Analysis

  • max time kernel
    692s
  • max time network
    699s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28-05-2024 09:15

General

  • Target

    https://workupload.com/file/uHQqfNQf33j

Malware Config

Signatures

  • Detect Umbral payload 2 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

  • Downloads MZ/PE file
  • Sets file execution options in registry 2 TTPs 4 IoCs
  • Executes dropped EXE 48 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Checks system information in the registry 2 TTPs 18 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 16 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 8 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 38 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 11 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 60 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of UnmapMainImage 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://workupload.com/file/uHQqfNQf33j"
    1⤵
      PID:956
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4760
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:2840
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      PID:4588
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:204
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      PID:2228
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2972
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4736
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4540
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.0.592463552\1061995876" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4d7d1a6-c445-464d-a938-39dbd99572b8} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1692 1ac46fb4158 gpu
          3⤵
            PID:4476
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.1.1137047111\874930912" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e05eee52-2793-4e15-af6a-49a20c7078a3} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 2136 1ac34c71f58 socket
            3⤵
            • Checks processor information in registry
            PID:996
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.2.280825770\1552978529" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2876 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8789eefa-4c38-48a0-84c7-0e039a1f580a} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 2892 1ac4b199658 tab
            3⤵
              PID:2192
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.3.523179720\1027964215" -childID 2 -isForBrowser -prefsHandle 3448 -prefMapHandle 3444 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46160e94-2977-46d3-b5c4-814110b23f64} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 3460 1ac34c61f58 tab
              3⤵
                PID:64
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.4.460738224\39422304" -childID 3 -isForBrowser -prefsHandle 4388 -prefMapHandle 4384 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c440eb84-a7a8-4b9e-93ae-27fdc0f5f1da} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 3652 1ac4c2beb58 tab
                3⤵
                  PID:2360
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.5.1007485509\62975001" -childID 4 -isForBrowser -prefsHandle 4636 -prefMapHandle 4672 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d994c8c0-466d-4c18-bcb8-addfc2e3abe2} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 4904 1ac49710558 tab
                  3⤵
                    PID:2276
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.6.1731882647\1022120104" -childID 5 -isForBrowser -prefsHandle 5048 -prefMapHandle 4848 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {645a7190-da51-401f-8e65-5fbf8d93e51e} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 5036 1ac4e82d558 tab
                    3⤵
                      PID:1040
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.7.332905984\696464592" -childID 6 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee29ca36-3949-4461-ab79-0ff7c6ef8036} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 5232 1ac4e82c658 tab
                      3⤵
                        PID:3288
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.8.834998959\388715060" -childID 7 -isForBrowser -prefsHandle 5600 -prefMapHandle 5596 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c13e6c1e-df9e-4202-a230-32a9a2233ea7} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 5608 1ac4efdbe58 tab
                        3⤵
                          PID:5080
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe"
                      1⤵
                      • Enumerates system info in registry
                      • Modifies data under HKEY_USERS
                      PID:4744
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffffe5a9758,0x7ffffe5a9768,0x7ffffe5a9778
                        2⤵
                          PID:2092
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=480 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:2
                          2⤵
                            PID:2352
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                            2⤵
                              PID:304
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                              2⤵
                                PID:1192
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:1
                                2⤵
                                  PID:4796
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:1
                                  2⤵
                                    PID:308
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4452 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:1
                                    2⤵
                                      PID:2472
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                      2⤵
                                        PID:4980
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                        2⤵
                                          PID:1832
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                          2⤵
                                            PID:2388
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                            2⤵
                                              PID:2360
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=5140 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:1
                                              2⤵
                                                PID:864
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=5432 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:1
                                                2⤵
                                                  PID:4160
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                                  2⤵
                                                    PID:4788
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2980 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                                    2⤵
                                                      PID:4136
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2968 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                                      2⤵
                                                        PID:4276
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                                        2⤵
                                                          PID:600
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=888 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                                          2⤵
                                                            PID:4300
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1032 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                                            2⤵
                                                              PID:2848
                                                            • C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe
                                                              "C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe"
                                                              2⤵
                                                                PID:4884
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4992 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:2
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:164
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=2464 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:1
                                                                2⤵
                                                                  PID:3996
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=904 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:828
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3448 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:6272
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5096 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                                                      2⤵
                                                                        PID:6664
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5528 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:6620
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:5764
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:5648
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4452 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:6744
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=5764 --field-trial-handle=1852,i,5757305532318923411,1581307036545499867,131072 /prefetch:1
                                                                                2⤵
                                                                                  PID:1320
                                                                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                1⤵
                                                                                  PID:1960
                                                                                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                                                                  1⤵
                                                                                  • Drops file in Windows directory
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:4120
                                                                                • C:\Windows\system32\browser_broker.exe
                                                                                  C:\Windows\system32\browser_broker.exe -Embedding
                                                                                  1⤵
                                                                                  • Modifies Internet Explorer settings
                                                                                  • Modifies registry class
                                                                                  • NTFS ADS
                                                                                  PID:204
                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.30-win-x64.exe
                                                                                    "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.30-win-x64.exe"
                                                                                    2⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:4672
                                                                                    • C:\Windows\Temp\{BF2682B6-7959-44D4-A427-2B430C339FB3}\.cr\windowsdesktop-runtime-6.0.30-win-x64.exe
                                                                                      "C:\Windows\Temp\{BF2682B6-7959-44D4-A427-2B430C339FB3}\.cr\windowsdesktop-runtime-6.0.30-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.30-win-x64.exe" -burn.filehandle.attached=592 -burn.filehandle.self=596
                                                                                      3⤵
                                                                                      • Executes dropped EXE
                                                                                      • Loads dropped DLL
                                                                                      PID:1320
                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.30-win-x64.exe
                                                                                    "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.30-win-x64.exe"
                                                                                    2⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:3636
                                                                                    • C:\Windows\Temp\{CFCC0C73-DD8A-44F8-A2F3-A7727CA4F1BF}\.cr\windowsdesktop-runtime-6.0.30-win-x64.exe
                                                                                      "C:\Windows\Temp\{CFCC0C73-DD8A-44F8-A2F3-A7727CA4F1BF}\.cr\windowsdesktop-runtime-6.0.30-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.30-win-x64.exe" -burn.filehandle.attached=528 -burn.filehandle.self=544
                                                                                      3⤵
                                                                                      • Executes dropped EXE
                                                                                      • Loads dropped DLL
                                                                                      PID:2416
                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.30-win-x64.exe
                                                                                    "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.30-win-x64.exe"
                                                                                    2⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:1524
                                                                                    • C:\Windows\Temp\{D81BF050-20CC-4F4F-BE79-7444FE4B079A}\.cr\windowsdesktop-runtime-6.0.30-win-x64.exe
                                                                                      "C:\Windows\Temp\{D81BF050-20CC-4F4F-BE79-7444FE4B079A}\.cr\windowsdesktop-runtime-6.0.30-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-6.0.30-win-x64.exe" -burn.filehandle.attached=604 -burn.filehandle.self=608
                                                                                      3⤵
                                                                                      • Executes dropped EXE
                                                                                      • Loads dropped DLL
                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                      PID:4548
                                                                                      • C:\Windows\Temp\{A5214E05-0E8E-4D3B-B2E4-A0CC56691E85}\.be\windowsdesktop-runtime-6.0.30-win-x64.exe
                                                                                        "C:\Windows\Temp\{A5214E05-0E8E-4D3B-B2E4-A0CC56691E85}\.be\windowsdesktop-runtime-6.0.30-win-x64.exe" -q -burn.elevated BurnPipe.{20A22594-DFD9-419F-9578-15C9847B2662} {93D2D6E4-5540-41DA-A0F5-798ED19B8FBC} 4548
                                                                                        4⤵
                                                                                        • Executes dropped EXE
                                                                                        • Adds Run key to start application
                                                                                        • Modifies registry class
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:2772
                                                                                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                  1⤵
                                                                                  • Suspicious behavior: MapViewOfSection
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:4468
                                                                                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                  1⤵
                                                                                  • Drops file in Windows directory
                                                                                  PID:5100
                                                                                • C:\Windows\system32\msiexec.exe
                                                                                  C:\Windows\system32\msiexec.exe /V
                                                                                  1⤵
                                                                                  • Enumerates connected drives
                                                                                  • Drops file in Program Files directory
                                                                                  • Drops file in Windows directory
                                                                                  • Modifies data under HKEY_USERS
                                                                                  • Modifies registry class
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:3324
                                                                                  • C:\Windows\syswow64\MsiExec.exe
                                                                                    C:\Windows\syswow64\MsiExec.exe -Embedding 2B163F2347C3924C1C20B4F553FE8809
                                                                                    2⤵
                                                                                    • Loads dropped DLL
                                                                                    PID:4340
                                                                                  • C:\Windows\syswow64\MsiExec.exe
                                                                                    C:\Windows\syswow64\MsiExec.exe -Embedding 00A4870A10E73A34B9F066AB1A23C59A
                                                                                    2⤵
                                                                                    • Loads dropped DLL
                                                                                    PID:1220
                                                                                  • C:\Windows\syswow64\MsiExec.exe
                                                                                    C:\Windows\syswow64\MsiExec.exe -Embedding 276E2EFE8EA29A6E759913B1A420E0D8
                                                                                    2⤵
                                                                                    • Loads dropped DLL
                                                                                    PID:1592
                                                                                  • C:\Windows\syswow64\MsiExec.exe
                                                                                    C:\Windows\syswow64\MsiExec.exe -Embedding BE604776DBAF38EC64B5A5073632EB83
                                                                                    2⤵
                                                                                    • Loads dropped DLL
                                                                                    PID:4680
                                                                                • C:\Windows\System32\rundll32.exe
                                                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                  1⤵
                                                                                    PID:2284
                                                                                  • C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe
                                                                                    "C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe"
                                                                                    1⤵
                                                                                    • Loads dropped DLL
                                                                                    PID:1284
                                                                                  • C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe
                                                                                    "C:\Users\Admin\Downloads\Bloxstrap-v2.5.4.exe"
                                                                                    1⤵
                                                                                    • Loads dropped DLL
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                    • Suspicious use of SendNotifyMessage
                                                                                    PID:1140
                                                                                    • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                                                      "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe" /silent /install
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6444
                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU504A.tmp\MicrosoftEdgeUpdate.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Temp\EU504A.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                                                        3⤵
                                                                                        • Sets file execution options in registry
                                                                                        • Executes dropped EXE
                                                                                        • Checks system information in the registry
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        PID:6900
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          • Modifies registry class
                                                                                          PID:5744
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          • Modifies registry class
                                                                                          PID:6936
                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                            5⤵
                                                                                            • Executes dropped EXE
                                                                                            • Registers COM server for autorun
                                                                                            • Modifies registry class
                                                                                            PID:5308
                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                            5⤵
                                                                                            • Executes dropped EXE
                                                                                            • Registers COM server for autorun
                                                                                            • Modifies registry class
                                                                                            PID:5656
                                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                            5⤵
                                                                                            • Executes dropped EXE
                                                                                            • Registers COM server for autorun
                                                                                            • Modifies registry class
                                                                                            PID:7156
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkM4Mjg5NDctQzU1Qi00RTNCLThDOUMtRUYxMzZCN0QwNkZDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4NTM1NDYxQi0zRDk0LTQzNTktQjlGRC0wMkVCMTIyMTYwQTd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3ODk0NTk0MTg2IiBpbnN0YWxsX3RpbWVfbXM9IjEyMTkiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          • Checks system information in the registry
                                                                                          PID:6032
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{2C828947-C55B-4E3B-8C9C-EF136B7D06FC}" /silent
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:6076
                                                                                    • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe
                                                                                      "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" --app -channel production
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      • Suspicious use of UnmapMainImage
                                                                                      PID:5760
                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                    1⤵
                                                                                    • Executes dropped EXE
                                                                                    • Checks system information in the registry
                                                                                    • Modifies data under HKEY_USERS
                                                                                    PID:5992
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkM4Mjg5NDctQzU1Qi00RTNCLThDOUMtRUYxMzZCN0QwNkZDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFODRBOUFENS1GQUZDLTQzMzEtOTFEMS0xNzQyOUM4MEM5RjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3OTA1ODU0MzE1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      • Checks system information in the registry
                                                                                      • Drops file in System32 directory
                                                                                      • Modifies data under HKEY_USERS
                                                                                      PID:3588
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4DDC7F6B-5A93-4849-AB05-4FD5DDC08D60}\MicrosoftEdge_X64_125.0.2535.67.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4DDC7F6B-5A93-4849-AB05-4FD5DDC08D60}\MicrosoftEdge_X64_125.0.2535.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:4612
                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4DDC7F6B-5A93-4849-AB05-4FD5DDC08D60}\EDGEMITMP_CA0EB.tmp\setup.exe
                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4DDC7F6B-5A93-4849-AB05-4FD5DDC08D60}\EDGEMITMP_CA0EB.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4DDC7F6B-5A93-4849-AB05-4FD5DDC08D60}\MicrosoftEdge_X64_125.0.2535.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • Drops file in Program Files directory
                                                                                        PID:3132
                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4DDC7F6B-5A93-4849-AB05-4FD5DDC08D60}\EDGEMITMP_CA0EB.tmp\setup.exe
                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4DDC7F6B-5A93-4849-AB05-4FD5DDC08D60}\EDGEMITMP_CA0EB.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.112 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4DDC7F6B-5A93-4849-AB05-4FD5DDC08D60}\EDGEMITMP_CA0EB.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.67 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ff7c6ac4b18,0x7ff7c6ac4b24,0x7ff7c6ac4b30
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:4924
                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkM4Mjg5NDctQzU1Qi00RTNCLThDOUMtRUYxMzZCN0QwNkZDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5QjVENTZGOC1BRjA1LTQ5NDAtQTAwNS0yOTAwNjQzMDE2RjF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyNS4wLjI1MzUuNjciIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc5NDkzMTQ1MTIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3OTQ5NTU0MTk0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODI2OTYwMjU3OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMDcwOGU3NzAtNTFhMC00ZDAwLWEyZjMtZDczNmRiODU4NmU3P1AxPTE3MTc0OTI4NDUmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9VVhUdExqUHVyekhuUFdrakg2bkdFQmVteDZ3dVVhb3BBJTJmcUJXbHd1YWw0YnNlSW1Qbjc0ZXR3Mnl4ZTNMUnBzb1VzMDhMdU1ESUhxMGFyTmxCeG5GZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MzgwODU5MiIgdG90YWw9IjE3MzgwODU5MiIgZG93bmxvYWRfdGltZV9tcz0iMjMyNTgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MjY5OTMyNTE5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODI5NzE1MjM4MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iODg3NzgxNzk4MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijk0MiIgZG93bmxvYWRfdGltZV9tcz0iMzIwMTAiIGRvd25sb2FkZWQ9IjE3MzgwODU5MiIgdG90YWw9IjE3MzgwODU5MiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNTgwNTAiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      • Checks system information in the registry
                                                                                      • Drops file in System32 directory
                                                                                      • Modifies data under HKEY_USERS
                                                                                      PID:4568
                                                                                  • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
                                                                                    "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
                                                                                    1⤵
                                                                                    • Executes dropped EXE
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                    • Suspicious use of SendNotifyMessage
                                                                                    PID:2868
                                                                                    • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe
                                                                                      "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" --app -channel production
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      • Suspicious use of UnmapMainImage
                                                                                      PID:5008
                                                                                  • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
                                                                                    "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
                                                                                    1⤵
                                                                                    • Executes dropped EXE
                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                    • Suspicious use of SendNotifyMessage
                                                                                    PID:6224
                                                                                    • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe
                                                                                      "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" --app -channel production
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                      • Suspicious use of UnmapMainImage
                                                                                      PID:5144
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                    1⤵
                                                                                    • Enumerates system info in registry
                                                                                    • Modifies data under HKEY_USERS
                                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                    • Suspicious use of SendNotifyMessage
                                                                                    PID:2012
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffffe5a9758,0x7ffffe5a9768,0x7ffffe5a9778
                                                                                      2⤵
                                                                                        PID:4740
