43711906065f56f8d97b38545b61c1b0a6fa

SHA256
40f3837b4464532b4a500380fd134826349a87c3c92b2f329b82da8bc3ce9246

SHA512
bf1de37f714e80b175b7f86be8f1607aee9bd67a3d42065f9e8e38a8c635be5e53263b86006b883e492198a1ebad668d91d0f849087307c2a3d126a3d96c9db4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\advanced_protection_signals\checkmark_aps_signal.svg

Filesize
308B

MD5
347fcc52fabe187dd2874ac17cc338c8

SHA1
8dd274842efd21cd8aa8a74e0b9a9d8f84d7908a

SHA256
8c2964ed5a983edc6c61d53dbbbabef568f47585da92b1ba82157a3863e66244

SHA512
10067023d68903d6ccb655e93525b81d4a11990ec3a7573bd649bf44d56daeb2bfe43359243b6e33cf88dddf6e9dd61c0bdbbe9277352bca4d087df125848ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\advanced_protection_signals\checkmark_bullet.svg

Filesize
330B

MD5
474522e4e9d5e6234dd620fcf9d0fe54

SHA1
e3ed75af7bf1ee444f6de9a55dcd6d83d29d89da

SHA256
2818f27403cfc7e148d6851ffc7e5eb483ec4cf1e435f0130d10ff9dea6457f0

SHA512
8a2e6733e872ffb5eb8f287e1d0e51d9e816e89f75111c957bdc50c5511e46d52bec96859463b93f97fbb29b5bc8e82c517f0de198345d3470d0d4e0299f7896

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\advanced_protection_signals\close-outline.svg

Filesize
312B

MD5
1cb98cb5d4f511bdaefa90948f267841

SHA1
7d6d9e297471536f1f3778dc2a10b67b3e7beee2

SHA256
0f2927ecd197e38779e06c6bb46b748dcc7f3a3a317ac5e68c5c03881e32378c

SHA512
0ea99c682884848a35d329ea03363c92b2099077db7321397f2d6e26e23a362d39534eef820ff45781b9a0a875d2ab945f321122c07aa5d07a794718a90eaf85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\advanced_protection_signals\mcafee-logo.svg

Filesize
9KB

MD5
d140f7d6a0eafe2262be880ae0ce776e

SHA1
3f0d58592bf919ab021ccf516ef8faec1ec8f23d

SHA256
5c6069dab14ef36a0903556cb9205f17c82eda2bce30653955a5132345f65602

SHA512
2318e87f23e1e90c65072a427a0e5cb5234da9bde6d9c571597cf67f83fe5deaf941463404715eb220c0b038e6377bac502e2543f6f14376802e485344632ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\advanced_protection_signals\question-mark.svg

Filesize
831B

MD5
c32451a00fadef2efa6686e01020243f

SHA1
266282c4ff4239eed6789b4643c589b85e040a50

SHA256
0b2b264ca5fe4820ec901be1ef38703edea8ba8c971570efc6b8015808718751

SHA512
fe04b43ef03600103ea481cb9a46c20da6173ff27255baf463f694d7f7885787225e4c90fd30d66fc2d60c448f0f0b80d691d60e17096afee3f5c02a1478b3ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\advanced_protection_signals\scan_for_you.svg

Filesize
3KB

MD5
a253e8273c7184e575f769d31b8ad010

SHA1
7e6c1d0277aae08b2cf2a8f7af57a668adc60077

SHA256
19227e7f909b6b97c5b9d0f9ff2331d676a5a639664a7b25b3498d7a53187be9

SHA512
233c7de0592b1660559f952408560a6a37be46ecf438d207154af54adbc2faee1bfff0bfdfcd3dcbc99bb7c9a144e3b32898e6a742b6837b721aa60a3a2389d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\annotation\green_icon.svg

Filesize
477B

MD5
444850203d1734f8e373f38848fe0b02

SHA1
0550b5e0baea3a64e8aab94cfa0474ef2a9a5cbb

SHA256
354bb055e779ba141e877976285f98a2bef88b5920631980cc02b9bd282e479e

SHA512
43559833e5a54df05b6476c5b973b6a4851d09c5f3d00cc253ef1f1779b6118707b7e4abfc5b2c61de20d52df90d5dd4cde937b6bad86c96aed9dc3145d39bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\annotation\grey_icon.svg

Filesize
1KB

MD5
fecfc0c8d736d8ff1c122bc2365fe149

SHA1
646e7a3bf5df61254e990af3f2c9bd5f69e87729

SHA256
95064660d558235d12132eb7b9e5a13bfac9c41058310a0f6f0a8fabda426efc

SHA512
dd77c12623ca8173fb5848671de026a75e704ab5b194ec5f80e4344f741502598702e74e5b00f089eee3703c789ff83285b0564bf8ac852f437c447510b96989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\annotation\red_icon.svg

Filesize
504B

MD5
6874abe7a6d62d5e2c1861fa95c66b2f

SHA1
bfdee904fc9aa92bfbb705d43356b66253826e4d

SHA256
c3f07a1bea96756dae1182ef31bd63bf02fba89d6e49165c3068d4b51f75a53e

SHA512
1786572d3525093563f60b344641ac2b0ed81e45b82220501299d3f41d5bc9bc3a0db40709e173555047f55df5e92f977438942ae35f984e73187930018d4e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\annotation\yellow_icon.svg

Filesize
535B

MD5
2077bf5b959e912ec79cb5c860e5305e

SHA1
d3f994e9b97aa55426262456a86f98e7a7b52b66

SHA256
36c77c784525e41189abc95e8a7fa29849b3ebe0aff8581a57956e4a755d661e

SHA512
1035bbe8a7e4d614a018a275427edd45f018c8faa84aa9762bc0eff3590dd051f17a0bf04f083ebca90de3672b7cc8491e581ad1d661812c2618aa044af6ca34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\balloon\green_icon.svg

Filesize
242B

MD5
eb73f8788c1708065a7dcda2fe21dffe

SHA1
c09f41ff45007c4f3cb208585a56fa9d4ff0b2fe

SHA256
31d5db151bc0274362b76935a80f1e18475a8766a1dfe6acdf5f7298b43f3a6b

SHA512
5984f95c9d6d5340c961ceab6e1d906f94c20021757913b83602b2f9e2db243ec4dfa90a26b76974bb1dd43bca46c62ac9ca33534964727f69d4c2c69e75d71e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\balloon\grey_icon.svg

Filesize
1KB

MD5
f17cbfe43840090fe3db39c1817cfc28

SHA1
4644694faf769a48beba1a4c29dbda5c1bbacc4a

SHA256
ee84a3ae6209694503a0e7b8c8a52af52c30adf0efb33e69d89e977d8ee6bdcc

SHA512
fffdf486dfdfa7a68cf3cf15ce95a2d6872d9b5ab7af444e86826d46c7287bd4fcefb26e3a096e2893ff8f7f4ff317c636c08412338166f931c36f87551eca38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\balloon\hackersafe_icon.png

Filesize
2KB

MD5
49bb82aa46e9383807dbf1fcb4c5038e

SHA1
79ef500c5bf345e0b4fd7c2b9ce591c855960df9

SHA256
c344e776f86f369d4ceb7e38250f0626ee52967943620fda157d156ff0941ec9

SHA512
ac151702aa332ab43d7ae867d8c70770a48d7d5514a992eb348b39b0514a3938a081ef5f4beb49d1ff4bb95a7c0f768453445ff720a05c1011ccef0ca54d0dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\balloon\red_icon.svg

Filesize
221B

MD5
9d8f6bb24f4b6a8ee3fcded82a37b161

SHA1
82f9ed29cf85548888bdacf1137ec129aed43bc5

SHA256
9b2288d7cfed9b567d6f6f1b9f3f7b1550fbc9157a519323d7ad4f1eaa84f5fa

SHA512
d5bc008a85c17cc4fe30e2be7ddad9c046848cce1ba0e0446d1d5cc38559effac802ae5b5cc5ecfb7c2e95d2c0615d0af04742568bcc08db7cfc0997c3b9dd79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\balloon\yellow_icon.svg

Filesize
388B

MD5
7040e9073a835f3d857096fd5c6b42d2

SHA1
2a578c98a38a417cba8697c43451c6d584f13687

SHA256
ac7937afc52cf9336e3459055ae1407617b6d7ae8a253c71e90b1fde6885fed1

SHA512
aeba788d17f3f083e893baf10a92d44d608b3efa2a433ba4d47278973ae869da9ad3df37d8d5edd5e84ca983893c2bbf27adabb71c604d43e4929b20b2956314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\banner\close.png

Filesize
322B

MD5
c2b58e3a8a5af8b740a61e4c054a9e26

SHA1
5bb475c29dbe19a78ca2135e5f477da375b5018f

SHA256
2df3fa9311562e80c73708e325b23a2538f2e9ce9c1315de4f459517272e0b9d

SHA512
ea35f9f1f04d55d3b55cbe2df356e2faf9d4de7ee97976c53c06155e36481c962e155a6506e0dccbcb948ff04c1c803a27a02c05a0ef0e10d0c629b3a905f39d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\disabled_16.png

Filesize
395B

MD5
951939ce70ba03d9fc87b01939d630b9

SHA1
d0efe77547e5fe3d4b4f03cc753b218c81214d3a

SHA256
bf8a810d14432397a6f05cba502c0e641dc05eb28409cfbf58bee4d0fa052812

SHA512
b6105d4ea576879afa319b2b6ae143e9bff0c188639614cdd1654968d5ec4d46b2288f2879f458ce87bb66cab3293e3af5aa3f47d8ee1ea710e4d4fd0c7076db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\disabled_20.png

Filesize
626B

MD5
c4c8fa194823f8a6bdb4ad41b944110f

SHA1
064160fd6c5548c665f4183faddcd1277bf7b7c8

SHA256
5eab6a9e0eb02d50c2af920ba4f3021975c6a296d000fdfaff04664d7119c9a8

SHA512
b310fd0390ce28d8bda018d279c2c2e5d09c0ac7b98ff2eadbf98875c17b9d96700c8c70195ccbc9183815ee36284da6cce95d439d697c1f4cd85e670cbcf228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\disabled_32.png

Filesize
850B

MD5
98a8ff669d8d435858ea606633353f6d

SHA1
2b94696a4b68ae387fc7e5fefb3229d7c07952c2

SHA256
9056c3365c956cc89b89c7ded168dfd0535bb1cbc1e667671c6766e56a40c2cf

SHA512
19400595840627925cd8a1e4c6a103a78e1a7ea424c0311c7dac6ba3289c4100025d7f2af219c62e82332b4bd01cfd8814363465b702b97538b6271d059b0f22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\disabled_40.png

Filesize
1KB

MD5
b7c6e336b833c4ccbf5626ba167c9128

SHA1
b37808e3fb72ce2aa42750ea740f623b3c5c7455

SHA256
56953173a2237381de9a454fb2609a3c1eae7636e2dcb86ac497b63600b2f661

SHA512
9a059cd1b70415a0f38967cac5c70867d80561e962821511c4d1f15bee213674f646f6ef342b5c7085eb492b1443ba7809b4b062e9f35662c289c5edfd658a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\grey_16.png

Filesize
363B

MD5
9296be76cb5d33fd677e956eb01bd3d9

SHA1
5a07cf95bc611cc7d6155175e2e1b3b94a44f25d

SHA256
876810fdfb23e4f010e10566b1cfdfee8a7e9d0f46f7b525f1a9d56948ac2394

SHA512
ee463e6c147d782776bca5e2667aaf3511eb9348f7cb4a4d461b624dd0917d27080f6c76fa11956b6ef37d40c3e56acdb222437f4f4e845b6a52cea42967bea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\grey_20.png

Filesize
383B

MD5
2443e421470af435608c99af44852157

SHA1
ce014d7d39e19f21b63acdb88d6778d3b4c643fb

SHA256
861af3cf0e4309b3e29b8cb71b6f031c1fb956faa2dac2a38e24b7c29d426c75

SHA512
4e8482dd242f2fbf40d3d3913bfa39670d411b7da948807b76c4ff379228ec5252c297364b2c4f81fdfeaeb5d813426d48b51d02b5ba189875d04fd98aa142e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\grey_32.png

Filesize
529B

MD5
95436926367c0138f001ddc4361bfedf

SHA1
88c0e3b0525bdad6ca53a17d2b8a3c750dc9b61e

SHA256
8e8cab2fb80826fb45a9db3e1d48d05e3fdc208f02a35f68e8f26b1df841ac82

SHA512
1d5d02112e38de9f81ddf9b13239082459814e16b81422c3872cbce3f4e51b9862e8a4b47bf53d15d4615f175fc1877c35617130e916a37376b81a05fe2ef007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\grey_40.png

Filesize
590B

MD5
bae59237da0bbbdabcce1497df6ea17e

SHA1
41af46bbedfef67ee4b78fd0a9c04f65bec08f0e

SHA256
e1eb0be733c2f45a2ddece29908830c197622a130fc9ae6a1404e01a3d7c6238

SHA512
f7eaf0862a947ed712971976f492df813d5c389322aa500fa2a1c5e9af0dc8604674b31c98680bb42ea111451d06c6ed8e8a2f20fe49a79e913c12a866305289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\red_16.png

Filesize
359B

MD5
f0df6f75d6f90b2de500837c6627db34

SHA1
212b109b779a0885da08a0959e27c68de4aef043

SHA256
9080fcc550cad54f1a7c5b559898ca69ab9b3d762f2ab0fce0a65f5c8ed943e8

SHA512
995d28a813940b4362814670b9b94ea50bfac2eea20d26144e46e71e33796af19136c81c683fec9347856bd791f1ecf5baccf0c9bcfb9446eb0276ec16f1a83f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\red_20.png

Filesize
377B

MD5
279a0be45f69e5c53f7424c704c825f1

SHA1
e3352d8356a4e4886e28bf3818719fe3a35f83ba

SHA256
5e3ff0bb95c60b49a9c1a91f473ba6084fd57a0cc8957eb54a2a0356d9601a1a

SHA512
8370b9392fdf45e19a5f547cc04d4868df235bd7af1b5e90452418216a7db8d377a25f00305625a7408fb14d2ea243686eb7f9613635639e4930d1ba56365d24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\red_32.png

Filesize
527B

MD5
3fa1923cb874a4138b1b07d83ff989be

SHA1
7add70363058af580edc3395c62ce1eb9206ffeb

SHA256
0734a4e584b57ee2d712fd41c5c14e8e24803cd170bb47324de7411f608d53ac

SHA512
398c815399a42154ac1dec13f47898fa0d9a1bd466309dcda13ca3628812c154c217e2e7559e90e7a7306472c8b8c05459482410f5cf2547bcc7902cd443ef13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\red_40.png

Filesize
586B

MD5
ac9e077afb0a4c3a13d92992318904dd

SHA1
43c0a522abcb58349c4fa21a24a60fab6e581569

SHA256
de4fa77630c39914c178a24b44edc266c84c2c8eee14683a35b3bb083c83b3d7

SHA512
a0accac7a3c3ce3f50dbe22c57fc216a15cc72cc65ce56e1352f7d8061b3576dd1881bd78052ad1c75ceb28eddecedaa6b74d557895ba164be226314e99718ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\yellow_16.png

Filesize
361B

MD5
882f79f6dad6ce52dd41f3996e0b2c8c

SHA1
ca9a262f6d8c45fcde2ccd174ecd21fdbff848a9

SHA256
87603c2520b498e090eb1feb2253d5f982565c958f80106e16d58e9f6411622a

SHA512
54e521086012cc1f9e73ca3bb003e6bd22550e036c2bb5dcea6ada9052fe3b96d7f49decfb8fe7ba6c223c7d47aa09d3b905e8a3530fa26ef886fa064ba47f25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\yellow_20.png

Filesize
380B

MD5
626fc8d00fb42160da3429671e641732

SHA1
e18c2363a7ed0f40d764b8759da5e3179caff3d2

SHA256
836df926c2b31d262487bf03d7d39aac84b1e6016c6102d585f1590f8b3c7a83

SHA512
7ceae166761a5a06ca46ba61e0473dbcd03c457037ed68d45d7800737dd0629b6fa281703a1307ce49f4fc73d123ae74f29e6fbe48aadc9f333175acb05614f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\yellow_32.png

Filesize
524B

MD5
ccd1384dacb82fdd12fe34ad50479933

SHA1
66b271d08046b637a79c2081ad3b28dd4ce9941f

SHA256
90a6f9e02fec898468fa32a9ddc51443fba828362cda8082e7089705318a6ab5

SHA512
7ae0e187a42c8c892b10727f3c40c9ef2b1d8d8c4dbf83a9c2c2025a7ce7f9c4d8bfa566ee5d10abd6b21bdea46d3109ab6b256d15493f4a3ee9e1c91328d36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\browser_action\yellow_40.png

Filesize
590B

MD5
a0cdbcae4006b221911f15fabdf28896

SHA1
c70708f133c52629ce389191da78bd2fbe7cf692

SHA256
1d9231710b2f4f3bb8c36ca93a02262ba8d2861672c79f95960dedf9a15879ba

SHA512
0bd400cbba5d6548604e9936d1db7a4fdba28c6333ab6f1b41ac728e0c37ff5c65af112bf8c3b600ccc6a411353b56294fdb03120c2f0a4dcf1a308343a16a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\download_scan\close-outline.svg

Filesize
314B

MD5
854d9f4841f3fd6b71c8f0c216590549

SHA1
c5543d1eb7ecfb19e24e5e26d070e26d02efc3a2

SHA256
9d14b866099d21c67b28a6c870f3a4a535f81b88bd97102c32edd346d2f15868

SHA512
74278b6d68184c8e9d04fe25b4d40703d04e4d085df18a3baf0f03bcbcde20e4a1761a7d68abfe442d661ceafcd33bfe46a47cb22ecb614f8c60e1e28fba1129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\download_scan\download_scan_icon.svg

Filesize
979B

MD5
e152a06f544c2445e476f9245721cadf

SHA1
fe537df1b8ab747e4f69fc7b90f6e65ee57cb7a0

SHA256
afb3cb99272b60d9ce409d2db3584f29db0de5e50776db99e9118f9fa18dc943

SHA512
d2424563faf06896cc63849cf8418423c6470e36fbe23db0549ca74a927f7618bde2ac605e795a3e553941471975006eeae1b2f4a5aee12cac7366a6ce3d9dc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\download_scan\mcafee_logo_red.svg

Filesize
3KB

MD5
23868054d056d5052692b09fe9e4e5e5

SHA1
b3e5caa5593e87f3306afd207ec765cdb5b6ae48

SHA256
634cf5fbabb8573d98046d26efb66556a1d38a1ddd27da51e3187c785c07114a

SHA512
7cc1c3ac3b86d1bc690b1e4c86359de072cb5f62608b805ba6a3630a8f3cba78447f115974520eacf312b68be42423431cce695dc6f10ab763fbb5aaf77422ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\download_scan\mcafee_logo_white.svg

Filesize
381B

MD5
7be675b6e967d8d55993ecc5d0685e03

SHA1
1dbc9a3a299c6d88e5a51b7fea4225cc2dbd618e

SHA256
855cfdfcfca492037c9bf50e813f431594eb408750759a644c1ded9348c07559

SHA512
d28a32bfa95dfe4ab4cd42c970904b8f73f59af8f0ba1d7a2f257af2f5ab93207bb18a81f98a2025c0ac83535f32b7ba8501427cf2f2140b4cda11911b2e909b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\download_scan\seperator_line.svg

Filesize
312B

MD5
20de99f72eed4e646c823f6683f7efd2

SHA1
98d0df7f2426563eec5584da4202216fa3d929d8

SHA256
3cd89daf88eb5ccd1fa1054fd10a872d0c01e40491125d20ec26ecf96712c573

SHA512
e3433a4879789a787f9409a3736098ac6c181d33b22d7ce830a0edf49409858097ccef28d3bfac71ed26ae6adaaf82bb52557c2630a90baa63f7648955935a09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\download_scan\webadvisor.svg

Filesize
6KB

MD5
aa94fe6f7192aac14be72ac6a98b437a

SHA1
e996bfe46d56845febbf638514edb6fce8457c8a

SHA256
a4279bff1bbaaaadb2f89b2dbb2c77be7daee304ebeb776885607bcb4d8613d3

SHA512
4d0ca0371558326bb18d888721f923fa83f793dd9d53b7d98c2fe7972fcce0257bbfab150c284d26d10648b2df92e8dc4cdf89709c0d4c93bb336a0fbd9003b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\dws\confirmation-logo.svg

