Analysis
-
max time kernel
754s -
max time network
1799s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
04-06-2024 00:35
Static task
static1
Behavioral task
behavioral1
Sample
KhnKFqz1mt6baV34eaVEfttTAaNwhiftQM4l.png
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
KhnKFqz1mt6baV34eaVEfttTAaNwhiftQM4l.png
Resource
win10v2004-20240426-en
General
-
Target
KhnKFqz1mt6baV34eaVEfttTAaNwhiftQM4l.png
-
Size
22KB
-
MD5
f863353331d71fbe761c1e2758fd04fd
-
SHA1
a3ebd26f25bce8caef1ed5edb77b6c74ca57101e
-
SHA256
06cfaf6db18dc771749a663dd42ebfc88c35903f1a09297986d0b0fef679f815
-
SHA512
5cb840b81c385651805a87a6b3b7e624522147c7a1d834cbda537913df3cd0e7b431a12b314479264ba82f1bda8524f2b7097bb499c43f50e175b8069d9162df
-
SSDEEP
384:kBOj2T5f/5tO22NCH9svsJ6kNIK4XJ3LB5U/lHF9+IdTTmrE4Nt3Hog4aYhw5l7a:b8FN2wH2vsFrsvor97TeE4T4j1hwf0tT
Malware Config
Signatures
-
Downloads MZ/PE file
-
Sets file execution options in registry 2 TTPs 4 IoCs
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Checks computer location settings 2 TTPs 7 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
msedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation msedgewebview2.exe Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation msedgewebview2.exe Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation msedgewebview2.exe Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation msedgewebview2.exe Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation msedgewebview2.exe Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation msedgewebview2.exe Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation msedgewebview2.exe -
Executes dropped EXE 49 IoCs
Processes:
RobloxStudioInstaller.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_109.0.1518.140.exesetup.exeMicrosoftEdgeUpdate.exeRobloxStudioBeta.exeRobloxCrashHandler.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exeRobloxStudioBeta.exeRobloxCrashHandler.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exeMicrosoftEdgeUpdate.exemsedgewebview2.exeMicrosoftEdgeUpdate.exeRobloxStudioBeta.exeRobloxCrashHandler.exeMicrosoftEdgeUpdateSetup_X86_1.3.187.39.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeRobloxStudioBeta.exeRobloxCrashHandler.exepid process 4408 RobloxStudioInstaller.exe 3128 MicrosoftEdgeWebview2Setup.exe 4560 MicrosoftEdgeUpdate.exe 872 MicrosoftEdgeUpdate.exe 3888 MicrosoftEdgeUpdate.exe 2056 MicrosoftEdgeUpdateComRegisterShell64.exe 4884 MicrosoftEdgeUpdateComRegisterShell64.exe 3992 MicrosoftEdgeUpdateComRegisterShell64.exe 4564 MicrosoftEdgeUpdate.exe 1672 MicrosoftEdgeUpdate.exe 4488 MicrosoftEdgeUpdate.exe 1432 MicrosoftEdgeUpdate.exe 3176 MicrosoftEdge_X64_109.0.1518.140.exe 792 setup.exe 4964 MicrosoftEdgeUpdate.exe 2472 RobloxStudioBeta.exe 3660 RobloxCrashHandler.exe 2564 msedgewebview2.exe 4192 msedgewebview2.exe 5004 msedgewebview2.exe 2536 msedgewebview2.exe 3732 msedgewebview2.exe 2332 msedgewebview2.exe 2272 msedgewebview2.exe 3596 msedgewebview2.exe 3444 msedgewebview2.exe 4040 RobloxStudioBeta.exe 1644 RobloxCrashHandler.exe 3752 msedgewebview2.exe 1312 msedgewebview2.exe 3468 msedgewebview2.exe 5196 msedgewebview2.exe 5448 msedgewebview2.exe 7600 MicrosoftEdgeUpdate.exe 7832 msedgewebview2.exe 4420 MicrosoftEdgeUpdate.exe 6244 RobloxStudioBeta.exe 6436 RobloxCrashHandler.exe 5948 MicrosoftEdgeUpdateSetup_X86_1.3.187.39.exe 4652 MicrosoftEdgeUpdate.exe 6896 MicrosoftEdgeUpdate.exe 7888 MicrosoftEdgeUpdate.exe 5248 MicrosoftEdgeUpdate.exe 3168 MicrosoftEdgeUpdateComRegisterShell64.exe 572 MicrosoftEdgeUpdateComRegisterShell64.exe 7912 MicrosoftEdgeUpdateComRegisterShell64.exe 3424 MicrosoftEdgeUpdate.exe 2864 RobloxStudioBeta.exe 6248 RobloxCrashHandler.exe -
Loads dropped DLL 64 IoCs
Processes:
RobloxStudioInstaller.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_109.0.1518.140.exesetup.exeRobloxStudioBeta.exepid process 4408 RobloxStudioInstaller.exe 3128 MicrosoftEdgeWebview2Setup.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 3888 MicrosoftEdgeUpdate.exe 3888 MicrosoftEdgeUpdate.exe 2056 MicrosoftEdgeUpdateComRegisterShell64.exe 3888 MicrosoftEdgeUpdate.exe 3888 MicrosoftEdgeUpdate.exe 4884 MicrosoftEdgeUpdateComRegisterShell64.exe 3888 MicrosoftEdgeUpdate.exe 3888 MicrosoftEdgeUpdate.exe 3992 MicrosoftEdgeUpdateComRegisterShell64.exe 3888 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4488 MicrosoftEdgeUpdate.exe 1672 MicrosoftEdgeUpdate.exe 4488 MicrosoftEdgeUpdate.exe 4488 MicrosoftEdgeUpdate.exe 3176 MicrosoftEdge_X64_109.0.1518.140.exe 792 setup.exe 4488 MicrosoftEdgeUpdate.exe 4408 RobloxStudioInstaller.exe 4408 RobloxStudioInstaller.exe 4408 RobloxStudioInstaller.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe -
Registers COM server for autorun 1 TTPs 64 IoCs
Processes:
MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exedescription ioc process Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B1EC306-3EDE-4012-9BB0-FB836132FF52}\InProcServer32 MicrosoftEdgeUpdateComRegisterShell64.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
RobloxStudioInstaller.exeRobloxStudioBeta.exeRobloxStudioBeta.exeRobloxStudioBeta.exeRobloxStudioBeta.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioInstaller.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxStudioBeta.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
Processes:
flow ioc 701 discord.com 702 discord.com 703 discord.com 969 discord.com 1177 discord.com 699 discord.com -
Checks system information in the registry 2 TTPs 20 IoCs
System information is often read in order to detect sandboxing environments.
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exemsedgewebview2.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName msedgewebview2.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe -
Drops file in System32 directory 13 IoCs
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exedescription ioc process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 MicrosoftEdgeUpdate.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 MicrosoftEdgeUpdate.exe -
Drops file in Program Files directory 64 IoCs
Processes:
RobloxStudioInstaller.exesetup.exedescription ioc process File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\studio_svg_textures\Shared\InsertableObjects\Light\Large\Frame.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\studio_svg_textures\Shared\WidgetIcons\Light\Large\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\NativeUtilProtocol\Dev\JestGlobals.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\textures\AnimationEditor\button_radio_innercircle.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Reducers\Visible.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Packages\_Index\Cryo\Cryo\List\removeValue.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Packages\_Index\EmojiList\EmojiList\emojiList.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\__testUtils__\inspectStr.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\studio_svg_textures\Lua\FileSync\Light\Standard\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\scripts\CoreScripts\Modules\TopBar\Components\Presentation\GamepadMenu\ButtonHint.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Packages\_Index\ApolloClientTesting\ApolloClientTesting\testing\observableToPromise.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\PhoneUpsell\Cryo.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\TenFootUiGlobalNav\RoactServiceTags.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\textures\ui\Controls\DesignSystem\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\LocalScript.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\scripts\CoreScripts\Modules\InGameMenu\Localization\Locales\nl-nl.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Packages\_Index\React\React\ReactMemo.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Container\Carousel\CarouselHeader.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Style\Themes\DarkThemeNew.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\studio_svg_textures\Lua\FileSync\Light\Standard\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Localization\Locales\lv-lv.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Packages\_Index\Path-2.4.1\Path\path.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Packages\_Index\String\String\trimEnd.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\configs\DataModelPatchConfig\DataModelPatchConfig.json RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\qt_translations\qtquickcontrols_zh_CN.qm RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\sky\noise.dds RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\scripts\CoreScripts\Modules\InGameChat\BubbleChat\Types.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VirtualEvents\Dev\Rhodium.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\Qml\QtQuick\Controls.2\Material\RangeSlider.qml RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\textures\TerrainTools\import_toggleOff_dark.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\studio_svg_textures\Lua\Localization\Dark\Large\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Packages\Lumberyak.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ErrorReporters\Cryo.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\textures\AudioDiscovery\error.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\identity_proxy\beta.identity_helper.exe.manifest setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GenericChallenges\UrlBuilder.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\scripts\CoreScripts\Modules\InGameChat\BubbleChat\Components\BubbleChatBillboards.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\EditProfile\AppCommonLib.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\textures\ui\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\scripts\CoreScripts\Modules\Flags\GetFFlagReportAbuseThankYouPageSizeFix.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Thunks\DeleteFavoriteForAsset.spec.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Packages\_Index\React\React\None.roblox.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\NotificationsCommon\Cryo.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\SocialStopwatch\LoggingProtocol.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\studio_svg_textures\Shared\WidgetIcons\Light\Large\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\TenFootUiControllerBar\Dev\JestConfigs.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\fonts\GrenzeGotisch-Bold.ttf RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\studio_svg_textures\Lua\Notifications\Light\Large\UpdateFilledNegative.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\scripts\CoreScripts\Modules\AvatarContextMenu\PlayerCarousel.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\scripts\CoreScripts\Modules\TopBar\Actions\SetIsDead.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Packages\_Index\RbxDesignFoundations-4f0cd42b-a744f1a5\RbxDesignFoundations\tokens\Schema\Validators\validateSemantic.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\RobloxAppHooks\RobloxAppHooks\default.rbxp RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\textures\ui\VoiceChat\New\[email protected] RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\content\textures\StudioUIEditor\icon_rotate3.png RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\scripts\CoreScripts\Modules\PurchasePrompt\Thunks\resolveBundlePromptState.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\App\Container\LoadingStatePage.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\UserProfiles\LuaSocialLibrariesDeps.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\Qml\QtQuick\Controls.2\StackView.qml RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\scripts\CoreScripts\Modules\Settings\Pages\ShareGame\Spritesheets\ShareGameIcons.lua RobloxStudioInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\ExtraContent\scripts\CoreScripts\Modules\VR\Healthbar3D.lua RobloxStudioInstaller.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 16 IoCs
Processes:
msedgewebview2.exeRobloxStudioBeta.exeRobloxStudioBeta.exechrome.exeRobloxStudioInstaller.exeRobloxStudioBeta.exeRobloxStudioBeta.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioBeta.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioBeta.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioInstaller.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioBeta.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioBeta.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxStudioBeta.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxStudioInstaller.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe -
Processes:
RobloxStudioInstaller.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio RobloxStudioInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" RobloxStudioInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth RobloxStudioInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth\WarnOnOpen = "0" RobloxStudioInstaller.exe -
Modifies data under HKEY_USERS 64 IoCs
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-3e-b5-d5-ce-ce\WpadDecisionTime = d004538317b6da01 MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-3e-b5-d5-ce-ce\WpadDetectedUrl MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0259B94D-9A58-4CC3-AA69-93CEB320489E}\WpadDecisionTime = d004538317b6da01 MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-3e-b5-d5-ce-ce\WpadDecisionReason = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0259B94D-9A58-4CC3-AA69-93CEB320489E}\WpadDecisionTime = 70b0a99418b6da01 MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-3e-b5-d5-ce-ce\WpadDecisionTime = 80d10b7617b6da01 MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0259B94D-9A58-4CC3-AA69-93CEB320489E}\ee-3e-b5-d5-ce-ce MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix MicrosoftEdgeUpdate.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-3e-b5-d5-ce-ce\WpadDecisionTime = 70b0a99418b6da01 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-3e-b5-d5-ce-ce\WpadDetectedUrl MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0259B94D-9A58-4CC3-AA69-93CEB320489E}\WpadDecisionReason = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-3e-b5-d5-ce-ce MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