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:2
                                                                                        2⤵
                                                                                          PID:2972
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                          2⤵
                                                                                            PID:2828
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                            2⤵
                                                                                              PID:4052
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:1
                                                                                              2⤵
                                                                                                PID:2312
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:5084
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4348 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:4700
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:6300
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:5980
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4904 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:5892
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                                          2⤵
                                                                                                            PID:7092
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2988 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                                            2⤵
                                                                                                              PID:6944
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3852 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:3580
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3780 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                                                2⤵
                                                                                                                  PID:6684
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                                                  2⤵
                                                                                                                    PID:1380
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:4412
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4948 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:2220
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                                                        2⤵
                                                                                                                          PID:5640
                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
                                                                                                                          "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe" roblox-player:1+launchmode:play+gameinfo:QEjiwdcVD6U41xZH6mp8Valfbf9XZW0qYCi87K80PuMHIgd7ZzS7tghTjXpTY3qivwrTydHm-xyOte-oMGFfV5iCPmmcXGuWSq8aqajUEjQ6GwXAJompJPyT4feNgFs6ZMf3rAp-DW-fqNVPevGByoIqF2vPTlNO4GbjaencS6DkVXx2SOMLaUdu-QrOTWiYTDVJIspTJUSZM3uYijLz5PbYKBckfIZxGwwOpf7GXrI+launchtime:1716888252641+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1716888155232001%26placeId%3D4483381587%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D3b750e62-eea6-4e0a-ad23-e163953107d9%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1716888155232001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                                                                                          2⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Suspicious use of FindShellTrayWindow
                                                                                                                          • Suspicious use of SendNotifyMessage
                                                                                                                          PID:6980
                                                                                                                          • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe
                                                                                                                            "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" --app -t QEjiwdcVD6U41xZH6mp8Valfbf9XZW0qYCi87K80PuMHIgd7ZzS7tghTjXpTY3qivwrTydHm-xyOte-oMGFfV5iCPmmcXGuWSq8aqajUEjQ6GwXAJompJPyT4feNgFs6ZMf3rAp-DW-fqNVPevGByoIqF2vPTlNO4GbjaencS6DkVXx2SOMLaUdu-QrOTWiYTDVJIspTJUSZM3uYijLz5PbYKBckfIZxGwwOpf7GXrI --launchtime=1716888258243 -j https://www.roblox.com/Game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=1716888155232001&placeId=4483381587&isPlayTogetherGame=false&joinAttemptId=3b750e62-eea6-4e0a-ad23-e163953107d9&joinAttemptOrigin=PlayButton -b 1716888155232001 --rloc en_us --gloc en_us -channel production
                                                                                                                            3⤵
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                            • Suspicious use of UnmapMainImage
                                                                                                                            PID:520
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4876 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                                                          2⤵
                                                                                                                            PID:6188
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5416 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                                                            2⤵
                                                                                                                              PID:1556
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                                                              2⤵
                                                                                                                                PID:6228
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5036 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                                                                2⤵
                                                                                                                                  PID:6476
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5640 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:8
                                                                                                                                  2⤵
                                                                                                                                    PID:3940
                                                                                                                                  • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                                                                                                    "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                                                                                                    2⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    • Checks whether UAC is enabled
                                                                                                                                    • Drops file in Program Files directory
                                                                                                                                    • Enumerates system info in registry
                                                                                                                                    • Modifies Internet Explorer settings
                                                                                                                                    PID:6736
                                                                                                                                    • C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe
                                                                                                                                      "C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" -app -isInstallerLaunch
                                                                                                                                      3⤵
                                                                                                                                      • Executes dropped EXE
                                                                                                                                      • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                                                      • Suspicious use of UnmapMainImage
                                                                                                                                      PID:2920
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:2
                                                                                                                                    2⤵
                                                                                                                                      PID:660
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1808 --field-trial-handle=1848,i,14262641323488363531,4459381378953506220,131072 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:1220
                                                                                                                                      • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
                                                                                                                                        "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe" roblox-player:1+launchmode:play+gameinfo:4F0MK9M-FbDDSbKW4RLC9cV91QmL3mficyDTJPW6GMmrtFRp2vxziiwTblbAyjp11PtNVNQEmMotkIIiDjMzjZ1JOl0shIIGHYfQPwaejkc1kATI70VznUqN1BcUHO0i3x43xhRRpTp1pwW641vz0uJBLfWGgGf5G7cmEbGiRtGtV6WYjNlT3XWDnF_XrpUKb_ojS0EEnRD3VRwWwEfIMwt7T2turdffY8xnwAnQmuE+launchtime:1716888252641+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1716888155232001%26placeId%3D4483381587%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D3b750e62-eea6-4e0a-ad23-e163953107d9%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1716888155232001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                                                                                                        2⤵
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        • Suspicious use of FindShellTrayWindow
                                                                                                                                        • Suspicious use of SendNotifyMessage
                                                                                                                                        PID:5392
                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe
                                                                                                                                          "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe" --app -t 4F0MK9M-FbDDSbKW4RLC9cV91QmL3mficyDTJPW6GMmrtFRp2vxziiwTblbAyjp11PtNVNQEmMotkIIiDjMzjZ1JOl0shIIGHYfQPwaejkc1kATI70VznUqN1BcUHO0i3x43xhRRpTp1pwW641vz0uJBLfWGgGf5G7cmEbGiRtGtV6WYjNlT3XWDnF_XrpUKb_ojS0EEnRD3VRwWwEfIMwt7T2turdffY8xnwAnQmuE --launchtime=1716888331500 -j https://www.roblox.com/Game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=1716888155232001&placeId=4483381587&isPlayTogetherGame=false&joinAttemptId=3b750e62-eea6-4e0a-ad23-e163953107d9&joinAttemptOrigin=PlayButton -b 1716888155232001 --rloc en_us --gloc en_us -channel production
                                                                                                                                          3⤵
                                                                                                                                          • Executes dropped EXE
                                                                                                                                          • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                                                          • Suspicious use of UnmapMainImage
                                                                                                                                          PID:5932
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                                                      1⤵
                                                                                                                                        PID:1152
                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                                                        1⤵
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        PID:240
                                                                                                                                      • C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe
                                                                                                                                        "C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe"
                                                                                                                                        1⤵
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                                                        • Suspicious use of UnmapMainImage
                                                                                                                                        PID:6708
                                                                                                                                      • C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe
                                                                                                                                        "C:\Program Files (x86)\Roblox\Versions\version-0a57b2f24afe434b\RobloxPlayerBeta.exe"
                                                                                                                                        1⤵
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                                                        • Suspicious use of UnmapMainImage
                                                                                                                                        PID:5208
                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                                                        1⤵
                                                                                                                                        • Executes dropped EXE
                                                                                                                                        • Checks system information in the registry
                                                                                                                                        • Modifies data under HKEY_USERS
                                                                                                                                        PID:6700
                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1CAC58A-50DA-4937-8F87-6A911E2D2A47}\MicrosoftEdgeUpdateSetup_X86_1.3.187.39.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F1CAC58A-50DA-4937-8F87-6A911E2D2A47}\MicrosoftEdgeUpdateSetup_X86_1.3.187.39.exe" /update /sessionid "{939BDA70-EF2C-41E3-A262-305D0B9C7384}"
                                                                                                                                          2⤵
                                                                                                                                          • Executes dropped EXE
                                                                                                                                          PID:4320
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EU3468.tmp\MicrosoftEdgeUpdate.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Temp\EU3468.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{939BDA70-EF2C-41E3-A262-305D0B9C7384}"
                                                                                                                                            3⤵
                                                                                                                                            • Sets file execution options in registry
                                                                                                                                            • Executes dropped EXE
                                                                                                                                            • Checks system information in the registry
                                                                                                                                            PID:3156
                                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                                                                              4⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • Modifies registry class
                                                                                                                                              PID:6336
                                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                                                                              4⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • Modifies registry class
                                                                                                                                              PID:2076
                                                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                5⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                • Registers COM server for autorun
                                                                                                                                                • Modifies registry class
                                                                                                                                                PID:3708
                                                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                5⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                • Registers COM server for autorun
                                                                                                                                                • Modifies registry class
                                                                                                                                                PID:4336
                                                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                                5⤵
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                • Registers COM server for autorun
                                                                                                                                                • Modifies registry class
                                                                                                                                                PID:3804
                                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTM5QkRBNzAtRUYyQy00MUUzLUEyNjItMzA1RDBCOUM3Mzg0fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7ODYxMkY3N0QtMUY0RC00MjBBLTlCRDUtRTJFQzJCMDNCMEExfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny4zOSIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzU2IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTY4ODgwMzgiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNzk2OTA2MjgxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                                              4⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • Checks system information in the registry
                                                                                                                                              • Drops file in System32 directory
                                                                                                                                              • Modifies data under HKEY_USERS
                                                                                                                                              PID:5924
                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTM5QkRBNzAtRUYyQy00MUUzLUEyNjItMzA1RDBCOUM3Mzg0fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4MkQ4RUYyMy04MTc1LTQ0NTktOUY5MC1FM0Y5ODMxNThEMUF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg3LjM5IiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMjc0MDkyNDgwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMjc0MjQ4NjgzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNzA4MzgxNjY0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8yMjE2NjdkYy1iYjBhLTRhY2ItODMzZC01YTExZGM4OGE4YmY_UDE9MTcxNzQ5MzE3OCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1POVdWR1ZxJTJidDJ0SnoweTJLTHF0NnpuSE1ySkJsbkxya2VrMFZPMjUzM25OaVIxeHpjRyUyYnV2VTNLSlhQSGY2cUpZMHpOUzhLM1Z6dEVGdHg0YmdLdEElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjIxMDQ4IiB0b3RhbD0iMTYyMTA0OCIgZG93bmxvYWRfdGltZV9tcz0iNDA2MzIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE3MDg1MzgxMjgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE3MTQwOTU3MDMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNS4wLjI1MzUuNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzNTYiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9IntBNDhGMkI2My01MjQxLTQ2ODItQkU5OS00NzEzOUUzNzBDRUN9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                                          2⤵
                                                                                                                                          • Executes dropped EXE
                                                                                                                                          • Checks system information in the registry
                                                                                                                                          • Drops file in System32 directory
                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                          PID:3120
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                        1⤵
                                                                                                                                        • Enumerates system info in registry
                                                                                                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                        • Suspicious use of FindShellTrayWindow
                                                                                                                                        • Suspicious use of SendNotifyMessage
                                                                                                                                        PID:4968
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffffe5a9758,0x7ffffe5a9768,0x7ffffe5a9778
                                                                                                                                          2⤵
                                                                                                                                            PID:5872
                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:2
                                                                                                                                            2⤵
                                                                                                                                              PID:6896
                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                              2⤵
                                                                                                                                                PID:6296
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                                2⤵
                                                                                                                                                  PID:5456
                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:1
                                                                                                                                                  2⤵
                                                                                                                                                    PID:3808
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:1
                                                                                                                                                    2⤵
                                                                                                                                                      PID:5924
                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4492 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                        PID:6252
                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4312 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                                        2⤵
                                                                                                                                                          PID:4336
                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                                          2⤵
                                                                                                                                                            PID:3284
                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4892 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:1
                                                                                                                                                            2⤵
                                                                                                                                                              PID:5900
                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4388 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:1
                                                                                                                                                              2⤵
                                                                                                                                                                PID:3764
                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:5244
                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5312 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:6956
                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:5364
                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:6564
                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4444 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:1192
                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:2180
                                                                                                                                                                          • C:\Users\Admin\Downloads\Sha Executor V2 (1).exe
                                                                                                                                                                            "C:\Users\Admin\Downloads\Sha Executor V2 (1).exe"
                                                                                                                                                                            2⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            PID:5540
                                                                                                                                                                            • C:\Windows\System32\Wbem\wmic.exe
                                                                                                                                                                              "wmic.exe" csproduct get uuid
                                                                                                                                                                              3⤵
                                                                                                                                                                                PID:1356
                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5084 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:1
                                                                                                                                                                              2⤵
                                                                                                                                                                                PID:2220
                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5528 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                                                                2⤵
                                                                                                                                                                                  PID:2104
                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3640 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                                                                  2⤵
                                                                                                                                                                                    PID:6876
                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3636 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                                                                    2⤵
                                                                                                                                                                                      PID:2116
                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1868,i,8955150251260238874,4147463588794993678,131072 /prefetch:8
                                                                                                                                                                                      2⤵
                                                                                                                                                                                        PID:3684
                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                                                                                                      1⤵
                                                                                                                                                                                        PID:7052
                                                                                                                                                                                      • C:\Users\Admin\Downloads\Sha Executor V2 (1).exe
                                                                                                                                                                                        "C:\Users\Admin\Downloads\Sha Executor V2 (1).exe"
                                                                                                                                                                                        1⤵
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        PID:368
                                                                                                                                                                                        • C:\Windows\System32\Wbem\wmic.exe
                                                                                                                                                                                          "wmic.exe" csproduct get uuid
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:6200