Filesize
854B

MD5
69bf1ef2983de97f65c4aa42e7472f85

SHA1
b734db797e7b53014907831b6250573a2da5910e

SHA256
7f3512a5cf0022bac65b5d70b92b63e5e92066b748371be9ae293f8000a2be93

SHA512
cd2c4c803e702b15dbec84bd2cf1dac6c9debeb96ae9a9ac491777539f9290ed6eccdf9f9595e52bd154770fb0bd66c7558c185a300bd325ac668170b5d10579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\dws\error-fill.svg

Filesize
772B

MD5
3cb989496c8ddc97be225c95cc37c439

SHA1
508df201964be2d37feb6c6888c53cc639520117

SHA256
d19b7b0fe7a1344005a9fbb4c43e62067e4a7aaf648d91f6cc20bc8489870ffb

SHA512
0f2bb1e8c9438301b7167311baa2eadb55ef3c6a32e903f99e9b461150f4e5d4ca020e4ea92fc7623cf45f408a7e088f8fbdfa5b256eacde7566124cae382720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\dws\external-link-logo.svg

Filesize
308B

MD5
52acb8689812d4b46cb56a248eeb9f65

SHA1
dc2cf7c46cbb87a917fdad6904547ecca0871aaa

SHA256
d3d5aac3a584ea056f6b372c2ed6e923e37c11aa5f7a529ccd0dc8ecfc2874d8

SHA512
af09ec04dabaededb5c40cd12f3849009e7d855874ddece241b1bc073324f9d6733419964c5de1fc5b7c82b41522edf3983100eabb5ee574575a085d28180dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\dws\scan-email-logo.svg

Filesize
274KB

MD5
ea6e8b4848adfeb2eaaa27de5962fc37

SHA1
2a0edb8bedf9d57bf39e8e028233407ce424e538

SHA256
baf530440ab599a4db465a9e41d2da8ecda41f0218aca01e9aba98f3ba81e705

SHA512
83f32fcd1e14eb840abd57ed5aa11eef415f1b3981f2efb227ec5b968388f07052d1c434f432ec0a0c337d257040928dd4efbb26aaff0d88c825c2a290049063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\ff_policy\alert_screen.png

Filesize
5KB

MD5
12fca4c20c37942db74987c8a0fd01d7

SHA1
52de7a95f2af5d4e529eb9eb5f62600118e43eef

SHA256
3b1a9b3aa7efbb556e23ca353cd0d05cc82384d411b4e47567f8c6968c69c3c2

SHA512
dc78ed1f6e0c23d8296c84680efa294c12b2076f7fb7cf4a8cf17860e6a110466bcaf6613e8f261e93fed3ddb3c1cf89b5b5003f4a5c5d1cfcbaa7bbc790e7d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\ff_policy\happy_laptop.svg

Filesize
64KB

MD5
db6809b78d2ce694866854df42cafe20

SHA1
f194c987b33c82fe59096a4855570301e275aa73

SHA256
a99affc0df5814b03a8992d86bf91de675ff5e8a15ef45d3a536fc55317af4e0

SHA512
66f3f864bc924f7b3ba6e29fe02a783ed4e13b5c0fbec82c381b3f71919f7d9070fd2e912309192695669b929b298f0a1397ee906f703fbea1947f68999e3490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\ff_policy\warning_screen.png

Filesize
5KB

MD5
7aa3f70a85dc324c718aca5f5b7550fd

SHA1
5ea50652a9f1f03ef952b3bc8521265a9886ea6c

SHA256
82689d858aa23889913b86277a1ce2e93e61a2ef56513fa982029e18caf3ff44

SHA512
94773f73fe61e8c5b44807ca918c47ce6c6761c849b781edc26c89dfa36f7baa477ae900dbabf1eb2279152cb7b1bf76d0e200e11b3b9e2adee3833d2ccf9403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\how_it_works\background-bottom.svg

Filesize
267B

MD5
3b1a1232507e6bd4cd280944a71f1471

SHA1
171ae3970304d1911ddee40e47e5627b2d4fa197

SHA256
31ca680330d42c3a21b02b0681f077a7d0b7c9530a8236708ad21b917a0a498b

SHA512
baae280fe94e6726c879bbcf450f1c23e6a417b3d37a0e1dfee83980765b7ca7bfdc5c8145902c150384a465cc07e8618593c6019808586e9c7b4109c75f4a25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\how_it_works\background-human.svg

Filesize
30KB

MD5
92b7e1ac77450e5eedce133729c54eda

SHA1
952f069f83093aef8eb2bb80fe76ee6c7828fd03

SHA256
77fda79cadc42c3896cc9f8912cb0a4a31380944a8220aca7b51cacf33664b70

SHA512
44350a425f2758f2c46aed2195c99ae0a32a4ad3da3d0ead6cfb42e194d4853c018f012dd690d377ec4b9960c54cc88effa5543f6e6004907d761391da1de1c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\how_it_works\facebook.svg

Filesize
49KB

MD5
f2b7c996810fd9e7b0698fab23df1943

SHA1
3bdd4cdae9379d8262fc5c9c3a58127f8b391635

SHA256
b90b8cb8fa98bad759d6868b3cccbb99ff3404e0fe5e4371e5b422caaf95602b

SHA512
5a7eb3a3cb94b3eb21e77c0bbedb23ff144dc110e3b72bea6e5cfb22b34761f2c155b4392491c903595e0b9870021a23b314622c717b6150f3d4432a81623a14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\how_it_works\phishing.svg

Filesize
1KB

MD5
d5ac8d0033d0e73693484d210a1927fe

SHA1
ab5cc965daf2e715c9f95fda886cbe32bfe82fa9

SHA256
fc0d125482a0b5e7a003d92b693c636780e724c5a79db36c941a05c5d42835c9

SHA512
2f0321266f137372e6fa49e8e87916a3d109bfc7556948ce745736810e27cd3e293e4bb131f7cd93746fb5591dc61333690a34447738d5982077c9694c22e291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\how_it_works\saferdownloads.svg

Filesize
4KB

MD5
535cf3e3104ca11b733ecd85c288be4a

SHA1
6204d97f515832ed77cd522b25fa197e3714e098

SHA256
e25cee5930fac5d01e23bf80a9b2159dfce55d0b99e0f001a4f65433b9eace1e

SHA512
cd6199728b48321e548366629c74a2956706a3e60c4f5e748a33b3d925449ef2b0df18ebfc4024b8d43072cd909a16cd9ecfaaee442090dcec62be58bcb7cd5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\how_it_works\securityalerts.svg

Filesize
2KB

MD5
3102cea620263b4ec9550765f201361f

SHA1
c7a6054dbbf5fd799ba4bb53a78fff8a4ae7d6be

SHA256
0446b3c4e074bb1a0b43ef9a655273f6b5033d84970ea1802a21804949d22c3d

SHA512
4965a6e37ad9f96fdf6074fcc27f0e1ba041b7a9753bfb5071fe807090bc654cb5aa29814a2b771845ec3efec560c0f9d823c8bc91d7cdca974c180142de5c64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\how_it_works\socialmedia.svg

Filesize
5KB

MD5
ca93a52102d359a45dde07653df642d3

SHA1
dfc0f23bfb27a3594829e3b91c5ea2d504211fac

SHA256
f0e67190ce067c30af0039bc1a62ba5e33701644777b329d29a2e6c2d00b00ca

SHA512
5f0c34d58d342d9358294b042a2325325e75dfd1d929d1ead9243a4b4750b46b3350140ab724ab849f2d722fa5dc2f691e6ddabad5b89ff30eaaa93de3331562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\how_it_works\twitter.svg

Filesize
899B

MD5
90870165c0eb49b66ff6b7a5854f2dd5

SHA1
75324bc9579b0c3c15a82c7cdf070857a64fe99b

SHA256
78c333235dfd5ac6174fcb5e778e6a3b2d6a6f3fb1c2e62f272beaef95622fc6

SHA512
5106df2f9b97e531acdcc2eb6a48e9a81d6a99baa4644ac1a41deda9ac14f9e5972d5c1c385c678094378f6c77029d0e585e69dbcf8da7112602bebd09a32f60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\how_it_works\urlhijacking.svg

Filesize
3KB

MD5
bc2d8ea056bdbd741342cb93079e96c3

SHA1
8caefb53af0b68f8be2328c2f4cd5c78535fcd14

SHA256
00f6d507053a8747274debb069c02501642d102e597cd5a27c3daa56568e69e2

SHA512
df05ecdfec6549c0d1fd6d9d29a822be7b69f1fe11307d9cc257ed1b9f027f603c589dccfc810b3e05c5326b751dd70f7d0f5e07d8d4c39bd0dfdcd6e1fecb38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\how_it_works\youtube.svg

Filesize
49KB

MD5
da42649358713f7d5fbf23c73791c09b

SHA1
0898292dd6f3ba291230c8f79ffe0f52524ae91f

SHA256
92bda42a1ec1032c7ccd17c8c8851583f6f1caa4927db744c4c022f69e1717a9

SHA512
de0d53ad1bb9df33cdcd0cbc2ddac12a5e0aa8631bb3e8c9d337df32367d2576c7a2e770e538e1e7dd912835e064db95d78c21767c6531f2eeb7ea906f325e76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\iframe\block.png

Filesize
2KB

MD5
64a5a282d53b093562d16c27d2fb0866

SHA1
2b5d22bcf322629447d8bbf244a632918cb37e04

SHA256
b7533e7192c16c92e0efec5e38bb4c9479a487d6f6334ea1878df4b0287739cf

SHA512
84666e2811babad3cc30b9c2e068450a94fa92f0964db8668aaa85a8cb33f4f83a535d1755e90040dc97724b36283b9b00d5478bab0de14398ab4b36c383d78b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\iframe\diagonal.gif

Filesize
67B

MD5
aeeca2f21a1eb806a8fb1b305cbd8490

SHA1
1eb1534778af34c0aa2d6ddedc923e7dd4c9eede

SHA256
ebe37863c45d88a32d3b15a220a6ba3c18ec46271e4c675ea6b6d2330a6eff21

SHA512
68930ad82e8dd9ee3c5a0ca85d9b0e06df7f21ad36d33a8be516787049146b18239200f0f7600288ecefc182b12329bb1a44766f30f9767e7b03f710214c3d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\no_native_toast\close_btn.svg

Filesize
243B

MD5
2d597ec8fc3fd28cc675a767331d83a0

SHA1
5c7e8782fd64f471d030f4d20ea35b4b58c5f993

SHA256
a821b14cdb81cabaede76ccffc6494748729f561d243dea9be8b08423c3c5611

SHA512
dde4dce5f6f932a392f19f390b32faa7702b6364d13f7f92998fbb28bb3ab050a1b7549d067a05d71901c122b1431a3b4c0685d9f42f112d804af6a8918c50ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\no_native_toast\download_native.svg

Filesize
6KB

MD5
c8ef16b50a70d00e82fb1b146827ed47

SHA1
3610f8b0e9d5bf0819740f4a6dcc548bb804bb4a

SHA256
0674b07783bda3911a905cd35564a8d6cae9fcd76a1bd97648da8ea46f19189e

SHA512
158d1ae406add704cbd857d99424612e22349e3370d2ea0d74fe595686f5769f7e6c5f9e164ed43bea616e3d9a4429f5d6182441930c3f554e30e36dcadafa65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\no_native_toast\install_native.svg

Filesize
30KB

MD5
ba62dbfb7b82197469739cd547828859

SHA1
278833bb0c854412a066216200225cb708303099

SHA256
7d525193664c518933def7afb44f2d8810d24aaf940e32dae5b1777d37c793cc

SHA512
99d919032bf019297612b0908a0ec9df2331fbe40b4837246047bd9297fb0c2b864808d34f7becb441583da9bb16c677cb18b4734b8f07d425a27837909a9606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\no_native_toast\mcafee_landscape.svg

Filesize
3KB

MD5
de2e3d1d3d340dd79149003f9604acaa

SHA1
91e26ec2db5f9895070565f12de70d034302788f

SHA256
3fcdcaa254e6b96313bad0f31acee9e09e3bffe596b6de855a25df4b45cc26c0

SHA512
45f0bbf386cdfbf02ccacd3ff17fbbefa58f0240a0981d5246a7346b26947aafae960887a58ad4d444342cd242bb9dd41880a5f7911c0f579511d1bb45615854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\overlay\arrow-up.svg

Filesize
1KB

MD5
4cf3a1b20964ae2b7150ffb77db9d094

SHA1
99e0efb3195d3eac4b450a36ec334c1e14809a3d

SHA256
553e55b2d10285f54dd2faf204751af38f7f0da2a79060b5e82c8bfe2c2f7f31

SHA512
10a30f15cdb8a99b5d5d06a18f856a2d8f1c4b749e2821517cd0c91f373872fc89e3b2606b38cdb71916fc1f162a1e2e9a337b65f594ce9d5e99bfcf8f5a8d9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\add-gray.png

Filesize
245B

MD5
290866c95a92068264d23970c501e005

SHA1
8c754920f13ef23c0fef5db8e66f871c0be3a655

SHA256
7c7a7933f67fd514d67bb717333d31fc280d0c0fb46270bd45b85ce9d38e42b4

SHA512
e65639ba538c43baadd64eefc0eef0631ca14941c4ba81cfcd625bf39e40eb528e786f600a60d63c2ab0347b01a59c50684d799fb7dd29856d66de42db32f244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\add-white.png

Filesize
215B

MD5
7fa9e475ab0f70f1715f97f458399b9f

SHA1
99b9f148d7dc68bbd28e410e8c50ad85c8206a5a

SHA256
e9561a833692998f7179af1a4909b3d38c7423970b2a329ca26d7470cba4d90f

SHA512
f5e4f38e18636f3581cd0b9f8f183e2e4fd6b34a473fc3fbd882c5c3371e0a5529950a40f45b854f388c19f302f2a011e1a7b7645c8a954d2e3c3397402acf33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\checkmark-disabled.svg

Filesize
290B

MD5
1d6686bfc594e62391c7d5c2b1b3cdb8

SHA1
a8b7d88d6f2e3add358ead563a022e90a8861a30

SHA256
0e452d7cb43d92add3ae9631e2a1d32cfa042efd6a04cb71a29d0166d21cafc3

SHA512
1bfe3117f6f9ba7f5597d960d63926daab167b2697d0f608d4074447583b617ef844ff2c2c467089b5ae0939654855cb1c5c76343bd53115c42d7ed828fb3d4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\checkmark.svg

Filesize
301B

MD5
8252bfa40d72b6d1ed58fc100eac6e63

SHA1
a7408f4145588ee8a7b444ae6f222fba7deef5b2

SHA256
fe4a18ba692b3fbf4aefd5512cc3c9eb58b56561b3079c56b1e2b101a7023902

SHA512
0ca4ab2ab92438344a6ec7eb00f71a2433b1e2fd88a1adc055edc392dddbdda4619f71305cda21a1169d7521360b9833a278a2f2c54f5dbcc9035143155689ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\facebook-disabled.svg

Filesize
48KB

MD5
fe2b7520a61092c32badff400f00d496

SHA1
1735baeef0548ff304669d82ed537a9b6939131f

SHA256
2e6468409d66b796af3095010f94aa55e8d8c810947289ad376e4167d19afcc9

SHA512
4757dd3c666c399003a660cf5bf53b2f6fbd0c06a50bcd48e784ffa8510a4d4c4b9629d1e279adacab4f77053b9d6866666c7a5fbdabad2d96b9e0dc8b6bb67f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\facebook.svg

Filesize
16KB

MD5
f569bfbf7409b40b64f3ece7dfe2582c

SHA1
ad1fe2a23418896651e79422c031e96d331ee123

SHA256
0f7450652e611e8aa86e8e6b3e89e00aff6f8757d7820828d94f9d7d04f449e5

SHA512
ccc663dd354e16a3b8b0d5a381d1e49f9bf4d315416e7d37be82dca722c76503166a2d226a0fcec82495dbc3ab42294c247c7f7fcb2195b968fde4d9f4d27751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\instagram-disabled.svg

Filesize
35KB

MD5
494be2e5f9239b8b4a08ed072d9d81f7

SHA1
9396526589a12e18e914c66902e0a01aad911bfb

SHA256
aeca7a435408051f8ac1be787fcc286bf422dd6d661a17155d00f2a5c1ea3953

SHA512
36accea0088b0b3a26adbc390b233a7e1d859d52dea8a8922c79e0aa7ef1f0cd84b82bc75053b5b98d4f4ac3b521a9456b73a96170ac1ee8ac30d8f6e302f417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\instagram.svg

Filesize
48KB

MD5
8f4c6e3f3a5a571f7f76de7beb1054ec

SHA1
336e4ea41ca48b13fbbbff115ef77c37f2978aff

SHA256
1428af01f67f406ece2d31831f7e25d65d8eeacec04e03de96a9659d49a133d5

SHA512
dba346b78fcdc694b7c17659aaec336920e6ce116006d6f7f5fe17242e00a140d6dd1101ebdb052770c56c38de4964120e5ad0f374191ffbbd3a1139143e82f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\linkedin-disabled.svg

Filesize
8KB

MD5
e03ba80f2fa98e92241d24d881391ff7

SHA1
1d9c79c6878e022ca5aa08ed63760d87fbe4df40

SHA256
725140d10f0836acd3ea352722ab08c56d45e9f69a20133ec5429035273513d7

SHA512
ca73ada6655facb3561e30a0f8f71f572b8f68f765a7450c18ec9b533dc41e7acedaeb21c905d035beb4646dcce999b456744cc0637dd77f1d30b7e0789a2883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\linkedin.svg

Filesize
3KB

MD5
3fe661e5de95005a38824476ecc23e85

SHA1
d6282115581c0e282cb0fa3134ef52ec45f5c1b4

SHA256
db2b2d6edc31e2eac165d11fc30df2932186e79d53ffec004a43225501bfb4e8

SHA512
449debfc95619b5bff6d8e3411e42918afe1269e7b23763e39b5f1205ae906b0e85aab3becc5719df016126a5d09e0ae6edaade1253625651f62e4f4aac6e962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\mcafee-shield-pattern.svg

Filesize
405KB

MD5
33a6b33703566cf94eb42b8af280aa67

SHA1
5e35b60f7ecff1cbc9c97a23b3a6bc3c3c429207

SHA256
d9b86ec7a86abfbee38265d0fa5e4fe6b5c09e3e6a8301f51269f18b7a3d4712

SHA512
eb30e52ad6181081388c41a490d8864b87eba34745a7d0f9343f67f8dfb86b08cf351d68835a4c2788860fd0743985acfd4d3f02ae1377f8e554583f412223da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\reddit-disabled.svg

Filesize
100KB

MD5
8a54fb9d38e1072b28619e29b430cbcb

SHA1
7cfa6c000a324064289ceca1756886ed393e95d4

SHA256
2c0d774c77336d1359467b9ae86bb69bf3200814268bf4984ada050fd5a51fb6

SHA512
88d966c0a1f4ccff61897f1d14d5570322be7d7224add262c5965859c385203f46edc074a63f4c324e498ad1ddb828cc7310392b916f50daa0658faaf188425a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\reddit.svg

Filesize
71KB

MD5
8d9f86a9a69c4e2362376ad038e02b72

SHA1
c55cd50ef5cb7120b40e61562b26735c0956927a

SHA256
ea22146ca6462024b2edf567ddb0b411e0f2da4838aec95771e375eedf7d12da

SHA512
0ad8c0981167746fa30640bf8dbf257cd1a5731a9de6667fced7e2e58735ba58d3ef62c460ab36be6974f7511e6582b6a4fbd13fbb71c0cf6beaa6040b921778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\remove-gray.png

Filesize
102B

MD5
10a8b5a8a34affacae5ccd390b4cf437

SHA1
a5a7c0cab2e2531deeb0ee691fda0f4e0c0acc5e

SHA256
8a0ac48fa60727d3decba5b405df3acd05eedbefde23ecd750ef3d5bf45e754f

SHA512
ccb9a2f1be0f1a29c9f5c1146f5b05e23bc972104ef35959e726f59e302e288a454b6876216e8ee09f96c0f0999cb2eb695aee6bfc5dca58e0e5e158377a07e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\remove-white.png

