ac96a10fa41563896c52e5ece71ac79b55c84be234f01f55f514e775be784272

Resubmissions

02-10-2024 18:23

241002-w1qwlszfqr 6

02-10-2024 17:41

241002-v9pt8syemr 8

Analysis

max time kernel
1652s
max time network
1696s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-10-01 9.19.10 AM.png
Size

6KB
MD5

5380e38258e448f8f9bb5ae515b8c170
SHA1

76a721910ddc2b7c09c43cce223f4be56ca4c57b
SHA256

ac96a10fa41563896c52e5ece71ac79b55c84be234f01f55f514e775be784272
SHA512

81a583b8421178809c1e98ecc2c46759085c8443cdb1a0db468b92708688d321d49544c20f75aeded086414302f307f6c62fbc72f10dc4c52ecac810f0f009ba
SSDEEP

96:Es1hTkCU2qRts3cRPq1+/Y20Sp1dMCacgB3rhsNNG4Df7BCzdls3CjkZh1DjdLx8:lDydqcRVLpuCa9ZiNBD1+lExVenz

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 6 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 42 IoCs

pid	Process
1680	RobloxPlayerInstaller.exe
2284	MicrosoftEdgeWebview2Setup.exe
924	MicrosoftEdgeUpdate.exe
1096	MicrosoftEdgeUpdate.exe
2820	MicrosoftEdgeUpdate.exe
2188	MicrosoftEdgeUpdateComRegisterShell64.exe
820	MicrosoftEdgeUpdateComRegisterShell64.exe
2488	MicrosoftEdgeUpdateComRegisterShell64.exe
2876	MicrosoftEdgeUpdate.exe
1660	MicrosoftEdgeUpdate.exe
2376	MicrosoftEdgeUpdate.exe
904	MicrosoftEdgeUpdate.exe
2828	MicrosoftEdge_X64_109.0.1518.140.exe
764	setup.exe
2276	MicrosoftEdgeUpdate.exe
2172	RobloxPlayerBeta.exe
2176	MicrosoftEdgeUpdate.exe
2788	MicrosoftEdgeUpdate.exe
1752	MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe
2908	MicrosoftEdgeUpdate.exe
2640	MicrosoftEdgeUpdate.exe
1548	MicrosoftEdgeUpdate.exe
2784	MicrosoftEdgeUpdate.exe
2000	MicrosoftEdgeUpdateComRegisterShell64.exe
2432	MicrosoftEdgeUpdateComRegisterShell64.exe
816	MicrosoftEdgeUpdateComRegisterShell64.exe
1384	MicrosoftEdgeUpdate.exe
860	MicrosoftEdgeUpdate.exe
1156	MicrosoftEdgeUpdate.exe
556	MicrosoftEdgeUpdate.exe
1512	MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe
2136	MicrosoftEdgeUpdate.exe
1124	MicrosoftEdgeUpdate.exe
2216	MicrosoftEdgeUpdate.exe
2408	MicrosoftEdgeUpdate.exe
1724	MicrosoftEdgeUpdateComRegisterShell64.exe
2292	MicrosoftEdgeUpdateComRegisterShell64.exe
2412	MicrosoftEdgeUpdateComRegisterShell64.exe
2112	MicrosoftEdgeUpdate.exe
2280	MicrosoftEdgeUpdate.exe
964	MicrosoftEdgeUpdate.exe
1724	MicrosoftEdgeUpdate.exe

