74fb4e00b396ed5e0a64ae262aae598753fd8b345031436db974f1b77ccb259b

Analysis

max time kernel
1050s
max time network
1052s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
29/06/2024, 07:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1241304301683347538.ogg
Size

20KB
MD5

2e83f13cf9a84622a55a494baaf4a804
SHA1

fbbde591b3863cce251ec12424e4c7837fee2d41
SHA256

74fb4e00b396ed5e0a64ae262aae598753fd8b345031436db974f1b77ccb259b
SHA512

f1a47d525925897c93e64f1f6488e72966472dc3c84868ed8d44e9265646c1d4901eee4c652e2575bd98908c64d2f29569bb5c91abd9f96a54b9c9ab8c3be5a2
SSDEEP

384:smDMt+siTkrSwSJXKOkkSqPimwGA7Wv8NBqcP/r0UGWQKEIGL9sfeeh:smQ1GqEJKnk3KmwGAPlP/wU+pIGL9smG

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 39 IoCs

pid	Process
4528	RobloxPlayerInstaller.exe
1888	MicrosoftEdgeWebview2Setup.exe
1096	MicrosoftEdgeUpdate.exe
1652	MicrosoftEdgeUpdate.exe
2152	MicrosoftEdgeUpdate.exe
1220	MicrosoftEdgeUpdateComRegisterShell64.exe
1160	MicrosoftEdgeUpdateComRegisterShell64.exe
3820	MicrosoftEdgeUpdateComRegisterShell64.exe
1672	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
3484	MicrosoftEdgeUpdate.exe
4584	MicrosoftEdgeUpdate.exe
3548	MicrosoftEdge_X64_126.0.2592.81.exe
2200	setup.exe
4968	setup.exe
4584	MicrosoftEdgeUpdate.exe
2168	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
4936	RobloxPlayerInstaller.exe
804	RobloxPlayerBeta.exe
3676	MicrosoftEdgeUpdate.exe
2500	RobloxPlayerBeta.exe
1892	MicrosoftEdgeUpdate.exe
4380	MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
4328	MicrosoftEdgeUpdate.exe
1832	MicrosoftEdgeUpdate.exe
4040	MicrosoftEdgeUpdate.exe
4492	MicrosoftEdgeUpdate.exe
1936	MicrosoftEdgeUpdateComRegisterShell64.exe
4344	MicrosoftEdgeUpdateComRegisterShell64.exe
2608	MicrosoftEdgeUpdateComRegisterShell64.exe
1580	MicrosoftEdgeUpdate.exe
3692	MicrosoftEdgeUpdate.exe
2040	MicrosoftEdgeUpdate.exe
1580	MicrosoftEdgeUpdate.exe
1872	BGAUpdate.exe
1604	MicrosoftEdgeUpdate.exe
5028	MicrosoftEdgeUpdate.exe

Loads dropped DLL 44 IoCs

pid	Process
1096	MicrosoftEdgeUpdate.exe
1652	MicrosoftEdgeUpdate.exe
2152	MicrosoftEdgeUpdate.exe
1220	MicrosoftEdgeUpdateComRegisterShell64.exe
2152	MicrosoftEdgeUpdate.exe
1160	MicrosoftEdgeUpdateComRegisterShell64.exe
2152	MicrosoftEdgeUpdate.exe
3820	MicrosoftEdgeUpdateComRegisterShell64.exe
2152	MicrosoftEdgeUpdate.exe
1672	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
3484	MicrosoftEdgeUpdate.exe
3484	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
4584	MicrosoftEdgeUpdate.exe
4584	MicrosoftEdgeUpdate.exe
2168	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe
3676	MicrosoftEdgeUpdate.exe
2500	RobloxPlayerBeta.exe
1892	MicrosoftEdgeUpdate.exe
1892	MicrosoftEdgeUpdate.exe
3676	MicrosoftEdgeUpdate.exe
4328	MicrosoftEdgeUpdate.exe
1832	MicrosoftEdgeUpdate.exe
4040	MicrosoftEdgeUpdate.exe
4492	MicrosoftEdgeUpdate.exe
1936	MicrosoftEdgeUpdateComRegisterShell64.exe
4492	MicrosoftEdgeUpdate.exe
4344	MicrosoftEdgeUpdateComRegisterShell64.exe
4492	MicrosoftEdgeUpdate.exe
2608	MicrosoftEdgeUpdateComRegisterShell64.exe
4492	MicrosoftEdgeUpdate.exe
1580	MicrosoftEdgeUpdate.exe
3692	MicrosoftEdgeUpdate.exe
2040	MicrosoftEdgeUpdate.exe
2040	MicrosoftEdgeUpdate.exe
3692	MicrosoftEdgeUpdate.exe
1580	MicrosoftEdgeUpdate.exe
1604	MicrosoftEdgeUpdate.exe
5028	MicrosoftEdgeUpdate.exe
5028	MicrosoftEdgeUpdate.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=AE6669DD2F19488EA67489A122F6AAD4"	BGAUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Checks system information in the registry 2 TTPs 26 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Suspicious use of NtCreateThreadExHideFromDebugger 5 IoCs

pid	Process
2168	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe
2500	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\btn_delete.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\MaterialGenerator\Materials\Asphalt.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\navigation_pushBack.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\AnimationEditor\AnimationEditorGUI.rbxm	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AvatarEditorImages\Sliders\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\particles\forcefield_glow_color.dds	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\icon_friends_16.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\playBtnBackground.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerLight\Unmuted40.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\gr-send.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\CompositorDebugger\eye.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\DeveloperFramework\icon_forward.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\Error.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_es.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\sky\noise.dds	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\MicDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\defaultShirt.rbxm	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\identity_proxy\win11\identity_helper.Sparse.Dev.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\New\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\TopBar\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUAF8D.tmp\psmachine_64.dll	MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\DeveloperFramework\checkbox_unchecked_disabled_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\VisualElements\SmallLogo.png	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\blackBkg_square.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\9-slice\new-message-indicator.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\dropdown_arrow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\pt-PT.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\InGameMenu\gradient.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\account_over13.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\Locales\te.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\TerrainEditor\volcano.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\TopBar\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\img_eventGroupMarker_border.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\menu_shadow_side_left.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\GameSettings\ScrollBarBottom.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\MenuBar\icon_safety_on.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\ViewSelector\Basic.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Trust Protection Lists\Sigma\Fingerprinting	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\MEIPreload\preloaded_data.pb	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioSharedUI\dot.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\playBtnBackground.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ManageCollaborators\arrowRight_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioSharedUI\sort.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\AppSettings.xml	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Backpack\ScrollDownArrow.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\AvatarContextMenu_Arrow.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\Roboto.json	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\WideView_purpleLayer.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUAF8D.tmp\msedgeupdateres_ga.dll	MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\Debugger\callStack.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Plastic.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\LegacyRbxGui\M1Side.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641188169274231"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ = "Microsoft Edge Update CredentialDialog"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CLSID\ = "{E421557C-0628-43FB-BF2B-7C9F8A4D067C}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\LocalService = "edgeupdate"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\AppID = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\CLSID\ = "{8F09CD6C-5964-4573-82E3-EBFF7702865B}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe\AppID = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "Update3COMClass"	MicrosoftEdgeUpdate.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
3328	vlc.exe
5092	WINWORD.EXE
5092	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
2652	chrome.exe
2652	chrome.exe
2088	chrome.exe
2088	chrome.exe
4528	RobloxPlayerInstaller.exe
4528	RobloxPlayerInstaller.exe
1096	MicrosoftEdgeUpdate.exe
1096	MicrosoftEdgeUpdate.exe
1096	MicrosoftEdgeUpdate.exe
1096	MicrosoftEdgeUpdate.exe
1096	MicrosoftEdgeUpdate.exe
1096	MicrosoftEdgeUpdate.exe
2168	RobloxPlayerBeta.exe
2168	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
4936	RobloxPlayerInstaller.exe
4936	RobloxPlayerInstaller.exe
804	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe
3676	MicrosoftEdgeUpdate.exe
3676	MicrosoftEdgeUpdate.exe
3676	MicrosoftEdgeUpdate.exe
3676	MicrosoftEdgeUpdate.exe
2500	RobloxPlayerBeta.exe
2500	RobloxPlayerBeta.exe
1892	MicrosoftEdgeUpdate.exe
1892	MicrosoftEdgeUpdate.exe
1832	MicrosoftEdgeUpdate.exe
1832	MicrosoftEdgeUpdate.exe
3692	MicrosoftEdgeUpdate.exe
3692	MicrosoftEdgeUpdate.exe
3692	MicrosoftEdgeUpdate.exe
3692	MicrosoftEdgeUpdate.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3328	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1800	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1800	AUDIODG.EXE
Token: 33	3328	vlc.exe
Token: SeIncBasePriorityPrivilege	3328	vlc.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe
Token: SeShutdownPrivilege	2652	chrome.exe
Token: SeCreatePagefilePrivilege	2652	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
3328	vlc.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe
2652	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3328	vlc.exe
5092	WINWORD.EXE
5092	WINWORD.EXE
5092	WINWORD.EXE
5092	WINWORD.EXE
5092	WINWORD.EXE
5092	WINWORD.EXE
5092	WINWORD.EXE

Suspicious use of UnmapMainImage 5 IoCs

pid	Process
2168	RobloxPlayerBeta.exe
4524	RobloxPlayerBeta.exe
2152	RobloxPlayerBeta.exe
804	RobloxPlayerBeta.exe
2500	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 3328	5020	cmd.exe	81
PID 5020 wrote to memory of 3328	5020	cmd.exe	81
PID 2652 wrote to memory of 2948	2652	chrome.exe	88
PID 2652 wrote to memory of 2948	2652	chrome.exe	88
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1896	2652	chrome.exe	89
PID 2652 wrote to memory of 1632	2652	chrome.exe	90
PID 2652 wrote to memory of 1632	2652	chrome.exe	90
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91
PID 2652 wrote to memory of 4560	2652	chrome.exe	91

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\1241304301683347538.ogg
1⤵
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\1241304301683347538.ogg"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3328