Filesize
97B

MD5
b14973ab6e5372cba0d017b2555906d1

SHA1
f33f0f03cda1b3689722b6edc3b26a4447728350

SHA256
d0616a4d04f40964b1d64a6a4ce419f87fc16eaba8bb94156a66abe361935b92

SHA512
c04cff1f3353fa02940a8e56fac1c5b86a266211cecbc23f0703f0a16d30f9f4ba3e188e74bd11165bb6daae895a26c6d1df29651af9166d1fad1606ebec8cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\x-icon.svg

Filesize
778B

MD5
3c501ad9f83b68417c35b0c6287d6b1a

SHA1
6e8c5f254609123e6b77e0b609746fce2208a51d

SHA256
993247a60eeb729732329d8a1c87683629195a55560c91c28bceb8ffc38482fa

SHA512
c0a9388af7dacfa5b24d51ca987f539e383ee3d2503357f5453812458acc0102fb13d46fc552ff3fb057056f271a369456f3037e9b9c84e3528bfbf7bf6f6d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\youtube-disabled.svg

Filesize
22KB

MD5
1da29c03897d34a49a2859ee7e5144d1

SHA1
4305531e08c68d2b892d1e4eeb0e7495ab1b05ea

SHA256
59644e8db54b3d4a1fa8f71f15367fabb8d8715f8ed76b3f9c7b4a2b3e1eb565

SHA512
a559d95b5b1f6de463da0406a19e20c1ff9fe3ef42f6ec16d1217d86defe6ed454c7d85a0512e075c83f2628c520622e6c292c15a65ce230e77aece97ed2d76a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\settings\youtube.svg

Filesize
10KB

MD5
95ab7ba91f3f8d8e331bc046bb9a89b7

SHA1
877b5ba3e36585db17043357cae76516df476458

SHA256
72f99ed3d833dacb35530d45fb5be816f02a7cb19d93c19762981b4001a8ca68

SHA512
f1aa009a36a33add029c61a812a68fd415a4ceb438e7e4561c6ca9eddf3d2d8725b6cee173e4df0cb3c9273c16d42dc0003568554da1973160d6f12cf7082fc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\sidebar\home.svg

Filesize
496B

MD5
d0ecdff375c24f74221f68225039b36c

SHA1
bbfd3c9315144f38d6097d9bd21a0c6da795000c

SHA256
f9598b5b10ea88a26757dcfd8ee2e2022dd7e1170980418505b98e837015f023

SHA512
06a21fb271c3d2a1f9bead6d0ea6f77bcf18033ab25c039ec2303b959d103277671dae386ef1905c9b68d1e710f42a499a2234b548995ca531f67711a05d4aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\sidebar\popup-logo.svg

Filesize
13KB

MD5
650d3a2956d151d8cbb9b84b76f74ac5

SHA1
14b1fa01a91b5f47bf9b33c949c09d46fca877c1

SHA256
6ba2ccc2dd26ea71b6ef652fab7d3994c2641dd74c0228308c0ad6935b9f3249

SHA512
5557e53f9cd2d10fe05fe7610de5939a8075e929394a025d4c9efbc0725e56e3cef020f71306aee248eb599299f23896e432a8d906028dd2bd3b0bd94cc98574

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\close_icon.svg

Filesize
217B

MD5
097943f80730cca1a88700e0d73250b6

SHA1
df6296484e33a1ccab52f477e9e3f28a53869536

SHA256
9ce40ec068ef3eb9bc375a51d80d2d10aca5fda5ba839e83e1a1b8f2eaf02b92

SHA512
6c2b23dc013fa6ab92aed6a8a8f970ef04b5c2e98623b2d1e6ce0919a94bddfafd484a44eadc909cf03d6782aa1c1d6d38872aa9da907094936d5eb9ae730aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\logo.svg

Filesize
10KB

MD5
ed708c571abb2920ea9e8777d072d33d

SHA1
cb224b6794e7cbc6b092b874e45d057b466145ff

SHA256
c7b585a3f5d3f0fcc6d99d09b2a03ab0a47cfdf40702a5a9b0899ec2e422d95e

SHA512
942807a857b82ae22e1dc4a7205713e4365f703a07a8388ff1ac843868b2a17bc5f12ce306cc07ddc9e7a96ee4140d02b46eed334aeb229da0d2e6491ddd542e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\sad_face.svg

Filesize
1KB

MD5
7cb45d712d0d3da14b000209bba4dfd6

SHA1
6ba4472c9fcf1e1ff4d6b782d743493e8cdf5cfa

SHA256
c19d804fab52bc557024db7c4c0034e01fdf45cab1ba34eefc5bbca37e987d1b

SHA512
a78e8df9728b826550d986bfd1804edd7cd36da826be188f7776336197bc72a217986354fe510cc5aa9391ddf6aaf2c6395aad71f44d0161e44d04c156b26948

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\search_icon.svg

Filesize
282B

MD5
60b2f7207496a45ff9d0c56d3196477d

SHA1
296727c74f6cec5223e77a1d4ed95bcb4561dbfb

SHA256
c145b6ddd558318f0cc8eeb11f6ea474c690769cde2271677e1005a0fb00f532

SHA512
7f8d46b0e52efbd7853ad50e4a0b733d155e82264664633affeafb374c906a69a8364c002eb1ab111330787b4c975403e0708ba2b9dd5f8f0b05188c7d0c4ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\side_logo_green.svg

Filesize
2KB

MD5
c497ec5bd201ed39d481d45806966867

SHA1
9b83d45664af236386322d3df77ac826475e19d4

SHA256
3665a2cbffd36668b06f473c2924180bdffdb97774ee62c6764c83878fb6a7e0

SHA512
a08a1b3ece19973ffe484f087c276ecb9171cc8a9d7664f880bf8637a7f5d54976053cb933fad344402d5e21f7ea4a0544d89c1546c5279a23b76aa8dcf5bad0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\side_logo_red.svg

Filesize
2KB

MD5
f14e3d0982634c59cdf07afceaa4f5e1

SHA1
09937c430395dc2b26b22354d9c49cfd29bf912e

SHA256
c16eedb1e76ef8d8ec21fd9080e0d1bcd529c05a6565c6fb9838728194bbb16b

SHA512
48311c5740f6481987bd1c2af33fde8b4a1adc98521642f5e36c50d8e6df2e637052d0b940255fcdb2da376dce5072303fbe94719c2cc81ce31cdd7f674312ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\side_logo_unknown.svg

Filesize
2KB

MD5
eef13b8c98033b4d6e7bf020fd0c7a72

SHA1
612dc1cca9b3f3e037f771efa920a74615172591

SHA256
56509f804340038f1abe9b56deca61d110a3f9020805fe31621492ac7b87fd6e

SHA512
b73e6b0fc19e688fccf5932113abe257a7bc5022fec66d596954626272a81a297070016c9d580256cd01b193354f48085a2b6c07a46ce6062ec3a1ba1a356919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\side_logo_yellow.svg

Filesize
2KB

MD5
e16190dcf46d5a978b83fa873cf5c6d0

SHA1
a757fd5648ebce07f8c1271a58f648e7aa45ac35

SHA256
cf0f2ed2ecabe6894cf40093bdd82fac51a26ef754c3a597f6dd9f215647c454

SHA512
3984563f0d5a22e6c1bf0212e2bb46f2ad43694b5379eb44bf7dce6a701e02cb51c96350c686c65a6800561db739cd216c75b81ac73deb914ed7c6d10d0bc4ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\smile_face.svg

Filesize
4KB

MD5
f01e50bab229fa30c2780904ad2d89aa

SHA1
8de1d01e2746419a20c59adba80b7552b19f97f1

SHA256
3f0f3fd76158e1e010f4a8de042b0bd57f9aa1ab0a6ca7e076eedbfe44dc3698

SHA512
af98663da6f17a8fb47853063e36cecf992c0ae1e0777517c656a23fa161a08ae5e9e346979e5f85e1a427a38cf915bea88e55fdefe0954ae70c3637413afee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\thanks_feedback_icon.svg

Filesize
38KB

MD5
398983b7e7c9ff221847cc8916f6b0ef

SHA1
f1fc6d77f305dfbbc9c3bc1cabf254c886effb6a

SHA256
0dd21dfeb6ae5368a599f2ff0828e04a4f095394464c244a89376b854055cc9c

SHA512
3d0eaaa67f99e4beb24f15fa2f5ef86d193278774a0ad8db256e2b223dab2db9e0fc2615bc2df631df2c29bd7a9f95e131f83d36a95a3317b84da413995b23a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\warning_green.svg

Filesize
537B

MD5
3d867c84e1e6d2fd30e61072133eeda8

SHA1
61b9740db47dea7ddc7c8929d03b9c927067d77c

SHA256
5068c87fdf7e527035dbf48e28c16e97a64e4d2e71dc869cb798b9b6cb926fdd

SHA512
96b77b9b89067a00867074dbdbbc42c84e9c529a7c0d3a70a53b8918ad76babaa953c84d98881a57be61203f44b8dda606329f41d205cb6236d15edb7c79e12c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\warning_red.svg

Filesize
632B

MD5
c5fb6e2c21002496cf142f66ac2c5e2b

SHA1
13fa6674097eff4a7730746c5862e0067f77a1b1

SHA256
c301ddee10d154d56eed3e8e1b0d84ec685b55f1bfe0f9e12e5ef46f6589b0c6

SHA512
e1d12242e5ff6ffb8ae262fc146f8e60a6ed11117ff6e23228bb836e9c705b9c6321830aa171d77001393639bf342a4726bb25590f7c30d48f5fb6edfb388f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\warning_unknown.svg

Filesize
632B

MD5
9b1966801500c78203a89885aaa1a528

SHA1
a3f59595c710d16a88b111ea4b87d7ae5b670bab

SHA256
298e1d2b8ea48987a2df6c4ccf0a3aa0a3feeec429ce68b66d4cac617b45f4f3

SHA512
e9b328aa214bdce039694b6936b2f55b926d0379fe01d757d870b2d303727c6349a3a0e6074d76694c6470fb95e4a3df4204863121f9531d5fe245f9eb747ec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\warning_yellow.svg

Filesize
632B

MD5
c6c7c219d1f7f74addcec8ce48f193a5

SHA1
0ecc4ae1f29027928f9bbad299942fc6bcb11c60

SHA256
02584615a227a5bcffec51320549404a772df8f2d78f6e13779ec91f6da70ed3

SHA512
5410ef0cb7efe69a8dbe54d7a9c79b4233f719c893cff15b8d55a886d0ec88362be4fc707c4754aadfef9bdfee0f50facccca2ce3eea12eed83fde6d3f528a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\wave_green.svg

Filesize
894B

MD5
4c5d32afdab60c45a088141dbce107fa

SHA1
964a81b73f599aa0301d9430ce006f01d4dc8917

SHA256
dc63328dd136cc3582f7dadeb580e9c00b62f937ea05d0fcc75808f1b0fc057a

SHA512
38ae34c068b538def1b742109b00bfd6524483289d62e73a854c3418572f23fb7f0ecd9aadc6028a80c9934dac9ef0424f6d25a684da3492532e3056a592ce6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\wave_red.svg

Filesize
896B

MD5
11e63557a03e92aafaf2a9e3ec1a6f10

SHA1
4963df7c26135be1d1aeeabde78efdb00e6af988

SHA256
a1dcbd3bf0eec977abc532cd32ca1ea81b3832cdc353a800413ea2b1785d8261

SHA512
639cf73e43017f5cceff9789bc26f40ecd0eb07f2a5ef79474e220f1929f1191dff98acae3a0ee6c824e8873e1daeed41d601f44305d0756fe1c938b5ce05f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\wave_unknown.svg

Filesize
894B

MD5
59d0ed068bcdf2d9d046765ba93418ba

SHA1
ff16c32872df7cde003cd2946b0f809d8aac3056

SHA256
44aef871c7ba47dba8e8c79b921442339e1a954bde7ee52da857d11f723e76e9

SHA512
cb2463b93be53fd85c67ff6a48aff9275c5e8e4e5a04e2028d26ff1318b7b7d5e9cf5fd0993431f687900260e3a5346217701dd969907f5a158bbac7d8dc852b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\site_status\wave_yellow.svg

Filesize
894B

MD5
11d1f40a53bbd6eb84c41caa4f18c989

SHA1
214154b9ea931c8f23e84e549fbf6de4b156da23

SHA256
e339489ec7cfc3142d62cd46c14185cc990f2a66d2833f94aaf1543bf23a9bc6

SHA512
c7e7f6ef317f874b38da86a0e29d280f77f782b6c4cf3fc8a7dd02ace2d62578fea7ed692641f9665debd9d1e9074fcafbc637411684e0b3199ae43ac0162531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\facebook-disabled.svg

Filesize
965B

MD5
814d8b8c7e574e45f5d52f19f80b75e3

SHA1
97a5a7e4dd6db4c4a9cb578a721deb653e18f21d

SHA256
64ee3637e6c7aef16e327ec6934b90466170d35d5c607076eea93cc7ebf9325c

SHA512
b102e8c6472cb5821d7b5a9c8b3304bf104ea62858de090e12113c48956fb6d32690e1cb686269de4a0bba1f78b3414a3d25da9ab30a843d210d87fd453b109b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\facebook-unchecked.svg

Filesize
979B

MD5
c37f963fd30c8fd6c1bb752364107183

SHA1
cbd1aef0c5b99a158f7befdbfb2d8999b441995b

SHA256
b0e118aa819ff4db65b841b3b205bd90e90348a05ce6bb350a1b7548a2c9251b

SHA512
78253ebee64fb79405c207614fc4c0d4eecae7f73b748a084f9c15ac6857b9fae7e7ae9e9e339c007ce25ebdc6d7bba7bdfdf7d2638d79b4706d3dc658164fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\facebook.svg

Filesize
965B

MD5
763803444f3005e0faf8f4aa76bdca80

SHA1
352a65debde91eecdad9040c7000bede3c102403

SHA256
bb7dc0e71bc5cc7f5d979b00837855653aa0582b7d8d2bf3866246123ff44ee4

SHA512
4120b60be1f40acf8d64ee7a9528ea8a147820dc069a4cc3376b4272e76cc494e6c1a5a32d697cc03074fc8461139a1f107498eb58e4a439bbf9e3d42d99d55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\instagram-disabled.svg

Filesize
3KB

MD5
600c76c70ca6b17faaac5ccfdec7c478

SHA1
23a1ef44bbab865f4dbc343178a66a2f8cead620

SHA256
054bf6ef7441312c83965511cad648c27bdeda82bcec365ff7a3343f4c374450

SHA512
8a5515343736da079db4ea0bec0d5bb6d0272be6c4f04ff5ca41286b76fa29fbba7d7b9c59b4e0d11b5be4fba1589b30da8bb5c726c7c8f74880e6939ecf1e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\instagram-unchecked.svg

Filesize
3KB

MD5
ecf3516cf67f667176040cc186fdcd2a

SHA1
581c0905c382039489bf98f8f9386ef73076ad79

SHA256
b3bb02e9a212d25fb481f46ba2f3255aa59d5f954ae71d52c6fb8babc5122d4c

SHA512
a77cdac57c711bba2e570535ca8bba5b94285989eaa462b62fe7feff7f26244a1e92d39ff028ec900d3d54d4a57041ba24423e5133c72794115e3acda874b706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\instagram.svg

Filesize
3KB

MD5
b7e5ead698b9cf7cf78845c94e7173d6

SHA1
2f3c3e38b0941c2cf1106bd96d53b06fd6e4c127

SHA256
e6912780b400cd01f5d9f9c2e99a8f5720c45c772ebfbd4417cad15d5d481f9f

SHA512
f2effc116ba13c21d5cf5100ee00269127c490c84cfcae1221b08ab11c9fbf62a59831c10a78735d12bdd42547e55bfb0827545820752ecb134aedb229c75b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\linkedin-disabled.svg

Filesize
1KB

MD5
bedece397325b64371952b71ac9c71eb

SHA1
c18a90a282a4c972e35aa8fde8b3415a283193ac

SHA256
39835ca910e695adf4bbe6757db12aa12c7a0092dc7747f9cdbe17b100ce4642

SHA512
6c222832120a822d637631ecb58aee47d5c9e3b566562fdc7fb86e5d9e6ed615533e9d23485fee0b030a476ff98ec5f02af29cbe9701b4c8f6d661c646ab7afc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\linkedin-unchecked.svg

Filesize
1KB

MD5
1fa339c46439b60bf6add8b64c4a0b66

SHA1
850e2f99d80107e5ed111da44424717cd97cfc86

SHA256
bad9131c52180e0c04e7422aa0c1ca4e74591eca508d282ff13ea1482d8ebba0

SHA512
3362e659863743e6a75f02c53c80d62cc781268f04295f77a72e4031a82b07e3f89c1719e6568c2ee11fae9ac4fa70360a4ed4208a01fa8bd850c29e975f4c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\linkedin.svg

Filesize
1KB

MD5
39bd4cde50ab7548ef22496b60ac253c

SHA1
b83bcddedf49f70205f3784ee311ee0288e64475

SHA256
84dd4440b78f9f27a4e3324ca111b7dae3d3d61395f3b15f77aad6eb90f9a970

SHA512
6f8e35866e0dd9c071d59cddf995421ab974e7281ef0ab1f874e8ff125c6eb94414e944da83cc702e6ec50c01702fadcbb47739ede8bf93a43f35a8b5516a2ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\reddit-disabled.svg

Filesize
2KB

MD5
0a940b4fce5870418e3a07f68a205365

SHA1
a2f1adc4c0872ae151d95427ea7963042eedcd79

SHA256
9fda50b768261bb956594e4ff9aec0bdbb6c6156d530bd4ac5ad095848bc3f6d

SHA512
ebb2ebcd9eb4350d7df5e4d5e4662da49e51f1f45361963404f1ef1265c09d9a69461ef129e74af932354362cd13c89ef3e850c030add750670d2f99da4fa4f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\reddit-unchecked.svg

Filesize
2KB

MD5
2e1a647ad3777312e5d7b84f70230501

SHA1
75d5e0ac26aceb125d3acb20ce668f11cb121cff

SHA256
95f3634e5c1798fb16f6b7a6b56e9b3374d4357506b48fea1999d53e97f9dafd

SHA512
aed533953cf36e99bfe551ac5759670f365cf3616b7fad36197312d9d7aeafc7c5789c6260d1427a9c7aa4330679088d98ae0ba4d17e40e99daaa07d88a5c5a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\reddit.svg

Filesize
2KB

MD5
fe709438d1fbb05fa19700835f27c170

SHA1
873889e53db11489adad0831d7eec2da09396d39

SHA256
1e683942e2ab6bf905719f7f5ccaab451caf8b978b63666014df66ffd25c1b46

SHA512
b14a991c57d2a627f06c2dad7fefc9d32ae6c4134c1c95649bdf02a21a3ee11d6cb4eb7c37a3025ddf35b73454082da297ba64f179bfbd51800f23c680bbd21d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\twitter-disabled.svg

Filesize
726B

MD5
7d822b99ca9e51042ffdaede8a5a254f

SHA1
dbdccfa7ade6f0a3eb56cd7317ac407abdf0bbf6

SHA256
6f8318d5de526eb76530b42e9ce055f59cd4e47cd419c571309d215a2f65a252

SHA512
a9d33fef6183ed28e6b8f22e19fa70084bddf3ab95b6b05fcc4349c45bb86ac7e30b7743afb82218d0a8c049d1ac5ccca3290f34c81038759cc5fe07de086b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\twitter-unchecked.svg

Filesize
749B

MD5
49c4d32f0e66654208381ea6b518c921

SHA1
1867abaebb561c02316b71425ddc74cec57f6f13

SHA256
59c28fa052c96d215cc420ce2ac9fe572381206bb25a38749705595f7bb473a3

SHA512
0a4b24d9e058f78542d4b4273cdab0cb3e410463a3e827e44bf98acfedf8d6d0b84b4148e8bd5ae03d5a3e3641403f5a21ccbb727467559d25dbfef2d18166e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\twitter.svg