                                                                                                                                                                                        Network

                                                                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                                                                        Replay Monitor

                                                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                                                        Downloads

                                                                                                                                                                                        • C:\Config.Msi\e5ac519.rbs

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          55KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          29b339e3e245fe19790b392edb2126c5

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          af49e4c8710e6613a21806177db88d83bbe7b622

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          82cdd65130e0a4b05d50cbe08e26cbd62b283c658e39c96382f7e02365573f37

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          0301ab4e607e46d2c3344c7f3b24174ce5ea1cc9d042cdc0243c24f7b9d6e14dfca1c9c7d845c0005ba844ea972e639acd8aa46e16231af6e8d0c569f2a80152

                                                                                                                                                                                        • C:\Config.Msi\e5ac51e.rbs

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          8KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          92d6a430b38de4af71f15cad4bc6ffe2

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          bf4301678ec76cb4d78386d9e5fc168a2781705b

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          70a5563c6f2930eb1a152b93abf92eda777eb296f1647234685fe2a2e99580b9

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          941e0b80a1edca579cde53d0c4f4cdadfd5821a7015a137084e0cbee562d4f63fa8f4037a00e7d066207eefab619a3451908081e02e3bba66fee71fec71e5df6

                                                                                                                                                                                        • C:\Config.Msi\e5ac523.rbs

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          9KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          a138be5edf84c4770825b955f08c2c3c

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          dd5422363735a3a46f12252e1cb7e3883b0bb098

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          6504214cbb819da859a026ace1431d5e88b00324f84d65ca089e62556c670339

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          5eb2b3dc2b9e9c1d2caac3d658a95c28b2406819552a4b30696188b58f790471686b75ad2e31fd7f267869270a58e09a7738c8b864658676bf171d0f0917ac94

                                                                                                                                                                                        • C:\Config.Msi\e5ac528.rbs

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          86KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          b662222567d7a992131b5f3b8005c413