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004F8 0x0000000000000500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff5726ab58,0x7fff5726ab68,0x7fff5726ab78
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:2
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4232 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4396 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4040 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2716 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4592 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4364 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4736 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1472 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5380 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5560 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5764 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5948 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6068 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6120 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5396 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5576 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3044 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:196
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- - C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:1888
  - - C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Suspicious behavior: EnumeratesProcesses
      PID:1096
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1652
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2152
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1220
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1160
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3820
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjVBQThBOUQtQkIxNC00NEJCLTgxNTEtMEYzNTRGRUExNzUxfSIgdXNlcmlkPSJ7MjNFQjUyQTItMTAwOS00MTFCLUEwOTMtRjg1MDFEMkI4NzExfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0N0UwOTUzNi02NEE5LTQwRTAtQjdFQi1FMEM3NDFDMTkxRTF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY4Mzk0NDMyMjkiIGluc3RhbGxfdGltZV9tcz0iNjQzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        
        PID:1672
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{F5AA8A9D-BB14-44BB-8151-0F354FEA1751}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4484
- - C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" -app -isInstallerLaunch
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6176 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:SihAgng9aJRqWnRLUq0sZ4OWOwu7krkHneSN5adcIJHJMJbKOFYgdUlhaRwhNlA_5kbfwUNxYAV1ukBoHTA99q3RP3LxjgMxzEipINpIJBl8nFAwtc5fvYCw5UDyNNDb1qvL6A0ZxkHsXB09Ej8-i7c8z2aMsBXe07S3F_Dtuz2bVjLwMUlYiC2-u7k-h-tANiYWhfZ_5xvwFd4-7MsZCWg0MCtfPxjqnwYeatZe8Wg+launchtime:1719645562743+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1719645267537008%26placeId%3D189707%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D90caf61b-f4d7-4bbf-86ae-ae7199283806%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1719645267537008+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5968 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:ertB8Y5L4iJVZuHlH-JRi0RXxBJM_IT5BB36pF__e2AJIchXvBKwGuOm3F7qI3ozA3jo_MV9e5qGid5b4yNhAvBeS-RzlgLeqSHqg8dssFDmV7NbZnAWPWLxFeNrqMkOvsGSOnsL3ZoTUMnMQLfCcb0qb8-LVlZePOULJ_fg1ojNroF2KhJjJfobTSN26WRMYN8vNalKe2siFJXUzdsJcUJVk8gIOsze_8rCuHQ2FIs+launchtime:1719645606444+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1719645267537008%26placeId%3D189707%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D36bc200d-120a-4816-a37a-1b726606eefd%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1719645267537008+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4236 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:8i_50NAIsC2x1NPlM94x0Vt6EErc4Sj7RCQ8oSEIv6NNQxqwcvqaxdqnkgPvF3JYtd3VujzuX9IOCAhAyue1xgWyifkPtIaKYGxGchal3BovEnw7_ZFUH1Fej4po0zhluMcZCM43sM-7wYvIDWpNFfCgnmzZCCrp8A3kqkfyZpHDJGcRDoL8mRp-9waDUoaNpKTVaBVRw6FYDCljFtcyJgS220fwzkY9-dknZP_5Y1U+launchtime:1719645744130+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1719645267537008%26placeId%3D189707%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D1e570a4b-3bd9-4d5e-b8b1-5156f9b240c1%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1719645267537008+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6344 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6464 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6596 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6712 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5348 --field-trial-handle=1904,i,13311513146109825174,56134214837122039,131072 /prefetch:1
  2⤵
  PID:3616

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4728

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:3484
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjVBQThBOUQtQkIxNC00NEJCLTgxNTEtMEYzNTRGRUExNzUxfSIgdXNlcmlkPSJ7MjNFQjUyQTItMTAwOS00MTFCLUEwOTMtRjg1MDFEMkI4NzExfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyOTNGQkE5My1DQ0Q0LTRBMzUtQUEzRi00MjgxRDIwNUY0Mjh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY4NDM1OTMxNjciLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:4584
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{ED99DD09-233B-48AF-BE00-ED9A5B71AD04}\MicrosoftEdge_X64_126.0.2592.81.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{ED99DD09-233B-48AF-BE00-ED9A5B71AD04}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:3548
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{ED99DD09-233B-48AF-BE00-ED9A5B71AD04}\EDGEMITMP_51071.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{ED99DD09-233B-48AF-BE00-ED9A5B71AD04}\EDGEMITMP_51071.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{ED99DD09-233B-48AF-BE00-ED9A5B71AD04}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:2200
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{ED99DD09-233B-48AF-BE00-ED9A5B71AD04}\EDGEMITMP_51071.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{ED99DD09-233B-48AF-BE00-ED9A5B71AD04}\EDGEMITMP_51071.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{ED99DD09-233B-48AF-BE00-ED9A5B71AD04}\EDGEMITMP_51071.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6ca64aa40,0x7ff6ca64aa4c,0x7ff6ca64aa58
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:4968
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjVBQThBOUQtQkIxNC00NEJCLTgxNTEtMEYzNTRGRUExNzUxfSIgdXNlcmlkPSJ7MjNFQjUyQTItMTAwOS00MTFCLUEwOTMtRjg1MDFEMkI4NzExfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1MkFFNTFERS1BRjMwLTQ4RUYtQkQxNy0xOUVCMjRCMDYwRDl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjYuMC4yNTkyLjgxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2ODU1NjEzMjQyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjg1NTY3MzU4MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcwOTUxMjc0MjQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzExMTBiZjYzLWM2Y2UtNDcxNC05NjliLWIzMDI4YjQ0MWM0Nz9QMT0xNzIwMjUwMjExJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWhUJTJiVkN4ZENRcGMlMmJmVjlEYzlWOTM2UWNLN0lqeSUyYmpLb3dMTHAwTUlQZkNpNm9VQUxuZlprOW1qcVVkbUowMnRNZkIwUU9qd2c4Q2JHSVlMSiUyZkx6V3clM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzMwODIxNjgiIHRvdGFsPSIxNzMwODIxNjgiIGRvd25sb2FkX3RpbWVfbXM9IjE3NjA3Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzA5NTI4MDEyMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcxMDk0OTkwMjEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc1NDUyMzU2OTYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3NjMiIGRvd25sb2FkX3RpbWVfbXM9IjIzOTM2IiBkb3dubG9hZGVkPSIxNzMwODIxNjgiIHRvdGFsPSIxNzMwODIxNjgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQzNTc0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:4584

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:536

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:4936
- C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" -app -isInstallerLaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:804

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3676

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:1892
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5979EF71-AB3C-4380-AC4D-913F6F81D670}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5979EF71-AB3C-4380-AC4D-913F6F81D670}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{D1699BD5-6AD5-4C18-9C66-075D672EDA33}"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4380
- - C:\Program Files (x86)\Microsoft\Temp\EUAF8D.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUAF8D.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{D1699BD5-6AD5-4C18-9C66-075D672EDA33}"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Suspicious behavior: EnumeratesProcesses
    PID:1832
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:4040
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:4492
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1936
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4344
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2608
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDE2OTlCRDUtNkFENS00QzE4LTlDNjYtMDc1RDY3MkVEQTMzfSIgdXNlcmlkPSJ7MjNFQjUyQTItMTAwOS00MTFCLUEwOTMtRjg1MDFEMkI4NzExfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7MDVCOUI3RjItQTI2RS00NTY4LUE5MkMtQUY5QjY0RkNFNkNCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODcuNDEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTk2NDU0MDkiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjQwMDQ3NzAzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      PID:1580
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDE2OTlCRDUtNkFENS00QzE4LTlDNjYtMDc1RDY3MkVEQTMzfSIgdXNlcmlkPSJ7MjNFQjUyQTItMTAwOS00MTFCLUEwOTMtRjg1MDFEMkI4NzExfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins1MTVDQkM4Ny0xMjQ0LTQ0REYtQjBBQy1BMkM2MDRENzhDOTN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny40MSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMjA3NDk3MTIzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMjA3NTk3MzI4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDYyMzU1ODAzNCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzRhZDljYjZlLTgyNDUtNGU0Ny1iMjk4LTFmZjRiMDQyNTZlMT9QMT0xNzIwMjUwNTQ3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVlvaFdLRlViRnZzdTYzelR4RnR2NU1aRmgxWE5jS0NLQ2oxM1JBMGowaU9nbjE0cnBnaXY0YlUwSTRBUVlWTjVWUW8lMmZ2R2ZlQ2lwTCUyZm1JbE5VaFFOUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjIzNTU4MDM0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy80YWQ5Y2I2ZS04MjQ1LTRlNDctYjI5OC0xZmY0YjA0MjU2ZTE_UDE9MTcyMDI1MDU0NyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1Zb2hXS0ZVYkZ2c3U2M3pUeEZ0djVNWkZoMVhOY0tDS0NqMTNSQTBqMGlPZ24xNHJwZ2l2NGJVMEk0QVFZVk41VlFvJTJmdkdmZUNpcEwlMmZtSWxOVWhRTlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjM0Mzc2IiB0b3RhbD0iMTYzNDM3NiIgZG93bmxvYWRfdGltZV9tcz0iMzczNDQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2MjM3MTQyNTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2MjkwMjczODciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzYyNjE4MTUyMzQ1OTMwMCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI2LjAuMjU5Mi44MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0JCQzg3REZFLTFFMjQtNDgxNC05QjU0LUZCN0YxMTc3QTNGRH0iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:4328

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:2756

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3692

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:2040
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEZBQ0ZDRUYtOTI5QS00MzdCLUIzNDEtMzg0MEVCRjRCRkIzfSIgdXNlcmlkPSJ7MjNFQjUyQTItMTAwOS00MTFCLUEwOTMtRjg1MDFEMkI4NzExfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7M0I3NkY0ODktRUVFOS00QUI4LUIwNkUtRUE4NkE3MUZDQTk0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjE3IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTgxNDMxMDMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM2MjYxNTg1OTQzNDYxMDIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MzI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzY0MDgyODg1MiIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:1580
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1FA3F8F6-27DA-4D99-B2F5-CE6C44C94A8F}\BGAUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1FA3F8F6-27DA-4D99-B2F5-CE6C44C94A8F}\BGAUpdate.exe" --edgeupdate-client --system-level
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1872
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEZBQ0ZDRUYtOTI5QS00MzdCLUIzNDEtMzg0MEVCRjRCRkIzfSIgdXNlcmlkPSJ7MjNFQjUyQTItMTAwOS00MTFCLUEwOTMtRjg1MDFEMkI4NzExfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCMzk0NDk4MC00MEQ2LTRDM0YtQjYwMC04OUMxMjkzNDc2Rjh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNjU2NjEwMjcwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2NTY3NjYxNzYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQxOTIyMjk4MTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcyMDI1MDg5MiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1RQjljcVl3cHkzYmM3bzdCMkxKenppSGkwVUJwTno0ckpWZFlkMTRVMGNiNXdTaTElMmJHanNudlFkJTJmWnd5NVhQbiUyYm01N0w5cDZyb01hMHFNNEpnVEw5QSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQxOTIzODU0MzkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzVmMTk1NjEyLTM4NGEtNDhlYS04NDA4LWI0ZWRlOWRjNTZiYj9QMT0xNzIwMjUwODkyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVFCOWNxWXdweTNiYzdvN0IyTEp6emlIaTBVQnBOejRySlZkWWQxNFUwY2I1d1NpMSUyYkdqc252UWQlMmZad3k1WFBuJTJibTU3TDlwNnJvTWEwcU00SmdUTDlBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgZG93bmxvYWRfdGltZV9tcz0iNDkxNzEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDE5MjM4NTQzOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MTk4NDc5NDA1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQyMDA2NjY3NDMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDQ3IiBkb3dubG9hZF90aW1lX21zPSI1MzU0NiIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMjAzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  PID:1604