Processes:
MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\ = "Microsoft Edge Update CredentialDialog" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\CLSID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CLSID\ = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CLSID\ = "{B5977F34-9264-4AC3-9B31-1224827FF6E8}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\ = "Microsoft Edge Update Broker Class Factory" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\PROGID MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CLSID\ = "{B5977F34-9264-4AC3-9B31-1224827FF6E8}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{2B1EC306-3EDE-4012-9BB0-FB836132FF52}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89FDB4D0-1F76-49D6-A941-6C3C08FC261F} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89FDB4D0-1F76-49D6-A941-6C3C08FC261F}\InprocHandler32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" MicrosoftEdgeUpdate.exe -
Suspicious behavior: AddClipboardFormatListener 4 IoCs
Processes:
RobloxStudioBeta.exeRobloxStudioBeta.exeRobloxStudioBeta.exeRobloxStudioBeta.exepid process 2472 RobloxStudioBeta.exe 4040 RobloxStudioBeta.exe 6244 RobloxStudioBeta.exe 2864 RobloxStudioBeta.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
chrome.exeRobloxStudioInstaller.exeMicrosoftEdgeUpdate.exeRobloxStudioBeta.exepid process 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 4408 RobloxStudioInstaller.exe 4408 RobloxStudioInstaller.exe 4408 RobloxStudioInstaller.exe 4408 RobloxStudioInstaller.exe 2676 chrome.exe 2676 chrome.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 4560 MicrosoftEdgeUpdate.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe 2472 RobloxStudioBeta.exe -
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
Processes:
RobloxStudioBeta.exeRobloxStudioBeta.exeRobloxStudioBeta.exeRobloxStudioBeta.exepid process 2472 RobloxStudioBeta.exe 4040 RobloxStudioBeta.exe 6244 RobloxStudioBeta.exe 2864 RobloxStudioBeta.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe Token: SeShutdownPrivilege 2676 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
rundll32.exechrome.exemsedgewebview2.exepid process 1008 rundll32.exe 1008 rundll32.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2564 msedgewebview2.exe 2564 msedgewebview2.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2564 msedgewebview2.exe 2564 msedgewebview2.exe 2564 msedgewebview2.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe 2676 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
RobloxStudioBeta.exepid process 4040 RobloxStudioBeta.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2676 wrote to memory of 2708 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2708 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2708 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2484 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2980 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2980 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2980 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe PID 2676 wrote to memory of 2508 2676 chrome.exe chrome.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\KhnKFqz1mt6baV34eaVEfttTAaNwhiftQM4l.png1⤵
- Suspicious use of FindShellTrayWindow
PID:1008
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f49758,0x7fef6f49768,0x7fef6f497782⤵PID:2708
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:22⤵PID:2484
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:2980
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:2508
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2812
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2716
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1512 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:22⤵PID:1952
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3176 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:1396
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3404 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:1660
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3528 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:1720
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:1304
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3740 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2400
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2504 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2196
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2368 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2256
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:1640
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3772 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:1816
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3912 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:1576
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3720 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:1432
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4244 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2388
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4608 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:108
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4472 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:824
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4476 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2492
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4408 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:608
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4700 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2140
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4752 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2264
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5292 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:776
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:3488
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:3500
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4588 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3784
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5644 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3796
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5672 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3712
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5688 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3960
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5704 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3956
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6468 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3148
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6240 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3580
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6436 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4052
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4904 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4064
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6288 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3704
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7012 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3268
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7008 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3200
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7328 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3380
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7592 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4680
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7540 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4696
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7728 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4456
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=4156 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4108
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5700 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:1400
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5092 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4432
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6712 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4160
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6808 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3904
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7088 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3916
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=7884 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:1668
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=4744 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5904 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4180
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=2372 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4428
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=4140 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4188
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=3692 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4512
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=4168 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4240
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:2388
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=2728 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3104
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=4000 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3492
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=2464 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2232
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=2404 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4628
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=5832 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3828
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=4688 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2440
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=3320 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3544
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=3432 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:5088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=3176 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:792
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=4240 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:1756
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=5252 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4136
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=5388 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4128
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6636 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:1428
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=2680 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4480
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=4644 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4472
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=6776 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3692
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=4968 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4584
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=5280 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3624
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=6296 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4156
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=7592 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4168
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=4876 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2140
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=5240 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:892
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5656 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:4632
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6444 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:4648
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7676 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:4956
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:792
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6884 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:3520
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5608 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:3548
-
C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:4408 -
C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeWebview2Setup.exe /silent /install3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3128 -
C:\Program Files (x86)\Microsoft\Temp\EU1DDD.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU1DDD.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"4⤵
- Sets file execution options in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
PID:4560 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Modifies registry class
PID:872 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3888 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2056 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:4884 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:3992 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODQzOUVGRTMtMjg3OS00MzI1LUE1MTctOTMxMEQ0RjRGQ0NBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEM0M5NkY1Qi0zN0UwLTRGNUQtQUUwRC02NjYxQTVCM0U3QzN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMzMxMzQ1NTAwMCIgaW5zdGFsbF90aW1lX21zPSI4MTEiLz48L2FwcD48L3JlcXVlc3Q-5⤵
- Executes dropped EXE
- Checks system information in the registry
PID:4564 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{8439EFE3-2879-4325-A517-9310D4F4FCCA}" /silent5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1672 -