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          de38ae64d7f669043425e48917d84b63fd7c1c38

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          c97ba1ce6f1b6b773cc399b45f05ca15624e8094d2bd440bec5c2ad745633408

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          65c38eb84fbae526cbf315a00c4bd2ec81aed4609128b4fa8b9cf378fae9539452c555f9c27d2b5510d4d1a85cc2664f1f4a8b58a1b690c1a07c8cf83ae9b760

                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.67\Installer\setup.exe

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          6.9MB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          6aafb8c6ce355a80514a2f3abc13a9ad

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          2db9a7dde9086dd415ee41b4b109a3311f088c8c

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          adbd1a10981cccd00918d924ec93a9d6f29d16190691f6984b199f9a42cc0cb6

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          c9f23c68b7385d8edfdbff7b80a6064ac8eb879384796e7f54b094155feb32a86836c4a910c323128a4a6b3b15b7fbe1a9b0b56153ff0e71c96dce7776b0f848

                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.39\MicrosoftEdgeUpdateSetup_X86_1.3.187.39.exe

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          1.5MB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          1f744e1c802560affe8b308640b6ab67

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          bbfecefdf891c11d573760d4dabdf86091463421

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          fa7d8a8cae60ab620d2aa887de62039d2647e4f5c1c649d75f0f52e14ec11a99

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          780440aa518397e52bb429b5a8e7697bf0096db0fe343cd40a541b60f34ad4976ef7fc2204737d296a8c1fbed2951496503dc50158d6455617c67483f87f3015

                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          201KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          4dc57ab56e37cd05e81f0d8aaafc5179

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                                                                                                                                                        • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5.3MB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          0469bb703f1233c733ba4e8cb45afda2

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          a07afd7ecf1d0b740b0e2eddfcde79dcf6e1767f

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          00314da401908da37ebfe9b642506cab81a4467c092719fcf007be045bc4a9e0

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          342c9629e705eb78c7bd52b3efe4a92b6a8bece9933956390450600635e4c0511ca96ccaa25e6920e9d25ccdf444dabfea7b09f8fbcba2f371655f87633b6d67

                                                                                                                                                                                        • C:\Program Files\MsEdgeCrashpad\settings.dat

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          280B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          3bb2b262d7d8230e00cb34f6f5f5f84c

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          4ac251bc03cd0e00cd0d33275ba500a6de2fbaed

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          8b549d827b6805f3ba7ab706371b4d65314cd691475168c15e468dd50cb314ab

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          849999c3bc3581a0ba6b44ae11f5b5efde374c248629a1846bc15d38b12c26fadfce6c9148272f1b2e9f3a89a780d91523906b9cad8d3671d3fec0ff1f734797

                                                                                                                                                                                        • C:\Program Files\dotnet\LICENSE.txt

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          9KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          31c5a77b3c57c8c2e82b9541b00bcd5a

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          153d4bc14e3a2c1485006f1752e797ca8684d06d

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

                                                                                                                                                                                        • C:\Program Files\dotnet\ThirdPartyNotices.txt

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          78KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          f77a4aecfaf4640d801eb6dcdfddc478

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          7424710f255f6205ef559e4d7e281a3b701183bb

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b

                                                                                                                                                                                        • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          15KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          c7a05080e711990b59c6e4bec592e5e2

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          3b0194ae35bee844f32d3901da57737cc51e9587

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          bd63c3bc7458dd48975354cf826f11d68d25ca2626c17d1e711fa916e4200310

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          7a9f2e44ff083faaba8d90c4363de5b9a27a69f95173918bdc50cdd4026c4b904d094da10c04b98ee64971f9507533689be0fb5b8a7671f5b47060016394abeb

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Modifications\ClientSettings\ClientAppSettings.json

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          120B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          636492f4af87f25c20bd34a731007d86

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          22a5c237a739ab0df4ff87c9e3d79dbe0c89b56a

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          22a1e85723295eeb854345be57f7d6fb56f02b232a95d69405bf9d9e67a0fa0d

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          cd2e3a738f535eb1a119bd4c319555899bcd4ce1049d7f8591a1a68c26844f33c1bd1e171706533b5c36263ade5e275b55d40f5710e0210e010925969182cd0c

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Settings.json

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          694B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          122f81104717f419f3f9f006e9c1b70e

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          b762977764e8c2097f2ee49ea11003f2a273ed2d

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          cc63eab2a85081e1be6bd036867340197e00b5908cf564ed813117557888aad6

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          004a6888562bff5061ccf2bb4bdb90b3fa42e72972859cfdba1df529275701a018f68be587fb47c02c2f93a4ef6a0846cf7c90a006e7f57495f5f4c87d90fa45

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          20KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          4f8f43c5d5c2895640ed4fdca39737d5

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          fb46095bdfcab74d61e1171632c25f783ef495fa

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          7aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaApp\graphic\[email protected]

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          71KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          3fec0191b36b9d9448a73ff1a937a1f7

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          bee7d28204245e3088689ac08da18b43eae531ba

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          1a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\ExtraContent\textures\ui\LuaDiscussions\buttonFill.png

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          247B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          81ce54dfd6605840a1bd2f9b0b3f807d

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          4a3a4c05b9c14c305a8bb06c768abc4958ba2f1c

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          0a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          57069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\content\configs\DateTimeLocaleConfigs\zh-hans.json

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          2KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          fb6605abd624d1923aef5f2122b5ae58

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          6e98c0a31fa39c781df33628b55568e095be7d71

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          7b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          97a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\content\configs\DateTimeLocaleConfigs\zh-tw.json

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          2KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          702c9879f2289959ceaa91d3045f28aa

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          775072f139acc8eafb219af355f60b2f57094276

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\content\sounds\ouch.ogg

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          6KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          9404c52d6f311da02d65d4320bfebb59

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          0b5b5c2e7c631894953d5828fec06bdf6adba55f

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          c9775e361392877d1d521d0450a5368ee92d37dc542bc5e514373c9d5003f317

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          22aa1acbcdcf56f571170d9c32fd0d025c50936387203a7827dbb925f352d2bc082a8a79db61c2d1f1795ad979e93367c80205d9141b73d806ae08fa089837c4

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\content\textures\Cursors\KeyboardMouse\IBeamCursor.png

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          292B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          464c4983fa06ad6cf235ec6793de5f83

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          8afeb666c8aee7290ab587a2bfb29fc3551669e8

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          99fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\content\textures\StudioToolbox\Clear.png

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          538B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          fa8eaf9266c707e151bb20281b3c0988

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          3ca097ad4cd097745d33d386cc2d626ece8cb969

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          8cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          130B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          521fb651c83453bf42d7432896040e5e

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          8fdbf2cc2617b5b58aaa91b94b0bf755d951cad9

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          8fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\content\textures\TerrainTools\checkbox_square.png

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          985B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          2cb16991a26dc803f43963bdc7571e3f

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          12ad66a51b60eeaed199bc521800f7c763a3bc7b

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          4c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\XboxController\Thumbstick1.png

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          641B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          2cbe38df9a03133ddf11a940c09b49cd

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          6fb5c191ed8ce9495c66b90aaf53662bfe199846

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          0835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\XboxController\[email protected]

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          1KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          e8c88cf5c5ef7ae5ddee2d0e8376b32f

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          77f2a5b11436d247d1acc3bac8edffc99c496839

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          9607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          32f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\XboxController\[email protected]

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          1KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          499333dae156bb4c9e9309a4842be4c8

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          d18c4c36bdb297208589dc93715560acaf761c3a

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          91c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\XboxController\Thumbstick2.png

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          738B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          a402aacac8be906bcc07d50669d32061

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          9d75c1afbe9fc482983978cae4c553aa32625640

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          62a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\XboxController\[email protected]

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          1KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          83e9b7823c0a5c4c67a603a734233dec

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          2eaf04ad636bf71afdf73b004d17d366ac6d333e

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          3b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-0a57b2f24afe434b\content\textures\ui\Controls\XboxController\[email protected]

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          1KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          55b64987636b9740ab1de7debd1f0b2f

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          96f67222ce7d7748ec968e95a2f6495860f9d9c9

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          73a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          40B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          2d9f034fe011a3626c641622da4e1fe2

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          e79ffce5333c61d94a36ccaf9cf1a72e03268656

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          34b2d6b896be4a5c8771e65da5d9342ef5f69880e9948b6a9522c06ca50efc00

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          703dae4d2a4f7ece62ef72c964d232b229964ca84638c916804a983bab85c5da30a2af269359261c3044a56e362341f442e0137eeef6f82ddb4fc97b358fd580

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e1

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          51KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          588ee33c26fe83cb97ca65e3c66b2e87

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          842429b803132c3e7827af42fe4dc7a66e736b37

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          7KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          0e82a7d8d5d9442a0005c422e39faefe

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          0a4d7b807766cbf257190152a66adfbb65d6f586

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          f77bd2481eddabd28f2e6495be77ed3d2476c2b79b8939be0aa93f113b17207b

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          3e8793d9ee8135af6d9027242979754b299ff19643f3a0ec8d98e25e36a87d2bfb01cb2083665e8b973e6f26ed3fe33dbf67dad7fe3b5748d66cac31769e6fe6

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          7KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          2a2bcfe3d676d118fb9a3a7388e136f3

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          960914f5dab2d74805af85fe33d202882c69b871

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          ee2b08806ca60c5b153fb8c336e07eda34caf8b9663c9b892dbb640e5adbebe9

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          38be1832410e7e9a581264295eb19c39cc8f5847f2e2787c68b07cdb54139475309505455d5969fd425add302482d4fec775319797f4a08bd0d51f9868c8f066

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          23B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          3fd11ff447c1ee23538dc4d9724427a3

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3d64fff8-15cd-4939-8d67-c828cab13579.tmp

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          d88ba8e82a63f31382d0b001db79a5df

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          2359d16216087ed5a1d1bbdc32ec2cac0f8c7f6f

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          c2b9bc4b7f1190af0acec71030f1cb40d8dfc71f59a3e270abc568213d4a4ccf

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          d6e0f3ba89f153d30d6a6ffeeb948b784f6fa8ee54b00201469a3d680379de14075d31cee3f4ab65e214fa0a9df8830c427b48a17cefd7f284e7b51226ee78db

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          8KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          f1d8d962f546928a608b9765c9edd062

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          a3bb4169d2e91d3dbde0ee7293ca11243ed853d6

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          213ed53f35b28ae8749047453a2824b55a0b3428463982245289f81f0d2176b9