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:5028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Installer\setup.exe

Filesize
6.5MB

MD5
7c44a5cba89f38d967b1f4e11225da0f

SHA1
44837f2ff9b3ebc7c371ee5f9e0cd5dcaad508dd

SHA256
a10c3e0b2ec1286bfe6b3fe9005a9132fad01be9afc4bdd5adb29f174b8fb706

SHA512
25b4cae7fc6d200dab70e94461b7f2e7899813975cab498fb367a32aa2e187fb7b1330545b60f6340d53fe5e04a1ecfb5d6b8bf004ac26ecaa7a8f6e387dfe99

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

Filesize
17.2MB

MD5
3f208f4e0dacb8661d7659d2a030f36e

SHA1
07fe69fd12637b63f6ae44e60fdf80e5e3e933ff

SHA256
d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b

SHA512
6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe

Filesize
1.6MB

MD5
a9ad77a4111f44c157a1a37bb29fd2b9

SHA1
f1348bcbc950532ac2b48b18acd91533f3ac0be2

SHA256
200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889

SHA512
68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUE30E.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
9db7f66f9dc417ebba021bc45af5d34b

SHA1
6815318b05019f521d65f6046cf340ad88e40971

SHA256
e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

SHA512
943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
5.4MB

MD5
4fa63f4ccb9b1fca93ab82e51c6d4750

SHA1
1f26018c15ed5e14140ed44c28cf52a7b892fc86

SHA256
685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb

SHA512
a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
16KB

MD5
813b7b5adf0b87183c64baa495422ebf

SHA1
36956bce04ca33846411e75167aadf3568c64807

SHA256
a1316c127fc42ab9144f8c2fa2014bf6d0ff3c82f7ccd3f89c992e086e6ababd

SHA512
b98e92cf610eec476d2d32dad6a2fb1c69f28504cef90e53bb2124b74e6f525d83e0b274ee3209c4dd57d6bb81fd785f63068a20a8dda39107a7a0850c65f7f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
69KB

MD5
2280e0e4c8efa0f5fc1c10980425f5cf

SHA1
1d78ccb26fef7f1bf5bf29de100811e1ac8bda23

SHA256
b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74

SHA512
b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
329KB

MD5
4bdb35f3f515f0cf3044e6a9684843b1

SHA1
12c960465daf100b06c58c271420a6be3dc508ae

SHA256
b835bd77e17447a2dacfce2645a5e812733fe5a777a5e45d9daa56d28675cbef

SHA512
9fa600b87843759b632c2d384596109cf1fb149a5ab38524cf43cab5833cb25c355479aee90d60462764200108cde5ec71f0988504c97ad09e25975cac65bfe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
105KB

MD5
b9295fe93f7bb58d97cc858e302878a9

SHA1
34c6b1246cad4841aa1522cbd41146f9a547e8c5

SHA256
c0233c9b273aae7df532a992e710aaec409455b4b413b89a25854e9fb215c36c

SHA512
4c44ddbd35807653a60e2718dbd2ea85f09d7107b270045bcc2484e2a0ba977fbbb5739236ce7edb71d584c8f68df31fa3bdd03229eeace60c19662469adafc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
86KB

MD5
9ddd0737c0ca1606ae31f23fce133795

SHA1
6ec113b7d5bb4e00796f66609d14d10d3e829020

SHA256
dc1ee60f8f7100aed48f6b043412dab4ac371d67c41a035216dd7b8d979d0b28

SHA512
12de1a1427acee3dc855205be52956322903270b033b78312a0b3a3c570fb8c97cb7914ea824e59260d4bf363c61647d3666e862ea95786121b499e8b6eee745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d1

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f4

Filesize
163KB

MD5
d5d7675604340f99633218bbe4793104

SHA1
ca1df39b7a903dbb856a555db75770f6222e7dce

SHA256
f7d966e98dacbf184660988f6b4482396b517d391e4d0475ffae4fa6f40971c6

SHA512
bd202a6a44ba24d784e3a55556b02d7c20738553832bb42d7aa3205b069913e524c08cf0a348e255b6f0c697f118f190bb5056695ee9d37d37296b9675964236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f5

Filesize
206KB

MD5
04005a77a7747bc33157947393b1694e

SHA1
2b65b873b84b6e3f6c0b3f63c7462c77e8cf199f

SHA256
eb3591b54cc316e3b7d6640622592b59ca2faa6388f6982c0dc725752e807c12

SHA512
1ff50b20acc7ad04d5fdd4837b96f5ad3802cd72a15a90827f0983182725cd00d7bb562149b1ce72454df707c62bc776bd5883cc8fea0461efe3817df883777a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f6

Filesize
42KB

MD5
54476cef20aa3e041c5b14de32a5ab6a

SHA1
032a1be25a46f795208b0365455d34e1e3b17760

SHA256
189be432c6fdba1e70841382153b3b2ac08aee391c80f6259066364be3ec461c

SHA512
0b8ba7bec920a0b73393fdcdb8fe399473965646b32ddee7a6734fa222476780c40b8ff74e528b12b2844cc15278bf0c065ffef32c227243829950623946d56f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6343dc3554a0156dd93b420cec0e2319

SHA1
eb1382d73928f90b8307fd0f7d86f2f420d82bff

SHA256
7b45a43bddbb9837ade790549ee8c54793dd57a70fba544bada5292851010523

SHA512
85e4e412392c79bd2bdb2367eda8ae9b4ec0f30db1c0e620289dde42162fefa74aa500ff4366481c6fa01a9ce784ac5410cb2d2789f404e39d0a776f150d90ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
cfe2ee15e6ff432bb9b831003ef2590b

SHA1
b3d9c60976ed5490ad9d730de9aa1ac2125cd38b

SHA256
2efe4a00c96819deba991de348882f6cfe318100d002b2902ba4b4aef547c5cb

SHA512
d8c8ff7940f8328ab511a3168cf6d4fd61c5c28ed1581d67f5b45df6f06269673f4e932b3552f43b3a65def4bde748be07711f430926fd2a7bf390e4aadd5717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
99983508220e8a8c84abf15fde94e7a7

SHA1
c2af4a54426e11767fe9c229690c90c9ba49243e

SHA256
153d60d9690afe594f7ef96da834cb0510fd690f61bce80e2169b2eed3e7bcdb

SHA512
c387ca2c128b9d78444d8c31e714b5a14ce8777257b3e49bbb3383fa28fd75b3c4532c953e794fb9340d8418e48156fc7e98989e0e7bcecac7858d8cb7737b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
6b878d74bdacca186639cb7d4fb86080

SHA1
79e975e0c1b7db28e5ce95bcb96d0a58b1075d24

SHA256
7bf215d8e2dd821ee55e5c219d6f839d05aa3b3661438bd97a10e6b80a586e4d

SHA512
95a677c4c91b831d0841378e67936b835192514e5f4f4813ef17ba7aebaa5fb929d317dd8246e9c0d16b0e4e29f03fb7c9da3e0bb837ca43c807b939df1696d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
6a0d931b87fe408571457b225f12be39

SHA1
3f8a570daf8606228aef58ba85cfacd9f0e2ca41

SHA256
c0116ba3e51d1ef4119376a071c7a73594b59b0288e68e63d80070749d645396

SHA512
46290f7dbf8a38b26b2d3c89796fcb868af06a48d4f550e638c77c61c080037e7684a6078ff7a288f219dd6846b4cb45c13acedccdafb098ae7921eee0a645e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\36793bf9-a03c-4583-ab70-91362c0e016f.tmp

Filesize
5KB

MD5
04dfafbf5050d5b6c7b9f5a0786630bb

SHA1
fdff6a557ed7a8ccbc6aaf05d973abc2226d1b1a

SHA256
3c3c016a132728163beaca980a07e3066f8f1c04158fa1c92647039b858c9900

SHA512
b10f82395de7c6933f0727cb89e68a58e3b74eeda49af329acc5b7a5e1d9c1bc5720946c0c456ea832950065d59e44c0ad1c4616b1e49c9608b227c56b89bdf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
9f88945f96d07af56a6cd6ba69256c78

SHA1
c0f94092910e54ede537c28f69665584f12cf01a

SHA256
974ab91157f45b2bb5fe6745b0d0ffb484729bedaec57e2f17faba1c0f3917ae

SHA512
b6f8ff07ee022b28a7c384e9015dfd7ff4bd9782159370f1551daec7d364f09f3c1ec135f15f3f174429aa2856959f2212d313542af16ae82b4d989d800d7f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
e466bbc1c35c2f0ed0a1badf07fe41e3

SHA1
c1bc6a1ce25fd350c02257294bb03d9c5dbb21b3

SHA256
002c2b627faf444b8dec0643c5389a54af5d889f7e07a8307b80106332af9c32

SHA512
fb659175f5005f85985cc49efcf7c854be11e7d5224c2c023d7fc74f7db8f3d7c947ddb5bb79093d2bf4ad57cad4a097501d88dbd7c2a09ab62823f8e9d60490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
b4f039958e1b7a0e0862ef2e7cab83f5

SHA1
f0745ca14413d54e8791e8d909066ed3c952c56f

SHA256
7e9f43fb5ecdbbe4c43628d2cb8f9abf9e06afe0be560e6070b90426db7746df

SHA512
8e473d587e4794c0993c97db405c1873fd74208c49708cd5753dad625c00e4d2a3ea43b5e2a69e05c1bcb1b4738e012bedafe2e38c18bb85749d8b946d9b2dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
25ad224bfe1b32fa88a6a6028a460c3e