Filesize
724B

MD5
3b61fb4e8abd2a4b48beb4e992344dc1

SHA1
99f51f7613479683b0d66299f65bdb9d94cc2f31

SHA256
61cc9bf74aa7fbefe2386868a799da9d132e826f09f17ea082b2029fb193b6e2

SHA512
a7dbdfa9218231d74a80e62968472643b38c8a35d7eb533c623aeaf9f7e865418dcbc486168463fa60bf1205adc9b83197aa2ea0d6e001ae79613ea4d2d4c609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\youtube-disabled.svg

Filesize
711B

MD5
79dbc4016cfa7af54854fd87f17b9fe1

SHA1
f3a8dc59c9f49fed2e8ea8bf8b545dee717b99d7

SHA256
48a0372476a73e3802ccc5c923c1f59cdead04df96a9b8a3e601e97e5bff74d9

SHA512
d1f82c7074008dd519af186ece466d29764c2d0a6f514fdf37dd0d803b1750e82d7ab5aeef62d59b50f399ff9a14ac117dd4dd1d0970aa00ed7b7ad8bd7653b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\youtube-unchecked.svg

Filesize
725B

MD5
649374ed8f7b7d6f7077b08fc33361b6

SHA1
89781fe4150a9f295e56ffb1496ae8248022849d

SHA256
bfbfe1db8f3a86a17ffba3a316b31860dfac33ccbbff7da850f986bc2455a1b1

SHA512
1e7f5cfe0375116d4594ede7a239d85deb3df2cbeb323a258fb557df053948001ddd55e7f40ac75898330fd8e6c7a46fdaada6ae58c8ac2de6aebf0363888f28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\socialmedia\youtube.svg

Filesize
711B

MD5
f3c95f1ee512e5b481fa664db72a0072

SHA1
517c78a4a90c91d7057fbc80bfbd1da11cd712a0

SHA256
b58a353116e1fda690fc595ad5a43c8f389edc10fe5bca49bb4375222fc72455

SHA512
a08870bee50f39df2f3517b5b6f6f11f7ce899821fa0b5761742b690fc588716b0085dbc6cb08503ca45ceb49b7b1f1900afab7ca4ae4423f2651ae94467dea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\statistics\downloads-blocked-icon.svg

Filesize
829B

MD5
160550c817acbf5cabbdd3b20e903e37

SHA1
1c771f935ae29004400dcd83dfa8db1adeeed9d3

SHA256
f330184ef8b79ada42f82c0b0bf77a24046c6b74a69fec0fc2605224a12dd062

SHA512
b8d746e3a3dcea7685eca1f9cbbb44dd8b18343612ac0ce4aaa4a2d19ce318af3fbd6a746ca23d5fe1d2b2bbf1bb36f9345037cac84a2352a1b27efc8d368be6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\statistics\downloads-scanned-icon.svg

Filesize
1KB

MD5
6ea0c55b5563cd9feb4cc13c8e5bad8f

SHA1
b21a5cf2dd61bb95b156b24c56e6a311458dde35

SHA256
3e6482187200fe72e4b063d0f25a5f14b4492047f90aba44fec9be64ab68772e

SHA512
899a6054aac2a06f285a553ce6c76a22b8653c4b8b8ded429b1f5a2be002176574c3c63b8aa21b2c2dc8c02c4f778cff6f8ced027cf13105c9b25a8443c0219a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\statistics\pages-blocked-icon.svg

Filesize
767B

MD5
711a2cf02bec3f69dfe89909861a62e4

SHA1
6ad9f51a9f2713d17bd93f78083702c9a5c9cf7b

SHA256
31bfdd4098f6606a017d6c598a638ac5191186c0c7ea491bf38e59dff249d97e

SHA512
387aa3ccce05b92b21c455ecfe725411e1258617e610b00f53327a53c63be3ec7c016b5f03a631287183c94d6eabc2c20a7e8382f78592f1132dedc00ff237d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\statistics\pages-scanned-icon.svg

Filesize
540B

MD5
9f74e34b99cfe1c362f09f5142836939

SHA1
44c714a4441f0a7a130e6cab0e75cc811545a66f

SHA256
05c700272b683ca1670a5e039cfe5098b58b4a33b64e19e639e68e9f61f47b8d

SHA512
91b80315a53e0809b801067eab17c5eb38e44d7214be778cd2522d5a198d2b63b2cf3db2552d02e779dbe3ab70313da8dade61dce096105f9bfd20647c1b9bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\web_advisor\danger_icon.svg

Filesize
1KB

MD5
d25c35fbd95038c5c82f2372980faf48

SHA1
76d0c8c5c5c3cf89a17a5d2cf04c7948230d1dc2

SHA256
9c5f1eca9c4e95c817a9fe4f581c607318150d611f08107f612b7adc366ae7c4

SHA512
0f7d90cd13c38fb2bb1eaea574e7a6887ad8221596818612a3405971bfed169c951614946f1500cd98f439efbad34bdddc3bdaa3e8dc612248dd64a6b99531e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\web_advisor\info_icon.svg

Filesize
1KB

MD5
805d40b882a7ca79ad60df3d018b0e6f

SHA1
e65a069d1bff4ab4b0eace108a6a47e039ece7ad

SHA256
5b036dfe0243742aeff3f5ef525ec9d0c4c25d30591a1f5b7b071c72332a6f84

SHA512
3b250b00041ded9b0d87dd74eaf5f05843375ffbc1b3e4f45e76d29ff78e663abbd944b41d845f820bff541fa6c4a6aadce83e6619cc731b72079ed86fdc26b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\web_advisor\mcafee_brand.svg

Filesize
3KB

MD5
16405c6c43a4537a23405324de6ec0b3

SHA1
b5995e25af58e19deb9fd85b739d10fd8cfbdca3

SHA256
db412f891da3f9e41bea3a05dbe5d013cdcb21bd3091b7f4780d1c51b1ec44bb

SHA512
66bdc7349964f5a08d52a437a22ab2c806dc86f62bc06e1cfa6b863ff7de0000cdfaa340fa1d6b17f26c5a72f0e7c49993b0109eb82c86570ba9b1d88a94153f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\web_advisor\mcafee_logo.svg

Filesize
439B

MD5
9bcc6f675f54cde7cafb533091009f32

SHA1
3cf028339a1627fec086a438ca4e7718d890fc91

SHA256
fad79478bad5e3484804e956f3678b2065525f26e032939a4e03af0e274553f6

SHA512
a80072b5a697b81aa6019ced2c501584e2330c8d4f4fa8675133f161dd1e181507ea8a6b375871c28cdcfef1166e5cab92b7906baeeac9f30c218824d651fc97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\web_advisor\mcafee_slogan_white.svg

Filesize
14KB

MD5
10f404e036b0309e755d77e4e0348d5d

SHA1
820ec8420fbf5de31ace37d22c61d23fca73d3b2

SHA256
c4f3ebf83f24aba4843a588d064fadfe68e4cfadc925833e16c1aa0e30b9eecf

SHA512
d70de232e46f3c44bc544c65a6f46e46fc465243f3061e0a450f04a53f9309f5910f67bdd736c6322901ff2fea6fb6727963f6407161125a6fc585ad7a97a2d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\web_advisor\mcafee_webadvisor_logo.svg

Filesize
9KB

MD5
8912b80638144c8206770d8fa33f522c

SHA1
508a8cc581bd098644d8a232161e65dbcc0c9f8f

SHA256
6c058dad07ec7fde69852f8db394360d7bdd391da2176e73db8ea59dc1d77ec8

SHA512
f0de3ca7b19295fa6fc2fc1c43ce99a22c2e99ba59b4c54087ec3a92dac203d28de1bdf3ffe009644acdc206ebb868e9f872182e042192f4d7fd3eca8c59d548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\web_advisor\search_icon.svg

Filesize
1KB

MD5
51a47620b1c48b4c432921d35d02d123

SHA1
14297a9827ce5ba874e4097ff8840f06b109ba44

SHA256
ff1a4e5ad768282559f2c0575c36a49e3c5c846bc5717ee07853e34fc7494235

SHA512
35a9fb65204eb66ea548f6aba6bd468d8d24f6fcef9633211dfb88bcd81084a799c5bcd26b73cf74245b11117c0fa74b980065f0927a291c2724cda64d81b711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\web_advisor\white_mcafee_icon.svg

Filesize
359B

MD5
7c7f3d088209c673b10b2825c943233e

SHA1
a844ffb567f9d730814df4cad20b3aef7643829a

SHA256
50229fc494498f88523c723063e67490dc1e4776b6d3b0876fd7931c1e1b5c75

SHA512
9da0e3ba21bf441b7a07a0b6f66f550e00cf686099cb00ec9e4684370cfee3669951793af4aff0bca5b2595f0932852027bf56e6fc4e3d6f7f71c530e53e27aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\web_advisor\x-icon-dark.svg

Filesize
760B

MD5
6f3ad8cd459e9e98fb189394f94e7357

SHA1
43e9a4137222e7aaa200de1902a0e15d2363de4e

SHA256
2a0dacb4e7fee1d09e18d31182fb9bf7c1c3e2e19931e744842dbeb8268e2ed1

SHA512
afad4d34a514b32258702980ebddfacbeb123a917abc19a6123121dadbba0406b72a3d08becbcce671d01820a10abf63f736ffc7fbef5e7aa495c9dce9d8f109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\web_advisor\x-icon-white.svg

Filesize
313B

MD5
6b456bd3f723e7f5575d7829f002c0bc

SHA1
146f00d484ba09f54f378664fa4cd6b756945493

SHA256
f80cceff88e0de1fd7aea5db911fdf31c272519aee4425117eda0b6fc2b321b4

SHA512
2f4916b535070501e4f7c1e642c3062266671c9cf491e523e170cf00c28fb61efc71a3ac1a43cb4a7738c75a01123ce8f76c639e865e0d4f2bbd96efadcd660c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\web_advisor\x-icon.svg

Filesize
209B

MD5
f8b150f9848dde7d8812fedb7b75465c

SHA1
fcea19852838320da3be1ad0dbbd598a8bf95d6b

SHA256
f49e581245f487ccb62c754d4b29c740059baf7c3092eb5cd4317e605d5fd11e

SHA512
5890635c61261665bdd18fb66a8f08a1fbe94a58ac2ef5c24c1f476f0769f628b46f9c1f89eafa6f1cf2494e72f42d77231823c5ae0bd610bfa9db37f0e6078d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\images\webadvisor.png

Filesize
1KB

MD5
1ae7fbba1feccb37caa95e2c74f37ff3

SHA1
e3440dbb7033624732270614a14b9392d12f28a4

SHA256
0aeb375f23e40fdc2a1b99d934cca3ae3b4e596cc9e40f7ef733308f0956fa72

SHA512
b7fef47df6b372a65652745bbc08ca2cc07c613806f84432c6b6edab90091f2d5f2c2ab41dae7a827c91988dd10400755bcd988da182757cbc751c9937446bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\json\engines.json

Filesize
37KB

MD5
50f3b45a307af152a7a5d3ef2463d3be

SHA1
a0f5723c1552531b98af6a469219b2ed0e459b6f

SHA256
c94b8e7825ea2546b17881622b32bfec5594e4fdaa2ca8027df19884b6beb755

SHA512
e2a723ef94ac08bde742c19f2cb26e7a1c0dd964f29dc588ef0114788b3fb1c5fbb24e8ee639f96e82006486b2745699b47713e57ddd8e7743878bf281c8ba02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\manifest.json

Filesize
2KB

MD5
f35196017719c91b11f405152f710e93

SHA1
0f1e63aa53d2fdc9e1eeed8b50c180cccee4e653

SHA256
968ce7dc4cb29d93584319e1092eac37f28d5aa27cdb5cfc030c2988709dc4e5

SHA512
0a4f729bb4af42685f685aca4b1598244ec48ce6ebde03285dcd715edd18fba5dca9b5b6e8d82e9cdbd89b9a23ba3d6065330b1270d9a0014e0f2b3b5c3e1196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\scripts\Sailer-Package\feature_collector.js

Filesize
40KB

MD5
8cffd38f1c2c41a30939987146645895

SHA1
252030d498e972bb6d7f10317850bbafaede8f53

SHA256
35f86af3225ad0a2a7b1456f4a5bb6317fae5b83ee0cee04e69a06470403e485

SHA512
1a8c67f4d24e8317ab24adc70c1fd2739eae31d3df82c054ea701c536d79ac91810f05b801cd144f884bafd6ce881ba0966fdab7893ab7973e017947d874b9a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\scripts\content_annotation.js

Filesize
122KB

MD5
53643a9cf865587bf2218f164035747f

SHA1
266f24e0bb2ccaf476ba4bb1505c87c6b8ad7a0a

SHA256
e6915d6dba5af9baf7e3c3ef040b587c686ba3faac9c9fba27af1668e2e2ade3

SHA512
6505416766d8b2d46cd0d22665bb2eb275615f24bbd1dee6234f2fae1cefff8d7705cd45deaed467101e9652cb01a9dab18ac83a7e7c03d98551e1480327c2fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\scripts\content_aps_observer.js

Filesize
56KB

MD5
cf904ab19d07152a4499dfd9d1c178a6

SHA1
ed116ec4b699af3f0b39e321bbb674f726317649

SHA256
df25fa6537473f884ace4b98108b28b39ebbdd6acfbf26366a01f4f6acca3219

SHA512
73534da0ea696c6ed615b06e06c0f9333042d8d697acf46c29bfd6a245430d15c9504f37cf17407b22c2f5b752d615e3b1ea6b37ec67829b684f231760d5954d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\scripts\content_autoplay_detection.js

Filesize
5KB

MD5
b209b157b7e97847f2e0f90e5d03fd9d

SHA1
2ea0ae94d40913402ef96d08ad75de522e238471

SHA256
eaf78dbddb513047094bcdc79a76da4555187fbd72258863ddff3d48eed1ff6c

SHA512
0f07d0dd335934127e029cb9d7ec5daf48b390b15e3ae3dc243d0b52dd0df0b4d98a1461363a47fd4ebeaf607bfa155e80858c456118387dbdb2e2d5e3d4278d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\scripts\content_idps.js

Filesize
87KB

MD5
6834cdc14df1d115221fbc0d2a545f56

SHA1
29851ec7681451fc94b8a65bf5ff036516686101

SHA256
f3d6d812763a831d38de4f3f5af4d5bee8b47a468719b477cc2e29ce8edf36d8

SHA512
2cbad836cb84c36f81bd30fd707186b86f4765e4b46dd80c3111ccac33e0928f650510c65e84feaf6a7c7a251ae5c9d99dcf1900b947ec9b34806bce4910e3c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\scripts\content_iframe_banner.js

Filesize
37KB

MD5
16e259323f5daa56460c56a65f1b7d6a

SHA1
e98b27ed25021e916ceb7e1343718869f8ccc666

SHA256
c83dcb79630a0762a55d303c726dee95790a9658114be527bccaa4e85cac9a35

SHA512
0819b54ea6ded65ab8473ab9da368f8627dda5e4d6230ded6b80dc2d9ba1c9920d7b94e5b0e6d98a8e27f1ae0cb0b773c56929c40792f4abe61514a0dea08632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\scripts\content_iframe_helper.js

Filesize
5KB

MD5
3209ae1124080571b2bdb6aa682ab5b6

SHA1
0c8736caf206071da4497fac74b27555285126e7

SHA256
1d1866e8a0e924c985c07a420a016fbc19cc4e96109796bca5457d977892993e

SHA512
fbe578b33f4e049e33a83e0aab8d214b8740cd99bfd5dc982875b2ca9db1e0b2117f2b752fec71fcc85e0315beea69b14c077f19eb6ee13aafbb0fe486647791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\scripts\content_injection_check.js

Filesize
1KB

MD5
9ddf0288b1c8668ff55fdb38f3072c02

SHA1
e76add5f884b7e370bb2dc7005b8a63297151348

SHA256
9350dd08e265186007bcea995ddacb0b2afb603ea042a9da2c6f256a0e5a47a6

SHA512
df4057cbfde2f4cbfa7dd5353011e1b870abe1088a5b96bc8797491d5af5d49953353b05138153497230dc2f6085525c1b358793de7424adf1a14112e8437903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\scripts\content_rat_detection.js

Filesize
107KB

MD5
d88e47a2722c03d997336d1d23e4ba7b

SHA1
2325902f45a3de3c822878984f0f60b38fdb8640

SHA256
e3c10d62ca5de9b98e81097efc60c25cfcf401df0499b148a42d8a39c96fb5e6

SHA512
1f57e8186a0e1d2427babeaf3ee67f2b70f7b3096f335927d2ae2d734ca1b0f25805bf5ba64b81dbd6a6aa645afae9190d41d4ebff19a5ac0322d1b69cd7a980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\scripts\content_site_listener.js

Filesize
4KB

MD5
4537393ad0ac3d3a41f6b239f6348bac

SHA1
8e9c0f0fdf1e80e858b1cb448181f4d50c52628f

SHA256
bf7e3bbfab330421917c225e92bd3c4bcfed228332cfe16d899cf5a80fb0ba88

SHA512
8ccc3e3cb8cceb60bff1af12317b7ba4f7ac961854a631ed9c89a9d3917e673769250de8896c4d9b5de1dc11d2861d140ce3390a1241887e41c411fff6fddd35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\scripts\iframe_block.js

Filesize
3KB

MD5
248531ed5a983e430fff1579a14986ed

SHA1
c69df75c32b2ed3816fe8da1ebd67d12f08c422c

SHA256
59961a7b89936b95ddddd4951fa6ad7860cb4c53c83d6dd751d38d9055e77ea6

SHA512
caef2bd37bea0ea1039a71866d4b9ddf70617b510e71d159c881f5ad84abeef975340ed10c7fd208a0f1ef72259f6ade76dd2b22847361aa8c1909abaae74655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\scripts\iframe_form_check.js

Filesize
4KB

MD5
a68f0fe8b6d603593557002d15b949c3

SHA1
93ae0145e6da6a8d45bdd4fe36e367043114e399

SHA256
ec56630dcd5f1286dc00fc8b0e6d2e97ad3b7880d93b30e95bf40f408998533c

SHA512
5b1459437f824f0ea49bcb52945759c5170dba1597f6c6204dbe4ec97751f35fe9bd45916df6dfe543ff8b13f9a0e3f36de244e49a3c6de244047ebb3148ada1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\scripts\iframe_form_detection.js

Filesize
81KB

MD5
23dc3d262d9606fbea416f4b85ec92d7

SHA1
8db25ae6756721c66d30e6f57397542420f08027

SHA256
3254fcf889e409a5dfa59f15103bf775db4775b6552a2deec3d625efbad94f20

SHA512
3b09eb70ddbbe43b0565dc0661fd23b5515ee0b5679bf0cac52b5478fa87b43e763f0d35657f35866e69f168659a59a22baa10b5a05209ba2c9f9eb28788976d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\settings.js

Filesize
208KB

MD5
b0f4a5e90a6743ea96053a99674d7ce4

SHA1
00cc153f23cb303755ac02190fb6b871fa429bb4

SHA256
41540025fb4b20fbb3b2bbfae677afe6bbdf9e617e911444bce59aa0e02ed0f5

SHA512
bfb0d0684b72fb54a412b1d1f6096918b15663b4efea387ab6f837f42fd0b784a1ec585dbd3f333683cda0b393b1d74ccfb6c0dd2d474517a78c9831c32370a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\site_status_block_page.js

Filesize
164KB

MD5
c8549a0efed103838ec3509f64682d05

SHA1
9cbacbdfa53089d723cd7769ca41971937833e9b

SHA256
976ed091722c1488bb27b5ed3d3495eeef40fef70bbf948d18a994b7734f0a8d

SHA512
cc08d6f46aae4f5d1de8c09e96793f0b37771ef8715a006c5f14a5337aace90322a7cbbba3332f5e87b33c5441710603de2d3ee11e83f49836de120cd7e9221b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\site_status_site_report.js

Filesize
149KB

MD5
3852d346bbcfa2f3d33675863d9f858a

SHA1
13593d6ac0c4b1db3b4440921a02656914d45996

SHA256
402118e2366b22c078ffac8992d8676269c6775388ed4ac1abefeea2c5ede88a

SHA512
86e1725cf4c8d7f57b05809ded0f2cee9efa6a49e140a6daed2ee5850e76a997f353f959ef1f5196c3bf8ac03d951765eca204fb479ed65c16600afddbf2f61e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\site_status_typosquatting.js