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          c0a3293d7a2490734de5a72d1c139609124edb09472360eb54cad5c5a46ef86e7bbcf449e82c6a6593117c5287a990f5b7e1defd99df2f5d4ed75f6d0dfdda7b

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          9KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          2411a7dc8905a7957b65120b046d1e4d

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          9f6da56cc915799ecc53cf60870324c61ab7499a

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          20f7b5254657acd768ca8519aa19c8fc709b51d5b1d092d1f1a1ab16e9dc9d0d

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          4046f4937f0f29b4b06b83343c4b7c5037499ce8f645dca6c202eb13485d41a47688463786f3f1d9b224371b126eece86078b023cb399e2859db0a161a3f9f55

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          4KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          d1c655a8f8eec2086d0d77bac776467a

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          14881daa4cd4a4c8de744811d856751eab901b6f

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          c6feaa0af0c4031551d775506c9263b4cf5df1990e6da7411ab0d1660c926380

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          7b4ea5b5be06237210c7f1edb0b1d4e4096b0407cfec3a1fc435b4e068de23c7a887569d070b182901d813bdb45116e3afac40f6a9415e0b60d7a5a393ff386c

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          9KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          8152fe452efe6434729b7151b1219bc3

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          efb8461edaf566cefbb86ee300b83933796d2245

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          0857ec37a07ca6afc96e5dfe41d67cc84d9660e908b3f9d943fd06a903d07bc4

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          9e9cb0ad725ef18febf0fd5557f0a3afa9f76be7986c6dc158967a385e1b3ef93a478c656f1be55d389aa70a996b654a160c6f0bd15d8beceb0eb6cc4a66ccc4

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          2KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          c4f1eec6c9bf1280d4e2fde6700380c4

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          a69e46fd87d78ed5498990baa8c9d49f25150a89

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          9bbbc6d8e7ece91786c99c0b52c4112536651e85d513fa53488be1f074f42600

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          d040d079047cbb1191f4ca4cdd0a56b4019288e67978a6f819fe9abeb53bf17e528d611a2053234806f55ae2207d10c787b3e8f00bd1d395243504f93bf4cf66

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          2KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          e195550048f856147f62fa4c0b840c4c

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          bde5cf653401f0f49b906983d6916ff5fbebfd1c

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          8558162018dc906ca6dcb470f5c68703e386ca31cca61d584bf943f59b78810c

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          45097e6749bf00e86a9eabc15f87942f662d82fa228786dc9d055a4d0c09c3baaf9f809af498759059567fe5039fd617b383e99f8d07d6e7f16b1e911217db83

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          2KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          31d482c60a421c665649faa94b2fc87d

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          26c9dfc7a0514449ff8ffa95bb2490cc48c687eb

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          ff6100715384d30b2679812d1ea36b2239bd6a06dcdaba3b424e725da9809c2e

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          94c2c4e9d4419020967976eace0e2b7921dafe5de10f4d71a493dfa4253079788c02449a701ecff9de860e5f368973baa2bcccee870db7c43773ab40616e4dfe

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          3ad78860a1e9e0fd0f7bcda5474eacd8

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          c2ea48966013dfc407de156e02653e74892da31d

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          4f49e8518b7d4056c8ab7131c7f4653068b3c1bb722768f4beb1f14fa7a91e81

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          e10d6373226c020a7cc9e6e839409c86d426c7be92648ef278dbfc08c4ba8555aa49848079c2936d19982aea476f3d6797c9ce69081f8c68910d8e78e378acce

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          3KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          e28ec4fe2d509f3cc850621a9adf97c9

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          c62b44e7a08b7b777da3c7cc3568fa08c82e0e99

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          af1a0ffe97825c8bc5bcffd928ce77377fea6e4a5ca1f41ab5f032af69aa2ddf

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          ea9b46ef6a3a6bb47594f5c64a5864251456596a48774997fb37a87bc5b09fb7c48256914ba965c6408ec4f639c8c8fc4292944a42003aeefc509fffb7092195

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          3KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          21fe4ac0b77399023bd3ee1900798aeb

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          112d9fa5a5dd70ee481424d9d62a80b77ddfb27a

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          f92075e12bf6eaf7ce28cf610308eb186c35c5f7d47ac0fb0358e7bb70db5be6

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          182e421bfad4b2fb26d614628ff5a1adf65fa046c6babdcac175df722514ac86834eb10cc4227702a59bee9a2a541414813c3cc1b4411b9b29ea4afb60b8c1ce

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          80f426e28767493fc1243cbd837f51e9

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          1319faebc95ba0a3effd875352983a797de545bc

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          0dfb80871bf2c5c4d9c0db6ca2c1152e3556168f2a05c85d1ed37785b851dacf

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          a4d273e17ea6b1bdf0fd48c218a3f862b575a3a5496a21045fdb666356414b5669f2bd5df9cc41f3b3931a830f66c1c0b1be9c2feb3bcdd18f3d29b2fe07695b

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          ca00362c3e964f9a7f644094e44b3b0d

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          8e77cacd6294b77bfea3be12b0c9bea2ebea5b3c

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          5288581ecceff136db3d64ecafce45fa8d9a545846d1fea47daee443b61fe6c6

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          0abbc1d7a2dd30376452e81f4ddb55deb956ca5ebe8a26d16c8db0eca7cc6fabf5aeef0d4b889e143540b3f13a1a5d5e9e7307d6f86e0834664c3aaf8192deea

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          3KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          be8196f4773e83c3631a804c4a689727

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          57dfadb48206826db1f0c0f12d72decd9f348ceb

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          63be0dfeaf2148e55b2739b645bd5e01ee8c3fb51cd282d16e2eab5ca5f1adab

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          1b1d5537a2668dc84b2c1c5dc575005782a6f1e39746885720b464849be5c4568aa28512f1ba3d6f1132f908a116cdae2959270dadf1ab2da4522351ac5b53bd

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          d12632f72c1b18797ee66cb9057719ac

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          2ed93b59ee756870fa93f327537676d7b813e76e

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          52be16d5dfc801a8aa2c93dad95a3e8280423d7e46ece24880e90e5495cbe4b2

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          807be2a828fb38683bd39a2cb9f120057a4b887f70f069ac49fa490708b51053f602462d9f318a8e6522e9d09a34cefac0d1383402fd848b71c7745ed23f101c

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          1041476549eefc3b54ba4ac4972234e4

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          6108aa7301f0815b73d11079b9e1492c76b3b967

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          bd85a9c08435678f0f43dbe9f4d9d75a0907ef61971307803d039d9b56dbc353

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          4517d4dfeb58cb7d398989bfbd08fcaca5ea8065cedd62cd8c904de344d0ddfa0b611f46f2e8399b360f06cba855e9d050ef11d8c1ca15d247373899c861766b

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          739dcc5387247374e6f6bf8d8f95eb7e

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          50fc5fd88e4f8823ad1e96d08606214e46314272

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          35b564013478d9ab2e3bc84b768eeb7c84874d754f77ee2da2193e5771cc978a

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          821b4363e485274447c210f114d99f5645fd2951a5a4a5e0017f13f9b7bef837bae3943e3976a9c38402e9e794c7d2fb34af4d71d6ec9e93a3504f0eb334641c

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          c0509be2dd70d58bb7eda37fcebf8624

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          34df9440adf6028ed35a33674f377572348763bf

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          9914c0d8a714fad76d28ca704da8f7009d10df2cb5cb90b43c6941a6923e528c

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          b7c40510c5fd061d084d02939a37f2ee6d36c6c8d131dcbc8031e643eb8e2f6b56734e796c01a261c58342bd28b119fbafee574964a38046f50d4bbacfca93e1

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          b2715533404f4181aef808ab4b78a9c7

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          a71e048cd8d18ce3c30d1befd471f87065a8b2ca

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          1e4c7f5bfcb1899b33e335a096a42430620e97d36e407af4312c24c3aeef7270

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          04028b152ae441c02ba32a7dc696a98fc27b2e46818c2d2df3ed7433f9759333523c3f9e1339f517645c4405a5c9533aaaa03d962db7e05339c884d9efd2d578

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          322c6190152440ee79bc953ade63dcc9

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          c0298110e7c45484fd308eb0c0acc2d4ff40eeef

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          e41895a05721f84b09f1c7744df8fdeaacfb13f53afba4eb3c7e0dbe806b6fbf

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          797ce1106e0dbb262a1355ae157321f080d186ec8ccd12ac17a68e0ec4c4eb6a640495998980b816632515b83be4261615eb3aeb538f7e7e717d6ead3109156e

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          ec6a053bed1f9ec85a36e5aff18e8712

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          4589c7d01a802ae2eb80ac0e47ed8b0cc6e4b332

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          40af488e4ee56acac85b54998ee9d5feb911be93836eced521e50af450e49cbf

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          b99109e3920c8408a714fa811f7b9631e836a325550f228b15b30bb5a168675ae3652f6eaebbcf8d41358248dc6a328d3b1e61266f0e6e3ba7ae7de642af799c

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          812e596f084620fbe67a6b575a0d372e

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          d5185cfdfde37d26c98d7441d9acda33d327f033

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          7075fd49661566c47497ef277d754ad400b641a332a40b9358cba18047cdb2ed

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          9d4ad8f8da46566c12c5ac6cd15be7a2bc0cc65da4c6bb72477f93d37b99160aae28e952595784b5e54ef93e7d31cfc4073ac2f7440faef4061f5e78a1685f51

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          1KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          3ded76bacdd2b2f578da2617de88739c

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          ffffb32c4df757064a2f7bc80e85462d5cc32bb9

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          3f55442c9b90ae7ed8aabf301e80bfdf8eddef251c5bea3d54494bdde13bc1b8

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          56c3f88fb2eb53176f03729cd3299bed2a2510777912fcf5618f22e2b158b1b8ea6c763b7c94a9b42fecc52c41e7208770389e6573341d33ddc7e80431c174e2

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          1KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          96d88f7be985e1256e3b7d06267a096b

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          21bc2dbb32d0fc5fd912f8c97f1449e999d94714

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          89a391adbb30d9de4e639eeb93fcadccc1d303bc797a81f810791a8abb3b01e5

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          2aa2f0fc52152b87ede4649bc4eb202f4878bffa05b69092dd73e62aebaf63e384d6e33645b2f07cd23c82a2e766c8c641dcc01808a000b1d47c83ee9a12bbae