SHA1
98e01992cc4cd7396ab7613778162c216b681858

SHA256
e8a3a5d4f2a82b8719ea23b3183d9353db7a92548a295e3e0a05cc1030ac2c32

SHA512
80efc30b3648b0eea6070e0316c6f32ee84b3e0d3f0793495a589b68baf5d987c8ba62041a7288a8eb51b831bfd49ee942ea4f8c435dbe186f850f6260db4e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
bb05ede2be9a6423072bdf744fc67a70

SHA1
9129d87b361af3208ecaeac5b00b5cf837b77c83

SHA256
b96db84b60ea8361988d5761a68ad3c6d099fc086e628e29e9ae8cfa04ae5bbe

SHA512
46e1949e08339ee3cbb6db1783a3f54ea00116695bd7c608c3316c660e37201a676b0494bdb0dbee061a160d979a371f8a2e3a2193ea707364c0dae52962561a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
b9caf0e2c4f4e9038d24e98de793a9da

SHA1
47e9a2eba77c91eb64693025c354733e113de7f4

SHA256
15e671b97e71bc2350a485223ca79ee985d1d0dd8c2ed1554c4b442e7cfbc8bc

SHA512
bd1f44617a584dd8bc4ac8c055e2af8b4a4d2e7612f1af3b3a777ad70f0dbe1ce70a8085799ca2403a2f5587bf6e8823d8e9481d2a9b64f78c1674427f3b94ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
d09fc32ce9952c3b70225e018c5e8e31

SHA1
c85965b5e2613673b829e6ae63d4e4f63b30bfa3

SHA256
6d9c29fae08d561ced8f9a26c2d5403779bb82a519f0a8cc14b39c77003f709d

SHA512
a7bc900d0824df3b3d377f02bee11192adafb6cd3ee58219dde722a8c6be1532a6a1a437e7b17b50e4c793b44c8973aed79f36ded435ad6dd3f499fb0db9b523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9ea40a26b0acbc3b05d42063023fbd2

SHA1
8b574d30db1445f285d1e401d4245e4e51c7bc6b

SHA256
7d753563e823450edcf59116509f335dfb0c1c9f9609ba32fab77f5529d93c93

SHA512
840ac1615c4b96ff497c141fdd624c25b2956c09b2e4e5f3132e1e75acf52d4e6ac8f207bf96c0065c04634c1c069119450c4fd8719ce788de0273897224492f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5549c6a3b1d474480c9b22e6a265b5a5

SHA1
4e65b099090f86014482dc7fcc33b757f1a57c84

SHA256
3c3659ea3fd849c996d62571f7d4ff1d95577c2151ec4c4b329ec00bb31bff59

SHA512
4032c5cb55568c26deebad4bc55349370d2f311712ae1c6815414988d81c06917f062d72842d2f0125fdf516a356b5f80f9404118668a9f864c286558bc99c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8f81ed899c00be79c331929602d7a810

SHA1
f1eb2df2bdd77944ee4a6076d1ab3279c5f7d613

SHA256
37d5e3a2e87343df4e8b5fb3bb738644c2f29f372477466743b391649c647d39

SHA512
42b448456e7fdfb84d72642d05ac161ac2cdcee3710889879166d3deb43598840ee9e97ea387a54dc37c10dec959d476669e881520f3c034df5def8beec02135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a38a373144b231f29bbb34df8c9d05e2

SHA1
6328194f94bca989bbec1cbda053f2ccaa5c6b7f

SHA256
abb31b8610b415c0955503f6c1968be9fb29b322f3f8ee98a46fd602662ffd85

SHA512
d9580e680b4e75e121b392d323c43dcfeaaaed0a3bf57a1b5980ccb1e547e0a869aac4668de159c73c4fd3c6709cd0e711aac4a632bb5d82aa6c13483d753100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
532c532ff4a72dd0fc3a6b815c04c40b

SHA1
3b348d42cddf858a6b0da0574f640e8f164096e6

SHA256
a3ec5fe82bd9a62ea41d7a8460171db51caa083f6702bf3b285c304ae4134f6d

SHA512
b82752d32e1f369d54d7c66df5fb4a48f3649de2e227a41959062e92d1d160bd08688dc7b0388e07c85968c55cd55f26fedf73593eb424902e0d0d23b699c52c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
fd3290fa0bc84a8f872a57fa9e7a68c4

SHA1
ca91ab1a344b1b045b81212b62d239d4bace1917

SHA256
3beeaefd4abefa78a3959c0a7a6c0f3c3f41799e35e9e45e21ffbadeabb3468c

SHA512
0c4940b824cc5cec1d0b0ae4c39266dc0f24767b031e3dcc89b06c7896fe96bb08f0c0233cf613c383acefa1279fc25d69d53370f3b7059e66d7136ac61306cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
fdae862ff731827db80e3a1ff8c1ea8a

SHA1
ee8fa5d23d2089055255bb3b48f1f19102f097fc

SHA256
ccc4b39b2694fa7795dd39b7bf139d3ad1d11da1bf7fff0eee564eb70252f8bb

SHA512
3d02097e6e01bccdeb64610d0766aa9df053196d2ac30b160114a73ad9573487226fd22a50de0b74b4408384b2df52545ee2590749c10c0f9aa9ee7425980615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ca20d2f661caa3164d104ebf9eaa39db

SHA1
4d8e4323c60ac3a07d216a38d3a79b5fe1955cec

SHA256
772b34226f711bcfb2b46161b52c20f2ba836d9dda3c39983794631ab2abf0f0

SHA512
fbef926259477fe3aef5a160f0f4b65c2026aacc094d55a2416fa4cb5ba85282ebfe800f4a557336856c806c66cca94e73ed4f15b3faef876f7ba74b22525c81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
525d397dad638a3d14c5f32f3fc426ce

SHA1
b1f78ce7381b3fbcf7b2cd917b8b342140198c09

SHA256
c7735d78f0a9a55e9d4711a952780caef2d50d9fc1a2ebeadec0d447032b1507

SHA512
718c3a13bf0eb339839f7558625d81fe4c936f7d0e7ddeb995802b7893c374ce7e16f79f36ca6572fc6253f8fbd40f8c04597f10dab2d0ffca09613f37ab557f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
10bb03203f7cf469dece9da37d9a9fc5

SHA1
31c9abdd1331e9aadc20e1aaa962ebd63197eb0d

SHA256
3a5db39ff80520047513296d473331a7ede1d9c93e0ab8e358c0407ead5ee94b

SHA512
b9018b32378a83a6075528bdbb2b7c2cd92fb2828856e3dc798910d18d0c5c70e29bc6191eaeef9b156e0fb1251bbee180cf0fa5bedcdfcbb8441e30171394e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ae3026af1d87defae4b19ad78d660439

SHA1
d8591fbe4941eb4fe0a0c1c156f78039ac57d3ec

SHA256
284bf2c940b2dd105860cdf90e29a5027508284c9e3f4aeeabc55c4f34a20f6e

SHA512
66d51781832272ac460aada7ed4ac85ac9be7270adb6a7216ecca420ce8230251870554abc954d108b7f5222c34395d871549e26dd844e03b7c1f516406b0520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
eda7cb695e5fd3f1ac2be36ac596fef8

SHA1
ddaf0bc40c190e604558d82d57a0a33cec4a240b

SHA256
f1e4440a462197af2e92702779006dd335969241e63e50d21d3e4d1922ed7a27

SHA512
24ee105a2ef49b6404f7684eebd82f151214203c26042f973f0ba7a7db9cf6b36a81dad716388d739f398529fb73c3e80c17f5ad45d1ee474b56ba8f559abb49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
dac225ba53f26aae88570119ce8f598e

SHA1
241a2695dc1180779bdbd9c12e5103f062718447

SHA256
d15545a77074dcd6961a4b8a081955430d24dedff23e145649ac1bfa1270abe1

SHA512
c30ac3e71e66830e5619a248f397efb0c64a9c309859e7f935adb3cd5c00d677b0567cc6ce0e13e13febe947b44f40c1af139458ffa2e88e363d3757b951f480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8aa608a2705cebefd0ac039ddd65fde8

SHA1
77a2aa1bfa8f242f711a478b468c1a657c1f0112

SHA256
1e255a184f21187b1f848e3c8d8469e86cf3d642b4384bb8332519aa974adf46

SHA512
d1f81e338e26bace80e4513302be0303208dac06c8dad0af90decd27df9293a14d7c5b9fcdead631ba0bff19f095c201f67d46b838b74d3cbfaca44113f1f249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
ee4da1db1630b50aa94eb1f24cdb947b

SHA1
870a168218d6e7e4cff629666faa67905d3b82a1

SHA256
dc394e65d3e7575f6e958222c85890f2a53b822c427f1d6302eb0b9fb084b73a

SHA512
4d419957d5a7053d7868e756c26405a33128305fc36d56d2f999d3e8aee12438a51be9254d0c4af4549c3111494abe1b9892a743602c2604ccd2308dd28cd35b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
448cdf1ab07ef45307d830e7e4727572

SHA1
022d8d38b57ec7b102ce6db493f2e5aa80c1d607

SHA256
b85a44650f3c0b8321d6bdfeb357cc6c1a4810333f5751b5d53eaf42b5524b0c

SHA512
8ba20302916818acb2c5ea868148e8fd87042a9b89758835bed835ec13ea609ecf4bffb7b284e97543108daae2468b2d6e269d372004f8a96aef5fcbf991fcb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ad2363f14e4e6e209e39d21f4ff1ecf7

SHA1
d701a08d8060f46789bef5f4003fcfb65edcde8f

SHA256
855599f5e28fab3f4c05a6cfc620bafd75f32573a0063b734d459824445ceba8

SHA512
4c3fefe0cd942f40f58b6b638082c0ba9a18868a968f822ea90458b6ed9f53947668c91e9e6838bba33160b3aea082ec501b76625bbc11cf8087d96d26636d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
25d71bff0c5a464abf1077eee9196219