C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxStudioBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2472 -
C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxCrashHandler.exe"C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.627.0.6270453_20240604T003952Z_Studio_C09D7_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.627.0.6270453_20240604T003952Z_Studio_C09D7_last.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=Unknown --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=eaa743d2ec5efd1c7cd63375418c0e423354daa2 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.627.0.6270453 --annotation=UniqueId=3370783495515712801 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.627.0.6270453 --annotation=host_arch=x86_64 --initial-client-data=0x390,0x394,0x398,0x2d8,0x3c0,0x147f18b90,0x147f18ba8,0x147f18bc04⤵
- Executes dropped EXE
PID:3660 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 627, 0, 6270453" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=2472.268.131328795807343069094⤵
- Checks computer location settings
- Executes dropped EXE
- Checks system information in the registry
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
PID:2564 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.165 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=109.0.1518.140 --initial-client-data=0xc4,0xc8,0xcc,0x98,0xd4,0x7feee0affa8,0x7feee0affb8,0x7feee0affc85⤵
- Executes dropped EXE
PID:4192 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 627, 0, 6270453" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1176,i,12343809626396955065,10769823113064079096,131072 /prefetch:25⤵
- Executes dropped EXE
PID:5004 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 627, 0, 6270453" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1432 --field-trial-handle=1176,i,12343809626396955065,10769823113064079096,131072 /prefetch:35⤵
- Executes dropped EXE
PID:2536 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 627, 0, 6270453" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1520 --field-trial-handle=1176,i,12343809626396955065,10769823113064079096,131072 /prefetch:85⤵
- Executes dropped EXE
PID:3732 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 627, 0, 6270453" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=2196 --field-trial-handle=1176,i,12343809626396955065,10769823113064079096,131072 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:2332 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 627, 0, 6270453" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=1428 --field-trial-handle=1176,i,12343809626396955065,10769823113064079096,131072 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:2272 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 627, 0, 6270453" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=2944 --field-trial-handle=1176,i,12343809626396955065,10769823113064079096,131072 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:3596 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 627, 0, 6270453" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1284 --field-trial-handle=1176,i,12343809626396955065,10769823113064079096,131072 /prefetch:25⤵
- Executes dropped EXE
PID:3444 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 627, 0, 6270453" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3548 --field-trial-handle=1176,i,12343809626396955065,10769823113064079096,131072 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:3468 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 627, 0, 6270453" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3420 --field-trial-handle=1176,i,12343809626396955065,10769823113064079096,131072 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:5196 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 627, 0, 6270453" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3828 --field-trial-handle=1176,i,12343809626396955065,10769823113064079096,131072 /prefetch:15⤵
- Checks computer location settings
- Executes dropped EXE
PID:5448 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 627, 0, 6270453" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3076 --field-trial-handle=1176,i,12343809626396955065,10769823113064079096,131072 /prefetch:15⤵
- Executes dropped EXE
PID:7832 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=5836 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:1496
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=2072 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:1732
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1328 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:1552
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2036 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:4404
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=6120 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3772
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3836 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:3436
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:4732
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=5356 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4080
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=1368 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2584
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:1764
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5812 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:1312
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=3936 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:3680
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=8008 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:2932
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2812 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:4036
-
C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxStudioBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxStudioBeta.exe" "C:\Users\Admin\Downloads\Henshaw_Royal_Military_Academy.rbxl"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4040 -
C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxCrashHandler.exe"C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.627.0.6270453_20240604T004016Z_Studio_50F57_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.627.0.6270453_20240604T004016Z_Studio_50F57_last.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=Unknown --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=eaa743d2ec5efd1c7cd63375418c0e423354daa2 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.627.0.6270453 --annotation=UniqueId=8342096938584661046 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.627.0.6270453 --annotation=host_arch=x86_64 --initial-client-data=0x37c,0x380,0x384,0x350,0x3ac,0x147f18b90,0x147f18ba8,0x147f18bc03⤵
- Executes dropped EXE
PID:1644 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 627, 0, 6270453" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=4040.3780.129969193148682637313⤵
- Executes dropped EXE
PID:3752 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.165 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=109.0.1518.140 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x7feee0affa8,0x7feee0affb8,0x7feee0affc84⤵
- Executes dropped EXE
PID:1312 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=4760 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:6180
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:6020
-
C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxStudioBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxStudioBeta.exe" "C:\Users\Admin\Downloads\Catalog_Avatar_Creator.rbxl"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6244 -
C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxCrashHandler.exe"C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.627.0.6270453_20240604T004417Z_Studio_FDDB6_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.627.0.6270453_20240604T004417Z_Studio_FDDB6_last.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=Unknown --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=eaa743d2ec5efd1c7cd63375418c0e423354daa2 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.627.0.6270453 --annotation=UniqueId=2022763398383224667 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.627.0.6270453 --annotation=host_arch=x86_64 --initial-client-data=0x388,0x38c,0x390,0x2e0,0x398,0x147748b90,0x147748ba8,0x147748bc03⤵
- Executes dropped EXE
PID:6436 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=2288 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:4520
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:4012
-
C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxStudioBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxStudioBeta.exe" "C:\Users\Admin\Downloads\Catalog_Avatar_Creator (1).rbxl"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:2864 -
C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxCrashHandler.exe"C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.627.0.6270453_20240604T004547Z_Studio_88ECA_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.627.0.6270453_20240604T004547Z_Studio_88ECA_last.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=Unknown --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=eaa743d2ec5efd1c7cd63375418c0e423354daa2 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.627.0.6270453 --annotation=UniqueId=2084539686318301763 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.627.0.6270453 --annotation=host_arch=x86_64 --initial-client-data=0x37c,0x380,0x384,0x2dc,0x390,0x1475a8b90,0x1475a8ba8,0x1475a8bc03⤵
- Executes dropped EXE
PID:6248 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=2764 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:12⤵PID:7244
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=108 --field-trial-handle=1332,i,11175201926136943577,5874667222700062563,131072 /prefetch:82⤵PID:7324
-
C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxStudioBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxStudioBeta.exe" "C:\Users\Admin\Downloads\natural_disaster_with_twin_tower_map.rbxl"2⤵PID:7648
-
C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxCrashHandler.exe"C:\Program Files (x86)\Roblox\Versions\version-c46f37833a234ebf\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.627.0.6270453_20240604T004828Z_Studio_35407_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.627.0.6270453_20240604T004828Z_Studio_35407_last.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=Unknown --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=eaa743d2ec5efd1c7cd63375418c0e423354daa2 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.627.0.6270453 --annotation=UniqueId=177889440912013230 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.627.0.6270453 --annotation=host_arch=x86_64 --initial-client-data=0x378,0x37c,0x380,0x2cc,0x38c,0x147b28b90,0x147b28ba8,0x147b28bc03⤵PID:2104
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1584
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:4488 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODQzOUVGRTMtMjg3OS00MzI1LUE1MTctOTMxMEQ0RjRGQ0NBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0N0EwODlFMS0zQzczLTQxNzMtQjA3NS1FQzlEODhDNUExQkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIG5leHR2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjMiIHN5c3RlbV91cHRpbWVfdGlja3M9IjMzMTgwMzUwMDAiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Checks system information in the registry
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:1432 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D1566974-5A2A-4853-9335-14F5FE1065D0}\MicrosoftEdge_X64_109.0.1518.140.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D1566974-5A2A-4853-9335-14F5FE1065D0}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3176 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D1566974-5A2A-4853-9335-14F5FE1065D0}\EDGEMITMP_B8523.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D1566974-5A2A-4853-9335-14F5FE1065D0}\EDGEMITMP_B8523.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D1566974-5A2A-4853-9335-14F5FE1065D0}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:792 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODQzOUVGRTMtMjg3OS00MzI1LUE1MTctOTMxMEQ0RjRGQ0NBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxRTlBRThGNC03RkI1LTREMTMtOUJCOC04QkY0Q0IzODk5QUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuMTUxOC4xNDAiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjM3MTM5ODUwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIzNzE0MDI1MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDExNDAxNTAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMGM0MDg0ZjMtMWJlZC00MjQ2LWI4ZWQtMjA2Y2NiZTYwZTNjP1AxPTE3MTgwNjYzMjAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9Y0FMdWxyeVR1MkpTeVZrNk9kWDlpWnM3RGN3SXQwNWZXZUFwVzQ1RDBEWWRUS0NSbWZhRHlPSFJPUFVCdGIwWXowb0VvZiUyZnZ1dE0lMmJ1V3J3Uk9yVmxnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTQwNjk2MDA4IiB0b3RhbD0iMTQwNjk2MDA4IiBkb3dubG9hZF90aW1lX21zPSIyNzIwNyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQxMTYxNjUwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0MTM0ODA1MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NjA5IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0NDE1MDc1MDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNTcyOSIgZG93bmxvYWRfdGltZV9tcz0iNDAyMDMiIGRvd25sb2FkZWQ9IjE0MDY5NjAwOCIgdG90YWw9IjE0MDY5NjAwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMjgwMTgiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Checks system information in the registry
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:4964
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵PID:2388
-
C:\Windows\system32\taskeng.exetaskeng.exe {7D5680D9-7F43-45EA-AD07-F11D618DB3B6} S-1-5-18:NT AUTHORITY\System:Service:1⤵PID:7620
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler2⤵
- Executes dropped EXE
PID:7600