Filesize
131KB

MD5
9c5923cda26af067881c69834fbec81d

SHA1
c2de176264ffae46544cc31ac4eac66f0575acde

SHA256
5f738fed815cd56ce2d0db13844bfb80468340d9b80de279b384c0fa28d929bb

SHA512
d51781abb1c813a03be7ea44517fe993c484820937229d07f4d60e85f3a7ce67e8c7829a529de9bb2d15de9d10d5aa9390446a9764521f1effa94d4c40fbe035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\wasm_feature.wasm

Filesize
898KB

MD5
7b3c4f728ad69b286da8074a9ac18d48

SHA1
3cf9ad45f2ba38479d2dbcf0e534798c0f7be5ab

SHA256
13946aecf894abf712069e5ff9f3f00433a446f781a3219ff7d92c18dc334c45

SHA512
820eb8e17634553ee9e2e03760a71d33588d83c8c162cddc1176113f21e0c6220dae9798fe80004c03d0698737256070dc3c7047a0ca72e2422c7be4873b6b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3880_1864412366\CRX_INSTALL\wasm_lib.wasm

Filesize
770KB

MD5
9c0f233de696fa93ee4b1629b2cfb5a4

SHA1
ec7e004e0f78ead8ba1e55f4c34add3fbea4a7fb

SHA256
ccbc55843e68f138676a10a0de7f9dd5460d74cf392cc38210dba7e0567e90a2

SHA512
bbbb22f07158869590a872ba8dbb4185c0539980a33ed7d5539f40e86296ffb68d93a833549d089f97be08d8de7d5e65c9fbe10536ffe89c513f149df495ed4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok\5.2.0_0\assets\images\breach-notify-icon.svg

Filesize
12KB

MD5
e37aed44ee55c3e7be7f983a83449078

SHA1
070bd086accd4bd04146a32ece09252bcab4387a

SHA256
371c49b23b1602f3e3e79b98428641f5a316de0ed3ecb2eb73cf9d7e12a01cee

SHA512
3d45277cfe5644db11598c3a6665f7b6b0eab38eeceb5846129c43bed568b3b2fdcaae0175103eec840697caee659d0f998b66a6f3fbf2b5e5353fcc922ae6f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
1946fe387747d28074e27c0e95f73e27

SHA1
935d370f24a73ebf229ef80c43d5c38f1cddddcb

SHA256
c32a695f7d34b2d4c8f916440e55783ef4c293c7e6f9cf993841c4d82e113b20

SHA512
c0864e7d24a3eca1926b147d405bfc2060c43e7e3ba6d820bfc75913e89408e7d990d11bc73cc1bf8772003200e58413d11d608d39bdd6d38854b017c458e494

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5ad7f2.TMP

Filesize
349B

MD5
103b82cf1feb589a68796a43e7627292

SHA1
69627ae5b8c57d490fa5dba3d588b52ba134b3c2

SHA256
13d79ee21328e0241e59904d3645a1f247f5c594ac8df3646f9e5ea18395f419

SHA512
5580a6154ddb2989fa999c7f1b2dda93e8441fddb79df6a524eb82366d2b467b97d024463a0d6fb036e79c5dc504d11b2ba009a05a21eeed1f5d47412db11612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2df119b7-a7f7-449b-97cb-c4d78c751cc3.tmp

Filesize
5KB

MD5
b46b829d79de348ed4b1a572e24ee97d

SHA1
541035d844d68ffb87eab149bc7b9d0c9d68fba8

SHA256
443c4a4b7e28ab8eae113c795131157ff1c374f9ce01d49834fb38ca08ce13a4

SHA512
a821f0de92635c7b10201873119c9496fe7b03a4cea9c653eb6be00bfc5ae6c640ed50afb8d15e8a0f582f397d6101eeac2121029abb8c5db8503fe1b33d5926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
a55bd535f4c88775b4fc28065756b27f

SHA1
679ba7aa8115378b45d1f6c80878fc55d0156e00

SHA256
4a6ec18f8e12c9d8785a442d7b3fb05f9faefb4fe00fe288049f168a386dfb0a

SHA512
b3cd3c342aafd22438cc51116d44305478293a243d063aef19369674afb8d62ebcaca43c9657a8eab7d8fa563de90bb90f00b7f54f9e9fe12a0043c5fd530d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
39KB

MD5
e88dbb46f7b0f0cf7af934704a15d098

SHA1
609c49a0490e022c0159eabc9087cffce44284fe

SHA256
51046f68b21a86e9b277a3a1759cb27b86405df8e11330865244cde1f2ff7b61

SHA512
1e7b60f427d17633aea474677b0d9092f44cba00b4b729d9f2cb6c255fc5f9897d2c332e8af4a7ba2bd25118b43b8a8090cbb25cf07fc1296f3d868992cf9c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
40KB

MD5
ed7f9516dbdf7bb95634b4e020ac1067

SHA1
08d974221148e216c81788101578385b0464ae82

SHA256
a517554d11be60fb06ff051a96ea1cc5076cc6b4f7a7454cb817ffe43dea57aa

SHA512
c8b21bf615891ecbf2cd0cc9ecc3111034e50739090d7fb438d4fb1a07aa1cd5cca67481f030f7e1dacb7fdcd159ead15df2d9566348d7801c11496a2958c63d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c273039e1f874a8560998c222b626a5b

SHA1
bafda795593710b4e64dddfc769c36959a1c9091

SHA256
5dd919f63d816cde5110872c98bd38a9e6c8fc02e76df03aafff782f6d6ba828

SHA512
60a521aa1e6bb80673cf2437653871bf5d6c94f80abe1fb367d4bd449a7415074492a4af388de7ea006e90592813f2f75703609a5abcca20916b9e4c920db597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
01babef22825481b9207b94e6a271e37

SHA1
ef96dfdfe643db0d2fceb91c04de71514d4f4991

SHA256
bbb5949bb99821a5e37d6d11b78d7af449c4f6ecf7ff9a01716fcfac6a492386

SHA512
859b9168a843739c5eab34c6fdf86e62c9e3e7f6415aecde6712d1ed6d49d455df0053fe2dcc13735ab0c2050853500adaffa497e51b8a9839b4aa041a15a18d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
737a28d7ea9c5e5d8c3f2df1245c1cfe

SHA1
ae6466ed7de367e41c90d33e7ba16366e6a6e826

SHA256
75150c70c87c2f9885f6220464b270e69816be80a25598736276eb99b9e33e58

SHA512
4cb8a686b94caed305c01445911b51fed6c102b4d3613a06b2b4635a9097c3c630cb18ba3a4bd6488838d9c79e30a96b8a05bf03fbb76bf1aa09675530d86e80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c28c50c2acd5b32d899cb7104cd5bcd9

SHA1
97d18181ed0fe0847a24ef7b0c228a14873846f4

SHA256
b7bb9869843554bb045872ff1fd81ec3fb238524fc83728251523cc3b2759dc7

SHA512
e895541c53ed6c49dcc6eed46bc07e38336416459a95e5afee8a582cc2d4a9f60dcc0d9be5159a232f9304cb4f5f59b0b4df954c8ec1bc72953ec8582b4de422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
40KB

MD5
9ce11bc950965883dd306c91dffcaa36

SHA1
12b38c6607ce2784dcb172ffbc996221d2d68461

SHA256
cb8a095b58702dc50610af0e52fb280b0133c492fd8be4aaba24533617eb36c8

SHA512
37c469bb33e2d2be8ca7057e4c26d217516ef878b413f124df4c6cedfabb8002e14ecd1383e0b26ac930af07724f7dd2940b8f5829e82b5f203f5a8538ccb296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
80ee8362f2c50310a68f9cf41ec7b58e

SHA1
33fa15f4f7e84e0c287ad57b47dfbabc8753c995

SHA256
92ad8f92db94dbe54fb185cb0ec9188d69dc0710d5524f6520c87b90108d0b1c

SHA512
8a20236eed02c68e392b15996e2d2773ea7383bbac4322f7238603c84e1d9f9c819a4e7e04bd6acb075dd90a79953d4f5f3ffcd9b72ff85b4fb5499a5488260f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
de5a159c8432914b3ed76e135338f2dd

SHA1
5afabe8e2177562ae480813dcbda1043ad1f39ca

SHA256
97365a37f5fc8a566447f6750934056cabcc87ca9999377d7793c8db4b2e4387

SHA512
e190da6d0da40fd28d73fc6b592d7fdf9266b4c1ec1b888f68cc7cfea2a0a57efc1e3cdca81727b59c325856be6958eca19e9e11bffccbae26ed1c23c42e20fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
02b36a61f9e9a22ebeb835abd1f79924

SHA1
bb462482bbb7467e708b733c99cb1629c301a3d8

SHA256
40f55f04a7f4119bb8fcbc631dadb5a76ee472ecfcbd229e76bc42675aeb08ad

SHA512
c45a4f776d81fa7c1792f002ffda3f28c26a6e7c2c719b8e3672ebb15258352a860ea3709181c4e8d68b4b982d9a59eaca2487b91d084054e39753fb4b0269ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
673fab17b5b5668cf60602d73a272fb4

SHA1
05e38dd52347ccf8dc4836a37a1e8148636d94ba

SHA256
973953b58bb3ce83d838b3e667dcb633b40b042ebe74c880b3e421a5bb527810

SHA512
cd2aedae77b03689cd0e9d3ef690375a0fbcdf96d762dfefd74c80b83aaff362b713875dc02f483ce2158d0a92a6b5d92dcf7a4b0c640ffe3dfbf7c90f54066c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e48fa09ece6361b151c9dabdd04e44bf

SHA1
a7c5ee2f96957c1782da3e2c77e0753939dabf38

SHA256
b673a07687091ad2bea2ce14c7fa69c53e72721fb4d0fbc920f0b383a6480347

SHA512
c901716b56c0698c74ecdf63f76427e24fb9d55b0942f84e723f71d58248dfddba80603bb91ed33cf398f088e372278075457e6c7e141c73ae94dc60350a978c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
fdb6a4a5ac79e75faf34a479e3dac5b7

SHA1
49116734c9420579dffc88ea24e98977a76ad62f

SHA256
3ec7949b201ecacae53031ecc136c2e60373c85d2c66dc91949186a15655ea69

SHA512
b21bc433ee0cd7d2171f48112d97e8a7213bbd5a896f6adfa898a2982a61daef29535294a8414db135b670954ec05b2bf22c168732620d21a986ae4590716b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
bae4f77c885c822739b2e74eed095d02

SHA1
5d099cdcda1e75b27d264ff59d32187dc7fd086a

SHA256
4e35f27b60c74e69edf02cc24a2318f071f45feded8f3f7bbe652d70e57d821c

SHA512
e5ddc0030aaaf97bb7fdb017606be96d8039b758743847721e9efe63fe8a42990fb6a613c54598657b39ff204f6e762b056d7ddac686243172ebc4cb42b75175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3fc5a49853984df575212ab69acc5983

SHA1
30c8676ca84944f4e498a78d8966b46658d216e8

SHA256
cb37388fdbebce11ca171149c2df15ac59ed4eadb45db0a79865a651b15f765f

SHA512
81e1c4a3468c3cb6f5ef94e95943bf8356a1357c005dbc146b9ac689653af79002594b49f3815dd695fba6feab0dcb8651bcb43808cf09824370a29b181f5820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e2cb5824649f5395759a08856b86ffca

SHA1
87bb8d4624aef4ff6bd080ccac21fb81a77a9a81

SHA256
99ff22eeb462fabe278d04f9f55f6a15a4e02ebf97693835d92d9f97809238f2

SHA512
6258f218ad6ab6ed762530e6974e71c3e1ad91f21ab2d200ae9d61efb765351355697e9c99de6a9af4e7bba0946b068968a02d5f608c011878d4e57299ec9f38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d6cb0cf1d6d0bacfe848610015bd6ae1

SHA1
8a79d3fa76ab922d533c2684479e3b578e272d3f

SHA256
0e9b768ea6ecc099fe792da07205bf6f6191008867230e60a43abf3b4a5d5425

SHA512
fc99c962d730656be0b0ae8c04218f52beb2be3c50e6dbc4d30b9ec8fc7555fe6bc790f2787df7a59a27cfb75b46b63e191c1e6ae7e81dbfc95096ed044843c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
361f8939d8c7a98b44632232a758ba42

SHA1
2857e6d6581493cd749aa5f95123cffc14d89fc1

SHA256
ae00107a3424c3227d999db899e92861ff11e65fa5e1f15c89cb34f2baf9bd11

SHA512
694fcfc04c4752ecf70dc6a8ac2ce8b190ad2430d0089eae52ec600954f971789c177610efb0763afc6974a9f3a8d93d22f1e6d9482db876d2cb0ff104b2eb91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
12KB

MD5
d9b9ca81c6f075bf3cb01a7503a1dec5

SHA1
857bd50c0befc6ffb49b3cd44d0b823cee95c25c

SHA256
97be66ad69de0f19e387f4674027effd2de955bea14de85fcd907050b5493105

SHA512
0edfeeaff0c0b0732ad04e9f29fcd78ef0cc19c4908cf5fc47be399596eb0c42ba6f539388df353cfea37f5a7a978842ea4cbc94e3da80b10d08deebf1820b10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
12KB

MD5
c2fa8dbae75e11b1e4c40900f36526d1

SHA1
65c461022689056703d007cbea0bce29fcd41d76

SHA256
b1d6033574f7f4f0dac40f3e153b16e8e1a9c5575715f6fa1057d602a229be0f

SHA512
7a2c6df1b20378a0b2b230b5e74348cb1ff222861517d40643c9d913228ce8dec3060838e87dfbd8d4f68655f03f6b58c85e9443deb4f8562311deda52bc228d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
13KB

MD5
7763615dbd57fb7a3d50d3c419cbf6f0

SHA1
8e5d3bc083ec95ca2e2cb940876dcaf6b19aef04

SHA256
f4f35289196551befdb9eeb88c305413e4fae6cc42d2a88e18ac64e258b8541b

SHA512
371c6a0b55ab430be53b3184f062a42617daff38e6f37d67daec0f39e3c3d8c9ee9c411d2218d5eb739a74c9fbff9c4b5e50acb88adc8fa384e35e6ea60ede7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
13KB

MD5
34d9869f25211cc1b507c2b1bc0b3581

SHA1
7d525041a5cc93bdb67a84d0345725674c639d84

SHA256
e183e2d175134331f2a5b627c63d4372013a72bafe3b0c7d134b457207370b20

SHA512
cbc05ebdcc25739259e33900e38b692681e7d7386e0b0cd65b8c44052e9b9ea2c7426a1ddbbcced284a925f4d8a6f6b16d5dbd057bb6cde38ab894ba5096c47a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
13KB

MD5
bfc03367a2da70e17cb8a8e79d6e54d2

SHA1
27fbca9a8b86e5bc30280ea2c54733e764b1dbf4

SHA256
9b88ae444d1bbafb6af934076c5db8ba2a913d9fc40fa1579c5ce5e89997aded

SHA512
9196f97ac08ec0925ace427966a8e7b0a0fffe6f39484c38734bbeccee129e1bb81931ef3858ba1aead65691cf558b9659b2c78b98af6c570184e0cf9de4dd9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
a0109c487611bbc876432b7ce52fc4b5

SHA1
5b5d8f94467e5a398948daf03167b6d90bc6dba1

SHA256
48d50a1fd27d070fd0fc8883b433608e49c269b3ea8d5a522649353f1c10e333

SHA512
5776cd93bd60fb6116c3e02dfe4981c026f59f2ef960385744e397bf803cf41e19a25570f7188af8d785980b9cac2e4f1240c4e824ee048ad87ff87092a98cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c5879ef48b847f2de487a99ce8940904

SHA1
8f28abf6aa61bd7a5264e876567e2971850bb004

SHA256
cbb415fdf0a688c8fa0cebf1af31cd7eb97d27a72813772a8aac3a8f3f9d269e

SHA512
3d1390a7df8ffbe2d810ee6e181c2fa8488fc1740873eb752edc501701f0f08eaff0e2199f14ce06774bfa396b1bcdec173a4e65997817e5e15683a3c72b7a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8ff00ed3f272d3cd058d18fffb17261a

SHA1
3dbc298a8cb0f6dbf07291614947ca6563b8f152

SHA256
ceece164584b298ee423926a883e4674c5b560557cfb83165fe18ffe54b9a69a

SHA512
9ae9f0990265a0930e8593bd40719d2e7a0f9177ab28b355098528e4b9eccacefef50c11f00f08c5d49359593532c8304baf65efef844268b9d074fda7d8e2c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
cebbe3ac4c6b677d48d0ce1f5ace2956

SHA1
6422348de1a3aa11f95902e64ef7c1f11e75e955

SHA256
2c6fa1d84a87d8ddd70703346649c4a9c3709f751dff9c3f0e9bdb01a5b7667f

SHA512
aa472d6c166c50765237ee69042a4b9e7ba3717c37d0773b06b88cf8d44f81b389f26ab589743b5f4d533b2e398c4b10b7e9e829e54a66678c02feb0e635e54d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1f53a832705bbfffcd5f5d590768a079

SHA1
9d7d15156512979612933af432ad542cb678cce7

SHA256
9c3b2968597ae0786ca269105719a6278557474eaf4f18f8388634901313b46b

SHA512
6ffd0ae207a4731fd03709d09d0c62f590b56f2fd9ebd98bb7df46e6487dcf3d7738793184ab2ec1258b5c5fe5e4ca96aade28657227d5556ff81a194f70a947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d6f40cd6f8929deaa9d6ad935e866ad2

SHA1
3fc10c5c7ab4fa37a483528a4dc365357103fedd

SHA256
c95d6d01291df655c0ace9190ede21204bc07adb522a1aabb0d6b55880c8424d

SHA512
28cf3ab56db10ccfa07f0b8e8e6c78011f5cde12bb5822ac03ee30da0f2ec4c9fd57655902622be832bc0bbfdec107dab25ee65f8031e618147a29aeaf7a07f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2578348119ee194c387dfcf2fa882c9a

SHA1
933454c6d570f678aca48497311a35a4963e36d1

SHA256
7493a45e387e286dd476b9230ccae6fa91ec1df7a0bd8980b44bd309ba5fdc11

SHA512
bd592c6e2b2d17dfbe57df633d45659bb7eaecf34ded4f6fca0ce02ee684cc8aa29495a0ade949a96116ff080b79757e4ab0a8fee835ed259b09f3d0cbcc5cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
f1c5a89c6887d9b3f2bf2d834d847599

SHA1
4528f640f887337a1d85415c70190b8f37e72a34

SHA256
9d5a36f3918d616f6d5c8abde16e5723d27a39948c35fe214bb6e71beab21d96

SHA512
30617d0c16b8596ce963cfedaf3d02dc7a2716ed3fb6df2e43e55ae2ee9dc6e55caafe8cac8b4e3204ed3e465f7f260f35963e3ee6666a7fb27f47a580af0215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
d08ca1819312190e7b27cc301823776b

SHA1
432a5c2cc279997c4123d8f8a542416f0f5fcc1c

SHA256
4649309c5a19be4d4056a099808bc21e140b31a49f25fe6ef984a6e2b2dec045

SHA512
bab167d74c95a72dc11f3ab22b44ff25f83af3a3b67452fa8849c4523bdcb535c27fc52f22e131b6ef0257ab91cf8b126453d75d4a5e29a7486085abcb70e209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4e4e58f96b0163818e08961e9a2c08a3

SHA1
d9725dc8cfec8a85cca7b2f447ad4f4afd38d828

SHA256
f0a96ac4d848c067cadbad7718eea379c42d1d7303048244faa14195e5250177

SHA512
8a0d1be9ca84239ddac75fd0b894614cc8b7b6685fe2f5b63953a8afa458fc16e7655caf62021ef321f930e1d127ceefd23bb1225667795f04a1aa8988ddb788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
12KB

MD5
dd92d6328dffc49f06b8e55a7816edc7

SHA1
ab4533d37f81a5177d927870d2640114e64b6284

SHA256
d097385de57bbaccfba0952bc1e1180ba9bccd1fddfc35a1f34cd28ce4e02b88

SHA512
287aeae23eb498f09422c347624254361f532ae680df6078fc1d85d86ddc8de7944d4bae7f1a6060f4bb630acc6538dc25d4d707438ca6e339765a656b611dfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1d015654acf8a94d5d17dc9e55766099