SHA1
dd69da07bfaae91917d56f008824c04214e31750

SHA256
a864f564f20507c9758acf05b3fbe426ce5fdba59ae244e65c91aac9f625820b

SHA512
6e1e6eda35a5ec8d7ddf22a97fbf2d9ff4c0e11a9e71f568bec222bb5f734488cadd4f6c3bf2fa78cbd106aa4190641a5c12a892668130ff8ccda6cec8d64445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d27dc7a8fe4f7f8ba012d8790236852e

SHA1
17cca3b50e5ad6aa9bb0fb141207b17547a5045f

SHA256
2ccc360608f38cde216c1d35c0e5d996ad9b2ee72c768cc458c9484e0b825897

SHA512
92d9d68275810eb23e1fb197c9813922f55b2a0a981d2f9d1c9315642732acedf02b958fa52821c9d3c6fef875920e1c008889f9667781735b634cb0aa0b6076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7f7f397f9f77bc97cd538b9e177d049f

SHA1
83eaf475ebd4a680248b866a584acea3fa4715dd

SHA256
8f8555ffbcb547ce93e5986445b18bf83192347e5e31475efa70435a12433c44

SHA512
2fcb1beffa70ef027dc8f70813f79701d42930071036cb021e0245f6038fefeecca3f636159604b0a2a361ce49a8e2c6c63bd1ab844ac799cc47ab9014d78b50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
bedc3f39938acde5057dacef965dd2ed

SHA1
0c8660829fef25fb9af6f46e1776317c1edefba7

SHA256
9ca473a8c4f9f81d1ace50e164c8b55cccfbf629d5eff71017634f8d6cf94e55

SHA512
1cb0225503b96d11e846875a7ce471d1e62623d92d8da16a61968ea1517bbca162b8ec613c9a71791011b1bf2cc9081352c0bf74dd9f9f2591f53eeef4bbc871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9de49e5fd52af29e0f296d1f70822d8d

SHA1
643eaaaecc3410f505096afa36e743ee1e970b94

SHA256
0dba9a23c7de3d58d88e7761e4df1de183bef053baf9ccc6768cd832f8c63a37

SHA512
6d5008734052bba81c25c1f675bfbfaa17f84724a3f565bb62adbc401a6b1173f6f4248138fd2cc7204d860a1966dc8faf36881a3feb434d7ca572347ed6fdee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
fc14a4cd7443a72162674db95cf8389b

SHA1
ee807bea49b1f121ba8498bf5f7955ececc9fe10

SHA256
a5644038f114833e717a3e3532cc099a6c962a6852baca23afc0d92f9ce32873

SHA512
f5a6b8ff2942b264509943f16f89636949e0e70f2812e955442a58d5ee36ed1042bbee242dfaf1340a50ed9d8d15bc978f8feaec1b1f5110e0c85a573b14f4cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e1b902def0854b1619369d8ed277889b

SHA1
b8d13ec1c7231a0e15ff29c6204ab0b0cf38a4d5

SHA256
799fd904bfb6de3a63cce85aae34a7766f8fe2fa12012b542ea1552211df113f

SHA512
6448c684523543aaca542b1268f91d80c3ef338c491a304ff7a858e207cd150c92caccc171f4f2010b37222fa004ac81eeb4f7b0ca0d5193efda8eca79f2ee0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
16f9ff82a04bf19db3c916ce9cb362b3

SHA1
a073028a4592cbb92a5afea5b368905143993302

SHA256
7531b9f253fbc1ac7f3f627aedcbac8f35a6ca0b4351684d17f7a25e9decca0f

SHA512
a2ee1b550e4fc6a459bc439b8bf75be04bf32c266653903dd256d15b336739f1bafd915a49681f19e85589213feebbfdaae40afad927feac2c37403312942c42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
09680d6c5b9db4fe8fbe2cfeba373737

SHA1
3de6095c02cc5a516a440046040a8c6201b07103

SHA256
737ecc200852728ad4087b634e710099e917210cc9a7ac170ab9667d4f014854

SHA512
0107f657c6dc90f1fd65a9b19eac604a88c32b3efef9b1a8713740e0d17b8bdfe3fa71e00e2611c219c60db0555fa28696da3b15316ac63072599e69f1c84a2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ab35caea9e37a1d2d3de8287c686e13b

SHA1
221e3dd93592de1220e89be7aca219eace00a0e7

SHA256
a79b113295e1b7d9c0209d2cd1e1cc3f40a088ff74088e53c19b7940e500c47a

SHA512
b49c36705940789022e76a3ea44b42d6494bb1dfaca56f5d9588d4253e53ec3e1670263fabcbc273efb130939490bbd03d2094e312ed0e12dd22f35e69dc78eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e95d17779ef59468c441800819b90770

SHA1
7e597a7e778c5c8771ac411ab34f61259d0e6537

SHA256
834077c89ed2dd22ba4effa7079c184ba02713264781a98ce3430f2b5efea2d8

SHA512
792eaec8ef15214a146cfb330c5c04dece712499b0cac928b3af172c15740d1172a75d603ddf9bc7d40295a5a9ce0305ee49fb62f4f73c2d1fe842c56e3e117a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ea0dd13184e34bb5164f9483bd024469

SHA1
0f276449f95a61c2b176dcf360c1f69f1933c2e9

SHA256
f594e379d1f42d1ac70845e4872e42fce3604f8850ade8de92a0c25cc44c6ad7

SHA512
4f86db9300669a9ad9561a160f74375a3d15e2c3c773b530ec148610dc5596cf54a297392e2c8991e5cc7a9bd2b7acd8265521560667aeae185705e7b0005aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b65d11d291d35eb72a4bc63ac89e3529

SHA1
98bfc5aa1062b8c2be51d275f6b124f315472a4e

SHA256
0ccc69d11f6500e3dc290c9585420cc4063b52f5b86118bfe0fddc8a20167f9c

SHA512
5d079c08ea5e1eea394f48923d36a7d16352ff60f968f10ee4e08cd184a9e97df0b645e9670be02b5b41fd1c938f4f8adcf757c061a6ba2110caa2419787a7c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2e160dfd49d3c45c53249021682bbcb8

SHA1
d96efaa6dc4593cb6c0c5a12d6e1e107c544a564

SHA256
96461f1ab91382b5bb939758dad9c894de4a3056f854b38a36541570f43f84e6

SHA512
44e2f42c7f7125c235734421c0450920dddec46f1852b01b3340902373b1ecdc3edd72a18e9440abcfddddd4a35b0b38b3349e269f565d192087380cc8c8389a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
17d39997d6dc28021ab730b93079bc13

SHA1
bc133a4125351e3de7625a5115258c202554fed6

SHA256
28ea898cc6992d99eee86d5d88c2d906210c60a6343465f60de247b8ae6f38e5

SHA512
3ae48b2091cef9cc8740dda15df84f2e53de93373d0dc3a19ecab9fd9835623b0695208fe1d2fa36ccee7c4cf88f983d5b04a2ae52dc8a411e1285c89a7df914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
662319b2b987f42aef1de955dc97b30d

SHA1
cea5526e5253c8495eb943cf10ff50d2758fd24f

SHA256
f368c4c96a2e0a6b92ed1c7bf10ff457bc62708a3c53c82c60cd62029353924d

SHA512
d842c17a2ec1f671b0854d730d17d32187b3d0a80ea89dfa98917c175c24b0773e85018176ff0cc96cce0e7828088bc98fee429d19855d14b6db45b59e8b01c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
20d73dfa19719496125c69b191805dcc

SHA1
815a2c9ff9d2674f2b4628fac27e2d41ad8c5ada

SHA256
a8335823992730a18dab6820673f319eac3221e9795cbf171d82cccb4ce639df

SHA512
1afaa22f4c3b6893607ba7cf5b89e2925a43f9a925e37f931ee9901ed55ecff03eafa3cac8a013dad4ba31086049fabd540f4d05c6ed28645638f881dfe55a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4f9f2f46c7e1431d6a683443abf25346

SHA1
973ea617f78fff5f6e01d244745a449951baa986

SHA256
66661cb6530bbae162dba1a18e617eebf473328ef45e5d2c4c0159805ba69787

SHA512
dc3ffe91502f3688e1f2e6f99a3d1ca2b01b191162bc6af250eaa567fbaf55c195f53979953b2f94b185861ca518607418beb05a31c32a911d596ca93b2f606e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e31aa34b9f4e4a3b823c03067d35550a

SHA1
e2d125d5845ef5d5c47332e3ed3cdd10d3447ead

SHA256
8f483264ff340ded4415ed9b1a311f2881983bb23f9d95ad9b2171208971c9a3

SHA512
e9f4edfe66b670bb83a41b7b3134eb0a2ddb699a650cba391f574899d3dffd80d0e1121190561fd9ae57542f1752d24e14fe840e1116637a1c4db030597fa17f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
014c1c676241f2608f46f1e3a048a0bb

SHA1
a01f0352c51afd18ecd0a238982e2891acb94e92

SHA256
2a0b39b51ba3cbdf3ee54fe77a8a5e4d31f6bb2ec0bf1d3db9c267a345e492b9

SHA512
c88745e70756f1dda851daaad6cc90c39a38ef858c751fbed006203530f10841adda658f9e4934b71bc60337fc3b39e54d7e5f7022c7637b2427acba64dc43af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
416ab7381c7dda0b135c015bee175499

SHA1
a1577c4ee3fd3742be8c3be6b44f778e62f4bd92

SHA256
5b43232e147db2c58e34062d0e0e255c69ef76c45b84f18a54e889dfe657909a

SHA512
1ceaa81d9991e794d946bedcddb5cf57de4b7123f1bff88d79ec21c8a0a6c147faca3e64dac0e22b59e902494b1fcd82f88695004210ac3f7b4a8974ef7c5195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c5153073079230ee5e804f6924928312

SHA1
c4c8f36114c45b7b7c637796133559724e986eab

SHA256
2891330239952071d3e15b3dee4801b7ebac906591fe23fe5b6dedd6d44aff05

SHA512
1f3211f72609edcba14307063e6906330875d927ea833116bb91bfdeb952a523cdad9cdd9cfff198c0999674b72aa19001496e6dd20b4fb60f0670b2aa0ce592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0d17845ca07684931f8ef6e3bbf84063

SHA1
ae42a0dee085e1cb689d8c0664a41405e83cccc2

SHA256
06e6e5922118f5d73c37c20cf27e59d4e5bddc6d08d6744f35891948513604e1

SHA512
6556331527a341460e7b545328bee518178b5023eb38b39b6e97e89361e8f7e99bb258139eae4d090c567b55a9048cd60eb54a9ae5fcdb97c1d2e6139337e409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1e763b0112a6a2b75ce433a752054763