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          1KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          5e337a15d35bebc733081bf1537e87c5

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          4aa25316fb7d867d6bece9c65141aa666dd00ed6

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          c35cf2de3f1c90151024f3230f827a30c81e7b15a218d15d6bfdf626a5740bce

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          484f59a1702730533f1649ab8b1839c8772e692372ce025a1b909282de688f9208631790a6aab8e66ac1105535e292de3bec06ce5082b0005838d6b0fdbd44fe

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          8KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          cd3dfb23567b044dab3e76e10db80b95

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          305027f27ae60c4b65784f6df7700bb9761595cb

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          c2b225df1d5fa3ba3eefa2ebf8bad59c5f94d35ab30239c2c25980d81f73535a

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          ae01ab446336aaeaa4834850975c35e8100bb823a02eba07f1690060ce985302a992921d9866097208511dbb5b1aa18397102942cc3c1adf6f7c659381c829b9

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          8KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          577ee62008e0bdbdee00f0f8390755cc

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          5c21a9565418c38eb34921dcb790bd688de5ef60

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          8c5e1b81b342791923ba020bd28e4069a6f97ea281a4232104ca4aa6fc43afe5

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          622f65a6f1fa7a15580a32326e35a0e55f40f151a9310e00f18742d5a5804dcaf096965e3165b2b41c6017a49d42d38584213d8e2a4b4912ad54fb41b7a7ddbd

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          8KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          c19d3a3dbdfd1558b148154a3fd8cebf

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          cfdd0dfe61128846cdb841b28fbd3a7ba8b23fad

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          bef7ab25bcf13fdf0df5a317330da4aa02e7a7dc2a83793094c9121fa80b09b1

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          3bf6affc4f89776054498b725040c21e0a31a3bf1f48f7da575766fbe79d2ad3ecef3d6433d876b67acb03152331bc729a5eee63baf67231c60fbd6e59a82eee

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          8KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          d2eb6d4e33e7a0bac0878bb77cc3b199

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          0331eda15963c54b174335ef58548d8147d0391b

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          1ffe6138fed4badf26ef55210be33304d2f34e46d2190125ec4f089ac047c5ed

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          e61d065767ed73a4a5754035b9584d10c10af0e0b633b5309b795bfa586f4691caf92385422b7de323e2fffb5185bf778abf235760582694894bd0646ef088ce

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          7KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          3010124b75fe73397e28b58fcbdea997

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          b603a6556a2bd86d4e3275c2f4ce45005c079ba3

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          b77a981636b7d8b9a472183cee9ebc046dab8ad1baf0f2033c0da76ae22adbef

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          a08b4fa121801b4a29f9fce6056f36d5b3161cbffc0a4e95ccfcb05db8c037a48af11b6206c5c4d26361bf241735c34dc448a6f9d43668e724e7fb82ed23f37c

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          8KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          3a7e8ee9b26ce4ec556738a6e9578676

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          2787bd8283a67eae22a9362de9889e536e56533e

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          cf66ebc725f2c0488c165837b4734dcd7f658153ca5af4c483d7302bd02cd6a8

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          c88852ce509936421469dd3a5d4a40a4e4d49ad7db99adadbb7cab03cc1accc40ee77becc244fee1bc79abdd5fc671c662e887201da1e123ac828fa667094815

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          8KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          13cfdd0c62201a72e0a0e4d276395580

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          1d21063e194c5f44f3d691d4fc8b6a2a0754bc95

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          2b7ad96a54822a58b2e8f4c9fdc2e3f6b654f4de64b3ce0599fb029278c823b7

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          16e39a1641e906a667a2c687f43657414d83ba16a2c92d119e73b54e960b5cdd9d3eb03b46f3c3f91f4674fc65b67491725c68c96d97960c0f284eb134492b81

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          144KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          01e4e53a216a5d91c2f45310dc5cc766

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          d3c26bb7236d886db4454f51d6b4378623547e35

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          399b1dd1bad44ed406bc0cb61cdd5c0a9d8f2d48ef926ced64ac9bc299e6031f

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          2fdc35741c9908f920462d01cb36e0a2c43087147bd7eb77e6802cd359d31b779c1e5184ba25ba1e3ea31198b4896d775e4d0b7e0c7f3c3df387481d3d05c8c9

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          144KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          aeafe33e47780074e24c58fbcbf0326d

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          6a6e79cd457eba28f82893fb71492d2c508186a7

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          4dd3c62b655b6410a662326a0673d0eb91ef851496deb8b3700f84e2fac816b8

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          193f730fc10a33b666424e92569d207a5b35c52ff27a0701014ad903be90252ef88c50f403b013a68da1add97cdf3e237899e44d66767fb088e9905224b7c713

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          144KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          4c0f675aaaa105a3431a79e32b04d2c2

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          a2c69257edc9316c813f1dc0899d5eb09b2950de

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          6d56075ed2149ac9d71eff8177c90fe530a111bc27957ae5e9521ca3b17af914

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          38e44dbfa49a3ee36effe9468abdf5536aeccf118bfd115b51895c85e9df2efc31ce42d6572524364af0f19281a8867d090173ef72ce6c65dc4dac86cdb6b22d

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          144KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          835c51792647c72088aefcaa9cc69e43

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          e31cdf5163f6947c6a2301f63b170c3bc9df0e38

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          415c1d434f1feea5eba8d974ab991980b9c34fab304f8730d021f08419d41a04

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          30545b536d2552f250d2dee8e77c2ff7946c05ebebb36d648b1fb7f261b044a898143d9131174147068086cd18ab6504a817da068c4ab79766de3b0f8b2fd41f

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          108KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          16671788ae41b4f80760256098a8af8a

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          07091dd4c12b3e1f0ee160c3bc72eafb47014de6

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          37dc450894707d406f16b10e08f149aa09ce7718f10982a35393a20d4d68309b

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          a1c7673f2224f1cdf9d68f892ad691145b08b180d094274c2d7fa0d99b4239e2644f643a79ce519a459ebcd3e63b10783620880e18372045c4b17302a7727f0a

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          110KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          03c9e607a7e78082f6b867df55d02232

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          e9e4946ae49a628705e80d14b45bace48d11cac0

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          d01e93e1128071add11ced05a2aa9822c2dcd44751e733f83aff710d87bb27d5

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          1fe39028834df15395a3adbc9ee70a71dbee23ce26ee99328ddb5a5c3b6ec1b785f8ad0090a362832a9517590f9b6fabf9a3763527f6f256335dfc380d42c1e5

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          113KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          0ef88919cea135554526ed8d591ee6bf

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          3d0762b96bb9f32371d4896ce70384e8cc6bf0bc

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          32048017c010c0c78df770251a0814263c634b4f4c25ac12a9aa36701795a18c

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          32deb1eedc61411c38bf0a5e511c1cf4c97965a5c0a9caaf626d2f213fed05171be580a25c93f9f7b664cad3589a0e9c2ef014e0bb448cbb6938f0339ffaf1a7

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          264KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          d7e4297620eefb00d12e6296278f72ee

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          40cb78d33a6e72eaa841916bf622fc2e73594016

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          944707f924f80e21b33b6d873c46cc0bbbc3bd9bb40cb79bc78102e56a756fad

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          cf1b82de8c1f808e0bdff433e65386d9d0613296ff301a9510badeb7cf4a74c45f03dfb06f61a5984b130ae3938fe3082c36cdb2726e70e86653b5b6cdcd491f

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          2B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q7BUKSPQ\edgecompatviewlist[1].xml

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          74KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          d4fc49dc14f63895d997fa4940f24378

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          3efb1437a7c5e46034147cbbc8db017c69d02c31

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\1BD06364B17F941101FCC95275213BEB65016BDA

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          60KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          191c5c62d2d3d36ab97ca5d9e3f3425c

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          7a672f0b5cbc9d6c543737a89b82a3b48a1b8441

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          0013c6ec8e2c26236824fc7f81f6abd1ab2883a1b59f1e7149f09f12aa509d05

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          045dd9720914d219ef399f956451016a18056c510603a253fc8fb4ea84bbb3c8ef412a1df8c93233c43280ae257a88565a60794c49fcc740b3f2e1c3ee4b6471

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          7KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          c460716b62456449360b23cf5663f275

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          06573a83d88286153066bae7062cc9300e567d92

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3U060U1S\dotnet.microsoft[1].xml

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          13B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          c1ddea3ef6bbef3e7060a1a9ad89e4c5

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3U060U1S\dotnet.microsoft[1].xml

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          84B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          effbfbc6cbc80990035d95c437f74880

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          1a5f3cac8a59f8eb4ea09d15b7f565cacba182fb

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          c5ecdd87ceee893d819e905fa5896eb48e817fac0d02562c40930dd4481f9ec3

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          64d0a7fd8ee65b057e1e4442fa9836c8081edc69e71a222dd41e6d9e1caf3098e688daa1d2af266de31de9d1f04c9d4ff65fe4b72ac81b406dce9eafe76d0f78

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XT96ABW6\suggestions[1].en-US

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          17KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          5a34cb996293fde2cb7a4ac89587393a

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          3c96c993500690d1a77873cd62bc639b3a10653f

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          512KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          e62999f555fe3ff88c7fa49d5258eef1

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          f2b5f1156ae9a402c451f95fb2dafbc1860ff190

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          826b0dc18afe815c4f42c4d58be3672b5002628e9bbc4bc37917858f78bd1bf9

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          86561d5a14c21dcfab86c5e3310201ba79bff080458ec08125f4f22320a091bd24f3aa6135dca27ec731f627030a783495183be1264aefdc0206b3ecbae144c0

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          8KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          bc254bc06b3f104cfda0b658c1daec32

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          8239f8ffc721ddd268226b7747efe7538543fdae

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          3684ad72ba269ff0df3a2dae8064e90a67152024abd3923cf6bc93d0dbf8b0e0

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          dd6ec3383239569dd2b48cb75afd999c728bcf10505d633fccfa4b30240099b91afec79be10a699542fc6277e62a7e5c701a3edd53a146001d733139da6581ed

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF40E218F3DA3E3FFA.TMP

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          16KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          e8c986538b90925a3273429100978c5b

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          4e785c98f8f4adfc4468a03b510944c6ffbc3a69

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          42c52fa61f9fb7e85868d76044182f5ca8dc7c45cb1949f557a64d78398483e2