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:4420 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1320F314-0752-4B1E-855D-FEF18091ADAA}\MicrosoftEdgeUpdateSetup_X86_1.3.187.39.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1320F314-0752-4B1E-855D-FEF18091ADAA}\MicrosoftEdgeUpdateSetup_X86_1.3.187.39.exe" /update /sessionid "{78848082-A3CE-47AA-AFB4-300031C18D5B}"2⤵
- Executes dropped EXE
PID:5948 -
C:\Program Files (x86)\Microsoft\Temp\EU825A.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU825A.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{78848082-A3CE-47AA-AFB4-300031C18D5B}"3⤵
- Sets file execution options in registry
- Executes dropped EXE
- Checks system information in the registry
PID:4652 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc4⤵
- Executes dropped EXE
- Modifies registry class
PID:7888 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver4⤵
- Executes dropped EXE
- Modifies registry class
PID:5248 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
PID:3168 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
PID:572 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.39\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
PID:7912 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Nzg4NDgwODItQTNDRS00N0FBLUFGQjQtMzAwMDMxQzE4RDVCfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QUYzNUZENzAtQUM5MC00ODg5LUE4RjQtRDE5MzAwQzRCNUQxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjIiIGRpc2tfdHlwZT0iMCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg3LjM5IiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzNjMiIGluc3RhbGxkYXRldGltZT0iMTcxNzQ2MTQ3OSI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzc4OTE3NTAwMCIvPjwvYXBwPjwvcmVxdWVzdD44⤵
- Executes dropped EXE
- Checks system information in the registry
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:3424 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7Nzg4NDgwODItQTNDRS00N0FBLUFGQjQtMzAwMDMxQzE4RDVCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGMUQ1QzQ3MC1FOUMzLTRFNTktQTc5RS0yODNFRjYwREUzNDJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODcuMzkiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzAxNjA0NTAwMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MDE2MDk1MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0ODUwMjUwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzIyMTY2N2RjLWJiMGEtNGFjYi04MzNkLTVhMTFkYzg4YThiZj9QMT0xNzE4MDY2NjUxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUUwSlRjWnB1ejI1aFNHU2k3Tmx3UXEwRDduM3RyYUFIckQwNjkxTUc2eFVtQ08wUUVlZzMyWjhtJTJmbU8xUGNMOVdKR2l5TWJKZXlCYzg4V2pZWCUyZkFKZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MjEwNDgiIHRvdGFsPSIxNjIxMDQ4IiBkb3dubG9hZF90aW1lX21zPSI0NjYyNiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NDg1MTA1MDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0OTAyNDUwMDAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEwOS4wLjE1MTguMTQwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzYzIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2MTkzNTIyNDI2ODAwMDAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0RGMjM0OEMxLUY0Q0QtNDAxOC1BQkMxLUE1ODEwNTA0RjBFOX0iLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Checks system information in the registry
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:6896
-
C:\Windows\system32\taskeng.exetaskeng.exe {B9568E55-B25F-4478-BFBF-4C755CC1C526} S-1-5-18:NT AUTHORITY\System:Service:1⤵PID:2320
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler2⤵PID:8176
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵PID:6004
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzVDMDE1RjMtRjRDOC00MERELUJFQ0MtQjcxM0MwQjFDMDQ1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RURGMDlBQkQtM0FCRi00N0MxLTk2NEUtQzQzQzU4M0RDMjNFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjIiIGRpc2tfdHlwZT0iMCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0NSIgaW5zdGFsbGRhdGV0aW1lPSIxNzEzNTMxOTYyIiBvb2JlX2luc3RhbGxfdGltZT0iMTI4OTIwMjEyOTQ2Njk2NzY4Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTcxNzIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMzQ1OTA1MDAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵PID:4592
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzVDMDE1RjMtRjRDOC00MERELUJFQ0MtQjcxM0MwQjFDMDQ1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntDNEJFOTM5Ni0xMEY0LTQwQUMtQjlGRi1GNkM4QTUxMTM1RUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4Ny4zOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjM2MyIgY29ob3J0PSJycmZAMC4xMCI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjM2NCIgcGluZ19mcmVzaG5lc3M9IntEREZBMjNGMS1CMkIzLTQ4MDYtQURBMi02OUUzMjE1M0UzNDN9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEwOS4wLjE1MTguMTQwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzYzIiBjb2hvcnQ9InJyZkAwLjAzIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjE5MzUyMjQyNjgwMDAwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjYzNjQiIHBpbmdfZnJlc2huZXNzPSJ7RThFOTEwMUYtMzg0OS00QUI1LUJCOEMtNkJENTM5N0JBRTQ4fSIvPjwvYXBwPjwvcmVxdWVzdD42⤵PID:6816
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.39\MicrosoftEdgeUpdateSetup_X86_1.3.187.39.exe
Filesize1.5MB
MD51f744e1c802560affe8b308640b6ab67
SHA1bbfecefdf891c11d573760d4dabdf86091463421
SHA256fa7d8a8cae60ab620d2aa887de62039d2647e4f5c1c649d75f0f52e14ec11a99
SHA512780440aa518397e52bb429b5a8e7697bf0096db0fe343cd40a541b60f34ad4976ef7fc2204737d296a8c1fbed2951496503dc50158d6455617c67483f87f3015
-
Filesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source792_2011039410\109.0.1518.140\Installer\msedge_7z.data
Filesize3KB
MD5bd70ed26e6e6f3193043ac09c58c6a1c
SHA1d733a65e17f2851d5116598dd80533efc1656468
SHA2567a474217d20b9a6fe3c3a46c0d6d5b2d2040fa790663f6da9202ee7cb07bb448
SHA5123e2ecade6d687b0736d5eafd7527b24095b9c51f0c8ba99398b23da2d8843c49fc8c1fa37190d385b504d8224c8c517d78d44ae32e10e45d54b19477a6970756
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source792_2011039410\109.0.1518.140\Installer\setup.exe
Filesize3.8MB
MD53a92a61a6e01c80ecc7d9499abb901b7
SHA1d89d05802d937f9c71ced14282b8a19623fca7c8
SHA256b70b2ed82c7afde8003983992b74f8182f55080b43da3d96dd29e8c0c7e8b47e
SHA5123867efbd984ddd1eec084c70a42104cbc0057c3bed222af8963051779b612b46bf4cea3311452f6564513d7558d49a1e66a9473ad53f1b2fb4c43a9d7d0fb47d
-
Filesize
14KB
MD5b2c5906d2a6b91f45bc8793f7fb439b5
SHA177ddbe0060008a9d8550f322b9d3aad85f821488
SHA256aa508f7443d650d8f0357cc43eb754de69ab4bea40642f79f5e74c4ebffd154f
SHA5128da9588769f9bc36571b8a097f80e576d42eec440cc9ce0e1a8c9f393fc84400d59474300295f1d5e3fc4824977dfe9fd6855decc2774ea41a933f0dfac183cd
-
Filesize
579B
MD5f55da450a5fb287e1e0f0dcc965756ca
SHA17e04de896a3e666d00e687d33ffad93be83d349e
SHA25631ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA51219bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
867B
MD5c5dfb849ca051355ee2dba1ac33eb028
SHA1d69b561148f01c77c54578c10926df5b856976ad
SHA256cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA51288289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
Filesize252B
MD5fad6e782c93b4a7a5c7a7a4541b8a1ed
SHA17e4dd9fd4bffe23bd381d46f536d6e1563b5a51a
SHA2566a115ad13cd4d0c359f3c45063b66800adcd58753142840f193a8c02d9364221
SHA512aca0673d45fae293298c1169390ce5ac97f53f8aa14e60d557d33af27fffb3d93ec955f50916779d580cd0419cc17b27187e0a464e96b3d37a305af75988fa3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc23e57315bd9a0d68840ba8b2f7e25c
SHA106427bf2d0125c44cb1ad4ff87632494662b03e7
SHA256f74e6ba104e4f7bd77ceba601e09d08541aa8a16c825bb83629f953310b408bf
SHA5123cef2e8decb72e324fdd511907d64b8d27ae9ba5954359f5b2c4c8e110dc71cb812ddde49e27a5d9832a90cbbce76832a6bc9d80398717c1c9c8f2794f099a67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a6c1f82ba13492240b912459a0080a6e
SHA142f7f566c8055eef0af9bf1318a23f54031435f6
SHA256f5dab7bc42d31ee9df7f3b98447674f4c8ed86c4571d389fb31c9b54804465d0
SHA5129dca1baa3a6127977df912e89b2821526ca2591935671da0c50253652c4906930bb7c19e28145d4396061b7ad38eca14de1308d3df33505abc356b2894fce9fb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD504b6195e75f7aa8e6b235de69fdb2b92
SHA19a98a2450761ea7dab83eaa56f0267c6fb7701a3
SHA256420e8772da539892a51a7cbae72f03b96497dbd8ad4cbee07d45aff1e2e13070
SHA51258328e9d0ce4071813f977e9f3d8bb3c9d0207b749b7bccf10e68c01fa2254f4ba9fef001b52b0f103549959580dfb32770e3cb21933755b256155d608a0892b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55fe8fe57601bb1664a7fc242fb5bc1fd
SHA118c22cedffd27b16b22f563694500a3f882f036b
SHA256234e162e5f2e37cd579ea6c21e34ae219d8af90f81b313cd57ba1c6183321ca2
SHA51243fe1020db9bb3edd2a19c68723598f39bfa841a5791ebe1c2f17b705920caaf9be71376636eb54a8da28f9daed541675120553ed03bc593edf4616d41df6893
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b4118d3d1382aa79fd63b2508bb40a1
SHA17ec1e13aef3d7bfddedf809de6ed86a923f8a5d2
SHA256bdcc2e59e1558e0a19aac212b44e4cce1161b4a8e1e57e67ce1b1cc289883052
SHA512cc00fe9a640dc188fcaa97f219870f4b2601eefcd30462d98a02738578e77bafbed1b889600e3fea4b61a49435aa9d008acfb0b2b47fee409ddb5084095951a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f63c7157d2f7de6c64b7164373778433
SHA1b3a594807ffec9343c10874b8c79efba5a4688a5
SHA256985af6c0e5ddf9370607a53a7beede00a1c423d703554e17ff7cf16ec4d63439
SHA5125632f76c5fe62c0da314a11de5ae216da0e83866ec4d117c4452b0f3711269f50478bb65caf8c60ee2e5948446b242e7f5e7488abea1f12fcc62a101574d8e89
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb54207259705f999934303de54c3bf1
SHA17f68b69c20409f5648c1e79a989ba83a3282cb27
SHA2560e3e340761c08a1013663ee568e6a5be18031bf2f9aba83e5a4e260ec4ca7733
SHA5121cdca39027dc130cf564f0597ab09cefaf4f8df01bd7318f29f57b7e044f9b45b9759eb04a33472f83f0e28226d5f7199b03da472290f0cb1bcde43b6867b249
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53820073aad19cf71e111c137533b963d
SHA1ea66e0cf6eefdb59a16f84845ebbd44ae9ce4a4e
SHA256958d2ffbd40f87d75e582e33261480b4539843c8bfec8ec59a87e471ba565cfd
SHA512cd0f032923f0c2c303a63e5fd60600fe4717cf1fa39b98d62342cc1bbe642c7defd60b224b5da80f64404da25d19ca6d52a9367e0aebb4766bcb2756543631cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a63f4229da9dbdefc97c1fdcc6f0c78b
SHA1223ca4c78cbfd7b86fa6c4f8702b31daf55996cd
SHA2561579c1beef1255711256e00b1e79fa9789b9701e253f239633e70d5fd5afc443
SHA512cb54f80626c54d6a1b8136f4f9622a678d399468659ceccd9f95365ef795a80cafc59d24a8fdab009e66f905cf99fea34701e7aa050666e1fe88ca97663186d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54a487a38ade95c9b7daefb721220a506
SHA17df151d7f07928ddddd2deba2fe9295797c547f1
SHA2560ab7d657df344334237420c3c64146363add8ba7c89f89252bd975f63ebabf4a
SHA51264e124b0126b52581911fe121d3b81905f8fcb16edeaf375ee12bb92108a94bf9c147a3c93e22dcffb2524452e7f251218bc3e354e48a2407beeeb773675f010
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ddc49d0f112878141bfa5571b0a8dfea
SHA1b0ca968fbec169b1bb7df48824dc78cdbd9013f7
SHA25608803eb435948a906915a2f4027aa9755dc5bfd64deb2004b1ed6b55ed8ffa86
SHA51276fcc5504e4e47c7402984a33d0f55a0fdae65791e75873af708fc1ce380e0922d85b3ced3ba1aa7556b404f86aaee85bab580e97287f05807f8666da75d9a48
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535ff42eacfd501ddcdba021ab461e666
SHA13705412591c5ee71c24d0647fb67d745d010c20a
SHA2561b6c270070acf05951f782ce8d692a39281707c99ec7ab229e30bb2fb0ee2919
SHA51252ce40cdbc7abec2de48fe330d294539f244d4d7041b20f80d066f27abf139fb0c41b7062da959792a09eddea3733c31fbcd8345775184258eb06a2d4c777b0c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD510229f72e69b7bf04642001396fb9eb4
SHA112490588c3deda251bc21406e477efedb6d0ed46
SHA2563957a1c68d70b89377eba592c9529eb64ecdeafd28642734b47c7f2dc40e69a3
SHA5125df08470cbd21c5a6fb9fe31f86342989ad4dfada381fdb9d004eae80247f58d6f6dfa6ae4918b698a80495f3d8858ac1d68099dc8b5030c1415a1a2af25e6ff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53adc20b957b039d774e5064447314d51
SHA160eecd9b1b657c503fac6839c71605036f941240
SHA2562a1e6e99e626deade8739cbf18beb900e102d58666afe891c8640e2600d3a6b8
SHA51231f4a2ccb781747eaa64939d752edec13b64ed7ad55faf559738bb1ff386ad6c2ceb8ab6393a085b44058c33807f3a7867e8a505e8f734fb8b6283bb62ac4ea4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59bb3ae93e8c17779a2a9eb39a9933281
SHA10511cb37b22979df70b91384f776ae1b330cb347
SHA2563b493d62e4761238e0e8ebd75b5182def5fceba860ed1323dceb16fe8d2adb92
SHA5126e2d34aa37b90a9e30e55f552a4fd2cfd9c7cba51d3f2328acb232cebeca0b67ad2fa8c0c0c9b97876a1b57eb0eac606005e9abaf07f8ebc5c805c9995dc20a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51d53826e78d6ee01a09915111e01ea32
SHA17c3f3283c6c1b786d4a1cf21a85399beb2f7b5eb
SHA256593d364fe79a91a03722bcdb51f936a73658431902280ed681549bc14c44e23f
SHA512e1e4ee987ae1b8278b4c613a1ee92ad0694d4396054b237786f31bd0bc09d9a8aa8cde9e8316e8543f99f92527463f95c5ba4710d9d19b340259b69d3ccc3fe8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f46cfc578232dd9d1cbcd58df5a5d89
SHA1e3beafa2475d95c5006151b05e5b394d295441b9
SHA256f7a8129fdad01da3eb318fed1be3132d1382276b5e524c935b75fce6b50b78cc
SHA5126775259f4922ea26657f2222fd2255330b9fda1d4bfc83ffa70489059732067c3527fe673a11a062e92562960df0366e20935a37c2ff5f44559888a6befd8ac8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c455ef78c03f073c7590e043c558da67
SHA1ec038ecf5a0cd39c71c11f997b5b1f89e30f1dc3
SHA256360bf7cb0586d17b2cd7f605dff5dd89d923794bd837af33e42e912e3101cf0d
SHA5126ef6a4d2887be55591fee53e8cf061373eb9139d73d55cdffeb8f64531a164f64a302f84515d7042cfa7f242c3514ab3d0f5e2ebd23fc0a82ec8c7eb59d79b03
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f72b3b974b8d5b3c7869fc3855c001b6
SHA1bd3d407b4bd2fdbae6183efaa2dde4590e8f4cd7
SHA256081d41a93ad36719b5c558adcad093050bafef7cc219a29a47377ae591cb49a8
SHA512d0ec2662bf4703f3a895bc1599c2f8ffdbbbe6783365e8087d334bf45071c27eade0e324bbd52db89f6e38e887b12c3c9e5e5d6ce91179625aa69b598f5642f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dde3942fb1ada7cac3f7ae182590ddfc
SHA1efb2497337e5faf643c3d85218087aae6ceb7058
SHA25663b7919483d17453fbb26861ebb06b6f230902cb8d1110ab3b057147e2cd33fc
SHA512d8b8b6e4bb07635d57bdc1ce5efd416496c06bf4e9c2a6d7ad8cf222f4666bfd8f2afdea2dd2898f885c821a8f77a4759dde66c03f7a7571b19b7517cf5e3176
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD538a5e688051e13c9badfed20b167aa9a
SHA13ee1f37723adc339b3a9a3c542e20b6f31fbf0df
SHA256a8514563c671e8c97c1a018cd66806000f5d9f4580918f5ffd22d596375896d2