SHA1
f10bfb1b31ae477c1bc71b88c4590b14d46b6962

SHA256
7ce5dcec08e10b0419992e24d41e1e648e38e6d663c9f2e24fb72c7dc0f97129

SHA512
0eeca4855b99491012aeadc5dacaa59351910ac121d91811fcfb7b1ce0eb266593d100ea004a0bbad7d4172cc88b30531b6829c3e405d0b96fe6a159fcc046df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5d5ac65ec98627fe20e8ab1fde35ca43

SHA1
fb7842f3447365ce2edf26d5e4b72d65b782ff9f

SHA256
9ce5f0dfaff87fc6fd04b280cc1d9c673c6c71cf1d54f51674cda9d428ed9149

SHA512
82eec7a0a175d0656eb99048a09225f6888e194671c251f29674dc50abe09068013e3882ac6e54f5e6cd4af5bc273a0962a0a1bd1b8a09498311f5420977dc25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b16aca82161e22d0c502c81807fe34b5

SHA1
bc4317cf93057c2e63f7f8f8435e50fcca7d8889

SHA256
275d81f7630063af5133afa56968eec59cd320100ad5aa976326bd06a95f83b6

SHA512
ea1e0a0dc55182f985bcf008aa9706d379eaa45bf82354810f88c174853449f37c84da482f1699180765e3c28bacebf70ae36ef7aaf672b38d31a92e7e17770b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0a2256245d79021b2ddc1a30d8de779a

SHA1
bfbcd7250eddac2d9c252def06244dc4ffab65d7

SHA256
27f2ce4217c3de1983de77ecc19f968cbda1dbdebcc7bf566bb1c298bd216f9b

SHA512
b5897183ca18324e41caf256869342595c181304dd9fca8c5ffac3643634cf39c6e33cbccfd15452ae67492d0191b1bc819d1293dc1f5dcefcc32d56f728480a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
add242156d2b0a3a45b2cab5962a75b4

SHA1
8147656cefa65607731b01cc55d4f0b84ccda141

SHA256
487a81f65fb485cf2ab7dc3fb3c0ea13758648058e630d3c236f6de5bb3163b7

SHA512
ce2a1a46bbd776064729d26de7c0685b17f4b9b2f259826daa3d28eaf31c3a6ab6bf00d172302adaeea194b1398296b8d7c6dcb32a155c7bf4ab2b4e86947983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
34b1455b87d7c18c76929fdf12a7662f

SHA1
56954bf9b08070130c7707ab1bdb3bdd29b953c7

SHA256
20d36991ba58e83c5e25fbe0d117ec88c0e039604ad62f25bba6a090a12f640c

SHA512
8304245527ad635d3086d1aa1684889bb51060d67a252059cf4e3821f67b17081b3e166c97b23a7842d801cf489903432cce23f602222b550353c85d86f6e155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
fcc4902df17504fb5ffcb2c6d848ccd0

SHA1
5587b0f80cc658b3fee418c5111ad2ba3d5e06f0

SHA256
3041f032b2066cfcd350469ffcb9ce0c209df09f2eaf123bfeecaf3d8cacc1d1

SHA512
19a35f9960129ce803a93d53ad89e6456e8cbeea39e62204e0bae25e0501b6542cd043c721cd10419226c387757a87cdd00dd92e0a0131fa6cc6aa5951a268c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c23556286a10d33418b231a69022d8e1

SHA1
101926f0b65fe84653bc06086bd85239c9cb1135

SHA256
7dd370fd68a97445e8c3804b6d0cd26ca1fb1314a11d3992a54f3a476dc890c9

SHA512
d8a8f8e62b662bffc1380a0d5d3302cc2e226ac62b5443d00576beb0f2b4fee454c173ed62959b5ebc6555d059421bd4294572aeba7d6a6edc4fe5306bda271a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c63d097aa735dc4e009ae48761da4991

SHA1
a6fda2b8bc946d83050ac67dea749f45881d2d60

SHA256
9e8b1e3245538edd6ca3cc3e5f91b6678bf0b72a9e2b821dca37f604b5b655dd

SHA512
8e273789b9e10ab6063f854cd10db8d8977faa2e32a4720ce1f9d18f44e659aacde48d5ef079ea6e2e17ae3446a63a84d5a1235cea1d4ea30249f2109f7f6a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e6defc45e822dcd7f95eb4307e38026a

SHA1
47c5578979a553e6f35499134882f4b58c73b5a6

SHA256
b7641909e28aa2c3fbc6f54b1ba4374d00738ab99a9e3c336f325432ff9014f7

SHA512
726bdad6e25c5745b0539165a81b29fd8d7a5fdc7300ac47efca7adcc1cbfe1474386cd12d5270243f2179dd4ee96e9416d4987abda6819088190b1b12490830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9a94cf9e2b62c3a8cdb1193d3371e0ee

SHA1
c665acf12d4c1f573293224909e4085d16f711d2

SHA256
d7902b58a96d9a1d53ca6b7514b72b3324a39fb17b179527c8cbe190973d74c3

SHA512
741e00217e9a1dd2982d36390caa93cfc5f5474b220dfef59b5c388417c81df1054a594def8945bef71841fc36868355917d5d1b9d1e65f13d7c6dbf10157d50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
59e231ac0dd0c08897de483168ba8caa

SHA1
0deebad717f11bd5ffe8df1404c9a660d27e3669

SHA256
7f2a0c70507a945865ef50bafe0256399f65f2e60ae20f6dc96cec82cdbfe6b4

SHA512
9675aa7295569136b90632a8896a60751d1b35bbb583b6f88c1de62dabdee5a8ac9c41e7e53c9ad7651e1dd0ed73fd0615582ac114d65b535014fad5c8f00156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
2e0824192d76b0ebb7c5a57b27f80112

SHA1
6e0a56ac9a13b594cf38e91eb3fa1edf619c59d0

SHA256
d44e174a579c98b5dc8098284bfc1c5bb12a60718108068a458a2306b003deaa

SHA512
5e58173ee20afc45c5675135eaac946474e2e2d722c00b3429801c32b120b9e8510ceb14171b9f6346301784aaacbbaa04a0e1498a0722f57303b511928ee841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d11f56302e2709a7addaca7ed51ca1fb

SHA1
952f50854b3d89c3b7fe755dccf8223a301b3d6d

SHA256
3ecea61477e1d1211fd49272801285956eeda272b70db1c506f3a2866969bc53

SHA512
23c89f839d315aae6e1a12fc33202d7b3aa488267734fddb4e6aef3c6ffee73d1f4bb318960d0ca14b121beedff72117a865f101f2c05e86c8e06d4c6f7f3ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1ac928983d4f4b7a41c720ade78df182

SHA1
53dbb35b7971dabc67251a84e2c85be6da012ecd

SHA256
c4ee35ad91b5d51a38438ea04a6ccdf8635fdfcb29a5d0c51aa83f529df8f0cf

SHA512
147a53b024ec5638c4c6a0a640c4735306460a63a3ea900fc5698caa207375d02b2a1becd19fee65df240eb79baa2f6d87092de459da45d9340013288faec4ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3a8479ebe294f6d25bfe497c79a785ab

SHA1
ec6f44a7d8693adddc8ec0068b366897c5067298

SHA256
6301cd92a49108735094e687fbbe076a169865df506c0c2bd6c2daa09efcdf3b

SHA512
f720c4f40cd48b8aff85e812c1df5a96fa8c3140ddebf40ebb5cea2b193d9517bb825df06f95c2a99ba9b7365a07d7b4fb63fbbb44d9a6b0556bdc6c46a064a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7779e9f6fa9c58cf1a55ac306ec720ae

SHA1
95003e4f5931dbe041bb851d5d1fb158a665d552

SHA256
7ada228a1a75c47fce285035cc6c1b528e2167d4f828f483c4ca5977133e815c

SHA512
f631a5a400e19d14499cbe68804121bd89f8bcc4531d0cd75c6499e23993a65542b8e06deb00d1522f0f383a358566b5e9424713f12344993d8b87ac373f1a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
5096cb4348ff8aae831705cd129c3dec

SHA1
e561ae79ad5d4371c5e51407e90dd4aa916b1289

SHA256
c612c2e2e96c12be794d805c9a030985db30eac47437f8f25f1192d3013533c8

SHA512
a32803ff01c39891ffb41ab9361a5d28747006d7ff8866bb0f54d7a7aa20fbedcf0fc63ac7cc65fd8ea3d6ef22eaf2ce05d30900f21acec435edceb761a96134

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c2c49e6755608270fb20ab5466ce55ba

SHA1
62bcb657a210504f5c58ced16f6e286c1731e65d

SHA256
0f822009156bad50f4db417af55784cf2f3d01a6d69f32ad32a1181f6282b368

SHA512
f144807cb1a5656d62882e6802be7b8ee6737c15c810862451b2ef699b23fc891d5c1d88c08c370387a6c14963ed0be0f866df30a94288dd700532b10663f5c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c491986d4810614b926b8744651840c5

SHA1
6c01d7c17845331c891461075ccbf29ffdff02c3

SHA256
4e53cf2ae7350b535a5594d377e0bb89960dd9052cd4b495ef8b44931e92a6cb

SHA512
16ab29951ac1daa0906bfb36b15ef951e2bef144108b8fa0ab4cf4548482dd5df0cd688b8838b2e8c3be8bd9cb6ff3961ff322f25303eb0048a75bf8b5088323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
488a64073632c3ecdc51d6136373d07c

SHA1
f5f60cf1402cb25863a7055107da5152bab395e9

SHA256
18b3d974ef6e4287ff7484e4af16a02c91c65d0f94da1e50e99f8b0b82b4c25a

SHA512
e9d05f88e7ea26766c068f785074cb30ae2e3673ae43547648860c3d7b07750f9671f00921a7f457ee77e77af922c6d2eba7b9e0076b94c43cd6d25d930defb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
127967a497934554cd05be53ee112f0a

SHA1
86f893998e4e9e8e28375e1dd576405965e9a515

SHA256
8a872cd49c9c6657959474036c126eff3c0be336f96be6920540526dbc598ec2

SHA512
f536bb4b6a5ae5ac6ee70d491cd5e0bf4d8080e807b4b25c43087b21f565f2280714433025d55010c2dc30855895f831a35609f4a844803c9ea29e29459f57be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8b31c389f811169c37ba60bacdde8dcc