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          1671ecdf8b05303af94b4413ab80f02a788f1cba370a48e97ed11ba7af26eec5b417a08c5b03a0bfefe29bdb82a4038682205d4bcda69c56a7158ee4740786f6

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UQZ8KLN5\windowsdesktop-runtime-6.0.30-win-x64[1].exe

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          1.6MB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          76443c56f7b2b3dda085581c479193cd

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          63bbbfc808bcc291d587aa180f5b2b2a99e63ae9

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          e4a9764e7b8110dba5a993344376793c7f35ffe9f0303e07b39f62d284000b35

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          78f368508af01ef593f2dd1e1fb7b75ab6a489fe8ae70c8545b71b82acc6fcbe11a86f9ebeb444f3032d521cbe8ca4c7c32bf16cacffc12a95b3a486c06c5b97

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          512KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          1e6cd117d9b95b7c90077795286440fc

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          763621cc7ffdb1d31b1616dfba2ca607ff777b68

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          bffd707c9f41f77459397c5a8ac6a4de4c89ecff39fdbc932b92d631d19fe62c

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          0e321ab3bbd602ef0b8ebb5577c335d47d6c3766387c3ad8f3d8e624ff63fb129c670a9b98b0abe986dbb4a842441b15ed1eeda33e84fde3827c3afd8145ca02

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          8KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          fa424fcc4f0206e063f96637236fb7ea

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          70cb24a81d05b05abac9e796717fe3ffe9469cf7

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          3e89855eb3eae573f2a449dfe319fde157b3872630be1909d5f9221963d5a52e

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          6bcce701af4920d6f484019bb5da208c1ecec4409bbb8c758a7e19767b752a57ac987d66fc69136d8ff0557f1f6048d71a97c61ec5a4ad57d416ddbadbb40c7b

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          2.0MB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          c66a08eb5556580b4141d1ee03497384

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          b218df1e6d2dc51682fd531331366128e7f26f6f

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          594d4cdc54f9dd1afd7fb0724bec41f4c86dbfd9639b3e2ee9cad8e25cdd7cf4

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          f0cb53e3057025317344b033684fbcd364282cd57272a5388d402ca89d55591d8963df06ccf9c28c6a4accbba2f48ca26327043ec737f4f067ce9e6fab6a9f1f

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          16KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          2be3743527d5942c0d011aad3931962d

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          f64685e4fed458dc4234acd4abc1cb704988a959

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          42a77fd28a0bac1e94d9a10716955a42defa5f2c3eb348c0791a8efc56663b76

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          77b33eee9d57a25fde0327da30a8fe917f369ee8ba0a53edbad461814fe80c9a93c0d9bfd02f215785fc31a687eb9a84a6ee767d2234788613eb372ac5b5abb2

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{C8136E95-C208-4983-8D30-1ED0C4EBEDBE}.dat

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          5153790a86034f0eb8aa7ff4a9d689f1

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          aaba8fb6d2f0518436922a9ea17a278ee427d78a

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          60738b172ad709882fee8cfb481bd7580b47efc43908dd3a0f1177bf84a00f13

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          7c6de35f5966edaac16c8329eed325720f9a659186db36171d05df342cd2cefa2018ab96e3ee8726798c91c4f165af4728e8d0f2dd12b16f19a7b9c179e15649

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{3D103C3D-2EEF-4861-9A0A-0A5D631845ED}.dat

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          4KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          bd4aa0cde1d38ca1c5a9f7e9b58f8123

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          dacf13759421fabff218f40f7210d2d298b534fb

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          f40895b67ed896aeec3d619e0c26d6231527e82ffd27ef114a84a53681515497

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          79928cd808d13080d9d2e0ac163b1217c65bafeba8c4efdaff98a61508a20c978948e15a23956f57d3ebc451ca9d279020a3a8ffa515bdb34f3c8318c1b3b011

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\938199ca646378b696716037afc964ba

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5.7MB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          938199ca646378b696716037afc964ba

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          2d865bfeccf3badef2f64e5d6453e6ab71d5f5a7

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          2acc3e0879e4a71a6b08e2d6af7b238198d2eda73518b9394d82d00b010c9d7e

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          1a37727c5dfaffa3023845592b400acc226face537176064698b8415d79284b6276fe68bf0e5870dc8898a846f923bd95eaac1d185613759ad6ca1068456b322

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.30_(x64)_20240528091847_000_dotnet_runtime_6.0.30_win_x64.msi.log

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          2KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          1069f4a06c808bed50ff6e233c767108

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          19ac0277aab4a42d8fff2015eefbf7fc9e3c3d61

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          3b95655aef616d3e2c2ff1258543fa7301a16d667d231f0346fe5b56f16dbaa0

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          54b6e4cad8669cb965fc2a1fc6e54cdd67cd83efac9ee05485ec7d666510057cee289acdff08e4ba8d633b2d942af91e163b012e267afa56566ba03644620d85

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.30_(x64)_20240528091847_001_dotnet_hostfxr_6.0.30_win_x64.msi.log

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          2KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          8d082fac665615ea49f19cd387a853ad

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          99dfdc9d29accd71e904cc1478dce0f0a0824a24

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          d360f0db58d37ecfb785f16126d8b2472c90b2e68a05b9902f052d1cbf95e855

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          fdb30383177cebe6f24df1a43d49565b812cecf3a7df4631bf01c936678116ebf0180e4ac1a4c11713d882b7b96fa7836b904265c8641c90bf1af9f62f2cf386

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.30_(x64)_20240528091847_002_dotnet_host_6.0.30_win_x64.msi.log

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          2KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          2e3a345cfb8b69e617adebbbaffd8b9e

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          a1edd5baef79641da93ef246cceaa0eb8d5fcef2

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          4993db4b670d5209df9be606a8181825ecd3136a92318666252254e75539fefd

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          b6f455f1a2f750742011f5561da5e700648a53383ece8a3d8cf2adb5cc71e6a2873d9168df0465f3b45e14dfeffc2fe614b03df666e9eb8d1712443ed5d46dcd

                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.30_(x64)_20240528091847_003_windowsdesktop_runtime_6.0.30_win_x64.msi.log

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          2KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          b4f2b2919974e0eda72f6dd6c5d80dcc

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          81f983f39999f70566fb34f52e129c147ba1f5fd

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          02efde80cdfff3765948264d91984cdf8edc4b505ea084c25ad18b4ab0829aa0

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          85582fbbabd8031e7de9ddebb27af5c59ee17e880b037b617b54d6b1a1932b7c9b21846eb9ff6e1af27744ae205088270b4cb3199f0334477c2fa14f1331e4dd

                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          2KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          960c78ce48b8262b1446734c044de847

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          2220b2834c4614bdddeb288cb521420013a0b188

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          352fbec889f67bdc73acf15b7e41fb547d950c164a42ddbad90c03657cad4ae9

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          136143f00bd0c9e838483f351be2fbb3dc99c8eca6da44e4df5752580109cc528cae4b5d5d792db0c2f36e009ab2d476e9f9e9558e4c8ef461763599b33f1bac

                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\1c08f94c-faf2-4b90-86ca-09d941a9a336

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          746B

                                                                                                                                                                                          MD5

                                                                                                                                                                                          4db96fd9e92e1c6f5b1b915756c6a7c0

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          100d31ab36c8eb10eb2704928f947af1c82e4875

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          489457fb0f2eb0706dda0f75bc8ea04cd8624611c7d83cd68b38be0cd9118239

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          b59fe26741526be77c8974461b25f37e49fbcc0707eadd5f5c2163b10193a14fe877b9d366c561f5289a10c3d2324a357b6ea665ca67f2b8a02746838cb8c4d2

                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\27059eec-eaef-4d46-a5e9-2d28e9c05774

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          11KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          4de25cd9b26f763a7642a48ccd059a72

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          939d350b9b91d12be5d9f84feab079fc87fce643

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          ccee249980147c96aaa80d1b8620aca8b3610b70dd0bce4060ce9e67e8bb6dff

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          a0844e2e2989588579dee6d1126e668ec4ebc2af8a98d2b032ed17ff7a6e100c22917d4687418fc3ffa92d3163a3cb21f0aee74e08c1b88abace536a1066bbe9

                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          6KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          91cf568c4f261a3b3068f5592fd258e2

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          45a688cc1a2b35665d86c4993a011244f1a5e40a

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          6e9eb1a94f237ec075c3d40965b6f8bf584ce2207edbebd0a9f6fbad4210002e

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          a1174d37109a64ca913185fdad2b24774ae64f730ddf78da2733fceafd59c9ae7bb14c08c6f67bcb2c0fd2bff1d662683983c33f82b11a7daeb0b2647a88de1b

                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          6KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          1e61341bde63c1e4088fa8658e43a146

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          3b89790e4e0b965a978ffdc36d51fed8623f21b7

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          3116d27bbbe64a8b6f9b771785e1f8928bdb3819f8a3a49476ff875fc07a73c3

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          4a80ab6165599c9010ea14a79fc5652b9c33982808e14cea6e15e44efb86f10559ce3b95b8f2988fddaf8cb44c487d0fca6cd84b4f03a451e16fd4abb9aa0afc

                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          6KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          6ab11bf5e0536f3b3475ebb994ce164b

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          c658ad1eae5c457d47ce6c595ab073cb05b543f6

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          c15957cca503a945bc498f9e2f819bb795e82cd865d460a1a72ee9fc5701c342

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          db31f40aed8f72cdabaa1a5e66b91c3f72cb7b5e0722ae1e654e64580b231caa77dfe391c8591884dc12cb7e55611e64aa507e5887bebbe06213942ccaac6fa6

                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          3KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          5e1942ceb11a7f71fd850befdcbcf3a2

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          c10caf528fa38e278d76fce6b13813b065329106

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          dff5cf30636b8232a003fe97609294e7620c576c24559c01e3c3b286fea3a1e5

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          a69601e4c231254fbd5346a84502f062818a7d6b3ace7c8db8abc0fb6b1adec2a0f3b2a17e4def5d197fd5455efe4f6063d4a95d1af19216e0b7f2215c8e3c83

                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          4KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          143bb1e0c3622c8ad7b3f13338bd75f1

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          3a0fb12ac137bbd265200d213e27fad3ed6cec9c

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          abbd3b23b9ace748e96b45f3f0315a01648effccfad8bbe0e6afcc0ed7323f5f