SHA512a1599320aab2eaacecc3939bfef4580bdc7676ead11d435e98b0b27570bf2a10705852b7c25a408102ca60f7cfe684b23b6db19500486d5a0d8be4151a488e90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD576805ec3f93333acdcb46083a3a18058
SHA120c18b782ee72d16f42ef3085c6f440c57ea13fc
SHA256bb10335ce806e4a234b7e86064680f28376e656bcf1be1fef9fa5630c3394ae5
SHA5126573ccc9188f437ba536e26c8c30042ce839c1a83ff7a1a107d1a8f2b6a0c4bb2d6438f08d20f9d6ba458320e7ab435d7f45bbef7010b96a3b60ebc9e5e46159
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56813b13a1331dbd4741fd44d9ff514a7
SHA1cbf22c73708dcf1a2935ec56010305161f5300cf
SHA256c402c96999527911c39af038fc475767e02c20f2b6ef9c18416c2c16dc1868c0
SHA51284734b70f6676d2fa510e4fa30740230a72776b62828a28d90fb34888b95d1cf019124cdce4dfdfd1193336931011edf30b1c526ac5c46a93a4ada8eafb2852e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e60ded5fc6a7777b80f65ecd6eb6676c
SHA1e4d88d8cbaf17dbdd620d317301e320509ba214c
SHA25679dced1bcd20af133e7a4fe404d91051639b467690d2e9fa24e0fc6e76b3a5d7
SHA512a096dfcc0145131580404f66060afa01a0b2015932d035ee885b2d086c5485ef04ad851147229d3cf1e1308acf6ca663a6dde6dbd54a45f93b82c52729a23ae3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d225a1e6b910003671b4e5ae589d610
SHA16af35d845e9dfc82d8ef082404d1f8fe5e20cd19
SHA256f68d482d2451c68e3674ce9e3ccb6e8b3060f0fdd4b37f6a542751ea660e1953
SHA512654c91539628eac3fca01c2ada170339e2b7bba02af7808af27fb3888dc23fbd2656c56a4b072aea2b5df2ad34b938392efba7b0456d9250eeea4080ee522084
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5530733bf0902045a192cb94d2c33e0a4
SHA18a8622a705745152587ea55e3a29178482e4a254
SHA256ae49c91d5398151c06a5b250647b7afb0f37683f9599b3e077b9165650640c31
SHA512b8d3f0928ab0db9fb4fb20c029d05f72bd190ba6c7417ac439f9d254efb6e276279818e2aea567b87fd1d8cb6396acd054ecac1b3491ee9d86381ab7d0f0bd40
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b91bc173cbf9cb67779ab56f0e454b16
SHA11d454b26c86b2963a6dd6bcf76e5ac8197de69ce
SHA25637ed4895e9a59680b988f9d93297f677b59a1c4b780ddd84f4dc934e1c164c59
SHA5128c7b3f3c0cff5638397d13141fb2c778a1c74dd64f01a09e523ba8b1675216e8a09681dc4d945edabe1fe67d29e916fbf476400858ed3b7d8729db0428c4cc45
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5422e3189d513653de5e809e19f880045
SHA1aaf9fb8442e5dd9f05748ea18a489ccfc5e0b283
SHA25696c7fc180ec44fea564f88637bde17460fe541300287cdf7a6e953e2f6e30439
SHA51207954cb6f1cc04161713e248eef0208dd29c0e39cc8e91562661b5b04334341d6028d41e8e62aba3316c9c8233587b459b81083300fe46768a1f273cee3154de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD568dec6b87fb61bbee752968d1748c46d
SHA18dc0b6f68bd0b17c50593403e8f643b461282360
SHA256c30fabc8e66d6f4784541d5f9fba4bacda9e8c2f9c5c5c0063ae49d2dd38a06f
SHA512ceaf72e6f0e5eb73da47a4eb9b86d6e77f0be45633ad0ea4c0c176c3b38e9f34dedb69eedc75e5272017e8e8e723771a8fc29f3d9101bc60e6077ee0b131716d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5166cdf4c3466770ebae81bdeb2e0f18e
SHA1ee3f132e05a1e6405a1c1e562bc801a9231f552b
SHA256db3a4ec4e57e2ec41af098fab64f00a0ddf356d36ebea9b150d5355a03daaa64
SHA512863b74b028c79921a87b78d5ba7d2b16842133b234c0a81dd85d9eb0f819d702f42e4fbdcff6f6d7e36605c1fbca792c98f3dababfcd334a095a605baccaee8b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509865dfd9bd41210e756120e0f45dc54
SHA1ea7e2402fdba3863924e468761b43a791abe3001
SHA256b9c07d8da88ae6ead538a8613a64e0d0c4c067ead5d790395ca4b5227c5d130a
SHA5123f2f7dd0cab04cd0ed97843354e33476f4ec83f877859328ecd36feb920f2b8573d4ab95c12dd040244b12aafe4bcd3b7b1de772aa82afa68d27da1296c6f532
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5db1a6eb55d31c380eeae188424baf214
SHA1185268c0034479b9a2168072c05749dbff77c91a
SHA25606a5674e50205a438065c7922fd9d1d4750f4e7732d9af78b956a6652a2ec805
SHA5126dd7687e666409ea37179954a79de9a49e0e99dc3778595451df4dbe547b4f447a61748c4067dc0e926898d40e6ceb51b3c77c03259c139365cabf98773b4967
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534f1d73121bbd2bc75676dbf6222bfc2
SHA1f7c487ca0b09ac2267a9ce2432e6668b72adb058
SHA256555ea27b8c70088abb63c360f8fb6ef8a1efe0819dcaaad69bf4161fce9b56ae
SHA512da93dbe0e4f18a07f3c8423d9178a349d01deedeb518898ac19cbf57a790004376ee0d5c02f18d761fb8e887494aa7281c06fe399dc120857ddfa6e5f69f8390
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b77386b7a70c3a85368faa753144afb2
SHA1e435069dd317411d7d7cbe277e731ab6dab79080
SHA256d95cd24bfc5ce7ae04f3f39f1be360041ea9bc009298aa9b5f3978e917752322
SHA512312c6212c97c88b4dd0bdd0d471d3bf391c89730e8caf65f505bf37b09c33fdc7bfd896d935a05d57ae526837fc65563a6f09f621ea403c49b26eadfc464926b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ad676562ac4675cc6bceb9eee1133eda
SHA16fd0e3e5967e33677a7fbfe089ee3503ccd9c162
SHA2568b06537dba3ad5eca983ed947788561f0bf0c4cdbcdce19ce4d388c71eef3809
SHA512c5d83af4687caf6d46e093ee2b14a42f37d48b56f3d1533ddda184a90037d4083257b3ad0346f405c865879eb1d0dc7135c7e42881d9e067a158d1f6cfeb47fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD502ed2350471eca6a4c6b542aba0f6233
SHA15b03843b068894d1296bbb6f669098075d7e991e
SHA2568832a6d4a9236fb1b90f06ba5037d09b43d93a13e5435b558b6cf12b6cbe4835
SHA51252d0dd826456247287eb7105dfa1eb6c4d19467722782ff72120974d668f591fab78710dced8a1eca209b5d2d5f7feed10d65007a278765b2df347697491822d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD533d3e49140c0ee2aefd763d3ff1c955f
SHA16d204696a49e33bb8cf4837f74043a5e81292abc
SHA25629979681f954d90d5928030fc48f635fcbc2b428f571ae9b9fe84418dd42e4d2
SHA512e75dd54bbb6173b7161c349562b1ad82ef3637b0a41036390229465374f01b821cc33e5fe20c1a71781a45cfa17b49b9ca6081b86f30dd0c93d80ea5164233f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac62cb5a26f4d1152339b512aac15bb8
SHA1759c62642cfd07de11c76088266fe360a0946554
SHA256237e4598fb89c1b0f235b98c64b4ead03712b20411941639e7868ffa9a5e1d7d
SHA512d089a924fd84de3484b785b8c77d0a77a29b639ccfa6199a356ca16c72e75d70313b61709fa38705e29f6fb8ce83a5963afad6aba9560b36ff00421cb6683872
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bcd3977b5a2eb5d2b5686751fa99852e
SHA1dda13d50e6d076b0ec4398478cdf3f4058c845d8
SHA2563234a5ce1c849bb730e43a082956b9df4817b1525663554ad0fcb529cb811ac3
SHA5129756bee059a5c484a1692f2883d424156fec4b8a406aa7993edc88e2ebe56ec1568e7bd8558423709611fca2ee7df6dfc1393b379baf2d506526723247c2909e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bca0c88ea6f76436016f3221564fc2e4
SHA1ec8b86d3354a323d15518ef41f86745b72c08717
SHA256e9954950c62a368639e1ad264f7ae686984f7d9e846e0e8c8b5c9445a4c92841
SHA51275527f8f38e0d9dc6888f4d058a45583b85f21c3048bfe481d835d3c67cf792bcab09088beb0192b672140c93686a4e8863c5186c23be447ff6891aaa76486b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58b259a0a869c786ac4bafaea07be0628
SHA136de33b057f02b6aefd81a54b18cfe3dc3439983
SHA256f0bfed6bad5b5aad93f6e4ab9dcab001ae42dbd79ceac91a48f2a8d267b452f9
SHA5128ef2245e2a4467475387514a97cde2e429312421b8f1424e05ed8a319fa1dcca309b0f2f49a4c570b1dce8cad6cd4e1dbdfe9d66aa5332cc65dd33079925bcdf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56af31edc93379d6c820caed5c1884d4d
SHA1803ee244930d58bb23eb176ecf69b45eaba40c4c
SHA2569fdd180030a40000dc09db4a3c4df166ac5f1a7aafed91079f95bdb5a64406fc
SHA512149432e3752821b60cd93bb8b1d401e394d477a1de07a05502aed0b78f64fa2ea616fda20cf657fe2631f9861071b97397f00c6d21b90fc48c8b6b7355d1a8b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e6341dabcb83c27c619cf360bae4ca8
SHA12b1d42bc70f825e705b134c9099675cc07550389
SHA256d7e32829ff318eea9129d98aad04eebf6699612addcc338ef1613a4393ff9e5b
SHA512c75b20fd3c538de97dd5e179a7f0785131e16d47b119db103b4e82282cb983c0218b9eb00d0e5d1b8a489fca67bc3f2b82ad3894792058d355a32fc0064ef142
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5efa80d2a518122e0dd08fe44cbb664ef
SHA1954633062bfa4acca919696daa18e2bc55dede9f
SHA2566589e2e9c19cf7133d52d4af2bc8c4a1bb2c482aa5a750b9d2faf2d56cc4c3c4
SHA512dd919487f1cc508e1c9b62b13f4255cd03344f41fa2f7906c52a90b79bd96e2f858a6516a67300a4f9e7004b8a490c1ba6d3fd13323f576a11c640f543676afb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d5b822bb849021a6dd25a93f03db0c10
SHA15858065c92532a9608feb9354d8e466c60993593
SHA25601cf4ad264e3a0df56418e9625b7ad97cc386ffd258732a4ffebe1bb4baf2b28
SHA5129723785a677fd41e70267b5ea6588ec3a80f340d02c1ea60f34a7a2bb77f1a753f1e85acc4399c2742767b8e6b865206ae7cc23cfbf93d10c09bd22a343138e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD511499df7d8542e7b62ff7acbe3ac8760
SHA10fc45ec862f7dd942a8033d2b4e0d1aa1efe98ad
SHA256031f1096cff66bfcb5d7de7ee67363c6781cfc15d373b7a4b243def08d0e618a
SHA5120130938897bda134b1d854b5bf04e23defd8242e34fabb407d230d7da8573411d4cc667356f954e4014cd17d4d675a36f654ef6169e5f6c3785fd0996e3737b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e6f9b8400f6d70e785d0b8f9786f5a2
SHA1aeeef96011d5e67094911b8ddc47cb8e830dc33d
SHA2563ee71181ced2b553b8f43915cefabb67168bc99faad942d46853fc62bced426e
SHA512706accf41cda02cb5efa7689a8ceb53d1d4a245862778be150091908acadf1e9aa370cc015a73e496902852ef57f6fef272eb1824a65ac503614818faf8eacf7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD548b4ebf5d28c9174f8033cd008bd33f4
SHA170b0a8f3a0f03f3438d3d33f7a7f5cbe772999ec
SHA256db37e446452c7b0451b82ed628695a1aa2c32d9a65d4cb37b4ef5b30914d6183
SHA5125855c67319703f9965a11eef736f20f94c42f7c9756651c77c7ebba34775f76b907f84c855c706e4e32da18562c7e498915b41f04b188654f1eb409c17fd40dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5051d1bf43113a092b738ce8d5f28a777
SHA18d80617fc5c03935fdc48b28c207c610ec2b371a
SHA2562f52604dd747b6cbba91a7717b9985e48bded5c36572603ebd4b9cd281395179
SHA512f8f5d0c86a999c0b49f11c7c8b89dd386adf1089810930f947dcd51c02dbeeabff431992cc0d3f351a7f4a4d8da7f69e845658ac3eeb0830d983113013d07b04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c56bacb243c0ce2c85ec4a155a52ae45
SHA146a2e8aa34d7ade0be85a74deeb86058ab580f8c
SHA2560918286a367d7abebc665d54f41adfe64006c1c7252647bf57b9bcf5e744cb41
SHA5127c7970d10a185922461293a4bd08c0f6c85d33d2405c938727eeaba7a45ec7ed8308cb8528760768ffe56b18a3518d419b771c03aae1de2346ecf5023ada0ac2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc80c9c3e69dd0bbbd616fb230e97e3d
SHA152f9e698bcd241a5a16315065c5df52dbb73bb58
SHA256bd4cb9ed25b5a6ecff4a83b9b9e4013fd17d192497c7fb94444fba66e1c37285
SHA512983b621ea4acc17c362a41f0f4868235a43315d9357081499bf07aa29da93c3733fdb68993b918e3b5381caf01bad40dec455802b30df998be2fcb2146e84e1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51635f10c723ecaae5d77fd417ee6ed68
SHA1b605fd6828ae82c68e8b08a701d0122de4fde94c
SHA2561438c060a0f0ddc5e23fc908742bc51ec819642ee24333001410bf0921497a93
SHA5123bb3168b7f09b1a5cede3490cca465003b322e7fb5c835e21ac1b31144ca6a49373da79d0f33dfca1297fb0783bede73018b1730d10cec8c904b97b0134d4d2f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5239aeed1c839a297eb890badebe80fac
SHA1916ed4604ed91dabcaca9b3002482db39cc63d8d
SHA2561fabd38e6cf0b215b4688b893548f657440785c6aa5f24c3a353786fcab6539f
SHA5122468f0f70d2dcf5d03e9e0f5b3e27b27a11f2b62a334d64dfb4bef1ba4781f148a1d2cda148fcb8729d3aad8bfd3bd1487ace0e9ba9c54827cedd27cb00e31ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d4041b4de1cfc85d8307679fe1c4d06e
SHA141ba772b8fa3609f65e404be85974e8444eef5a1
SHA256d2ecd31257db66d01007be5a5b869b63e7d90c250117dfaf7398985c69e90c16
SHA512b7ca678f50410f1fe829e45809547f5487199a8b19ee17ad7916022c3c398ad26862dbe171fdd1070bca47b9c440774c2a3e4ffe8fef340c190ae7f808bb87d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5527921db05c36327e7aedc47c28e81ed
SHA15c63674a7e3e1e38de297f456fc454d3ff721701
SHA2562c19c3a753983ecd58f1d0a18a2b36fd796dfd165631c4ebfda11ce1e6616758
SHA512f597d8f9b22a470c3ae02d085eb45ae06ac2a23580837757e1d2ce90516a28d779add389bf717aeae13d8965e70339c360576bb02bbc39c9a99e662b88551570
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD585f26374c434a2a85d09bca4fae19343
SHA1aced60d4a49c862b0842db23efb2e1b84c8b5df5
SHA256e6bc26b052b4c6555ab6e3130563a33bb0c8544d17dbc2309403abeced469991
SHA512a018f8d1349360793a5d7b01063cd22eb1be9e8bdf944cc12099dcbf49981131162e7a0f4ac74da829ce6b4550f665df90ffb9c025217471376f97b5bb6a0ec8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c018820bd6ced83d64c962f127ba5e5
SHA16d8dcf596e23263226c0ced724c49ebe2481529d
SHA2565a7a526ebc712ca2af50587d6410d6dcb42fe3ac229b3b9b0c3ac08802b553e3
SHA512b419714997f8eada5ff299fb9543ddf27bf2452a76736ced09a38e479b0bf2c751fa3b7161f3411838f53c5936ab37ae2418601a58f2add2b89baef9de4ceb53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534400a7c16546843e1fdf0b17d1ea274
SHA14b1fa8647d50549c0a76df2e13dbe11525bbbdf6
SHA256a340e5d4647b384206c42bcedec238f0ba0b9643dcae7527651e351d97d17dcf
SHA5125534516ca63e8f4da2abc0b506e4c897874e38d9dd001fbaf6b7fd5d669f7ddccbbd5763815ae858f935eefb949d2b3194919fd3bd99b369e0c6a43d47d8a9f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
Filesize242B
MD51ceb22b67b562216b421f6a0f476e1a2
SHA180df6584cfd1b8a6ef0a9f12d265d27edd6ef62c
SHA256b8a0d53aeb0ceee34e041fcb5daa154920180fa8b6bced0f28c41f70412ad7a0
SHA512cbc0eabe03cc2ec9631ba98f6f563ef79257bb6648728d427b746b684a7002580aba9f928524025c523f339be6c9606184b6b2ac3bf51b37fea7b103487f156c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3411cde6-fdd8-49da-b84e-4908f5c82b11.tmp
Filesize7KB
MD538dee10b08a4eec66b19267a759d0ea9
SHA1b4b6e83b8020fcda4ab5c5d1edc54b57d79c0c93
SHA256f005093599fbbafc649b7fc4d5d24e2d4177f98fcb1594a6252e6f8bf709ba9e
SHA512dad8fb68f5b702b609c538664ca78b134000e12165de497ae033e3c18f5add0acb01c4639e69ceaeb2db84804bc2b5fdb28a2f566e2a77070616bf1b7323eb38
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\617b5d67-e4ef-415c-b5f9-68a6bade3686.tmp
Filesize7KB
MD54037506e233d74a3b05a2ed78d673aa5
SHA136741701117f2c455644387c617af5f8bd49a12b
SHA25645bc9e4cdfa580ec75f82685af59fb238346cf076d021a43daad7e5f64ac2183
SHA512bbf9297d2d2eefb0af93935ee525232c132416394c4c3b2a16b0ac7de4bdbf58c449885722b48d89b74bf15d56aa958f34ec3bbea98c480650844b74eff3717a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\976f81bb-064c-4e06-9ad8-d32274e3dd66.tmp
Filesize7KB
MD5cc0a514432da7d6e8c3518007644d277
SHA1049786e568252e8755f899fb9deda652263f9be2
SHA2562dd0e6eb5a80e4e4cac8f4ee6e516a62b4569bfc68c26a048fa023763adff281
SHA5124cf4aab1d408a0b46a8e10a4e14289837b1c1791c8da027d648d0cdd7b4f1722754db8d23d74fc9452f5b0f7cdeef4341486c634aa7753f3dd0eacdd5cb9a330
-
Filesize
59KB
MD533d2dcc9ccf87d6ed728ab0c46235369