SHA1
fcfc39276bcca1cda914a342b32d17e308cbd804

SHA256
77d141e48a59770a5a315d9c14d1e7f768c899a3b6bf01fd6a1b43d953816f7c

SHA512
ad742d6dc924fc8e0ac68c02d5326afea5d9de43901de90977f7c5c0258f13ebeb60a1de51da87e1924f727c4bc8acab974ba783ce4663a5c3578c74044c2dd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7509980930fb2a312f681a20d703f9b9

SHA1
61c8e6eb93998947fc139665589d42694a66845d

SHA256
6b0f248e94502035fba5565e1fe100202197bfa78d36067a75cf6fc0b1d036de

SHA512
5054ec0dcb1435134ce4a554cf0f8f130fc2581b201248651806af3a818d0604d0a9c7a3f8852062592969f769878090370c6d2dc93f5bddcda0bd694221e519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
70251ec0dbf548f8993f8213145a843e

SHA1
2b554d8401ad0a75887364e57f0f5bd4d85485f7

SHA256
8544b50a3aff6a00a021ce7f8661a6555999169618b3da44f0b4b193200b039f

SHA512
3f71e82794aa3584e5dca5329a56de83a38a2a875e3fba9fa6df06c0f85dedd47f818c4e9870064b9ace8aeb33895cea10494d5daaad2b6fffd76d38e8bdcce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
136bf28f5d10c1d1e5d17f8229469fff

SHA1
4e5f93a762645ad500ae38e3405e1b6a1e63e455

SHA256
1fb1a2f1a82e2a07bdfcc0e9b91aacba131f56804dacebc96c594208e8406772

SHA512
75289182e7f5561aff729182ab7bb68c016e276f0b492cdf758790cfa0c469395fc67ce8b6956bf02a2b4d41d0edfd8b5fad2ac39f5db8d17c2ab3f0423b4bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c9ae52ec18c26ca0bb6f7fd32e20c62c

SHA1
387de6d96edc7a882d8e58967f17d9cbea92b4b0

SHA256
f3d43a00b53e3b7e84e5d57dd070f469a46a71102815f265fb4c34a653585a33

SHA512
2e1f79fe1729195a577517323577b4de6ba98d9b0dae7ec11dc4eafdbf3df5e181b2be679376db447f504eab316a43562fafcf2e48acdef129fb8cdd1669124a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d4b36f6e8cd7920c381d5f70c66df3c5

SHA1
2fe00b62c9bb2561a55ff47341b935ff84ea478a

SHA256
603665ae6803174f2556170b1b6412c66b2b24892e6a9783628974e79979155a

SHA512
57cb7f1dd295fff22731b6101a3cc7f4111e9309ed2bdedb31e0d91b82caae74af7363e278b2ffbd177b5d759d9a27d2174ad922a156beb99f9807bcea5ae2fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cc2a5ed0a516e8ec8df590aae5a1d920

SHA1
c15811a93ff50209519a8fb438894a27b7354522

SHA256
06a5b52b2b58b1e5401afd3a82370ecbecf50d342dc841758cda76c734a5f838

SHA512
b6f61ca3d866692f8da3ccb9fd71492561330acb3c7ca0bac03f3474c29ab1cb36f317e85217734cf5ea79c72deb2bdf2baf8b9d89e85063f749c7ca27603207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
2eb5df6e3cd2eedd7ebaa85bd7b24feb

SHA1
aad9553a133636ecb5932d254e2a332ac26630e6

SHA256
a8f87057ea90dc330bec12a71a10ab73f70f003a8a87651aa6e5e20add2dffe3

SHA512
f62852e41c21c602d618d7f85193304686d45ec8c821e9fc0d69bc8f8936f61fdbd724d95b1086231b71a4bd776d9e64a8f05cf3c76c34979872d8139ccac361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
a2d2301124963b84260faa1507a371ec

SHA1
8842088bcd9b6b52a6ce20b3d4ad733486294c7f

SHA256
ae707bb55484abe87c4f19093a3e020f87be4ecd06acbb598b9618202681fc30

SHA512
a5273f7853ae92087b3cc80ab961c5c0922be5077b309aaf658f6aa9ccb17b0f5d3d3c95a64dbb0dd33b84c6f92f28aff9528155da81be6c56166a8e19cd7ccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
efab2f47964b06b477029985606d4adb

SHA1
6e68f23ad739089cbdf3eb8b6e7ba5dcde04c1c1

SHA256
4e8f40b95d57f630a58bff7811d76186e8216a0f5a063dd9b113dcf836cac6a6

SHA512
1de95753af2c3912a477d5ac23dc447b56b2f82d7b63eefd2f8aef282506900a048e105a9b44e576e3a3030a3a4d510709b56d2fdb7172f43e3f68967a9b8e27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
295956cec56ee605891c72c08110ee67

SHA1
0a5d9772c04e760d0a1719d45210f576b160b331

SHA256
17a1231537a627d9c341dfbe770e65d8263520b010b35423aa2185f7bbbe615a

SHA512
66f286d50d1d74be9bfe231b161fe415e9567b9228ffb77f7c9d084a3e5c2256afe74084d9a03dd268499ec8ed9f07ba46967b5daaf4b97a3d75cf19cc0e94fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
834a75f7ef0744e4f88dd3a7ca2c29a5

SHA1
8d3ea3f248fa8e1bc12683bfe0ca62f62781554a

SHA256
e5970f9d1a2a4a2fe1557421a08e082a1f82a265c5a409177479c9ad649050ae

SHA512
7c2d34d28ef56e09574313ea73b45d0303817a3ba4c9a8fc32a67ce8940a7aee5c926caa42bd221b7af6e149a197fca7f976afff601311eed7a1b76a371e783c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
30f18624a21332ac7ac13e660a0a4f11

SHA1
b976835b82294e8d078c4a3009ea9633d3b635f7

SHA256
fbcf8009c92a306c0e7868c24119779419bf56923c4c206124191512e1d8465d

SHA512
e0d9d4514fd5525b030368cc1d3c85e3782db64d897f4ffe41d47f9988560c00e674470224d9be444c9cff36bdd7a99e65fabf1929a8cd2b2318aa177986deea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a305a3a9f64c658a9c70a99d1b51f710

SHA1
1be1fcd404400f6e3ff716c42ff7a49f8db4844c

SHA256
e7e876de76cb5925d12e386fc4563b8d2d09dbdbe0d672d03f375bf6785fe3f5

SHA512
185063634ae460caf3b01599d98f657a20a12b601274e671b8709a2b12709d748e76b28e9211232c70a99279505c35988697efd60dc41389d000b3911b654a13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f693c5b2445c222ad2f2a0429e91c8a7

SHA1
bd1c04262baa80395e689e2123b19ff8bebc506e

SHA256
3d4cfdaef4d4a65c5215274474b737a5a3d43d585cda1998d454099cd6ba335d

SHA512
b5fec0223b16a936c6faaec567a9de1010a5859eb8fef24d737e2a517f0b55f06567e115d1377f7fc31dae337e392c2c164ac170e3f92d19da730659e9b30094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
bf7777f00ae5d9ff0790c966a2701a1b

SHA1
78188db8d5399eb9d9ad4c9669afde7f98ae11a7

SHA256
cb806f635bfd3b057e38e535a9b80347ec89f2d8d3af99c41d56aa6f164d6c2c

SHA512
9903f632af47c27e417a0b4cb9618f263a8fd66b24e241582f22154a44ac092d5dd85868be518a5da1b2bb380affceed6d7e51135ee8fa52f89c7b1972634067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
20d9d571d834e4b900eb5c325c7ad759

SHA1
687adb2830ca2557cdb9620d3400c9d787abc24f

SHA256
f63c77386ca38cdd8aca8a25da1a6166fa6a782ec37b7ef78532ef5c27790029

SHA512
ed170075f494d2be0463a0e3e2e2b6de1bde56bd0b8e51d0c60cec3c5cbf056fdf02e422c9401f6907b1f02dd29b1b1ff90300a6785f5fe71823388557a4f9e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8e414207bf7c92b794f7c290e585f13e

SHA1
899fbbef022c7e4f0fb0072b1b1d2dba8601d55f

SHA256
9a72168f34ba3c0348706c58ccad080bbd9e25e14a252f8e1c00e477205ced93

SHA512
2c6f7586801cf4fdc2b9594d57a70fd9f94d86ec32d1f25edad123e1df071dac485a69c77b4522d81d9efeccf222acf4e4f4071ea20c289934440254d8cc2157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
99f7bb1a0f5b2481c4778b05bd7bc4e6

SHA1
e160d0ba7b5c988fc5e4252472fe375f2144226c

SHA256
8f0750050e5446c897566bf79b68b329a1107770a3d57129ece50f9e161bdb07

SHA512
e78e856a5888ecefbbc584a9e26e1cf63aa3369b0a672afc17bb6b1530f873f020d32e24fc2a7836230aae43d6d40ce2d6839cb1234b87327c57a4545b55d280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
adb5f5dcd8ef1feb4b6feb069a62ac7f

SHA1
56fa472bd775dc341c8b25ec3f2619554bcf4d9a

SHA256
49448d7e08e77f99ed703491b5134bd03381d19be6672b4fe1be29fe7d4eee79

SHA512
199b9ea02eaa6f396a26b7994e4e801bb99736d028132c1081c3438eb674108ceb8886a0263b0917013d2601f023418c154275e58ea8d6106f316f77ccb73a91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3443dd69624988aef1b177c66621cf09

SHA1
0deae0dce70d665608f0491181e8e233bbdb0f3a

SHA256
f572a4a8f8a59df5ea358245032863b4fdd2cdf10705d9dd1952201b538d24df

SHA512
3cfd604c4b0a61b0319251a14df4b8fd7cbb970f7136d190ee2a4b0bbaf4028d3636b506817560797a1eeed34d7feed9ec6cc1f220bcd2625d86bcb515d1e424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
71fc82ed778fb2b750ac9e4d610d663c

SHA1
fdb28affb30ab2079517a035f886da12d091bd4f

SHA256
3e28884b928aaf02bd6fcb3bfe53b3e693f2d01a0b67c17a5e0c84c834bfafd3

SHA512
fe07f4d3837258746e3803119f3e4b981ba2ba2b8d9bffca93bb8684b3a71b386d210f2a6c8a4687700c5520eb33a6ddb1f760d905c7e914ff97d4f67af57254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
2222c15068e6a730d110fccedb66c8dd

SHA1
9f2e581e424b7bfe11d6e63fa618fd20af75fa5f

SHA256
bd4b627be18b17d45b6bed0ef8b41e97e39117ee460d20d84bcb690a22e8e009

SHA512
506ee66c750b09e9788ccfb5185d1752e9cfd7ec91da629b871622a9ac6cf2319c3259148eddca2070d79e69bdc43111afef21c413f35f927132aff1cc80b19a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8969c5673a4f21b4cf06eedcd697ac91

SHA1
dd0820380744ed12602afa2a1fdccfdfdb8d35d2

SHA256
c4726550e9e76a2a6857db19892e8c2c374706498b2e2a8a4669aee77e361cc5

SHA512
21c699972dc6e4de0b3e8f7d66c5d0e0198dc990549d54eed290bfd09b0b0baf0abbcbe4e16d30944da8d55e78fdd6bc459ceac38513032e0ed5397cec806b03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9b886f70bd909deb5a4f9698cbb93dcf

SHA1
38d2f9a233fbef22de17277fe67ae4e1049cfcad

SHA256
aa5d63378a103a7055ad80dde4f4b25ce27f8c84736853678e79b1b0d8a6ad11

SHA512
635c65d7d2a09443f573734adb5367cdfa508aa826e01c6a89059768a7bd23ed1fa48b5c255839cb11470e29b165d382ac2f1706673885f67b18f21654fa8733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c677b91f-0346-4ca1-b819-9de832954315.tmp

Filesize
11KB

MD5
fe976bb7470d62b07b2a8b0af0edfa31

SHA1
328341f1f32b383a63cbaeb76edcac47ae299c97

SHA256
75a887d2ef644226cbd308724fccf131d623b196f944c4fb5885b40809660807

SHA512
92703eeb576b0f2bcb04b5f4cdad8b64a52a13202222adddef295d612681073b67b239ac5d1fb38be3643366379b58dd4fd417e72fa3bbd185f7be87d9a837ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5c34c97783b146c7c3cb3b79a0dcb038

SHA1
f2f671f9344d11a09b7c916c4c33653219359047

SHA256
bf6788915852c02b02c77bb60e1b28b53a2cb01a2e6d819d6807f47df7e8e904

SHA512
953e965c662cf67195e2a0d01ba4b608156963cf79bf8e109d2ef992e7f0b2669577f6ae29d7417faf8bea1e70432fddd3901dc79b06386227b32bf7164ae842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4616eb02b6b0623eadf03c8560676ce7

SHA1
752c7af2cb336fdcf17ad4dd63faaa38c1a611ce

SHA256
e734abc1565591c6b8b739105dfba31c7d97c7c4b47f332d413978dcc2c601ef

SHA512
c5b4f41bbe188b3438f8a5bdb5c607f4997cf64644ba8cea9e67c4afc8267a85fc800ec88a9fcea7e226a6089d945bfe6538a217b64080a4b60c7b92872242a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3d0ac96c41b56b4197796a108c9c0304

SHA1
f91bce8bb2ed0d3ad49c9953974b7b6d99131a27

SHA256
2fa423d8891559b448f3771a19077a60d9b957882ab5e22904e949a5a32a962d

SHA512
76eb5850fb895b9287b35da7291471aeb4adf6f93de77c0b8ade54c468014ad2669f001c52fe1b14420770e38b0ac1f29133205e00f871eb1e8c8e72ea30ead3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a504a643fd50326bb7807e0c21ebadb6

SHA1
587fb5b5f3f278c5d8fcd36f47e2ed9934a842f2

SHA256
6aed55f8dd251fb302db0f9b92373ac9238975dac23caeb89ef6b14ec19ebe57

SHA512
90fbb08ae2a4d6c6e223094b2aeb0f3abe4a45e1293bf648514d28cc3e24f9c9e8585526d1d125e97203bad5c71b00451aaf29e4059fe2896a8e4115dca2da80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4cbae8f28bf1c95ae28fab2e0dbf771e

SHA1
586cec483c5866530d191e938e74ecb83e54bb48

SHA256
47bd9b5f0672c418a41376c6a96c8608695002fd7ebc5252feb69359651e7ae5

SHA512
cfd1811050b4aaeac10f15b3813e2e1ef81e6320c9d7086045cd983d39acae0d7a93a792beb052ef2f5f0ca912d3006047053870a4a7325c54054ab4b48aa558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
81fc097a76f060510780776ac98b1e69

SHA1
acfe7dd6b6afc6703d1d064c1121c23ebf3edc83

SHA256
ee45cb4409f5bb187c6fe552cb8f59ac61dfd23970a420e3e2dc9f369ac5a67f

SHA512
8caf92e2ab055ca06d12881b98809fd0543b547dd329b71ced4dfe272fe1324cf833ba39e28aebd1cd4c94912e673a62aa62c65985f6be9591e06163b8a12529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9dbff0cbe9cf94a9f0f882e80931416a

SHA1
60d61ae694a805f368dd411f1e51daa4cc0d3cc5

SHA256
c449165df390f55a443125f7b890138cbe1d8fc8f63aa7f01657fd39cca78c0c

SHA512
a76ee6e55a20bcebd9a1bebf117b7ebff44ceea528e706415ac99246645299c988749a96be25b02c21177dbacba4b14b4502da889dbb01dbcc6defd65ba6d832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ee041da6e8cc8a9e64be680755490d73

SHA1
587ac9cb679826d731139934e7ef688e814046af

SHA256
19a07881e3924a4d973879fa9b9eaaf82b06cc05f823ddf01ae0eef4038737d6

SHA512
ed922a6d200dc8da92a106d36124affd4a6eb1a4ee3f2c0412227577fbd9e5952770d570519210831618fbeac661faafb904221f0ca2f0592da33a9d55543578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e9d0eba63c32c1d56e1e5b45b8dcc807

SHA1
5ae512ca1e325d8822c566c2182e2bae20db8574

SHA256
e791fd6b8061d0f16b3f95a1c4d3e650b99d9c1565ba7206a31012e448ce1ec5

SHA512
77678e94e7419bd149fcd536a56bf15351943a8bc03439dce56d9e2db0db3a2f219d4185dc493c87088a0f3bb95ca22d55547ed79f34cf307fafeb7a709a6905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f4e4b2f6f81988694c24f1288a1902a8

SHA1
c5359158533310e96f3eb154ff8bca13c811448f

SHA256
8f18a4d2953548c6c7fa78ce7ae49b5fafc79385bef7860b7ab8562032897d02

SHA512
93f0e5f072413f9c01c412aecdf765e2199034bf42f2d19fdc7e7984de9e8d753da2d697f1168f85a7050e60c5916b173be46721f9ade395e45019fd6a36954b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3a424421edb7e411b7fa0a2b03983264

SHA1
edbf03d2b23eb24d9244afbadf52347c8ff3cfe6

SHA256
6f6dc06b05fecaedba40b3bf6ba245f6e9d1b12b02e9edcdb3cc4388e2d8cdad

SHA512
c3964f9a9c3219fa6860e5d12d92fce6a885473533323f4f1faee12f81c7a0d1cfd29f7c368c37797489a93dc07be2a2c7843190cba562e6730493e07d21cd99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
97e2e74f7677fa36f2b9dc871d83cb1f

SHA1
89c1351608b5d520225eda8baf112fdbb26714db

SHA256
d4ff0fada357355acc1f1bd70d49f3ca3e43f71d07258846f72af4da67322066

SHA512
b20b17e94ef5139e7718a018f46655297b83ee419e0492a5d0000b3918bd95bd7916147b2c032ae5131130eaf669622a82f274f8db1f0ec748658c5e7eaa9234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
19KB

MD5
f7edf08e2c7e0d456d483ba5fa7c2e38

SHA1
0dcd4198c681f2ac111e544944cb536da7228cd9

SHA256
324c9b90cca007b3d24b6d3d54da6f45acfb6af630f03b0d72f1fbe01c706563

SHA512
e43f9f51a005cef8cca4307a894ab9e8f5bf9547dbe4332753c2a1e20df642cd3540cad386fe801c99b339a94ff0e374465f8034ab4f6325c3c878a1401c9a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
ddb2f9b2027ae7766051e53bef072e56

SHA1
666701117dab2dab17e0ddc8db89900abb20e43d

SHA256
c4bf33961ca2237d5e953e5c9fb9108c21f56962a1a16bb7f5f09753de522246

SHA512
67672d6144c5ba0bcf967a8e11e1d5bbd66596fb6726cd819be9b6c2965d46a1c211dc6f20ec8f62bbe689ed70dfa985071bdb0108f574a797f20f71c2c35295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
1ca87ca88e3d3cf2826dcf5d55592a21

SHA1
37faa4133c247d7b61568a241e9c20d25439d700

SHA256
df57ffefb07dffda562a33fc9dd3d3fb10013dc8ef2dd1d89ad00b810e55eb14

SHA512
a6d2586a6eacad860c6c17d7ff692b687f113ad7b8cb63513161b313cdf6a521dab89a7d4d742bec95d5f72ac67e381c3c308a495a521edda5b58042b5899dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
96422fc52de1f5ae8e740e1f40f121b4

SHA1
c0d91755efaf301c0e01d1b3917aca3d2e05714f

SHA256
25677162708a281af1f008809adfe6832f9f8f90eb0c9b3e34d65b3606a751ca

SHA512
1dec02932a72147e889222f4c202410ce580a6958970176da21fc23dd256b734d630aaa06cc13eb748507d80f65c382dc72a9c3818e1c76679fd3eee9f4df4e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
c4618c84679b8d90f18a92ab0afa74e6

SHA1
9cc067482a06a904fd7a083a68f4c53e0d288c19

SHA256
1060c5dc4f4be43117b6135eaf865b3adf1ab0b9416dbc935e05662fe546930d

SHA512
b5be8cc2fba4af905783b9e85be2757ae761d38e3ff10a6ce0c59ba1752670f6b68c417836771f5c4d604a4964018c36fe35a67769e605ce23b66f06a571d1aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
7a9ba5b5ce0bf6e827b40e69c7959087