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          2e4e19e327a496321fbd45ecf35bda5038c126fd253907d378c87a6f67205fdbc0264509c85ace4de7b3ede3519f5eb41c21416424a7b45575fb6eacecdccfb7

                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          4KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          5158c5d9c335d004beedc906728a53bd

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          19d44febdfc71009eee2b2199d0b4f5da4b77e3e

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          1098f1c9d64273aa05fa1c3f3cffdc7bdedb04a7832bd4c3a9cd607ca0520688

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          7589d53864d3319b3526d796fb3cffb9ebb539062738b1cffa55d706f8b37b8e7d3b2d55d86524a93a7b83ae5ffda2d614e9e73fc06e678a91a0b5ef4c7e3fff

                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          4KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          d70f20df3efb98b49a782a54ca60c7f0

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          d79f0df1d573b49d0f66413348ba793aebb92a54

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          4898db9d90ed46f0119899104026ac8c45e1e253389d7d4812f499e1a2df787a

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          35f3f8e2e9b6ecd7956a4ab90f4a8bf2cfd29d52e31e4546fd8530a7e50faa8c91e56689deb22e0f4f7ea7e3ddba51c7ff7a7444e5093df68eda83c7898f987a

                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore.jsonlz4

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          4KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          dc676798521a50cc3e30f7ba6c46e88b

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          973dfbd41e4d4f9abb49cbbe9a21455c118d439a

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          670785582c33c6b9c6b48ca8ff20e483b0e9399f0641412899808abbe2d160f9

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          2807731006830527b45d988438843aa1d2c327e7bfa04debf8395bc8d495e4dbeb2a54b6187424314f3606bca0c3d51c8599f82edb5d59f5abeb3d381b4f3f01

                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          184KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          637e42544bf4e4e5c858d87fceb302a2

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          1d747ea0d89437cd39d02c76ed70df3b7c505ee1

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          5a519846989ec4eed303d9fe8b5554410b502177bb6b4199c6cf25290a4913c2

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          bde691d8015773707c4445155ba1ad419033c335bb11ca325b9c249e8aed83fefd096bab28806213ad368508e2a5be362c4a5a8038dae40246a8bf0a246cb8cb

                                                                                                                                                                                        • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5.3MB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          f8abc05327115c321307efaf662498bb

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          4d848adb9b0a5b278f97f75fa125145dcbffd572

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          c89eda2b48317bd4da398d59213d86afa0c06034cab5e3ea5df5865e369d2a0f

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          a6b70331ad553645cd82edc5f6bfa50b4bb16bfc2443469c7eb1ff79e6b4a246cfd7de0691da400777651529a2bca20311645a763dffbf7e10cc4334ab074ae4

                                                                                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 468234.crdownload

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          227KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          05794a97079226b97c0004407ba30117

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          6d8035c43c90a36df0e6849270daff3e879c3acd

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          77da62edb2b6fa92c2ca4a5230c034f3e67423fda0cca1d95c039295e7485ba2

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          0c396873b6256b3a46aa4ea35e6191f6cfc3e33e9ee842fda30930e94e8a9b356dd58ce8b0d23d968dca979d66f9c7af8520546595963ee1c42f92c2bdc72d2b

                                                                                                                                                                                        • C:\Windows\Installer\MSIC852.tmp

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          225KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          d711da8a6487aea301e05003f327879f

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          548d3779ed3ab7309328f174bfb18d7768d27747

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                                                                                                                                                                                        • C:\Windows\Temp\{51EAC3D2-83D3-4D55-B899-6C7E36872AFB}\.ba\1033\thm.wxl

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          5KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          d5070cb3387a0a22b7046ae5ab53f371

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          bc9da146a42bbf9496de059ac576869004702a97

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          81a68046b06e09385be8449373e7ceb9e79f7724c3cf11f0b18a4489a8d4926a

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          8fcf621fb9ce74725c3712e06e5b37b619145078491e828c6069e153359de3bd5486663b1fa6f3bcf1c994d5c556b9964ea1a1355100a634a6c700ef37d381e3

                                                                                                                                                                                        • C:\Windows\Temp\{8CD13DCD-C33E-4457-91B9-4704D06FC6C3}\.ba\bg.png

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          4KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          9eb0320dfbf2bd541e6a55c01ddc9f20

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          eb282a66d29594346531b1ff886d455e1dcd6d99

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                                                                                                                                                                                        • C:\Windows\Temp\{A5214E05-0E8E-4D3B-B2E4-A0CC56691E85}\.ba\BootstrapperApplicationData.xml

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          7KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          e16471d0ed887f051cb5250583d4efa2

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          61e8c0e85e657f9ff80474c69473bd73d5d6517c

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          ef759cfe5e4959eed29883167dc558e2e123439c45978bd972c3de67e8065e3a

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          6e7f1dfc706d6cbcab6229b70fa7ea10ebad8feb4161cb46119dd6aa2dc3265c3e156e33840fe488d37f096a99c2d035db79c101479d6d5c6a960cce80f05052

                                                                                                                                                                                        • C:\Windows\Temp\{A5214E05-0E8E-4D3B-B2E4-A0CC56691E85}\.ba\thm.xml

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          11KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          302563a713b142ee41b59e3eeac53a90

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          1340e90cc3c6c5fc19a7feb61d7779f4a4f0fdb5

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          83ca096f7ba2c83fc3b3aeb697b8139a788fa35eb8632943e26bb9fff7c78e63

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          c9d4dfc20802bb542178300d1044bb94b35593b834ab0b50875a32953f890e48da456199128500e2c1fee26eaaf8c2c4fcaffb308b37914215f900cdd5c4cbc8

                                                                                                                                                                                        • C:\Windows\Temp\{A5214E05-0E8E-4D3B-B2E4-A0CC56691E85}\dotnet_host_6.0.30_win_x64.msi

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          736KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          b26417551eb17755568f7ef57baa686b

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          6de492a624e3fbb535297bd52a4389da2e8d5f7e

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          5f14f0a557f63c5bb4209d637421c5cfd8f8cb757f3a92f66bdb57a157b0ae7a

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          d523f83e704f9dca5a68b0ac864e4fdcf03e9f728c60702297c9ccd4d04416dbc61ce52169197d9b790e544f0112a33043333324fcd92b3b7dd615207a6a43b4

                                                                                                                                                                                        • C:\Windows\Temp\{A5214E05-0E8E-4D3B-B2E4-A0CC56691E85}\dotnet_hostfxr_6.0.30_win_x64.msi

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          804KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          8feacf4214d33dad5dd9b842bc38860d

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          1a6fe21717a9f98bea3faafc17d43f493938d739

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          ced72729072a390028daecedb1cb144b004c3612df4fbbba9370887b71c75bfe

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          a8cee6d084fda8cf85ce80e2010a653569172a5e85ef2b4999d994d30cc2919c6b667130b082ff305a6bc5ead1b0dc62bcdd38368cb0c6690526c68dbdb07dec

                                                                                                                                                                                        • C:\Windows\Temp\{A5214E05-0E8E-4D3B-B2E4-A0CC56691E85}\dotnet_runtime_6.0.30_win_x64.msi

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          25.7MB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          82b1b75983f282e345f7f73674e4f471

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          e125b7bff17dcfab4a063463cf51f1f17f7b46f5

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          e540a9646e80109e9a3b0274a3b86ede389c7f6c42c3d2f02c9ca1e67b70e9a6

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          1fac8a9b1c054ec1a3e04b32494b0793412e20769991ef8dd64abd5d7707dc66c931958ea3034ccd173afbf0d1152ea67c3c7e02ddf7dcb30d2338d168c41d2c

                                                                                                                                                                                        • C:\Windows\Temp\{A5214E05-0E8E-4D3B-B2E4-A0CC56691E85}\windowsdesktop_runtime_6.0.30_win_x64.msi

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          28.6MB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          8d4f43e61d0566cc9e74294356bedbfd

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          c7ed5529c7f4140441c990f0e55473ff67a2ea5d

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          ee4ebbea65504c21927a6c1cee17392ed0d99f87ed91742032e7345439c7b981

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          067f69f326786d4aa54d75bf903afd465ebf7a462cc14ffd2ecabcb01939295e01103bee212c1b7dacf76eaa51890cca3e16d0b25c58740487e0a6192a7ff928

                                                                                                                                                                                        • C:\Windows\Temp\{BF2682B6-7959-44D4-A427-2B430C339FB3}\.cr\windowsdesktop-runtime-6.0.30-win-x64.exe

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          610KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          97950fc82256acf36e4c3eb9b995c291

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          e6ff02970de20825f58dd92937a74fdcbbe03bf7

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          36f66348df78764dffa05a821d0ca8a0702d2f44a8b49c7bea1dde8ef3a75331

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          4be20dba34e221fb5780c7b8d40662d74d2d2a69993ceddd48c876e1611158701523619c640c72c9d5e78f77e81797c8776118b23aee1dcf1eeb6a70dbe9ac92

                                                                                                                                                                                        • \Windows\Temp\{8CD13DCD-C33E-4457-91B9-4704D06FC6C3}\.ba\wixstdba.dll

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          197KB

                                                                                                                                                                                          MD5

                                                                                                                                                                                          4356ee50f0b1a878e270614780ddf095

                                                                                                                                                                                          SHA1

                                                                                                                                                                                          b5c0915f023b2e4ed3e122322abc40c4437909af

                                                                                                                                                                                          SHA256

                                                                                                                                                                                          41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

                                                                                                                                                                                          SHA512

                                                                                                                                                                                          b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

                                                                                                                                                                                        • memory/4760-46-0x00000217913B0000-0x00000217913B1000-memory.dmp

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          4KB

                                                                                                                                                                                        • memory/4760-39-0x00000217964F0000-0x00000217964F2000-memory.dmp

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          8KB

                                                                                                                                                                                        • memory/4760-42-0x00000217913F0000-0x00000217913F1000-memory.dmp

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          4KB

                                                                                                                                                                                        • memory/4760-16-0x0000021792220000-0x0000021792230000-memory.dmp

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          64KB

                                                                                                                                                                                        • memory/4760-35-0x00000217913C0000-0x00000217913C2000-memory.dmp

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          8KB

                                                                                                                                                                                        • memory/4760-0-0x0000021792120000-0x0000021792130000-memory.dmp

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          64KB

                                                                                                                                                                                        • memory/5540-12901-0x000001C637790000-0x000001C6377D0000-memory.dmp

                                                                                                                                                                                          Filesize

                                                                                                                                                                                          256KB