SHA1249e080a07601d8537b242546067229f49a4aca1
SHA256a455f1cebb519dc1861af1646224fb2cff08843469c0f346d93efb6745615c4c
SHA512754e230d5ed0a578559702f43312b2cb2b282676a95218ec3213efb566fed6ca02034bc6dc7ba124afee6f9b766a0680a8e51ea377b998eb2a10d0b7de67f7cc
-
Filesize
40KB
MD5aa12ea792026e66caab5841d4d0b9bab
SHA147beeba1239050999e8c98ded40f02ce82a78d3f
SHA25665fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1
SHA5120b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27
-
Filesize
69KB
MD5c356a0c771a0209d3482777edfc10768
SHA11ff2d992af8a6f19c30ecbe8f3591f26fe1cab08
SHA25632381f4549d36fa4583e599adc04056a4da80a6067c6805b7081c3f3f54a27ad
SHA512561084baf8d65579ead79e79c2c3920ef987384d52ecc11a2689aff95c54a6b823a0c4a8e5b910e60e569450e36563f53adb5796f261f13bbeea59130b81fe3c
-
Filesize
327KB
MD55b8581c78fc086780bdd86bf1f7867c3
SHA13c639e7fed74050d74adefba6e57c8df31d41433
SHA256f148ca7f10b8e792f5a0eb2d5185e3f6f6c66ea123bacc13470d8b76ac5a0645
SHA512cb9e4ed077cb973d7107c98eb0fba82ff8990fe2b1c0dbbd71262010db0c560d7b6ba30598b5c67cee41fc11b72b274fa32263ccef299ba2134da3f77707bc0a
-
Filesize
133KB
MD5cc6407176c92726ad40253db2cc1da75
SHA1908b6a07e70bd1c727cc46bff009d42a49180ef2
SHA25662d3253ecfc493eb776981c0862474f15fd4f3301c3f095128006425d514250a
SHA51279e73a9a5cb8c5a4c2a690bfd476b5b049e809e583cc94e1dbc6b166a4552e59366d7ff73c43ffcd113e8a47b698d1f8cc9f6870f2261dfc3bd776ea45f6d69b
-
Filesize
24KB
MD587c2b09a983584b04a63f3ff44064d64
SHA18796d5ef1ad1196309ef582cecef3ab95db27043
SHA256d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067
-
Filesize
46KB
MD58020829282f8d6133736f8079e5665a1
SHA164ee9e05894d5f726b5719c7c35c10dfa8f863d3
SHA2564035124285f7d7e8588e4fe69bc1bfe663090e68ca6b1a6438c0cc9de22b6540
SHA51268a01229ceb0d09a76b646db8a7641c41b98cb89e8632d6a0261437fba750b01f8b8ff29c1f70242bb3cdba1850d9e8c31c5b7ef69ce5ad2323801b4f3e0503c
-
Filesize
19KB
MD50a7b330d35d1f90a931ba5a5841128d4
SHA109bdf4c09b15a13ab725e036cf5b77bbcdb413f0
SHA25688b3bb0764ee6edc9a3142807bf0cf44ed88ad7de857bd213102319e106701a3
SHA512e71bce3e697d9166369751ebdaf24fc7f215b94c2ffd3448b0364bbf34de00305318a45dc042e11e0cb0dbecfc4f59db532d4a9796e54f84a5e2e1e020c939a0
-
Filesize
96KB
MD5f6e79e8c666ef12e078f4993ae35fc22
SHA11000f2c61f9aa7565dde57e5aec1f8cb72df95fc
SHA256e6462ce39a8c2270f539dd16489608626eec2f0d6e7bb3808e58894aae8827c3
SHA5123afb0faa2b9e8d2b024424d7a13a153b391bd04cfc4e0e1a2501643e440b61ffebdaeaba431ce14551c0876e9ab8f7af26994a3efb1e2e8fe0a74fa0cb11b960
-
Filesize
802KB
MD5d25a202898df9f5c7d82d63c7b08e71d
SHA1422587b364bdebf17256de63d90cd1eda62aee84
SHA256f2521f427c1bf65d8fcb714c4004cfc089c2737d4e4d483ce7c8a2958a41bbdd
SHA512d13445545f35549caa6e207b035cd2b0faa54b5e2f22b3887ea7677cd49dfb242425a46d809b3002c86367f1bab98aaeea755e0da24b2e1eeadaa7cf92becaf2
-
Filesize
32KB
MD5a7418ed14731cb6dde4bb4d4d1db0aa8
SHA1323db7b4e6fc6b75d6ce69aa2ac60515bbb97906
SHA256cbb4c6cbc5033c23aeb6ef9980c5096dd214245857639a2ddd8d7a732415b37b
SHA512f4ecf0118ef46df8acf143d5196115495a273240557a77cf981a4b60996c4eebba1bc1aa567e1f1c685ee9af6da83a9b17c2a78b67f843bef74cb7e0f9440ebd
-
Filesize
19KB
MD59baf5e6c47d66e3027b8c3a2209d46a2
SHA14ece7db26f5e77f2d85ac5c08a880e3d1f7a40d5
SHA256ec783c31f3dcf8ce8540519f44ecc3f6f4275674b4acac21da9be3f82fc4fc9c
SHA512585ee215185243140372edacad7490b5e106beee5eeef7097ac0f0f3cebb61252be5fba7cf01788c1bf1e056d8c3b6b455683c211fd0869057e86941159cb281
-
Filesize
41KB
MD5e0a5b5b5b60870c900d4e965d0582b5b
SHA1324bb751461fb997107f4c2f869042b093ac3ca4
SHA256a4658e257cd9b7c17301efa73ef9d9d66c9561ceffdbc92fb5e5b64454b87f96
SHA512e7c17425d5a6954710393ec309e473db216db095072f64caa968b9a3e1943efa75160873c8d965ee1a36a7493816c11a59bc24c245014fb9f8e6b5d043c7455a
-
Filesize
40KB
MD50c4880fb1de7d2ef097042adee0d2d31
SHA1ea7b12eae99f8f044352f1dd1bc4f7ea3786eecb
SHA256506fd688cabceb56eed3a3ffaed6afe80f124c61b223b3c8cc231c74ceb5c73d
SHA51274d5d2148505142bcfee0f99d3879a4c5baca87575026df3eac7d504b56c849f827645b83fa7fe2d64bc6bc3b53ee35ad458ba56b846b2d4a5e03996e2ddd80c
-
Filesize
42KB
MD5e375447ed0a7aa1ca7d5dc5ca4632b2b
SHA134cefcc7ffd7b329b63af54d2b35d890d14fa870
SHA25601bc6b654fbb35db915a7963ab9ce2473ce952985796aa9c07175deb4df28e35
SHA5122202c9152a15458694c83f25962b8adcdd90cd06a8f4ffd2b062ae88e0803e560cb111c241a81e04f6f07d97348aadbaca0522a5a67613708a747717e7b4356b
-
Filesize
133KB
MD5cc38436d71c22800b9d1c31cd4740de9
SHA15203feb0a71f9b4a2955ea30d60bca404a2d0bec
SHA25680a0d0221cac54a355b3517d8373229c397165753a65d332f9bb225f11b544b5
SHA5126556672e5a2718179b6d7277a9f38bc762e220552aecc251d27792878283cb6effaafe1386b4d16e6405c5fbafea4bdd833e47e8888432c48ef7d6be16448a33
-
Filesize
81KB
MD538583920b205a48a5b6b0a0b206b2e57
SHA1d0e0c1ced9e96a509b3ce12cd6654eefe29401cf
SHA2560ba5a95f2ce76057a6457bc94b2cca57d4094ead151b25072405c25e5ba1ffe7
SHA512b219b72f130d86edb945ad03ed4c13f5aef492de1295c0a1c5c46df608abc524674bb41c87b2e7f6868dfb3874c9bb6e45482339981c83c30c2936c69b9c0056
-
Filesize
30KB
MD5d363dc8ac083c960555ffac9baaa729f
SHA1127bdc6e0270c58bd76265e8e063316163e3779f
SHA25685af4c6577cf9d570678c0c97d79a368f112eb61c8fb26e6667ec2941c1c6009
SHA5120d1bdb4f222503f30cd78d264dd57705f5dc69a5f73edf7e6f90a1cbd0e00dc35a886901604f8324b45afd369dd06d81e42324040272d7069970a20842da441f
-
Filesize
17KB
MD567e30bbc30fa4e58ef6c33781b4e835c
SHA118125beb2b3f1a747f39ed999ff0edd5a52980ee
SHA2561572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba
SHA512271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228
-
Filesize
19KB
MD52155f385101771026a23f3dc2808c97e
SHA1550ba8b46e714011059de97b0f672f0349dcf8de
SHA2564641db11da9224b6da70ab3719915060084de315ad9037ca51c566d7d161dcd1
SHA512653fa69902507e82f884910143a60305e2b3c6e4d7ef411273c4ca2a67cb144ef9a367963bdefb1f45e21af4193393bfcc16ea599289b6f45c923884b3fe39f8
-
Filesize
20KB
MD52cda665ca8e712398689b1fec5fece99
SHA1dc1f443ca96f78007358a7fa2314e71790ff35a2
SHA256eb42a0b629f8763ca39c6fc5b4aa475602701dba817ee040d67247f2726bc9cc
SHA51285cd666294beaf011a4dc5da16e425ba957e529f017ca56654ee2245f5daa109e6e2f839f3ca2dc45835dfb9d9b2b67c06df6e412cfd30d494ab9a7bfcc20947
-
Filesize
143KB
MD5e279b5e0a16e5828f623ef1079b67b75
SHA13b78b6a493a6e453973f828b615cf13a8e7a97ff
SHA25646f18aa0c06fef19a1afaf16f54e2ab6b8c8fbcd76fd8af2da4199a03a7e5caf
SHA51204d6f716e89183d97b918b2985ac9eea749364d21795bae6e53bbed05588e5ea0e08ec62c686beef55e64999321f8ef74d1a00f85b5778470b744ad6f95bb47b
-
Filesize
96KB
MD57f6aeeea33a8b54d3c47befc7f4f129a
SHA17dd94f31b7b67e9a45555663aa4fae60d3bbe8be
SHA2560285b21a4e5b57432e62556dcf0f7e8b7c1afb06150cbb04c978189ab5c3b769
SHA512795d6713bf49b8b5104108ce381f8f09e1a5ccf4abb6eb8d24208bb19352d804843ffbc9bfc3a2a09354ce736eb944175580b10ccac692c1c4e848ec5af4f49c
-
Filesize
81KB
MD58366dd7f9775e1f4c4837e8546d13b65
SHA19f9ebdbb45b681defe9e76640094363afc0a0842
SHA256091b4861d17badea867e335f8e4068ef2397e99b7348ccc9dfc5c2e8a25dc616
SHA512885cfc2b4d57d44efc9821e5fe483841771df92058ef2d9fdb5e8d581b39255ea0d2cf41bb7a3eea28577e743fa916b6a8a21382ebdbf69ca735feebb149ca56
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
95KB
MD56a98df6c35b9bef82edb846088d063d6
SHA1e98863550917e99e9b8022e47b723ca57a417b9a
SHA2568e568c8f6ca34ea7ba368b82339ade882e26e56149dbe1fd2ef98feed0ad0f9f
SHA512354132254215632c0c8b82c422a03656d4f1846c02ffc64c41f24a803a9b92f871f47e377453c887e111426bbd2ce3ee810ff0ea469351ea69f9ba619850da14
-
Filesize
95KB
MD56856daa42fd224d980fd87ea00aa66e4
SHA1f91194aa7a4bed8394a2957b5258d98d8505d8eb
SHA2569dd644d15c2f50b84fceb52c15445df45a54cc3fb872596ff43611eb5787d9bc
SHA512b4e03c7733bb189e5c3c150b0b8884de040e69cbd252d8f40e55c0f5f5fa5a88604e7d97ae15cd5aa3cfffa4f181497d92c74b311124994b82434772ba540244
-
Filesize
103KB
MD5144854e84da83ffea974a51dc947756b
SHA150ad7fa26be4433392808f4e3f0f79ffc273cd78
SHA2568c008eb45d08a7cdb74767dc72e2e47dd33264487749dfcac472f8d9e1311c12
SHA512515d5343fd3da1fe397d6722bd6b1ef8fb5a971ba8f7ba351e5c022883f3f4a9b145c70e0e7c54e5b424047adaee997095667df62464781a9f684e74d752db11
-
Filesize
75KB
MD56a8505dc506a53a2546fda45c5c1c5d1
SHA12fda3a43383e0e7eadcb7a5bda2cfced4561351e
SHA25651c3615cfeca4bddc1cb21b4d9bc568b2499576984e11c9279ce7a7a9f273e36
SHA5125f02b00085cae16320f63c44f6c8a6b3de8b8f382d6269c16e2d0e53d8758e7ce806077ad009503f1936b12a20be00333b09336cd44d5e548301258e3915beec
-
Filesize
18KB
MD5ddfbb8b8ae34524e56662fbc3ec2f86e
SHA144635ccc2c499ec6732669ef6969ab26529d030d
SHA2561746b3c1f4d27e2e7678d1e5311cd4a01083b25bf753950aae8609b9cedac542
SHA5125af92cbc5ff4d29cd115c4792f3f8669d20a14b39fb4ba287cb341f726986b2ddc1bc0ce3616c4d0e939b9aad5165d9d90fffca0e6392a0a20dc611cbe754353
-
Filesize
64KB
MD59a8ceef2725801e17be5c55b0a7b6887
SHA1567f8cc2c9704f0f9186e50bb7ed9582bc3ac924
SHA256c34f0544214631ecebb3d75ea3e9876f8096703b293266fdcb6426952fc98027
SHA51257c534210f5905ae7d74e3adb6c39ad3d387797786b9a9b8def51508f83b83e97dbca9a48dd0bf38dadb6ea81dc5769d704c8ad58471baf727866eb06c2c4dcd
-
Filesize
16KB
MD59c6b5ce6b3452e98573e6409c34dd73c
SHA1de607fadef62e36945a409a838eb8fc36d819b42
SHA256cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA5124cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7
-
Filesize
26KB
MD5159be154b0c6a30c75f4f32d27f2e0e9
SHA1656d75888330c85405f7d107175858fa7bb08230
SHA256f24d5ad304b1430ccafd63cefd033e8e8c17f4864eb8b7984041c3cf4da961e7
SHA5126319f3fa6ff4bfe58ad34acde79207c72210f5594fd1f3895451811c8fc3d163569bf8df21b0fcdc123b8676e766af4955d7f0c67a0601fb00f4841510a1898a
-
Filesize
248KB
MD5a6fc0e89b7ad808e9fe0d1c01d89a887
SHA1ddc5de84f804d34f3fbf2d72e89be24a62700e2e
SHA256c28c4065de6b63b84d30472b9db90ef7772f2880dfe505be05ec75eab295b261
SHA512a76a3745b2e5d0e8befb127fee74716c064fccd32deaec9d2799f89e6ffb57af575197e9c615946ea2ae5473c5e9acf759d20a9f079be8dcfc1ffce3106f2ac3
-
Filesize
18KB
MD50714f33391cb3df7a54ff0b889597836
SHA19fc279bf7b18af9017390c92b2b00fa6b24c50df
SHA256cbd3f22fd7d3abe4203067a92f6ee1e2a03a707317e4cd95c990a928cc0e354b
SHA5128b31f586c958699b75131250b4b125dd7a4c6fe6050119a8bd927e7a05eea175143aabbd54003cdff8b6a1e975defae1a4aade6da16ac22fdbed23689c252804
-
Filesize
289B
MD5003e150894ed6064dbee29c80463c204
SHA13e148a10afb0a7083a978941a045d96708cc649c
SHA256c68c02f23059c64b29bfc61e8ad0eeccfa5d4ba52b197ec238d4f348c156b7e2
SHA512a645fdfbd7c41006854fed333dc06da8f4c15b5053718186724c8603f3c61b873748336ed71e4c783336cf58f81606f49949c2ddf1ac096f9ec4b21711885135
-
Filesize
33KB
MD5ec278ac077512e084171e9ef6bb8c9d5
SHA1bac7362429040ea677aaef23523014da40a55efe
SHA2564fafed425bc604595c511adb4982631fc0909053f02d4865079d955256b745e9
SHA512febfd2b586690e62ea4d9df9c7fb6cec08b66f947837dc8893e54ac812ee4d4e8fbcc811811babc1e69cf9cfe5d92ad50aa8c2fb695abd347918883801c75bd2
-
Filesize
6KB
MD506f9310daa7439154700868b38e38aed
SHA191bc98bf89a30a253367635f7061a9f1220d95f4
SHA2561171630f4355e035d6a2b09abb0fb5889001248e38413019a7884055e147782b
SHA512b245ddf68ed84fe4d45aff26518c47b3daa63953c4ff9228acd7ce5429c51066a55c49dcff41e7ede520792df9bb712ce400108cf56b88e7fe3ad90620baca8a
-
Filesize
6KB
MD52dcdfebbdd27e67bd64df9c806817d3d
SHA16b8588caf7c784ff2b18981d8fb6dce8f8df7f6d
SHA2562c8746da738902ad647d71e253f085b334225541ffb5be1ea80b9b3ae990b72d
SHA512d2f0dbd43538e66525d0d1db41b0a07a05690f0bd8f0c699f6e04f33cf3d3ad5e85314ae3ada2aae9d10d96607a9b3fa0f3da6231c5de6bbb27f0fde50e3569b
-
Filesize
4KB
MD5a854a34b741167fe05baa5b26dedd23f
SHA18d77848af089338d8ced5ac0243c251dfa73ab0a
SHA2566bae35fbf44cd57e70b57f3387cf64acb25b3b7dfcc3bf8a1947e6997145f207
SHA5122b28bb3d3269ee32bb607e899a654d9611197e0de38fa9d962cde24d2b25a29f914a6115ff3f42365ab56fdbffba8453a6da5f1b8b36bbbbdf8cdd9d30a9bb60
-
Filesize
6KB
MD54c43c12e82416c7815d3ccb544d18588
SHA1445fb044bf8687d92eab1b33c0145f6078ffea0f
SHA256afacd05fc0bd7704e3145f043edf926161489d0a0a9815bc2a6143323408d322
SHA512d267db9fe8c618e7027127e9d4ff09ea070e060e5819f2019a3536b063bac0c9b01d2e992aa8e3fcc1f876035696f21a9674f8a381199d52b613d4df3a112c1b
-
Filesize
4KB
MD54be2c910cdb11eedd1dab33e9a9cd651
SHA1e7db24efd7573caa9ba4b68ca486a0c03c7cd330
SHA2567a10f33791008224870bcd6e3a2329272d27202290cf8d5b7c6fff1d3adc18e6
SHA5124432539fbf77eceb6abd7adc4c50cf572ac597d632301f8ab38af3654ebf8a7d08e28c7b64e701295a942a0ea34dbc0d39d509a696d6109205b6df340cfcf44e
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf76845c.TMP
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5bd8f89a-aae9-432d-9ff2-b58f41cb51ab.tmp
Filesize23KB
MD530bbb8f45f802f2f6f15c9d7793a03d7
SHA133e1f30f1bcd0c076d93224359639ae35ae48fe6
SHA256fdc3c0b454eae0c36aa5767fd1c6b132a56c152898ab4613d1daeb8d775f6793
SHA512f0332470243b60d07c451ad8e96debcd75ff5410636eb2daf0fb50d592460a604002468b0322ed446f6bc81302488a7df4324aa135e425b41b6125f9507dc278
-
Filesize
18KB
MD514582951cf4fa3f72e9cf0c2e1998920
SHA19ff5e84d8b6ced4d4b30d292c7fec3456443969b
SHA25660e301710cac85423e84afed5f6df37a6589414b634f0d8f061262c9b92e8d5e
SHA512323d8d7f199091a15ef2d0f1c2b9dc4b7a1ab34195a8d224b8417d5dc8ecddb0780218710e07b4622f23bc600eca38fbd56ac65831347c67e9b70896515e36f4
-
Filesize
21KB
MD523dfaddc4d20a47cbd06f1b6e1ad0e47
SHA14ebad0898b0d16e50f35ca3777c01784a73b4da7
SHA2568be797050dfca73ab3f32c1c875f48bab6ef2210b312eaaf5438f2762d2ab105
SHA51283010d8946ae0a53a332ccfbc2968b390f5276ea8cf7c6676151ce931bb20ce68572515116cc846534ee3b87943f5e9ddaf98ac5463b9f3028aa3e92a4878d4a
-
Filesize
7KB
MD5f5cef58ff8f532841e82553902f5a68a
SHA14017796a106022d5f2ef8117bc3bd70352cc445d
SHA256bba524a5b86a77b12e2238ac2a792c2d94f2ff91ccd0d65ef67dd4aeb09ffa0c
SHA51216d7c478978048cc480c06cb2c0ef9bb5b94cdc194781d876b960ec2ec2f1479498701d25a60a99073edc440c44658492f9a49eafb6d710ecd190d1eee0287aa
-
Filesize
7KB
MD5da191c704820784cd6f922d22f014292
SHA1401f9ac37feac13a04e9c97d18209f1434ba2221
SHA256bd9b0b2934182326728a1fa212598f052bc2b5fb9c1fb18821150b00a03b4171
SHA512b69881e408d827116133bc8644ccf3c7fb896832ae9f6a80aa4d3159674da0cef8fc79484e51abd5eff163051672b79c7a082a4c4cea92d856b4c2a3adf357d6
-
Filesize
7KB
MD5e2395462a79399f0f1385be297a98af4
SHA1422ea1a125014be6165dd4aabc886ec497929afc
SHA256f7c3da96b8685286dfcc0dd547c2852b1bade55a20c59a62749cdbfeca11933e
SHA5124f9cfd7905026694fd30833c18227d1df87cf7b4867b894d4f3b4a5b1e8e54fc1aa451bc4cd148b7b88df7e68fff884962dc849073e80ceb2b958966e29a6e1d
-
Filesize
7KB
MD5831611b8ba201e07038c8b061759c3f5
SHA1523458f920d92149f6feb6893553615de830a8ef
SHA256ddecaf9239d1af8ba6e2e6985f3051bb0e75ea54fc75bedec864210fc5e2cbf5