SHA1
6541f9c179cd64b6b5a8a4d82703280351878d02

SHA256
efde0ae147337d9582ffe5c8f6ac6c54918ba7f2cb2b2e19297dc586cca9a742

SHA512
1c06548fd0c381e90a752d0cf27a0c108e6cade49e0d1af03e96fa4a1ccc91cba7a217481183dc71cc279d4d65a3dc082669d69c72f2b6a28ede2f5887bc4a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
84KB

MD5
36a6840857f995553d720060a0f6b2bc

SHA1
cbb6aee67ea54c7762ccbf10b5763549a307d71f

SHA256
56f624fd34cd56cce77bff7a596af14ece4fc4ac7cce9a9cb18bab62dd78b255

SHA512
d78e1ed95b99138c78a0c526d8042283abc0272c4ac31aae6171b55bca44d9aaffa9bc528c6dd8ad7debb6e8909873fc98edb5fd737459f8fe9c305542442a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
53b667a78c6a66be0f95393edc0e8d4a

SHA1
2b090374a0610fce307b215a332e454081158212

SHA256
f0d9679dbe8e0fc10187e14d7ee79ac6d96fc76a5408d94f9db104a2b78058c9

SHA512
20dd82b6ef0907d26de0a98daf7c42ee9276340e62a2390c95933ba926749ea1c1516d47ece0f516149249cd722319ad826325a4fade98adc9047df4a6930657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584b8b.TMP

Filesize
83KB

MD5
a6ad8a9d4969d5ac6912c0b4e65f004d

SHA1
388370900dab88d64da4c2e8f8d52c495f21c1e5

SHA256
d877ba0c76b241e8007e7db8362b6eb8672aea8c2f7b741887e02b3d2e49e9d9

SHA512
f2361c72ae307e2205a77f0598d24d89607d0229f51b5ec1e8f99dfe85a53c5c9fa8c68ebc83e3641d109a15508c5b759e6490ccfffcd338a4c10020f50704b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
046d49efac191159051a8b2dea884f79

SHA1
d0cf8dc3bc6a23bf2395940cefcaad1565234a3a

SHA256
00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7

SHA512
46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d22039bc7833a3a27231b8eb834f70

SHA1
79c4290a2894b0e973d3c4b297fad74ef45607bb

SHA256
402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6

SHA512
c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f4d943796d84e414b7901bd9dc749ea

SHA1
17ba358c6ae33ce0299778af3c10deace551b830

SHA256
c618498f8c2ab12d154986318d19033dcae197c72710dbdecfd3f695b47fc62c

SHA512
d8840653f32b9420c1f435ba28ca8c3e220d2c4c36cf60670f13a7d600c0968f13756b8a00909f04e7ea0de7da92c7eede8c5cebbdf22b5322fd9fa36f195b70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ef6e2806c4ca89625666dbe1f6680a2

SHA1
3ee7c78d62e00e937d55213887e93a1f1418e54d

SHA256
0764533b3ac2993abfcdaec924dc390d2ff8c60310d6e6736392aa2e47bf2b36

SHA512
5058baff1d8d465efa959c4d1f8ca3c6deef6be517c1bc9d6c9f8763af04b70d6fedc18c7328176d35863085875b0faab81934e228959366ef7867a4e2bbad3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fadfebbddb04be881e336e95559a3bea

SHA1
1a4479f0f9981ab37db01888196108d496afb51b

SHA256
c60d1a35ae3ac5ff78d634135a32272b0c4086f71a74687dd10455abced49eaf

SHA512
3001bc5ada11c23e94293ac795e41ffa951ddbd237371feaf18d48f66853ba8107f49a0c87c780b355d10d228dad2b15ad8ea6e191fb3efd3540dde1f5bf06b3

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\84ebaa7c95efeca73a5c0f2deab6a455

Filesize
5.7MB

MD5
84ebaa7c95efeca73a5c0f2deab6a455

SHA1
c072da28301354bb4c94f14bb7a70f48552a7f7e

SHA256
c626055a1bde4c4a28ded2d8830f8060633cae35b224903ade01c7227d74ff11

SHA512
500c7aa69d1b81f23c85f1f5d289958910954937d132179a71b5d0fb17d5bed64a3bc0c2c2bdfbcd739b5a290ae2fc5fe0c7ee2b91597450eddcbf92744edbdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

Filesize
27.5MB

MD5
d2272f3869d5b634f656047968c25ae6

SHA1
453c6ffa6ec3a0a25ae59a1b58a0d18b023edb16

SHA256
d89a2423da3704108861f190e1633d2100ecc30b4c40bd835ce54a6934887bc9

SHA512
41072ef6f382cf6d4d97ebc2a49a50a9bd41b53508a8586fd8d018e86aed135e8ac2cdd16bbf725e4f74f14ecfcf49789d3af8924b6d5dfa6b94dc6bf79a0785

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

Filesize
67KB

MD5
7d5d3e2fcfa5ff53f5ae075ed4327b18

SHA1
3905104d8f7ba88b3b34f4997f3948b3183953f6

SHA256
e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4

SHA512
e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pqm2ottg.qq4.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\abc6a311-55b8-4ed5-a68f-c3ae696e248e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\j3fgzk5f.exe

Filesize
1.9MB

MD5
3a4024c801a7c3165dbafe361879fdbf

SHA1
7b61c8d69be8bdfdb0d5569aab76f5fc48476bb2

SHA256
ada9625f38812627ec3afb11147825804e259a1a3b772e7c04694477aac57f24

SHA512
e936c7a7c0f2767187990aa26948ad3eb321fc313a50b4cb4b6d9e07d42676e204275d39311bbc798a0594e02473000f8cb0763a2da0543c787a3b9946842f61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm4C14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\034a1566\28af1881_1ba3da01\rsJSON.DLL

Filesize
220KB

MD5
bd772c48f94ad1012dc608a4b7b55ce1

SHA1
4593870deb85c3ea9d54f1f260e2ab96effb6ee1

SHA256
59733e01120fa4d5cb1e765babf8fefc15d98f7d484cb1902e0d07c4f3c0dcca

SHA512
534b4005c4d7647a42da6489a6c6852d95ef0156d0f76bc76b5c6765e035fa86a46e2ce823962b06b4f74c74623155302974d0dc0cdac7fbfb00fbc3579bc286

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm4C14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\259bb292\008c8f6e_1700da01\rsStubLib.dll

Filesize
248KB

MD5
a16602aad0a611d228af718448ed7cbd

SHA1
ddd9b80306860ae0b126d3e834828091c3720ac5

SHA256
a1f4ba5bb347045d36dcaac3a917236b924c0341c7278f261109bf137dcef95a

SHA512
305a3790a231b4c93b8b4e189e18cb6a06d20b424fd6237d32183c91e2a5c1e863096f4d1b30b73ff15c4c60af269c4faaadaf42687101b1b219795abc70f511

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm4C14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\54442105\5c4d1681_1ba3da01\rsAtom.DLL

Filesize
158KB

MD5
e5e1626c36117bc60e810c132b99c249

SHA1
753c35e07b1453a80ce2260d3c37387ab457c91f

SHA256
abddc3de4f7320698394f16406cf59b2cc147f903c5afb8535025ef7ea696000

SHA512
145d37fd59b90da9656ff96a2f50db185efe791eafb67d492e9bae3869271c71e493019c08a2390f4aa251f8611c78fa66bca93a8925e3f8f0fa98f4b5278800

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm4C14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\7afc9a11\c8111b81_1ba3da01\rsTime.DLL

Filesize
20KB

MD5
1ca7bd050b0c469ff2cbed12b1f4429c

SHA1
ff04aa7517209fdc02f02acd6f40b9f56a7fb1b2

SHA256
e9fdcb7bf690b18cfae81af5a5da8ffd63e0b75579522c94b805cc91305d14f6

SHA512
c03c70960a243ea6537baaf9d241f58f0fa002bf9e512fffe1927d0b503a68f2b2b273d00ca523801152b19da3f8a548a99889b3abc2400ff701325283354bff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm4C14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\919df341\c8111b81_1ba3da01\rsServiceController.DLL

Filesize
175KB

MD5
3aef2746ab8bf491c50d946f271d8461

SHA1
e89d4c3822f0d2c58bc6114f9e35d99271b2f82a

SHA256
7927338f12e8d1835e97fb342874b26d4f068da95bb582fe0ccfde364e769969

SHA512
6649901243600f82e481408ed95c2471de50c5266cfd42892a526225de0cb0f9469433d8d87d72f33d0d0c8d31f4f245eaa041fdb45f839433f995763c314f02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm4C14.tmp\tmp\RAVEndPointProtection-installer.exe\assembly\dl3\9e3faea0\c8111b81_1ba3da01\rsLogger.DLL

Filesize
178KB

MD5
3c4180b83cca1278afa4e8f6a3bb0847

SHA1
61988cb6bf9700e517a4344a793025ed175ab9ac

SHA256
4149bd4b31e147776a9b7881b3e40644fc583c4c25e40edc480c996dcb7090c8

SHA512
7a2e8f2664573115c9268726abd90b91bc19664e317a7b5afa001ce3d31b0537c9524066a2dc2fb831e3dd34b8c98f1405699701b3e990dcca175f1bfd40d54d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3880_1702515188\5baede4a-9b74-4bac-8e4e-ff15825a903c.tmp

Filesize
3.2MB

MD5
0478af367a6aac8faf45eaca7c8c9bdf

SHA1
19113a9b403147bd6dec0501e11109445487f49f

SHA256
7e42ed55539c619ba18325cd5680bb5bce962c76f66a82e917602054afe9abfa

SHA512
8bf10d7ea6030427a693b904aa4d6b2d195a0538ef23d38048412ae5cd97518aa732061c8ad43028eed8fabddb81a74bf23e5219fcb9993d702603bbbc744cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3880_1702515188\CRX_INSTALL\about.js

Filesize
89KB

MD5
384fbf911518b0ceb21a26b12e65a516

SHA1
5f7a989a1863b7116b2991ed93d41c8deabe7b19

SHA256
613e3623f7ab19abfe7d6d36e4f48ce450ed7a18f42f06137dd61637c263154c

SHA512
b3dff709a4c0385f9f6dcf4d8a3a883aacc92a851c3c18241d631e855a074b6b7936423cde5b73a9d9c3ec55920e262bafdbe7a4e820ccf9a52eaa954510a74a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3880_1702515188\CRX_INSTALL\css\ff_policy.css

Filesize
7KB

MD5
7ccb8d48efebdb41092403a6b0861ca0

SHA1
1ee32887001b3b5373b22f2bf4c9042b5873a768

SHA256
6bef5be367b656fb751390cbd5bb6fb157e240d436f21bbe99d1a54440bb0662

SHA512
425ad8f6f52d723f73cc6f130674853a300e2f76cf29b92a69f60ff5b79c277dd1a4d31ffe9314a79fa48bf65431c9165e1a5a24fe34407dea1844216432a70a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3880_1702515188\CRX_INSTALL\css\foreground_sidebar_main.css

Filesize
7KB

MD5
04901357e773a6b03010c7f0b3b7c0cc

SHA1
a015548cf4107b8fa16e2d2252ba034a601c2b2f

SHA256
ce615a5375217e850922e72af0ee5a480e44402745f016d2aca86b23a2725704

SHA512
88d5cc6100f837902f4aaca5f79ec138a71dc3e7059cd53e409e365bec7faf25def55af515fdd04763c5bf3b53c471163a3c866227d5c2408389406ce399d5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3880_1702515188\CRX_INSTALL\foreground_sidebar_main.js

Filesize
107KB

MD5
8cbb93c6d7eeb016ab6a6c7be4e389ee

SHA1
8a6cc2db9a501318142263c3c9e0bd0e320a5aa1

SHA256
4bdb9adcd27ab052fe7af8824f009730c6ca9298e24255b1dd9ffb6d603edb96

SHA512
0a0c7269e9b54fbe950da0430ffb260e979dd225ab0b47d4c3c9f6321117a03bd5f4319720d8c5a288a3f15a67cd3591ea34ed00a1d1b836ff2e67a02a8f7ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3880_1702515188\CRX_INSTALL\images\browser_action\green_16.png

Filesize
366B

MD5
916575e87ca461fde65edc2dcccb0134

SHA1
bd0a7d65b1511b0124ad926b51dd2c98d47d1f5f

SHA256
073a0ce56d034c829b3c09102dbf50b4a9760118a3a49a5885fdb44abf36a58e

SHA512
99dab1542909ffd3c0fb81dc68f9563dc1be20bfa1e3fd1c96e63261ea2b40a5bc814281de42d17a5924f20de8d1ab97cf1c55eca676416e4cb5421229475efd

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3880_1702515188\CRX_INSTALL\images\browser_action\green_20.png

Filesize
386B

MD5
d498609be39540e6b441da31c3de20af

SHA1
1780747374c57bf886b33e957d561ae2367ee09c

SHA256
8526ea04f38e5632fb77272d9b03c0ba6bc4baa7fa25fef8adae81769e87f078

SHA512
74b567d12a49e3e984b2801eec23cd12c26383ffdaaba56b2971288e2e9d7da29fc94bc35eb12c8e00795d599ecc81154c606e9e5acac883f5e474e2fef7454e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3880_1702515188\CRX_INSTALL\images\browser_action\green_32.png

Filesize
535B

MD5
a646de09c67221f0b5635b208852fa43

SHA1
4dd709d378ec9e3b7b88d3400c7c0d159dd7a46e

SHA256
0337efdfd486d0877b3eae8a9c251e8c56c1e6787f48a412ad4b32504a46e1d5

SHA512
cced6b598b00ca4bb968234b8b08ad40fd2f8ea075a76ef6b14644f48b012ff7f95eda4317e1827bfd5517eb70cda95dcd40c0b110a28739a3e166d7ddbfcec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3880_1702515188\CRX_INSTALL\images\browser_action\green_40.png

Filesize
600B

MD5
844950e5c560a509d18d08fde84cae1e

SHA1
f6b9fe291596760c54ef3bda7e86539ed1bc174b

SHA256
fb5b7a7cf4511a085f10c7892c30cd6e96bc1dfcfa77130187203012975c4b32

SHA512
b9e3b0efe15fe08dc36f715379f85e4152656bfa5cfcfb68ead4053c64c7c713c7c01cfc473147ccea64c2d210b49dd9078ca37b42c56353bc52939011a6c64b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3880_1702515188\CRX_INSTALL\images\web_advisor\logo.png

Filesize
2KB

MD5
b90992ca471a92779e6bfb4c3f19f354

SHA1
f50778c2068149ece08758601b157f24002e5e58

SHA256
0712a74a294be497fa3c8776e26c12a1193c8621568405c0fc9a4859e065f396

SHA512
2166109a4e68759d6515e4d893dd5d6a65187450a80fd47e4a8ea050e2ba5f0326c8ef9c54db443e1a81e8d8343c67795cd4e3ccb6965f23317c3f2348a84be7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3880_1702515188\CRX_INSTALL\interactive_balloon.js

Filesize
1KB

MD5
8811c08dba69f3dd5c1be93169bd13ba

SHA1
e00f8bebcffecdad1a0efd4cf297989b5424cb14

SHA256
5a1312afd6924fa1ddd84e14e420c13cb94980886a3fee322647e29a3a7325fd

SHA512
872cd6836cf9d43c9a6e7b3cedf75fa3b81f907ce322f90b6d80f5b07c28ab6ed8b70d7ff6fc2a673535c499d695ae3f2d82ee9e144e15b66cec6b78074e3708

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3880_1702515188\CRX_INSTALL\scripts\content_aps_balloon.js

Filesize
87KB

MD5
d06f78dff353bd1d978b69764e199d9e

SHA1
b9272b24485fc60c8db3d430994b714fb38a1ef5

SHA256
ecc85294f1837440edaad337ae605ae0d05b7e16fe6e6ec82646c8f502424144

SHA512
b2057a3f814ee96c8d1a0611b3b4ebbbf0c43b923751425942ec090af8d68ed1ac59f3d33778a6c4eaa5e0bfe2df78b11e1a9a51cd9b290081c8a7691540beec

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3880_1702515188\CRX_INSTALL\scripts\content_aps_toast.js

Filesize
87KB

MD5
9e3c903779001a384f4fc55e4f2b8e0f

SHA1
a6c67a9b205f937438faabc2dc7872fc5ba39e34

SHA256
69369af474a493ecf6da726f9632f443e6d5ae202830cfb238f4a38bd7d50100

SHA512
b80772e28d590ca706497f3e3e58571dfe3663ff5feb0e182da695fb222f2b999930ac97c1448a450ad636ee309538c9446c6531fbddfea816b01a188ffeb862

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.29.2\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.29.2\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.29.2\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

Filesize
73KB

MD5
13a91913194e332beb95142e083f25cd

SHA1
0dced7b0ff24c027f2fa15b8d70af8aed4ef713f

SHA256
70bc64233308eb16b33dac7fd03b671c87940ebb2ac5edeb83b8813a1280767a

SHA512
56b62e5a5db5c914dea98ec01dcb11b1addf93be3ad72de2c67382425564d1fd3cae963257357c04ba38132c38655fadaa28ec287b8b4eca1fd0ff7981979b11

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 265428.crdownload

Filesize
5.3MB

MD5
5760bad46664c1c9079d37bdbc4bbbad

SHA1
a67cf6f0c1a164940c1562be1f066e85415dfe32

SHA256
70be452d5ca4dfaeec5fd02652dc8c4d3c76ac329148c2bbf358ae8c829d4d73

SHA512
b75c8095cc7f9d092edaf32b51bcd5c4ce98315d73a4f8f244a0cc42edf091509a17db02bf7e8fe81a0975b0b008e2b6c44cdbcc48ac7d0dacf02514f353d2f7

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
23KB

MD5
004726b6b315e93a92de93ea8e4e1092

SHA1
11174949d3261367f6ebc2a3c2e20a42c9d32bcd

SHA256
6a895cb88182bf37e441aaf08c36bc768b90abf4f5d991c33ba07ae574146e16

SHA512
077f8a18e2d1c73077640f7c725bbc57f3fd7aaa5d862c92ce7d8ec2a433706df36c882c01869c227285acc0e9a53e81ba4d8e433dd72514a763a4b3f78f098d

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
7c0f833675477e8ac2e23e972f561efa

SHA1
fc9c88851cf7f1676157ef3203cfd8470681bd15

SHA256
28b6eba55bf2e5ddc9d3c714f48e40776f2ec50eb0abb4d20c6085faf798c0fb

SHA512
aa7ad1f384a11a260b7eda14845935a9fccf253acee1351191d0ae6bfbe5e49146eba63c0fa243627c292a65f066a2ff2a605337680ade0cc4346442eca0d76d

Download Submit
F:\LDPlayer\LDPlayer9\dnmultiplayer.exe

Filesize
1.2MB

MD5
0c81805493ab6e2ea8855e27dad4b63e

SHA1
2d1985e253b79f0071cf74ce067faf4d412d14db

SHA256
1beac1e13687b2200fdad579cc93d8216788a9adcaf0885b62af24fa1974c82d

SHA512
a69d94b97a5e74b418060c7d7902dee05ec6a02302fc2f063fb96b38fd6966a9c8419d73208f570b045d29b1f69c7c26dbe9f85abc1aeb7e4a6b4b17f0b7efd4

Download Submit
F:\LDPlayer\LDPlayer9\dnplayer.exe

Filesize
3.5MB

MD5
f9ddc9083ffa20efd46386eca87582bb

SHA1
8558d23be32806ae0dc6e85dbb548f1507240b1e

SHA256
c2dd00c3f8b25ff6b5d58317249bcd69a150bc29179bfb63cc2242fef4651cea

SHA512
3efed140be34ac956298959ee7dca4161c7b9afd0e06faccc1cfe65def71dd1c856cc16b80d6ad1536f3c7605f3501a75df3220b17654e4708306150deab3276