Loads dropped DLL 64 IoCs

pid	Process
1680	RobloxPlayerInstaller.exe
1680	RobloxPlayerInstaller.exe
1680	RobloxPlayerInstaller.exe
2284	MicrosoftEdgeWebview2Setup.exe
924	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
2820	MicrosoftEdgeUpdate.exe
2820	MicrosoftEdgeUpdate.exe
2188	MicrosoftEdgeUpdateComRegisterShell64.exe
2820	MicrosoftEdgeUpdate.exe
2820	MicrosoftEdgeUpdate.exe
820	MicrosoftEdgeUpdateComRegisterShell64.exe
2820	MicrosoftEdgeUpdate.exe
2820	MicrosoftEdgeUpdate.exe
2488	MicrosoftEdgeUpdateComRegisterShell64.exe
2820	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
2376	MicrosoftEdgeUpdate.exe
1660	MicrosoftEdgeUpdate.exe
2376	MicrosoftEdgeUpdate.exe
2376	MicrosoftEdgeUpdate.exe
2828	MicrosoftEdge_X64_109.0.1518.140.exe
764	setup.exe
2376	MicrosoftEdgeUpdate.exe
1680	RobloxPlayerInstaller.exe
1680	RobloxPlayerInstaller.exe
1680	RobloxPlayerInstaller.exe
2172	RobloxPlayerBeta.exe
2176	MicrosoftEdgeUpdate.exe
2176	MicrosoftEdgeUpdate.exe
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
1192	Process not Found
2788	MicrosoftEdgeUpdate.exe
2788	MicrosoftEdgeUpdate.exe
2788	MicrosoftEdgeUpdate.exe
2176	MicrosoftEdgeUpdate.exe
2788	MicrosoftEdgeUpdate.exe
2788	MicrosoftEdgeUpdate.exe
1752	MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe
2640	MicrosoftEdgeUpdate.exe
2640	MicrosoftEdgeUpdate.exe
2640	MicrosoftEdgeUpdate.exe
2640	MicrosoftEdgeUpdate.exe
2640	MicrosoftEdgeUpdate.exe
2640	MicrosoftEdgeUpdate.exe
2640	MicrosoftEdgeUpdate.exe
2784	MicrosoftEdgeUpdate.exe
2784	MicrosoftEdgeUpdate.exe
2000	MicrosoftEdgeUpdateComRegisterShell64.exe
2784	MicrosoftEdgeUpdate.exe
2784	MicrosoftEdgeUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Checks system information in the registry 2 TTPs 32 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 20 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\LayeredClothingEditor\Icon_Play_Light.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_23.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\MenuBar\icon__backpack.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\InGameMenu\roblox_logo.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source764_185191073\109.0.1518.140\icudtl.dat	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\AvatarEditorImages\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source764_185191073\109.0.1518.140\Locales\zh-CN.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Settings\Players\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source764_185191073\109.0.1518.140\Locales\kok.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\ScreenshotHud\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\PlatformContent\pc\textures\water\normal_02.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\GameSettings\CheckedBoxLight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\Controls\DesignSystem\Thumbstick2Vertical.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\models\ViewSelector\ViewSelector.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_pt-BR.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\af.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC5FE.tmp\msedgeupdateres_ru.dll	MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\LuaChat\icons\ic-friends.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Controls\DefaultController\ButtonX.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Settings\Help\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\advancedMoveResize.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\LuaChatV2\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUC5FE.tmp\psmachine.dll	MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\PlatformContent\pc\textures\sky\sky512_lf.tex	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Emotes\Editor\Small\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\LegacyRbxGui\StoneBlockSide.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\PlatformContent\pc\textures\water\normal_10.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\icon_friends_16.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\ImageSet\AE\img_set_3x_1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source764_185191073\109.0.1518.140\Locales\he.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\AnimationEditor\menu_shadow_top.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\MaterialManager\Fill-lighttheme.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\StudioSharedUI\search.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\MaterialFramework\Light\Material.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\LuaApp\graphic\Auth\wechatlogo.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\nb.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\AnimationEditor\icon_error.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\Debugger\Stop.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\StudioToolbox\NoBackgroundIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Emotes\TenFoot\SelectedGradient.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\AnimationEditor\eventMarker_inner.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\Debugger\Resume.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\LegacyRbxGui\LogSide.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Settings\LeaveGame\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_th.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\vcruntime140.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\lb.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUD25D.tmp\msedgeupdateres_ml.dll	MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\AlignTool\Center.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\AvatarEditorImages\Sliders\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedge.exe	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\chatBubble_bot_notifyGray_dotDotDot.png	RobloxPlayerInstaller.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 30 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 9 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2876	MicrosoftEdgeUpdate.exe
904	MicrosoftEdgeUpdate.exe
2908	MicrosoftEdgeUpdate.exe
2112	MicrosoftEdgeUpdate.exe
1724	MicrosoftEdgeUpdate.exe
2276	MicrosoftEdgeUpdate.exe
1384	MicrosoftEdgeUpdate.exe
556	MicrosoftEdgeUpdate.exe
2136	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\86-d7-de-79-ae-4c\WpadDecisionTime = e000f13cf514db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E1D5B544-C9E6-4D97-BD9E-26B0B31AE207}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\86-d7-de-79-ae-4c\WpadDecisionTime = 80a7335af414db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E1D5B544-C9E6-4D97-BD9E-26B0B31AE207}\86-d7-de-79-ae-4c	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E1D5B544-C9E6-4D97-BD9E-26B0B31AE207}\WpadDecisionTime = 80a7335af414db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\86-d7-de-79-ae-4c\WpadDecisionTime = 602b0218f514db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\86-d7-de-79-ae-4c\WpadDecisionTime = d049503df314db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\86-d7-de-79-ae-4c\WpadDecisionTime = 6072fe2ef514db01	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E1D5B544-C9E6-4D97-BD9E-26B0B31AE207}\WpadDecisionTime = 00f7cab8f214db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\86-d7-de-79-ae-4c\WpadDecisionReason = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E1D5B544-C9E6-4D97-BD9E-26B0B31AE207}\WpadDecisionTime = 602b0218f514db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E1D5B544-C9E6-4D97-BD9E-26B0B31AE207}\WpadDecisionReason = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{D001EC2F-F1D5-4ABE-A1E6-D9BBFB2CAF76}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CLSID\ = "{5F6A18BB-6231-424B-8242-19E5BB94F8ED}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.19\\MicrosoftEdgeUpdateBroker.exe\""	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{D001EC2F-F1D5-4ABE-A1E6-D9BBFB2CAF76}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B7FDC90A-1DA4-421F-BFC8-3EF55AAB171D}\InprocHandler32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D001EC2F-F1D5-4ABE-A1E6-D9BBFB2CAF76}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.21\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.21\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{D001EC2F-F1D5-4ABE-A1E6-D9BBFB2CAF76}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID\ = "{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods	MicrosoftEdgeUpdate.exe