SHA1
1cf336ab968662c59232fbd08669f2fc08f605d9

SHA256
457d96ef9d975e5445cf7fb5c974adca547040a007be82d3780ae72f96d49bc2

SHA512
175918e82d51fbcbd1813238cd27e186a11d2d6bb540af0197c554e673b4fd19b3af3a81f8a8dd89539bec2202163c7b851084b6e80654019aa53ac7b17db4a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
12b87b66d697d2f21a3d922aa4d5d1b6

SHA1
4c2454783287745505d5b21e14d2df289ea797f8

SHA256
686a2a95267fdad5e5fc6be8b1d2480df47710cf124f627113b820ac3b3fa630

SHA512
7a49373cb01a7ef9f74e80637db9c1f4b9f6613cf8cb286b25168a868d97b501d1ffdf7da6dae9b9553abb1f18ee4d11622dd6b89c10d373a64aa8c0d6a9d0bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7e2a4898632d177bb6d94950e5f77b02

SHA1
53c88cb7089e33678020a1fac0400359de7dd622

SHA256
c0357f036459167d13a4ab6178f15f5e63f9d250fee8850eca13a80f43978a11

SHA512
4aa6e9faeb19d143916a399757668eedcae9417442a9df209d3264b90a40490a20b286539144b762772181915f9019fd2dd5a7f3eef4694becd69899db8b74f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c1659b264014b7111eb9009b2a462cb4

SHA1
b9aba18f4b5a47293827c9f8fb3865c623158eaf

SHA256
a560ec084453b0bec3d7f1ff9d7c306bf990f67e33097274e15704ca481323ee

SHA512
c54a3b3ea81c774efddcd1b4823e3c8afa2d9d1ad4f4f0b0b51e16caff962489e37b1e676c4ca26c6219cf6fffb15161514d04d709e1af339363d6c8c174da87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7de8187e8933d0650cd8a75603efb443

SHA1
320324ea05125bfbaf5d9624aac20d574003d127

SHA256
3a48767fea0bb8b5864c1d68f483b72b844f88569a65350385c2c86cb56d83cf

SHA512
899664d5ea63e0ae493101b69cdc7cdd0ab2c10f6ce3b2727f18bcd2cabf3f32f9169804cfd2a35f40e2d44002b98958503ddc27eeccc94c120c49f3a8367400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3179827cd46e1391bc61795859fa4ca8

SHA1
2ac670c4e19556b3153a511907a9269220388684

SHA256
5a6182bd22c3120731ae80c684bec7caf90d66fed940213842c443a84a453212

SHA512
bfab2a9d5fb0c0409f73792707d3f261f39646d2af4a82af2c4b851b253ef6d17d6e20bd90be9fd1d61f50ce9b6fce5aa4d7128fceccdb2fa2881d9705b8ce94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1e642b9930c48e9d6b871e162c65f407

SHA1
94a28dfde483e278b0a55596a2c17c9d43d93c6c

SHA256
ab4860a04e934da4fc1fe8c1a46f70ddd5531b058532277a0b151c55055b29cc

SHA512
1a2b94b8c48666100c1422ec449cb0fed312e8455c9a045929a26e912da661b6a6202d35360b343f79d814b120ba179fe0bb1ddbbd352587f4bfc73ff109f9fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
eade13aee3610577206975ae9b02fae9

SHA1
dcf8dfa177fd06753332cfc6043300a18466b419

SHA256
05bdf1ca7d8ed12daf34a7a52a6be3445bb4e2bd4ca7b386fe39e7b314b0c8a6

SHA512
91ecd73174d7f5b2eff465ff1617ea9bb2162b46d27bea51a815069b8b64222b435b2339594d0af3819786840d3a3dc113524eee60638a9f10bc7acc912d27d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
f0b5dec22220c35945411c2520cc8a47

SHA1
2b9fbfad73fafb2ff20e3fc779f0c768e7990264

SHA256
7d6d10fdb012fc10c9289117c54112ccdb43929338d5511d9f5390507afdfdc5

SHA512
a9ab2aa10970f4a019575ea42a6d24b7bbb3a35c13b99f0e24407da3696b7d98867722694ce8fdab369eddc9d5ed0a1d7e82e0897cd75843e98b4255f3be780e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4644f87110290fc94087ce2f5729d5e1

SHA1
46b0de5b4eb1e41c416b3ace24a01c3037c22b2a

SHA256
0f0571b00dd27f601c84bdb115c5e89d38bf73cb7c9a183f92920c2cc698bf10

SHA512
cabc0a2608089f0b31017c561b10e4f1be9e003c9f921690171599f52376d4f9056c033b93b25ec8abd35c72bd3bcc33ab9f83e90e856975a28a58856779d85f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c3a9d433f2b0ed4700c32e1d93a3fbd0

SHA1
7aadd89a892690090b5b06c8b84552a8b815293c

SHA256
729990a73b56529b5f86f40fb23390dd319b9029d6035c690f2276ac2f46fa95

SHA512
ff472674ed593730a28d011f0f7c745a047cc5cf261083cd025783f86af07bb0cf0e41877d325c18802749946a699a63579509f48f6b56a40197d66109c66f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ef43159cd739d57c65a502103663d9a4

SHA1
7f5eb68b8237f5d5fc67e64e482d567847fee7d1

SHA256
db930cb8e312ac72b37d557145c7d9cbf2718204fd4a0bde7dc2b34610d547df

SHA512
935174f7aa5985f1c0397d827ffa2db69fde161baa03202e83f324611705cea69b44d003c8b63f5e0e80db92b2dd5afb7f3676098af968bf840ca9d36e3963a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d52c06bebb82dd08257f18ca7f6941a2

SHA1
727e1cf3d52bd290ffe9ac2ac43f8a609e3a7397

SHA256
14982ca852424d081692285ec8f2d975e423a03b29b8f86b575db506abfb9a35

SHA512
d5c446dc84ffbbfc1597721bf01e60ccc7c170447ce93b5a4977d7167df737dd2ee7500286840a7bc567b64b9a90fd7ca873c9805abe5fd09a6adec7170a26ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
2c59c9e58b81a339b6e951e45837412a

SHA1
6a4fe630fd500a28221a60afb5006ffd7409f8d9

SHA256
f41bed308a9bbc919dd2164849ed57a252e2dbb350940fc694163ff4bfd1b3ab

SHA512
b10cf89a5208115056416a961b077f26a37d9281dc93dbe7502a266a9d4150dc8ab4be242c4ab85f280b522d4e7a278bb017a801d4ff31d38f177a35198f8bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ef25eb4678e90f63de5f84c5a0b552b4

SHA1
ea5a27492d25deea200b0ffa3e4845ec279ad4b2

SHA256
5611931642321697db4b2d766e13f6df38c19d7de51b3f73b1294ba1e0ab5796

SHA512
20e7c378003b8f607568db9545ad9dde918f81c68eea1ac66a27e34c0511c3c7110c967f139b4332348bbe5ae2f1d2293f2f18e7a7f4aa28ea063cee1dfa71e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ed3c80e40bbde1cd4b51f33b26a98c6b

SHA1
c15302d2f262925457486f59c34a835120450d40

SHA256
242a487d2e9db628525a2a845030cc80fc22148a3f4b0bc8e4e58644d3e8f099

SHA512
df33da492de2995ddf7966c0e99221c9cc0f5cc8a0c2ffaafcbccd3b20377acc31b12d819f25e1dcc645bdb43495435e8c80df05e5d2d9a31e750c024d66bd28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2e6fbd22de9c7a727967c98876746fc8

SHA1
e98e8da7f4e08a2f5b3e7b3387b12da2d8e981f2

SHA256
13d90b8f80244a806ca1fadabadad8cbef7cb056696670a30a08c5b607b62d2b

SHA512
a741595d2aa8c2d8856b20be7b0f04ff5c2bfc8cad8efe0a1bc166c0f36219f19d0221ca236b592f0aa79ec41b88865c97d76668b385f32c1510bd86141cf0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
09f0de7f4483c3a084317c7e334d0884

SHA1
83694a029ada61eeb58fede1ef2b8d9c369744ce

SHA256
db018b0e4a310b332f47f796c425a269e8e8a02c370d7aa6d30fe814f21b585a

SHA512
39a9ec2dcae38c1f00b85e00c8fb26a3fe9e8ec111eaaab5689a1a048e8edc022df9549c73e0c64c15bc506769c40f72bd43750ee149c47762f4da96e9053694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
354577813458a4570f991d98c4088169

SHA1
29e9a886fb214791e186b54cfe7cf247d60edff7

SHA256
ea7e4a906187847a38829bb3bdc6f0c81776ec735d446a307c06833059ff2800

SHA512
3cbab46c9e2a3bbbb3c2cd842115e0a2ae19bf44d0903a92b07f1883d620fab3706b44195a206bf1206ad1e95285d303cde317d9091a88b11184c873806de618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7f1520125071a5f645465fe290592c6b

SHA1
fba69fc31d8a9c60f11ba7ef63e8d2f9f240ad82

SHA256
bbd9f23d98704225eb4f88d812f10ca559db2e4f518310a0c6e76cef740b5012

SHA512
0baf568bdf06444c63db4e161b42699304a1dbac22a35ba2b676100870acde0f7efcccfc9f71d476dd6cc518f46331b617565d83fd89371368bb75c7c3ad2ff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e84e380197b4e10aea7c47d5be2c7e0e

SHA1
8ea1f165bfa490eb842cef8bd108d4204b7186ef

SHA256
93ba58fb8a5bcf214b06747095eef45162605a89ab062e0c024734f9605b5e37

SHA512
cf6d51d4d9934544aee7d36b0dcc91261b4a177a5fe40c50348ee29df20bd34fb486085d977cdce718aeb492fe27f662a398d50f6d85f5c6518949537b522cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c6f8f5fe17005bcf0001f4dac7301097

SHA1
b0b6e3bae990d8918413a443df9d2d7d0fe965f6

SHA256
1dcbe1ce250dac63bc7bdeb9589b8fc3c2aea0a25370d07a0ca8fb666be2b039

SHA512
116491b17ddbcc5440de80e616246a85cbdb9488ee3b2f6c6c3a6bf117ac025cc18c4a9e07d68013a405f97d3615df7aff9c5a8872b706fbdf8b12b978c7af01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
58313c3e11e43581050c01d7abf83936