Download Submit
F:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf

Filesize
17.4MB

MD5
93b877811441a5ae311762a7cb6fb1e1

SHA1
339e033fd4fbb131c2d9b964354c68cd2cf18bd1

SHA256
b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b

SHA512
7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4

Download Submit
F:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

Filesize
103KB

MD5
4acd5f0e312730f1d8b8805f3699c184

SHA1
67c957e102bf2b2a86c5708257bc32f91c006739

SHA256
72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5

SHA512
9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

Filesize
652KB

MD5
ad9d7cbdb4b19fb65960d69126e3ff68

SHA1
dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d

SHA256
a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326

SHA512
f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

Filesize
1.5MB

MD5
66df6f7b7a98ff750aade522c22d239a

SHA1
f69464fe18ed03de597bb46482ae899f43c94617

SHA256
91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f

SHA512
48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc

Filesize
5.0MB

MD5
f845753af4cc7b94f180fb76787e3bc2

SHA1
76ca7babbb655d749c9ed69e0b8875370320cc5a

SHA256
a19a6c0c644ce0e655eaf38a8dbddf05e55048ba52309366a5333e1b50bde990

SHA512
0a3062057622ffcff80c9c5f872abdf59a36131bfc60532c853ea858774d89fed27343f838dfe341dafe8444538fc6e2103d3aa19ef9d264e0f8e761c4bfce81

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

Filesize
2.0MB

MD5
01c4246df55a5fff93d086bb56110d2b

SHA1
e2939375c4dd7b478913328b88eaa3c91913cfdc

SHA256
c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889

SHA512
39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

Filesize
442KB

MD5
2d40f6c6a4f88c8c2685ee25b53ec00d

SHA1
faf96bac1e7665aa07029d8f94e1ac84014a863b

SHA256
1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334

SHA512
4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

Filesize
1.2MB

MD5
ba46e6e1c5861617b4d97de00149b905

SHA1
4affc8aab49c7dc3ceeca81391c4f737d7672b32

SHA256
2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e

SHA512
bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

Filesize
192KB

MD5
52c43baddd43be63fbfb398722f3b01d

SHA1
be1b1064fdda4dde4b72ef523b8e02c050ccd820

SHA256
8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f

SHA512
04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

Filesize
511KB

MD5
e8fd6da54f056363b284608c3f6a832e

SHA1
32e88b82fd398568517ab03b33e9765b59c4946d

SHA256
b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd

SHA512
4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

Filesize
522KB

MD5
3e29914113ec4b968ba5eb1f6d194a0a

SHA1
557b67e372e85eb39989cb53cffd3ef1adabb9fe

SHA256
c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a

SHA512
75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

Filesize
854KB

MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6

SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62

SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

Download Submit
F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

Filesize
283KB

MD5
0054560df6c69d2067689433172088ef

SHA1
a30042b77ebd7c704be0e986349030bcdb82857d

SHA256
72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750

SHA512
418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

Download Submit
F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

Filesize
35.1MB

MD5
4d592fd525e977bf3d832cdb1482faa0

SHA1
131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef

SHA256
f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6

SHA512
afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

Download Submit
F:\LDPlayer\ldmutiplayer\msvcp120.dll

Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
F:\LDPlayer\ldmutiplayer\msvcr120.dll

Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
memory/1948-12318-0x0000023A62DF0000-0x0000023A62E06000-memory.dmp

Filesize
88KB

Download
memory/1948-12320-0x0000023A62DD0000-0x0000023A62DDA000-memory.dmp

Filesize
40KB

Download
memory/1948-12284-0x0000023A62E90000-0x0000023A63180000-memory.dmp

Filesize
2.9MB

Download
memory/1948-12415-0x0000023A64370000-0x0000023A643C0000-memory.dmp

Filesize
320KB

Download
memory/1948-12414-0x0000023A64240000-0x0000023A6424A000-memory.dmp

Filesize
40KB

Download
memory/1948-12287-0x0000023A628A0000-0x0000023A628D8000-memory.dmp

Filesize
224KB

Download
memory/1948-12416-0x0000023A645C0000-0x0000023A645E2000-memory.dmp

Filesize
136KB

Download
memory/1948-12413-0x0000023A641D0000-0x0000023A641D8000-memory.dmp

Filesize
32KB

Download
memory/1948-12316-0x0000023A62990000-0x0000023A629EE000-memory.dmp

Filesize
376KB

Download
memory/1948-12285-0x0000023A4A030000-0x0000023A4A05E000-memory.dmp

Filesize
184KB

Download
memory/3752-1339-0x0000000073720000-0x0000000073930000-memory.dmp

Filesize
2.1MB

Download
memory/3752-1500-0x0000000000840000-0x0000000000875000-memory.dmp

Filesize
212KB

Download
memory/3752-1363-0x0000000073720000-0x0000000073930000-memory.dmp

Filesize
2.1MB

Download
memory/3752-1338-0x0000000000840000-0x0000000000875000-memory.dmp

Filesize
212KB

Download
memory/4844-1539-0x00007FFE15D30000-0x00007FFE15D3D000-memory.dmp

Filesize
52KB

Download
memory/4844-1528-0x00007FFE144A0000-0x00007FFE144B0000-memory.dmp

Filesize
64KB

Download
memory/4844-1547-0x00007FFE15870000-0x00007FFE15879000-memory.dmp

Filesize
36KB

Download
memory/4844-1546-0x00007FFE15850000-0x00007FFE15860000-memory.dmp

Filesize
64KB

Download
memory/4844-1544-0x00007FFE15850000-0x00007FFE15860000-memory.dmp

Filesize
64KB

Download
memory/4844-1537-0x00007FFE15CF0000-0x00007FFE15D00000-memory.dmp

Filesize
64KB

Download
memory/4844-1548-0x00007FFE15870000-0x00007FFE15879000-memory.dmp

Filesize
36KB

Download
memory/4844-1549-0x00007FFE15870000-0x00007FFE15879000-memory.dmp

Filesize
36KB

Download
memory/4844-1545-0x00007FFE15850000-0x00007FFE15860000-memory.dmp

Filesize
64KB

Download
memory/4844-1538-0x00007FFE15CF0000-0x00007FFE15D00000-memory.dmp

Filesize
64KB

Download
memory/4844-1511-0x00007FFE16DD0000-0x00007FFE16E00000-memory.dmp

Filesize
192KB

Download
memory/4844-1513-0x00007FFE16DD0000-0x00007FFE16E00000-memory.dmp

Filesize
192KB

Download
memory/4844-1530-0x00007FFE14650000-0x00007FFE14660000-memory.dmp

Filesize
64KB

Download
memory/4844-1540-0x00007FFE15D30000-0x00007FFE15D3D000-memory.dmp

Filesize
52KB

Download
memory/4844-1541-0x00007FFE15D30000-0x00007FFE15D3D000-memory.dmp

Filesize
52KB

Download
memory/4844-1535-0x00007FFE15C80000-0x00007FFE15C90000-memory.dmp

Filesize
64KB

Download
memory/4844-1508-0x00007FFE16D80000-0x00007FFE16D90000-memory.dmp

Filesize
64KB

Download
memory/4844-1542-0x00007FFE15D30000-0x00007FFE15D3D000-memory.dmp

Filesize
52KB

Download
memory/4844-1543-0x00007FFE15D30000-0x00007FFE15D3D000-memory.dmp

Filesize
52KB

Download
memory/4844-1525-0x00007FFE14330000-0x00007FFE14340000-memory.dmp

Filesize
64KB

Download
memory/4844-1532-0x00007FFE14670000-0x00007FFE14680000-memory.dmp

Filesize
64KB

Download
memory/4844-1526-0x00007FFE14330000-0x00007FFE14340000-memory.dmp

Filesize
64KB

Download
memory/4844-1527-0x00007FFE144A0000-0x00007FFE144B0000-memory.dmp

Filesize
64KB

Download
memory/4844-1512-0x00007FFE16DD0000-0x00007FFE16E00000-memory.dmp

Filesize
192KB

Download
memory/4844-1529-0x00007FFE14650000-0x00007FFE14660000-memory.dmp

Filesize
64KB

Download
memory/4844-1507-0x00007FFE16D80000-0x00007FFE16D90000-memory.dmp

Filesize
64KB

Download
memory/4844-1506-0x00007FFE16C60000-0x00007FFE16C70000-memory.dmp

Filesize
64KB

Download
memory/4844-1505-0x00007FFE16C60000-0x00007FFE16C70000-memory.dmp

Filesize
64KB

Download
memory/4844-1510-0x00007FFE16DD0000-0x00007FFE16E00000-memory.dmp

Filesize
192KB

Download
memory/4844-1524-0x00007FFE15580000-0x00007FFE1558C000-memory.dmp

Filesize
48KB

Download
memory/4844-1522-0x00007FFE15490000-0x00007FFE154B0000-memory.dmp

Filesize
128KB

Download
memory/4844-1536-0x00007FFE15C80000-0x00007FFE15C90000-memory.dmp

Filesize
64KB

Download
memory/4844-1521-0x00007FFE15490000-0x00007FFE154B0000-memory.dmp

Filesize
128KB

Download
memory/4844-1514-0x00007FFE16E60000-0x00007FFE16E69000-memory.dmp

Filesize
36KB

Download
memory/4844-1520-0x00007FFE15490000-0x00007FFE154B0000-memory.dmp

Filesize
128KB

Download
memory/4844-1519-0x00007FFE15490000-0x00007FFE154B0000-memory.dmp

Filesize
128KB

Download
memory/4844-1518-0x00007FFE15470000-0x00007FFE15480000-memory.dmp

Filesize
64KB

Download
memory/4844-1516-0x00007FFE153E0000-0x00007FFE153F0000-memory.dmp

Filesize
64KB

Download
memory/4844-1515-0x00007FFE153E0000-0x00007FFE153F0000-memory.dmp

Filesize
64KB

Download
memory/4844-1523-0x00007FFE15490000-0x00007FFE154B0000-memory.dmp

Filesize
128KB

Download
memory/4844-1517-0x00007FFE15470000-0x00007FFE15480000-memory.dmp

Filesize
64KB

Download
memory/4844-1531-0x00007FFE14650000-0x00007FFE14660000-memory.dmp

Filesize
64KB

Download
memory/4844-1534-0x00007FFE14670000-0x00007FFE14680000-memory.dmp

Filesize
64KB

Download
memory/4844-1509-0x00007FFE16DD0000-0x00007FFE16E00000-memory.dmp

Filesize
192KB

Download
memory/4844-1533-0x00007FFE14670000-0x00007FFE14680000-memory.dmp

Filesize
64KB

Download
memory/5472-11412-0x0000000007780000-0x000000000779A000-memory.dmp

Filesize
104KB

Download
memory/5472-11414-0x0000000007A10000-0x0000000007AA6000-memory.dmp

Filesize
600KB

Download
memory/5472-11227-0x0000000002C50000-0x0000000002C86000-memory.dmp

Filesize
216KB

Download
memory/5472-11238-0x00000000059B0000-0x0000000005FDA000-memory.dmp

Filesize
6.2MB

Download
memory/5472-11242-0x0000000005630000-0x0000000005696000-memory.dmp

Filesize
408KB

Download
memory/5472-11241-0x0000000005590000-0x00000000055B2000-memory.dmp

Filesize
136KB

Download
memory/5472-11251-0x0000000005FE0000-0x0000000006337000-memory.dmp

Filesize
3.3MB

Download
memory/5472-11435-0x00000000079D0000-0x00000000079DE000-memory.dmp

Filesize
56KB

Download
memory/5472-11253-0x0000000006430000-0x000000000644E000-memory.dmp

Filesize
120KB

Download
memory/5472-11254-0x0000000006460000-0x00000000064AC000-memory.dmp

Filesize
304KB

Download
memory/5472-11436-0x0000000007AB0000-0x0000000007ACA000-memory.dmp

Filesize
104KB

Download
memory/5472-11385-0x000000006E3F0000-0x000000006E43C000-memory.dmp

Filesize
304KB

Download
memory/5472-11415-0x0000000007990000-0x00000000079A1000-memory.dmp

Filesize
68KB

Download
memory/5472-11394-0x0000000007420000-0x000000000743E000-memory.dmp

Filesize
120KB

Download
memory/5472-11384-0x00000000073E0000-0x0000000007414000-memory.dmp

Filesize
208KB

Download
memory/5472-11395-0x0000000007450000-0x00000000074F4000-memory.dmp

Filesize
656KB

Download
memory/5472-11411-0x0000000007DD0000-0x000000000844A000-memory.dmp

Filesize
6.5MB

Download
memory/5472-11413-0x0000000007800000-0x000000000780A000-memory.dmp

Filesize
40KB

Download
memory/5676-3869-0x000001CBB6560000-0x000001CBB658A000-memory.dmp

Filesize
168KB

Download
memory/5676-3867-0x000001CBB63D0000-0x000001CBB6400000-memory.dmp

Filesize
192KB

Download
memory/5676-9303-0x000001CBD0C30000-0x000001CBD0C86000-memory.dmp

Filesize
344KB

Download
memory/5676-3873-0x000001CBD0670000-0x000001CBD06C8000-memory.dmp

Filesize
352KB

Download
memory/5676-10930-0x000001CBD0C90000-0x000001CBD0CCA000-memory.dmp

Filesize
232KB

Download
memory/5676-10960-0x000001CBD0D10000-0x000001CBD0D40000-memory.dmp

Filesize
192KB

Download
memory/5676-12072-0x000001CBD0D20000-0x000001CBD0D28000-memory.dmp

Filesize
32KB

Download
memory/5676-3868-0x000001CBB6520000-0x000001CBB655A000-memory.dmp

Filesize
232KB

Download
memory/5676-11040-0x000001CBD0E50000-0x000001CBD0E7E000-memory.dmp

Filesize
184KB

Download
memory/5676-3865-0x000001CBB5EB0000-0x000001CBB5F38000-memory.dmp

Filesize
544KB

Download
memory/5676-11000-0x000001CBD0D10000-0x000001CBD0D3A000-memory.dmp

Filesize
168KB

Download
memory/5676-3866-0x000001CBB6390000-0x000001CBB63D0000-memory.dmp

Filesize
256KB

Download
memory/6476-11479-0x000000006E3F0000-0x000000006E43C000-memory.dmp

Filesize
304KB

Download
memory/6684-3728-0x00000000095A0000-0x0000000009606000-memory.dmp

Filesize
408KB

Download
memory/6684-3726-0x0000000009410000-0x0000000009454000-memory.dmp

Filesize
272KB

Download
memory/6684-3725-0x0000000007F60000-0x0000000007FF2000-memory.dmp

Filesize
584KB

Download
memory/6684-3724-0x0000000008400000-0x00000000089A6000-memory.dmp

Filesize
5.6MB

Download
memory/6684-3723-0x0000000073BF0000-0x0000000073C04000-memory.dmp

Filesize
80KB

Download
memory/6684-3722-0x0000000007E00000-0x0000000007E14000-memory.dmp

Filesize
80KB

Download
memory/6684-3727-0x0000000009500000-0x000000000959C000-memory.dmp

Filesize
624KB

Download
memory/6684-3729-0x0000000009F40000-0x000000000A46C000-memory.dmp

Filesize
5.2MB

Download
memory/6684-3730-0x00000000099C0000-0x00000000099CA000-memory.dmp

Filesize
40KB

Download
memory/7252-3796-0x000001E0E6AD0000-0x000001E0E6FF8000-memory.dmp

Filesize
5.2MB

Download
memory/7252-3795-0x000001E0CC120000-0x000001E0CC128000-memory.dmp

Filesize
32KB

Download
memory/8924-11452-0x000000006E3F0000-0x000000006E43C000-memory.dmp

Filesize
304KB

Download
memory/9040-11437-0x00000207D2980000-0x00000207D2CE6000-memory.dmp

Filesize
3.4MB

Download
memory/9040-11438-0x00000207D2CF0000-0x00000207D2E6C000-memory.dmp

Filesize
1.5MB

Download
memory/9040-11440-0x00000207D2640000-0x00000207D2662000-memory.dmp

Filesize
136KB

Download
memory/9040-11439-0x00000207B9DF0000-0x00000207B9E0A000-memory.dmp

Filesize
104KB

Download
memory/9436-12057-0x000001D4A3B30000-0x000001D4A3EB0000-memory.dmp

Filesize
3.5MB

Download
memory/10380-11383-0x0000018F09A50000-0x0000018F09A7E000-memory.dmp

Filesize
184KB

Download
memory/10380-11396-0x0000018F09A50000-0x0000018F09A7E000-memory.dmp

Filesize
184KB

Download
memory/10380-11410-0x0000018F09F70000-0x0000018F09FAC000-memory.dmp

Filesize
240KB

Download
memory/10380-11409-0x0000018F09EF0000-0x0000018F09F02000-memory.dmp

Filesize
72KB

Download
memory/11476-12255-0x000002732F950000-0x000002732F978000-memory.dmp

Filesize
160KB

Download
memory/11476-12251-0x0000027349F90000-0x000002734A124000-memory.dmp

Filesize
1.6MB

Download
memory/11476-12249-0x000002732F950000-0x000002732F978000-memory.dmp

Filesize
160KB

Download
memory/12040-12080-0x00000210D8930000-0x00000210D898C000-memory.dmp

Filesize
368KB

Download
memory/12040-12121-0x00000210F3E80000-0x00000210F40DE000-memory.dmp

Filesize
2.4MB

Download
memory/12040-12081-0x00000210DA6F0000-0x00000210DA718000-memory.dmp

Filesize
160KB

Download
memory/12040-12082-0x00000210F2F80000-0x00000210F2FDA000-memory.dmp

Filesize
360KB

Download
memory/12040-12083-0x00000210D8930000-0x00000210D898C000-memory.dmp

Filesize
368KB

Download
memory/12040-12093-0x00000210F2F20000-0x00000210F2F52000-memory.dmp

Filesize
200KB

Download
memory/12040-12094-0x00000210F3600000-0x00000210F3C18000-memory.dmp

Filesize
6.1MB

Download
memory/12280-12282-0x00000177E9D30000-0x00000177E9D56000-memory.dmp

Filesize
152KB

Download
memory/12280-12253-0x00000177E9CA0000-0x00000177E9D26000-memory.dmp

Filesize
536KB

Download
memory/12280-12309-0x00000177EAF60000-0x00000177EB1E6000-memory.dmp

Filesize
2.5MB

Download
memory/12280-12308-0x00000177E9DF0000-0x00000177E9E3F000-memory.dmp

Filesize
316KB

Download
memory/12280-12307-0x00000177EA660000-0x00000177EA9CC000-memory.dmp

Filesize
3.4MB

Download
memory/12280-12304-0x00000177E9E50000-0x00000177E9EAE000-memory.dmp

Filesize
376KB

Download
memory/12280-12286-0x00000177E9DC0000-0x00000177E9DEE000-memory.dmp

Filesize
184KB

Download
memory/12280-12283-0x00000177E9D60000-0x00000177E9D8C000-memory.dmp

Filesize
176KB

Download
memory/12280-12319-0x00000177EC470000-0x00000177ECA16000-memory.dmp

Filesize
5.6MB

Download
memory/12280-12281-0x00000177E9890000-0x00000177E98BA000-memory.dmp

Filesize
168KB

Download
memory/12280-12254-0x00000177E96A0000-0x00000177E96D2000-memory.dmp

Filesize
200KB

Download
memory/12280-12312-0x00000177EA210000-0x00000177EA276000-memory.dmp

Filesize
408KB

Download
memory/12280-12252-0x00000177E9C40000-0x00000177E9C9C000-memory.dmp

Filesize
368KB

Download
memory/12280-12250-0x00000177E9590000-0x00000177E95B8000-memory.dmp

Filesize
160KB

Download
memory/12280-12128-0x00000177E9EF0000-0x00000177EA194000-memory.dmp

Filesize
2.6MB

Download
memory/12280-12127-0x00000177E9560000-0x00000177E9584000-memory.dmp

Filesize
144KB

Download
memory/12280-12126-0x00000177E9620000-0x00000177E9658000-memory.dmp

Filesize
224KB

Download
memory/12280-12125-0x00000177D0E60000-0x00000177D0E90000-memory.dmp

Filesize
192KB

Download
memory/12280-12313-0x00000177EA280000-0x00000177EA2BA000-memory.dmp

Filesize
232KB

Download
memory/12280-12314-0x00000177E9D90000-0x00000177E9DB6000-memory.dmp

Filesize
152KB

Download
memory/12280-12315-0x00000177EA300000-0x00000177EA334000-memory.dmp

Filesize
208KB

Download
memory/12280-12433-0x00000177EC140000-0x00000177EC3C0000-memory.dmp

Filesize
2.5MB

Download
memory/12280-12429-0x00000177EA390000-0x00000177EA3D2000-memory.dmp

Filesize
264KB

Download
memory/12280-12317-0x00000177EA9D0000-0x00000177EAA36000-memory.dmp

Filesize
408KB

Download