SHA5128a1e91310407c115405b06a5e9db2d782a82c3a313e81f75c324cc366ce252cf33a2e5a0b87822df91dde22bccabf03c248f3650ddb121543bbc145a3b7f9929
-
Filesize
7KB
MD5b5062e6440804f820974b52923725022
SHA1b632765066b21d7b9f2b21522fbd74a208bb56fb
SHA256bb1318ad39a65253be7e4c84d51a526d9c7d4d790d3ed7dfaa6941689e2cf222
SHA512058284ea0b6511221cd4e035d2f94c8820aa2217c7f676a21b2ea70061dd3438d05123793d8bbfee7d2eb455d1eee386bb576dfec45bbdf212c29b4230e24e76
-
Filesize
7KB
MD554e2ec45839c6f1f77812ef90207a03e
SHA1a2b299c49fb1209e9dae6f70a880ae46da5fb229
SHA256aa34f083de62b01f61a8c5ab982baaa74307a21f96a3b59cad9b396942f69781
SHA51263576a007d38cc3dcffb21f08a9f59e18488d6ce13211b37374ff152a6da09e97600965fbc15adda8a2eaed7bd3b6b300559274b213f310351161db2baa1e36e
-
Filesize
7KB
MD5fc3c0c6a55ea43c4d10f31c651a293f6
SHA1fd020e6e5c7b99707c2200281d23c3d82adee134
SHA256f34e6575bf8586a1bac140e630eb28c033a8c382662c5f65c8d3fe6fdfc88d87
SHA51212ac4937dbe589aefa0412592426b73ed93fbee68f4dd37c77a8bb56a458879f4b020c025892a6b5d1eb22c17edec03a7141843e842b90c7e9fec762f2b1644a
-
Filesize
7KB
MD50188b371a9bd99a44b5f4c034d18a5f4
SHA1b82e7d94406a47d96bb43fe75d43488107fa106b
SHA256ceec2237cae08849806b1d9ce30fb5c17dda2a4bdc8c9f0e8fbb76e57069a175
SHA5126f709f2ed2a4d501433874e50fa894e58143749e9bd120d0b2c093ceec306a77dfa8cc8911f5328abf611eb75c77a83f625a9e1806b633e7bec30247fae02c69
-
Filesize
7KB
MD5d03dacb08549888eef02dd0527c954b2
SHA10ab2ad44a3b49f3e98a177832ba5d22a7e1a4828
SHA2566c67f24a7befbb057ad560a112cd0dc2dd3e2e64014bbe8d7ec27cb649f4fbc0
SHA512ef0767efb703b8b9de9f3ca90817425dec28749b1d1dafba876da812b67d85cd0911c6634d74b87a5329e9284b639564231aa3e53cacaac992aaefabf344487d
-
Filesize
7KB
MD558111d3a69bd4dbf66cf5961454c6585
SHA1908b43dec026c95b235d7f6474f0c6f91be2c36f
SHA256afd58a29a31cface102d6774c928768f7d49a4a58dea5d69e8a377594ed13d4d
SHA51238f1043095081271fc4312e009f06bcaffc4c7508727f712c202c28ea852b40e58eecf848071332b8a29f8a883735b55b5cc248ba4ab23b5cd6b3eb14a180326
-
Filesize
6KB
MD520a825978abf294f53ec142113d53bbb
SHA18011e37b95b6fa25dad6ae0908fefab698d7ff00
SHA2569f147a1ccacad9f3b5cba1040b805d69b03ccab509b82b7391f269f589cbe47f
SHA512cd1634dd0aca8daba778b5e46d3cc9e0dcd0e1f3d3f8bf1e40276d619113db4ec7f1b9a18216f5a9be5332db9c71e31c5a27d97c056263821958ade0c1db6dbc
-
Filesize
7KB
MD5558195c6ceec4623624846333b969d54
SHA1ecd35e2a277c3e192692e3fce2d8e95c0f7c5e3d
SHA2564a91e53724f0727e99ddabc57d133f01c1ad8a75da57c79a6b65465b5ecde30a
SHA512a1f2157846f8a7de0b55e006bfac2bbe31b8535af65dd046c074745315aafd8ad25c2e25e6b37b714ff37d1246a645def1de8ccdfb0643998f6f96c4c11b9d47
-
Filesize
7KB
MD51751248204853f3b6b210c5e82b7fb2d
SHA1f711123364cff932be6050f42800f483b36218cd
SHA25685abdae55571dc1028c268b524cd9f04067b85234000ebf0d6432eaaac740f9b
SHA51276162fbcef3c8c9351e6f7d5a8aa75aa2cb7ce1d2c21560ddab5b632aa5ef725d69c32b6cefa6687c9f0af8ec5e3dd280fa1c86720b15fe98ac08b75c50a815f
-
Filesize
7KB
MD5c9bef06fa04c77a64aba955cd7f3dd23
SHA17ff736cbf5eb009669dad92538a9343a1738132e
SHA256d171829186c5e84be92b62ec5b553b0d4a1d08607729cd1b11268ff7b67b39f9
SHA512c03ffeedc8b571ebdf2486324858bef1674ca70d12d89a55000dd84dbc04ba5e4141daff6aa573e48914ae53f02b1172086901e5bcb3fc091bc19a65eeefd03d
-
Filesize
1KB
MD508e559945d077823741bab0e06c66152
SHA1dd5af747f2f7df9c915b67a80b34c19e5c7cbd8f
SHA256cf4df2b6dce391fe7474f3c946fccbfd3e79038ea3965d60642af3b646fa55a7
SHA51286ead452794f66457bca203b96a575075e648a6ca8adfb340119b734b169c80c8092227d39bad781c8be3c7a1bc5a27431b07fd9e2fd1aa0423ffdf002f5def3
-
Filesize
4KB
MD50381c66658a3af7d1ae320993ee96b5c
SHA1275be4d24d20db3e296317d33d4dd6570660757b
SHA25676186e5c86dce6b9414d3b16d8395a4f4b847393e1f751c3a1dbf7b726cc915c
SHA512a2872f82ab22da1f11f44a66144b0c34393ad52df41673b227c15c97038335515f11bbd1684bf5da02706f0df96004b3a2f5a43e882cac7c305ffb673454b756
-
Filesize
6KB
MD510cb57b86ab97908bb350adfd42d9d2f
SHA1a844b7637c27e355e7f87a3f2aabf279e81ab387
SHA2562bc0e157f183eecee068d33499fee68155007bcc487a0016171298578a9a1f9c
SHA5123549ee94e64cdcd96e2ea5ca50674e59c0ed887571385f99d06135e5869ec126e97a871dbe96cb6e1b58b8339739332d504cf7e8744789d1945c2986502e4b21
-
Filesize
363B
MD5e6350d09398038283fb8a775e24cf4f2
SHA1222612f74192e634a8fabcd263ff71a47b83f44e
SHA2561b42bc545200c7d479e6b5d369fae95e67c58f1c15c8cfe252130d8d75892181
SHA5128cf85859e25e641c323d3bcaa9926477aac4c812be5a5cd76ffb56f5cfff610cc2b89275106b88bb2b529dfa93da6470d40e16aa5ed2aec445230f7c1bbf0f7b
-
Filesize
7KB
MD539dfdce315cddad6cc871ef149693d03
SHA1c49b76f74d21347225090e59206d565857024c98
SHA256a967d93f7b74791203d5fd31edcdd3c57f1675625cd222a8930072a139f544a0
SHA5121504d05ab9f8478270b3d08ada859d167e6e8e165886d092639d08b5e0c94a22ca6fdba0d6747fe898fcb09ade49da5c5ca19bfd821b4164c5bccf5ee84ab486
-
Filesize
7KB
MD5a070bfadca2e6f53480aacd9960a3b3f
SHA16444e291beecee6c9c981cb60fc4086b7b72d397
SHA256777963784f96ed67dccc7818958859ed926d1af4fdf9228d08da81e87c7147a6
SHA512637992416ddc11c87c1898debbc05e70640b3faacdf21baac0a34c3dd636e7528e8c3000f39f9af5095587f39e92b1ab16966184ff25cde6a68b39431069170b
-
Filesize
3KB
MD5bccff5d2c45bd18452081024e9a02236
SHA10b63f92b5fd810981504fe9f7be2d91b2869ed3b
SHA2567ffffbc2d6e920db4052b3073ede92a189f45149c1d0e6546b6bc9ca5b82005e
SHA512270aa270dc0b24cc9f27677e856f170168ac1fa75d24481d06e0fd63a5f0391e17c82d617c42a7adb975544424e67056fde12eea91179adef15b9eaa987b0404
-
Filesize
7KB
MD5a789d138894d4e3747c8d6f8236f2c26
SHA1bf1f88be2d46164bfe37ab0579c2758232d3f31b
SHA256ce74e34e950b69a35bca1bcb130561b46a048cc05258e93ebd6bcd79f83ed49a
SHA5124099e178c0df8f9012a4f9309fe94e3a91fa5cc59d9c05fb18551fc4dcad205972ec86decd0dcc41f326168caa216be5d981f40b0eddf2cbbefc5779dcb3dc37
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c26a9a4f-9b14-4b1a-ab9e-88991e63afc5.tmp
Filesize23KB
MD571275ba1cce5a746cbe5ed5357c6546e
SHA119aa3be31131ee6da5aeab16e62af5b3a39ee367
SHA25698194176671bd43e81f72f434b5bd7321a95c1588df3b3515d6bc469c564bb8d
SHA512ac2c955b39e3792308c73c7d9793f1663d648709742bccb53bf45a6937cf48dd54070af0a6fa2fb24bba11fdf3df79c8f3a7489859f244e2dfc653d61b74ba3d
-
Filesize
7KB
MD5e0207eabf3387fc8fc4a631cd888ab07
SHA173d86dee4d7f4fed56ce9caa24adadf32ce3e6ce
SHA256dbaa0669172755992e22545b7b6e3de934874ba284f9ecc50b0a5b3bc3b32df1
SHA512c2893cd506a6fb57eb0cd34be4d0af3723c21866fee7f489003e77c764ca09f16003cf33fc0e36b6792576df27c721815b4553be5ccbf470f6293bb413902d1e
-
Filesize
7KB
MD5b59b1d508e527dc51378c99172a4ac2c
SHA12df2cf48cf5f6a74d74b9d079225898b4dda5365
SHA256f3a4370f8a672955c0a546d50478b02b8f6541513eb11aa92d56c31afd985624
SHA512ee8e6836994a4cecdf70ec4cb03aaa5f0a2ca68dd5742556ed860156d319a4119264aa398166d6d397bd4de07f37528b30f8d359a84dbc1cf541cd7d4ba2a3ba
-
Filesize
7KB
MD530f155e7a1193c7455a698e6e7af07ae
SHA15b735d43c4c2656cbf9a26e2ae042aabe4d8a7d0
SHA256c5fd18b52a146ba0ed51911c7084347911b1480348f32c1d14613129f52d7e44
SHA5124f5ad4690a224cfc899e15ac7826dd37e739f5da3d8c1fa45260ffa1154618cf770272faa208e5b4424f9e54b03e0db0a03aa16b35f21ac98fdfa3656e0a6371
-
Filesize
6KB
MD533101cc5f6b4536ab16ce9130ba8a880
SHA1a115ee77b90879a09de1c20e3f62fa002ed3ee05
SHA256db819d2499187baffccf7ed8a64cd5e820debb58c8684cf48b5ffe37ab47e704
SHA512faf2ec2686e4b8b983f71a80ec3c085b68f967068be40c04ec07071aff5c925c0c8ecd507f312bd955dde342cffe7185eb524c87769a20078e184cccb1c007d0
-
Filesize
7KB
MD576fd93d172f283d5cdff21237ae11e39
SHA11e5dde94d098d5ae140fa02b9c36052f9f892aec
SHA2567a5f7f81c6230444b2a248e2f8a727c62cbcd2ceacfa511c19688e1f879491da
SHA5128963c1cb18a633806a5f6189fb04b66bd2afda4e8ec69cd4071b1f402f74b0cf9720101f2aa53ea13be12e0b43fd00fe21d5a7b91b793fbf67a2f3d6d88ff582
-
Filesize
6KB
MD50c7f46dfeb60b82fe1beb1ea7306fc6f
SHA11be5b9aa89e7efe35ffe77eee3fbf7f094550b5a
SHA256673e2a9ea0210b1f5bff41356171e2a80dde34c754e8f3ae22a2c1840e54c987
SHA51213bd8955821c7d4ebbbb388383e58c5067ae26c8d71c543578717a25556dae0675c138f554319a3094e83ebee950b4ba0928c3d16aa7f22773d8434ba0d1ea0e
-
Filesize
6KB
MD5cb78e30d1a895029036f0ea5cf1ee41f
SHA1d9b8fc517464bc3b36524cef69a2f46ed8e5fd62
SHA256c71b488ed9634c853c0e2cc1a1f446bed3d90e2a709ae659cea3b5589191bba8
SHA51282954d59ea00a3fe2cb6a23e9fea4406ff670e7e887567215c8c5c908b89cdfc8f7b8eff68d9ae0b79416dc9404594ab38d1f402d8aaaceb7e72552db12df7ec
-
Filesize
5KB
MD57e7767241a3662c9b3ecab551415904f
SHA12624f31070f4c6d5027fad0436105bc510ae267e
SHA256305b531320345ef49cda66332f6e15b09bd985ffaf01dc6eb08c1c20ff44dea3
SHA512a18b42ac2c4795f77ef179f74ea5318622c9bf5b3562763196e2dc9bba6c644f49737d05a4e4afd20ad97be90f93944a4a7b50e6c7866b1666909155aed5e035
-
Filesize
8KB
MD51da4d9b3a1d4a4e7723ea771ce35d7c2
SHA1593a63a80a143d50c749ff01daf891107e7bbda1
SHA2567dd8b8eeeaf69a50f2d787cdf03ecf7fe57abaa62f56fe5b94351ae82889a315
SHA5120fc596c8afd0151dbfc3892324d89a7b6661400d753db8f52046099eeef649d70c918d0c5dd28fb1e1be37bf3fd5de066437c2970eb5513f3b921ff9afb6a16f
-
Filesize
7KB
MD53e7440cbc93f0dc13390cc66d2c1fa06
SHA1da4ae5698551bba6cd90cdd3f56a62571035d106
SHA25694ea39603cf2b7f3d59b5827c1308599a4c220bb70150039eb2af72478c7c2ab
SHA5123886e48f670a6b8f08b88c607f9938504bf27bb01ab77c29005394955f9959c91438a6d8a53365ddf794607c691ecf35c79298539c8b614b0bb894f693fd228c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize120B
MD50184ce4e4083beaa22aade36c59ecbdb
SHA1f9d4fa833990f15039c7eecfa05b97c01eab88bf
SHA256aa1cfc077922da588248862ac646f9ae5103c4ce340e7878d9d5a5155be78ff6
SHA51216716af3aa9f9688939d4f23934fb76a539aa32f50b7278e5c78047a3acabe0556a87430244c835e4375cc87273011822e343806959e168ed34fb65bd10c4432
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize120B
MD50da6b4f781aa96209b023145ed67b8b2
SHA12378ed96ef049ac27208bd4f423ba1926d1ac642
SHA25631a5f0f4169e54b21ee542c3713fd7a74e19b0aa380b656d74830ee7d5f3e5e4
SHA512432fb0ee88b743045f35d68bb7bcf0ff1afd9511e53604dd48bc7e72ea56722cfae92901fb696549785247a3fb5bcd9caae4cb351d763141ed5038eab45e45b6
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
281KB
MD53d1395d4abdf3e7623f73b9d09be2236
SHA18f5bd76338cb1bf63d8d75c23034e7111efa9e09
SHA256382dd4d2f38b6c67d671741f64580f3d153724a292d7703b8a4dd890b940acc7
SHA512410c7c9df285d2b34c3c76773440fe90d6948e474e3150d0c0c67d37183752c94c2b99e1574733fc130dac85dd0a42f565035dc448c4192179fa35812f0d0b26
-
Filesize
281KB
MD59cb950494491e8ba177c74be35dd6ab9
SHA1065fa29b1d7e9f2a27191604c2933a56b4f6342b
SHA2560c19b5a3b8855b83f0b58dca8fa9ba0260349175081c565c79c1e7d39ceaa515
SHA51230932d7429b33ad15c8099074b196f65e4a0fac7798d90d0e220f0a967a0443a84274bb00c9e3453b9cae0f88fea47f11269f51d91d8b28c1ecef6b9bf0681c7
-
Filesize
281KB
MD5f87b939bf4a67c314c38bf85bf79782b
SHA17e0ecb18e28abe925c98ff323a2cd80d3c6a4ceb
SHA2566e25d25d71928f3665db00e0fc8a8fdc76dd78ebc83c12a8849f3ccf91c12de7
SHA5121126bff6b24537bb2901dcda7483cd1554685c38712fa830ea45482c824a37250c00a2a07b6016452e2495af9e934ad7f0e2855728fc4f1f92e17fb1ae77f113
-
Filesize
282KB
MD53bf572d980e9a7bde8e0d34ac5f5999c
SHA1569f9cdb55250042ac0dbaa5613e3aaba7b14617
SHA2567c5aa59adba012d5b6654d9b1023dc94fa042ccff8ca3912d7943c102bcb4c91
SHA51201513aa3ade4a781b674ccaf1de97a1d7e723d3208755d6097f955026d21a6dfed5da080beb0a4b8e0caeece90332eb5c9ef78ad81f06198dabd8711daf31055
-
Filesize
282KB
MD5f90331af8af20b50a64fd1ee25182f91
SHA158725882d653efda18cb4a9812f4cad9243de3f5
SHA256f6d255dc8a1fc0c44669d7ff0f6bc14559edbf5292aedf4d75c18c882d59b8b6
SHA5126da422b18aa2ea6ab7fcb2134add3f90397df25cd8f7fc65b1dee61a60e18a214ca17786a5904c686d7501cadc7828cc7561e1412588dd93c3bdd26beca527f8
-
Filesize
355KB
MD544e4dd1c0c605a548a0bc3a16d668652
SHA1c0f6a614a970aa5774df668706895b2e4d6167d7
SHA256ab6e7294bd8d8fe35b0c917325848f5cd3731f459bdf83b2944e43c241ef7f83
SHA5125b1ad77db494d9fbf984c1026a58185593729310b7913fc2930ccba5b5071b271506400e0f3f4c620976cd90f7c3b9b523dd9821b2a4391920e027fb46ab1387
-
Filesize
281KB
MD5f9afcec01d0278e271f0cef83dfe1b51
SHA17c0f55a5c5996172bd210b3aae3c97d9865d8ab4
SHA2567610c34ac80e584b0800521bc5a5294095de3db551c94610b0feeb1c8fe26634
SHA5127e533e26ffb5f3985c6cca8af0adda403fece3e3ea97b18f4943847533ea6118756ca59ddc8cc9a0e11b87b1e2c08baa685d5fa22e23ad6c8e7ca8105463fc64
-
Filesize
281KB
MD5ee38c51a321ce3898a05940c58ba215c
SHA14ae521fe5ef088a1d1db5c6e7a96838257205cdd
SHA2567938e183019c493422e33f3c62ab6d6bce77cab5f861bab0f698147c4ccf36ed
SHA512385f07c417b16c41e03a2d510567fb15ea165e543cb6bb08d12d239906a7cf28d9358b974f5e84573f84663573c64811443eb95eda91088555405ef32bd607d8
-
Filesize
282KB
MD5874cc6903415f19465535d4d644a9791
SHA199d18b76bf57a908070ff0fc050f0a29befa3d65
SHA256d1861c732227b4b284201d2acfc3b03e8f53f6a0a6339e0ba13fa973a7d3ec51
SHA5122c8a96f7b3269a7778a142f28500dabd1b70695de979c32d05dd6bcf283047f8148d101885c159a552127c402c27f237f291956327497b4c7c6ad8b96708b29e
-
Filesize
281KB
MD501e62ce60f47b4a4931796b8564f08b1
SHA184b825406dc693e4818751e2f84ae2dd56d64e87
SHA256070b42f1e6dd6a32f2957d21dbe3608c01ec58d957806b5ab682d9dfd492cf04
SHA512188de215553c21ca4e1ef543cde8a1d670ac4331007bf814dd15fa0be7bafecc9095bb58aa37cc0de66a3c3d650a23be05ed505d9e18c9233eb603fd327751ec
-
Filesize
140KB
MD5605890786705c643a2dd17016b5c1f24
SHA151960393240977ee2d96345aa4af00963177eedb
SHA256462196adeae3f35311a813aa509832aa587b59e60605bcdda19e457e5e749869
SHA51247c139ef7cf9d47243b716f5328b668826580141835c349ac797ab9e870ea04057775eb3e290eed9a624ca040f228fa267127f835bcf457230b20585b614739d
-
Filesize
281KB
MD5e1bd5358517c4c9de3779d7db1dff154
SHA1f2b039018888d1dee98d04f950d2c30945437cde
SHA256051069a1a95762b0d945203c22e397ac216f8fe8399547ecdda660b236e31960
SHA512e33b21aafd93b4f198ab9f0dbeea9a33b497cf8f6d497ea0e56f221f99a4c85b72c16c22ac95235fbf0341dcd4e8a467d10a9b84c3b3f44648760bfde96ebeed
-
Filesize
92KB
MD529df15bc7081599af969ddc836aba13b
SHA15f40e9fdf6e23afdc35b8498ecab537b35a0acbd
SHA2565c2fac0cd39cf30bdaa1e28ca1c4a7b3edc46e6d0ec89cace2ff267a6b025f7e
SHA51214c08d9a1c42a39ef6838414105531726a60b66893928ee238cfa5b659ff78893667c642cba2b0177465026c8aba77af2a99d2b70302b9702834339799a43e42
-
Filesize
77KB
MD525008d66273889b5fef4d4f535a4140b
SHA14b16c30dfef78101c5c7a6345d2e0366761af57d
SHA25675a6a42f97d3b0dc29a34d1375b0170b83ef4a9cc47edff2267686004a7642fb
SHA5121da341f926f397c379ef7e3863116e0c2dadf618828ad888419b7af995d46dafa05f87188a778c6da39b7f036b87e87027982ed8d631851bcde4fe04c16528c4
-
Filesize
75KB
MD54fa019158a5c61310e8954d8251b1f32
SHA15390333c4227622236caeabf74fbf564a02c4540
SHA25686d786dc5ab5c046d9504deb39e2afa38c4a2ac80797c612601ebfa7dd52be90