SHA1
ac61aa739a6ac6a5aa56fd0dec9a7ceca2cfc4c1

SHA256
6079349b42e8684f7ae7e92c2579e545586b4d2da7a0db1d422e2592e76c9586

SHA512
113e90611d95cacf65685035ed231c0dca6d0cfff6ba4754dc4f522659be5c31ae3f24a496adc4b38d0e8277c7d49ab76ceca20cf991d3e16760ccdd6cf2ead3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
871a886adec8be62d4f382bd581569f6

SHA1
f7dd51251c6f001ca5672bf292f2ddec68623978

SHA256
9ea2112a9fe72e6915c12adcd962a24c46519307c478b965cd762e8dff1625ba

SHA512
7f01b5ce044977dd624a762d0010aa76d308fd0b61ee734b29d1902d57ff0a7da121310683c72b1428da16e6c827692bfa6938c0ca31dd6d7314656809d6cb8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
8d800832412c9f8266b476a81300ac7b

SHA1
2869be6d5cb2a101b1ea1baefd1e6554ba7645e1

SHA256
295fffb1217bceb7637c933abef72d6a3450c14dfc7e278d40c728c6331e2d74

SHA512
57ab4054c7b5b9b5e25e1bcc10cdc3fc6b2018c56a40a5baad69958218dd579a9aca9789fd75258b476f8cfd6dc0855d5dda3206c5389ed23ef4e8f7562a413b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
c6a1f32b43a324284de42de8cb5ddc73

SHA1
86721ffa58e50b1e3312309e07e1a053daf9a258

SHA256
adc6df4b8ae29a732e598a3c18734ddcc42c8d705ba15964045f1ff641e685cd

SHA512
4a716055ba0b720502e599833b4b22ef8958c475d8df483ac6650f6f4ae491b39624f19f8b238a57a4c3c0f9cb6c95f03e64464dad30db40e458b911555029e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
2686c89779ea09de79c1076c6d1e3fc7

SHA1
0ecd909b6eac0ff0f81c15a4eed20372e7e6edf9

SHA256
c5f4f8389d3d18dd175dc8edc1e1c73a7d81a6d896b772c314c29d849acaf090

SHA512
f40ea20b0c1c87c5f809c9e30cc179780f906f5949d9fe12965fad6312e2069fc367e02688e5afb2329526c7f8a6434eff04af76231e781e4da880011b210ebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
41240ffed1dbb9bd009910c690c0b6bb

SHA1
2f4db9665a4080e403b43a38509273a12eb9a27a

SHA256
665c78bf33e2cd505102ee1e214bcf7d27e6ff881db76ca9e4515b9adc5836ee

SHA512
cf25655ea6229a59d7db16d85c65c8be5dec1ee3d6bc0f9b59355216b6fdb7c856345560e8ef9f18973c9028aa5e5a20a9919bc55a5603054ea3c6385ca20357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
619286f953f590cbd4fe51251e432acb

SHA1
4e19be9ca54077d44e3c3cd74fecde2c794eb15b

SHA256
6870df98b6df05e4b66d9d779178693e793a9e32b1b4a9bb2734d480cc86b058

SHA512
8ec6043ce4105d6bc408b89427d43536f4886d6695b41e6be963d2e78557a7c81562a2a61d471f23149cf28acbf6b42b226c90fbb249b406ab436d0e679522b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
d845756979a28e1585a7381b491d9c5e

SHA1
fb3418f3c3191e61ea7a1c13385cbd3ae5a98d1d

SHA256
3736f2fd04333fa4774b6ea30a83fdf34f8540f7be52e84c8125609695e36d51

SHA512
997b25a659155b463ed6be62cf9486bde9c3e573fe8646eb77e2327504738a0350a068c475590c82d1759d6e2137dc65f4c8780cea8393382086a8a1fa60bb65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
d4868f16a4ad9404adffaf58a2f0e51c

SHA1
84c794ded0b970e4d761eabb0fab78cb6d950349

SHA256
bf201460082b6c5ec4ac892b6de0dbff39011337c1ff0b56e8317c835a4097df

SHA512
4c778d7665b637a9d44cf3d3098358a22d85b527c8e7f32023ccd33f04dee83feacee7e64c94cf0caa4f375afa9937e7009c41c9717451bf051ab2977e89fc1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
2d5bab8f0838685e41a00c6a06d06044

SHA1
942417943a622ad013ec93b2d371c820c14712d9

SHA256
35edbaf667d52553be34292bac9ef5357a641eb549becf4d7827d5d5315cc4a4

SHA512
ca3b1271f00ddfe35e7fb42aa4d3b2efc0fe751d268ee29ec742f0eb0829027e74d6dafe7476deb702a7ec640f1469ab07ecca16b5b971af05cb20388a06769a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e71f.TMP

Filesize
83KB

MD5
eaf4761c52a47ed66caa00d7f3d3b074

SHA1
6d2fabc389ac3a2515ce620ca3c518659cebfcaf

SHA256
339407caf5b91dd25f237d0b07fcae9beca5ef175cb835dd59b76c7e69e38890

SHA512
a88db9c6420b56234cb3e1a063a2ec75f7392c3bde89fc19b3b16e873536d201054465ce854ce018e47723a0dff26dfe9cae2d2c82a0c671d8d4b2e1f05b6071

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\b022682dd39d113f2d5a65a172dbd28f

Filesize
5.8MB

MD5
b022682dd39d113f2d5a65a172dbd28f

SHA1
aa874df3d3d0a9539c53a8a0c96c4c119bae2c52

SHA256
47a2e8bbef18d5491be3c449d9a5464a8804d9d1a85bc7e24ff80876e85104a3

SHA512
d6746ca7c1e10b1ed7fb48d857210ce5cd0f0542c81fdbf00a6afaf4607f30020ccc09f4c41ef9f50bc2562bf6e4380e7abaef1d5a5b1e91773281bcd9e58525

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
202B

MD5
4566d1d70073cd75fe35acb78ff9d082

SHA1
f602ecc057a3c19aa07671b34b4fdd662aa033cc

SHA256
fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0

SHA512
b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
5.5MB

MD5
94740510822524d579f869a81e02f5ea

SHA1
0e87d714e9eec2eee7c3af028e8e66e7478a107f

SHA256
ad927962330c2d2cf2bf7c33c1a5395df5ccd4ceabfb10c72db240041d773dda

SHA512
7cb3e72b0f1bdcbd53096fdec470fec9a6aa56d56b5f4bfa86b6afaa3ddbd2be6878f7874feb2c15647a627cea34a1fee7be35f6d1dffbf6a5a9c0bf8efa1d24

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
decb3650a890a01c8db90468fee937f7

SHA1
69b4362117070e3a630d8336b62412e01dbb1c0d

SHA256
142991be23ecf6c054024a481fb1be5375807f642211c2d31ff63279a61f2a40

SHA512
e0b252188616e53330b6bff2aef75f840ae9722584edf1e42dd54601ab1d6ec70ff8a842b8f013bd9b6bce58c6ddcba7241dd4d9457bfd8ad33f87fe9c307152

Download Submit
memory/3328-15-0x00007FFF45C50000-0x00007FFF45E5B000-memory.dmp

Filesize
2.0MB

Download
memory/3328-12-0x00007FFF57230000-0x00007FFF57241000-memory.dmp

Filesize
68KB

Download
memory/3328-21-0x00007FFF57110000-0x00007FFF57121000-memory.dmp

Filesize
68KB

Download
memory/3328-20-0x00007FFF57130000-0x00007FFF57141000-memory.dmp

Filesize
68KB

Download
memory/3328-19-0x00007FFF57150000-0x00007FFF57168000-memory.dmp

Filesize
96KB

Download
memory/3328-18-0x00007FFF57170000-0x00007FFF57191000-memory.dmp

Filesize
132KB

Download
memory/3328-7-0x00007FFF46380000-0x00007FFF46636000-memory.dmp

Filesize
2.7MB

Download
memory/3328-10-0x00007FFF57D80000-0x00007FFF57D91000-memory.dmp

Filesize
68KB

Download
memory/3328-9-0x00007FFF57F20000-0x00007FFF57F37000-memory.dmp

Filesize
92KB

Download
memory/3328-8-0x00007FFF5A9B0000-0x00007FFF5A9C8000-memory.dmp

Filesize
96KB

Download
memory/3328-43-0x00007FFF44BA0000-0x00007FFF45C50000-memory.dmp

Filesize
16.7MB

Download
memory/3328-23-0x00007FFF570D0000-0x00007FFF570EB000-memory.dmp

Filesize
108KB

Download
memory/3328-24-0x00007FFF570B0000-0x00007FFF570C1000-memory.dmp

Filesize
68KB

Download
memory/3328-22-0x00007FFF570F0000-0x00007FFF57101000-memory.dmp

Filesize
68KB

Download
memory/3328-16-0x00007FFF571A0000-0x00007FFF571E1000-memory.dmp

Filesize
260KB

Download
memory/3328-25-0x00007FFF57090000-0x00007FFF570A8000-memory.dmp

Filesize
96KB

Download
memory/3328-26-0x00007FFF56F70000-0x00007FFF56FA0000-memory.dmp

Filesize
192KB

Download
memory/3328-11-0x00007FFF57AD0000-0x00007FFF57AE7000-memory.dmp

Filesize
92KB

Download
memory/3328-30-0x00007FFF52500000-0x00007FFF5255C000-memory.dmp

Filesize
368KB

Download
memory/3328-29-0x00007FFF56F50000-0x00007FFF56F61000-memory.dmp

Filesize
68KB

Download
memory/3328-28-0x00007FFF44B20000-0x00007FFF44B9C000-memory.dmp

Filesize
496KB

Download
memory/3328-13-0x00007FFF57210000-0x00007FFF5722D000-memory.dmp

Filesize
116KB

Download
memory/3328-14-0x00007FFF571F0000-0x00007FFF57201000-memory.dmp

Filesize
68KB

Download
memory/3328-27-0x00007FFF4D490000-0x00007FFF4D4F7000-memory.dmp

Filesize
412KB

Download
memory/3328-17-0x00007FFF44BA0000-0x00007FFF45C50000-memory.dmp

Filesize
16.7MB

Download
memory/3328-5-0x00007FF750490000-0x00007FF750588000-memory.dmp

Filesize
992KB

Download
memory/3328-6-0x00007FFF5AB30000-0x00007FFF5AB64000-memory.dmp

Filesize
208KB

Download