SHA51241dad9d352bc7d7d8f2b6e6351a642672e786822b23b5a48837abad631ac054c9312be46fd87e780f5bd02aa221a40d779308e322a8be3777123909e311687c5
-
Filesize
29B
MD5be5e904be2943e27cb177c71d588e08a
SHA19664e16c18984f0db927a3e500b4dd96ac8a8ad6
SHA25634775f44c1cf2faa4e935b1cd7dadeac10c42d66ac50632a5bdf1100114fe521
SHA5129bba86c24a380e927566c6c047f066c9334c7178a5ccbae0a0cc9f7e7d9cb40058a9a1aca7f0822cfcfffaca5cc33a65acc15b0d5e6aa0632a0edb8fdab5e642
-
Filesize
74B
MD5d6cb1463f45932704c6f258d8071ac58
SHA12a6e00419533249b6688753ef626280502da3b8f
SHA2568d756764b26eba637bc7ff3ef4ffeab6678004ed21df22e569469a8cbe7a3381
SHA51249d168e6b5516d597a3219b54badb04d2087b8404cb485a09509923fd48f33ddc95df58fee4dde35462a8f767d70f72b80066978b6b97d0ef493cc1533ee97b2
-
Filesize
138B
MD51d44007d13da3eecfc0386ffbd99f9ae
SHA1060b4ce5674ca2881f685c5579fa8fb3e2530256
SHA256b2c2cbcbdabd47765ca587e00a8e894d6fc78beb53448aaa1ac91aba793e299c
SHA512a555b98e65f1c064b91c4f5adf75b2bf249e251865807ad2d680018f78a0212ef5580e67cfdd00c30573a01cd8f02d7997ead726b4dc99b507a1483299dd4e1a
-
Filesize
166B
MD5a124ac9f9f82ce9bfa4465e75bfad473
SHA1465ee8d621bdb73b9987dbe479b976e1cef6917b
SHA25697c10ff6f86f63a5fe2097b8592321a600ee8415cd1822e441c0ff138139261e
SHA5122e5205b90c7de76a8ff73163520fc36db7ced0f891209e6f2223ec5419b0a08b0aaf866d9f57ccc7f99a1209d9b94567f840374387282090f54b33f35fe367fa
-
Filesize
827B
MD53a4e1d1d71bb379aa1dd0ad2a7dc6d8d
SHA17630fbfec8b20b56a6138e8fbe577fa958ee18c6
SHA256ca11cbb948e66ce7897fa52dde5e11d5c7f2e7f6b58de832b9b7bc6f111250f6
SHA512ecab304ca8a2dea3a0bdf464c67a233cb2757b5d78d5d974d7dd3c4cdc02f792b0037583a53de9f6bdcc489dfd56793bb0ad5c0d418e967fdfe1a64cf97f1973
-
Filesize
3KB
MD54ddd6026d5f7b84bf709112ba39b275b
SHA1a1bfbbe1ffff14b9fba1480a20a578c614a842f3
SHA256000ea7425f8120463f08e475997a3c950475dfce6a975aedf1b125ba3dd05124
SHA512c6a362133893144ab163750a964bb0ffe2600a010a349676b1fd110efb76117506d7eeeaadc31fd7cd740ccda11bfd24f239c5a826e1dbf2781720cd06f5a110
-
Filesize
384KB
MD5eada6c56a6564d2a7399e5d72397699f
SHA1e7d959cb1f6d64095aea6316cce9c919ea6e34a8
SHA256a3c3fd06586268b0dc2832cc97f8069a3a8154bd40ee68cf5fa158907549729c
SHA5122ec0f49b8587f1c38896f438a15df5108228efeda255f98683ac40cc45b4ae0b9037d8061b4abb7fe52c339abd2e27b6075483ae9a2445b7fb09089a8892a0f1
-
Filesize
280B
MD5cf334385850ae7fd67436dc7bcb7bc74
SHA1ec30ab85a11781bd24468360490e13f5e1ebea80
SHA2560e3265f16f428ba6135c52057f91ebcb56d2b13277396012d2fc6d3bc06150aa
SHA512de038b198c5734e3769d50195535cbf1e55b39a5fae828e4cbc338f73d28c2b56c499865479b2d4f01267f37329d0360d859e5c09491b951074c8b0ecbd69e97
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\05143df4-504a-426c-ab34-f6073b0abddf.tmp
Filesize5KB
MD5f756900852b80d989c7b38340f25ed3f
SHA1f0dc0d2327f67afd56b4fad11764f7cc88b6dc76
SHA256435e260f50ec0f87fe661fd7d15b1f838c26f312e947ff6b537b0b67aafb05bc
SHA5121e4a402ce6c9fa0b5f50c3ffdec87a2323a7d2e123710db7c387f365a744999a55b08285bb08ea5288732928ec8b18319106bbbfe8108bd4027eb8da547e82ba
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize48B
MD54f51c4ba1e6789c7eb9b398a562f4b79
SHA15c4163b2e081e81b7312c5414e6c1e2e8a532f14
SHA2565f77afc95dece5865fa973673e871e0d839f259248c58cac54fa6381214ec46b
SHA5122984c3cffe4ef8646f65a777c1cddcf01a3ea9857e2047a9fa88b1d40409789b0081b69c3b0b9d9c8937047a363b8071b9b3f19b85db5caedb2ce69ca56ddd7a
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD59bdf7377c94f7ecee544e4528a4b17a2
SHA12e486757296337b33c1669fac5576498c649d87d
SHA256cc5e4ba4b2b7c4ab4e18d9efd0b8ceeea058cdbf44bff7597221dff0d5a83f96
SHA512955d97f4edc2bff6460f7a757b5c49f51d65db52366ba3cc14f3d44e218aeca79935d375d83f9caf450a3e81d847124250404b34dc0e491a5eb6f7a5524a0c06
-
Filesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000002
Filesize50B
MD522bf0e81636b1b45051b138f48b3d148
SHA156755d203579ab356e5620ce7e85519ad69d614a
SHA256e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97
SHA512a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
Filesize2KB
MD5957dbaa08c6417a56374afba87914b76
SHA1110cef6f1a643f996dbfce60f175ff359ccaf9be
SHA256486c93d76d1406262d796bb97df0b8dc55d9bffdd4424302df4e96740ee044d4
SHA512db0a9baa326b076b32a8964ec95a5caf52bcf5413fd9b94ad266f1acae9a1a139500765fedaff25cec0c7afcc2988bf5bdfbf3162d0013109d313235ce21e09a
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
Filesize2KB
MD50998959d4b7fea28692310870a2c816b
SHA1aac79487319efd1c42b568bf03a4875f5ef7bd82
SHA256ee2d57ce63417ed273106cfdd8527ae164c400165363ba8cae590748ab444527
SHA5129b2a2799907144b07802cd363cbe8f59930f68a8d7986cc7da08ebf591d72db30ba175ad9470c35cf024d9425ca370c2c405af8784b7fe7fb480c63e42046ccf
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
Filesize1KB
MD5bf4395c726c6c0b443b9d88dffdbc19b
SHA1facfc7d4074a196d1c860c8d7b4e226f6a9e7bc9
SHA2568b37b185b5f4e7cb9f43ab9f012cb9edbaf4c770bcf873359e7bf67fe0040152
SHA51227ccf5b20debdd34f7c611961d8cf30a1b05b6ccc695254b30df380e5ff09bf7d78967d34630b51ff6bf2beb8189f5e26b193cbb1f37703ae3ae46f4eaf44360
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
Filesize1KB
MD5eea6f3d8026f0884398d7434e86d29b1
SHA103bdb36bc69fd01a123428f5a036c4b851793d26
SHA256a5a83be24acdca55a254b83644bf850a5f7cb9a7f229ee323634a27a13070d5f
SHA5124c3a7691d303c7ce82f5af01cd5a914922ef44af47a7ecdec2682d8c72ed3d414517ccafecee26bf356944d17700464d8de378ac0369408d56ecaebf24e1eb71
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
Filesize1KB
MD51352ecb80290cda20970436a4aa556a0
SHA1f2575d7fc8681e6988b63c2c5af1c50824722930
SHA2567db6d27f091ea7e1e352f66b2dc3bf18b36d5af1178366ca81a8e8da4f1c5fbd
SHA51275a7e8094b4b3737245db2b81e8d1f975f1afc3419da2aba5e389bb44f66e6d0e12de77454a49cdafc9a3ced89c1c34ed20ad23eec008cbddf5fc4d2ef886e87
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
Filesize1KB
MD551045a37a11ab2c7e3f9b8f60eed66c2
SHA1514c14ba8354982f7e144820eac6c439bd913207
SHA256093455b5a9b13e58b5366237a2349f2acf2a93e1edb247b39f9e8e2a45b98561
SHA512d33bc1e286d57b47ea6dc64789cad8f6fb0424b3fa81dfd8b242819ec77e74f07581e0ca8f7f4a6ffa632949b2f3e9fdfce8dc036694d4418f475a250686725e
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
Filesize1KB
MD5b9b2968f8ea7c883a0d5b2c1ac10fa6f
SHA185bdf200ca84343d639efcc234010f282568c797
SHA256e457090f19b2c0d2e3db1666234aa3571ae3cb1508bd3ca8059af8d0d3a098df
SHA512c4f8be4e274feb6bf3f4a1c4cab8cb9e834f42becfeb00053686a355cd8e410376f03760ccc7c8be28b2b5d03554271c5e23d965fe198c005e30fc5c6a45716e
-
Filesize
5KB
MD57427e9e9229af2cf692089f207bc3634
SHA1f7daea3d3791cec86f0133e826fdfa5ddf69f4a0
SHA2565e011d65383fb160a4dc83cf0e3666fff5718366f206d5831056332b217123aa
SHA512f698f56b5c9dd8a15125e1ec55f6d8cb5f2eeeedb5fa16f1ec02bc21f50785eabe6b6e988d761efbd35556336781d05fb4ed5217c1390fd4b2bf94454f66ec2f
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\a0ccedaf-8c3f-418f-81e9-1b36f172a744.tmp
Filesize5KB
MD57eb1996ba39c265434d09772826fb26c
SHA1d12832dc80db63d5324a1a3d72b51b8db927681e
SHA256d96658b6bd8f83402c68527c6ae566243c69a4a0eeab10988da5a41df3cd5f9a
SHA512fa10fa0f3a21d3abbb582c67f2caa8185b7f6bea5b612d72fd79f1e089732ca530a2f7d37c50e8f07f68b133a621ea3641aa9a66be35217853c69a12ddb6e6d2
-
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
3KB
MD5d2a6d4024e4f00ca7b681329c0f9b17b
SHA1ff3dd6d75248de0c08c757180b306893df187866
SHA256f1f460c1ff076b1ff9fc3951e5ab4c657b86559e8960c1adf99550d3ee97af4c
SHA5123a9fde001909abba846f1444c5f4e980ce29432ab6ccc8d9e43a216124cd43d566e034fe049b566d34486684a17e9e23c81f7faec73da1eb675ee89c3b777a51
-
Filesize
3KB
MD58e44fa2ecf10ba5cd5ca4fda68e21179
SHA1b7b2d4a50f676e0fea2af14d3cffc20a8c327a38
SHA256b34ffab12f842d6c0195c51345427f238b1878a15464fa01820e015cc42a27c3
SHA5125300486d71ff9dd99eccb8d6a8e6e8c9bd15f6980846adb6d823a40ff7477cac29760baba8a8d85e861462e9f3e5d93d4ee23d61fa59369ec9407d486e2d99f1
-
Filesize
2KB
MD5575f3e6e34af35ce008e99c18f84fd59
SHA160db28fd41996e8d32009544dfd94b94c2ca8129
SHA2560d60047546aabf0d61f8603fb0f191876bd31e901ed91168fc075988809c343d
SHA5126f0925a13e1b4355d49c50998ae2405cc525e32602c96474d1c79fdea78a6a90969b29da254588ed2c92d005487bd4de72777e9e085b4ef37a5299968bcd19bf
-
Filesize
1KB
MD548e5a5e9f2b8401f00a222861ba6ad26
SHA13e1acab33294865fea14855e6cf3b4e8814ab945
SHA256b9151ab05a9c31a3d60b43b2cbf624e125d8cb82f7e1173f598451da391e37f2
SHA5128bd7f3584896a82323d5338861702f646a4868b2d42d020739a7ae7489a655ae2bb263cac76d9b5332bf0fd55f1177e063d91e11a78d8e95981cedd547b27bc7
-
Filesize
3KB
MD53aae66474e3c3e79ada419ce92ca9a34
SHA14374c7db149118537901f8ce934e8be08960ac24
SHA2560edbb0e07aa7d4ff62ec70252aa91759762ecc722c90d90164f7cdd11afd6eec
SHA512a06df1b70538092398604c875a1332c4f848e1372b9b2c46db64ad086b3e78c391d0855dcb4f51874357ddb5253265d8f66a4e3187d16dc0c38bd8271bbf27fd
-
Filesize
3KB
MD5804cd35ca0f9b6a1318e547075255a98
SHA117de90e428b01113cb90eac57c2b391fa981b266
SHA2565a02006d1a97caff7b6d9d9ba2f797c36d495782954a2ac96516ef95f5b14302
SHA51210117c2373271ae11ece077bd1922ee78fd8ae7a4dd68794ff12f450f7803355c1fe6abbd7879804db43337ecbc6636cf40fc77689f94ccd605b58d944f07339
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
40B
MD553924f6674d6ff1ae6369846ff4755fd
SHA1de0cc75b370d8048044a97144c69bb72441c17fe
SHA256ac70427960e5530d25f98a3e159bf2c1f562a6c599ced32a550ad8f864db00c0
SHA512f4053872deb6ccad206e590206ebcb12891267e0e2c15c4a1abb6311682fd01d9812c89f0b3ca007bc053ef4d457c2b4dcf8644a66393e05315dd2ac195ab8c7
-
Filesize
91B
MD581d64a3940df79157b5930a565fa5d08
SHA1065f504ce750772347f4c2a4de8e19c4dc281223
SHA256873c07b94fab1b202a835b681e9aaf9bf7071b3d94976f9cefe7ab0f73077e7a
SHA512a372f0ea71cd01a4e827ed56aa75cf4b1dbedd791140d812a20b8daaa62c4c372d58d4f851ffe6267597a131574408cad393c1fdf55899fb1dfa86b363b88ee3
-
Filesize
91B
MD5d3399ac110f79352af642fe92900f3cf
SHA1f046cc71b5d03ed9a1ae0ceff9b6e46d64f75c7e
SHA2560bc22f037115e5d8c686570e8e4eb738f3b47ee39909c78351741b9e24e8a3fe
SHA512b526ab95c41981b4b8f8128c3e2eb995f21bf929cba9fae4d4b2d5e9d49b953f18e0f2cf53787e7f6773f660211c17a87752d87cce13cf0b557beca84106ce04
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
1.4MB
MD52f6cf21624125d28a4340ec93d3ec914
SHA1105472bbd01385b32d30edc44588f3e9fda34c05
SHA2563bc289e1787c339f771bc1524784aef646b249eba369cc7a1951f5fd20082983
SHA512ba5bfafe3f48117e12ed1b84cb38774efa3cea8c56f748fe77d709434d704e4789d0a606aa4070b710649444c9314011ef2f0dcc6efcb0d9886b7c1bfcd40f12
-
Filesize
7.4MB
MD53153cd4cbb398c0d5b6126a1b46b36a2
SHA10d64eaceed43b7f5c0743dd4819493eb27f01d53
SHA2564a0730547ebff2fc0d37a3dd25f288c64aecaad438a81d8dd1017ff861cd851a
SHA5126b276c54a73cba85d0b14ae0a724fb4bb0d38dbdf1fe01590f5866726c8ac78021d60410db0d8658e474d220e0b7490a541e4f04e314415d7f113e6a24184a20
-
Filesize
69B
MD5d4851d7b24bb19a9fe015c07fb9d0ea9
SHA1426ed8f93cb98d6cc5b4649a36c8d3a5b7a68c33
SHA256ca5b96c4795aa40c0ca75f3baa4157769e8e74bad75823634f1b67f1cc3d61c8
SHA5121d99947e02f2060bd9b8db7073a9891577a89593156b4c69d84f13752f832ba1aa319155f9ec0b332049b375286a1dacde5029e8b7b7b35da7b00a0045a000b1
-
Filesize
5.3MB
MD5529ac613c7ac1ddbaebe9e7d9f82eca4
SHA1fc8cb991735a98a9663776a61cb9c185a3335f94
SHA256cd6a5d746b5c36525d781e6d40368f87a3edc3ea157bf63fb55baacc51337f0d
SHA512e2378819587ed7eb417d0375d49a55ef9292b9e8d22718a52688e3fad59d68a711281f25d1045a9da5442f2d805b9d98aedbf4278c9188208bb2edd917751e04
-
Filesize
721KB
MD53989e180baf25e11791b4b9d5963dd35
SHA1cb62b79c78de047cfa43e5d7fe9e3f572ec438bc
SHA256441d0c1593a5eaf1edc6090ff00284934b617f06650b5707a972dd66f19a9def
SHA51256928635a7396b2c4b0f974f937f0d284fdea21e7049bb1295c0ec234dcb39f70185ebbe4758d0f695b7ca676d8c9b19c60e324686a3d80dd3ef422b9c1fa088
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD52642aed93813ab0b9593c674202aa2fe
SHA1bf66f64b103f0b72d3f9dc69923fa33d0921ea2e
SHA25601fe418701b2d3ef1788782ad1fb2f2c5f78c1c706131ee844078b05dc0d33bf
SHA512ad0f68de857de287978f5b62bd1f29066b6a2e849dc4e6ce16984196c041547d8cf216f5eddf891f8563a0f2d2e143d03526ca1d549f94d16c625350c58c00a0
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bdfca9dfbb50022b1bf9ad4490caf8b1
SHA110c446d0de8c41a3b5746ad3bb22bf64e7102c23
SHA256bce28320b97f382defb8d1943720d10d2b4f267471cdbe5e331ec42369e24a93
SHA51264f38935aae5ea155e920d25c85c8dcd1c16f374a6998d6994d04e4d023c860904979c382bcb7023c5cd270f69c044693f927725805a2029a2ef22ade3c99c06
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD523fa73002db6073e3c8d34d3c297deb0
SHA123814a0f071c0076dceaf6c4d4f0bdf776eaf92e
SHA256fb1257373694554b47accb0777e74c21d6e467ccb2935c86f1ab275966b5da16
SHA512d0730e7a7eb2198e24470be0f486c585e8dc4973edccd3a5da9a55935b38e38c6d2c1ecdc4862f2d59975fe7c0ed4203e6b2adc408b5f37f7e490306eab98cf1
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b5d0b23cb85c9248e6ace8364f5b8a2b
SHA117727b2b03b4330dfc6fdf31dce693bb498b3ffc
SHA2568c3dff84f11ee0d46cf119374b78a4765ebb058bded42ecee7e47f1fbb5fcbe7
SHA5124cedd7c56bb968fa1bbf39b4c4a675abbcd12dd8d69423ff6f766c09aed6f37c1a196bd56b4b3353ad141b769bf07a09af50d1da89ae1fa6dfaebb6bc9d3ef7c
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD585c33e0efceb8f083e096a6095c41635
SHA133a8912aab1a5c02b5b1c957ccdfb23497091578
SHA256c5a4845149185bdedd8b6f75556f1c864ebfe70c2ea6e4c94d438a96cad4a6af
SHA51200d0d6a615e21cba3e5228b4b171bebe9611fb26c4e498e51e67d4968175610b879801f57f01709396759c37d115c93afe7c92549202d9aac8071350943ce2b7
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a6921395a78d7903998c263da20d682
SHA15877fb39e2f3be295c94bfa0c1fd2e67cafcf6c4
SHA256a48d7d58d9a2f01ddd25e60e243972f7103982440b07020e13f50232c217382e
SHA5122947296a8d23e6f90306feb5f450c13800a4ea12121c5f218c4ca693ff72da2908fe6be12268d104c715e2bbaf5db33dc9bd89a78907311397ea90b6ee679b65
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD536b62e85371fe91047d1b0ae7be33372
SHA18189eafd18689fb65fc5e1c8ab921c2fb5b3a684
SHA256d29151d15658d40ad526559a69d08db23d60ea95ea719184ea9d2d7274162f5f
SHA512b4926bf03ec5dd10ab15adb6fabfd9e54f5af6cac690b13a31d60973fa9ef791dc18824d41ba87e9592e34dc1bf1f9ab47a62e760ab425d2c85afd03186b7f64
-
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5421821856e7787a393611e31fde7c53f
SHA1e4bdcd34b69a7dce96b840fedbeb7d161cbeb3ce
SHA25698da80436535d900f25b2b55b7b8f74c46fd2f9a9f0ee16b4f9040245d6a2244
SHA512e2c3086fdb0e142960726ea3228f11397ab3abfef4a87ca2e2f88a4c8814d3a37efa7747d128ffdf51ebb4209dc37cdb8f5d243db4166c1b7f89878044c1e554
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e