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
2740	chrome.exe
2740	chrome.exe
1680	RobloxPlayerInstaller.exe
2740	chrome.exe
2740	chrome.exe
924	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
1332	chrome.exe
1332	chrome.exe
924	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
2176	MicrosoftEdgeUpdate.exe
2176	MicrosoftEdgeUpdate.exe
2176	MicrosoftEdgeUpdate.exe
2276	chrome.exe
2276	chrome.exe
2788	MicrosoftEdgeUpdate.exe
2788	MicrosoftEdgeUpdate.exe
2640	MicrosoftEdgeUpdate.exe
2640	MicrosoftEdgeUpdate.exe
860	MicrosoftEdgeUpdate.exe
860	MicrosoftEdgeUpdate.exe
860	MicrosoftEdgeUpdate.exe
1156	MicrosoftEdgeUpdate.exe
1156	MicrosoftEdgeUpdate.exe
1124	MicrosoftEdgeUpdate.exe
1124	MicrosoftEdgeUpdate.exe
2280	MicrosoftEdgeUpdate.exe
2280	MicrosoftEdgeUpdate.exe
2280	MicrosoftEdgeUpdate.exe
964	MicrosoftEdgeUpdate.exe
964	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe
1332	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 3032	2740	chrome.exe	31
PID 2740 wrote to memory of 3032	2740	chrome.exe	31
PID 2740 wrote to memory of 3032	2740	chrome.exe	31
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2804	2740	chrome.exe	33
PID 2740 wrote to memory of 2580	2740	chrome.exe	34
PID 2740 wrote to memory of 2580	2740	chrome.exe	34
PID 2740 wrote to memory of 2580	2740	chrome.exe	34
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35
PID 2740 wrote to memory of 2724	2740	chrome.exe	35

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-10-01 9.19.10 AM.png"
1⤵
PID:3020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefac39758,0x7fefac39768,0x7fefac39778
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:2
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2236 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1120 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:2
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3232 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3604 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3988 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2656 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1612 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=572 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2456 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4264 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4328 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4368 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4456 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4392 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:2396
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1680
- - C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:2284
  - - C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:924
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1096
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2820
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2188
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:820
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2488
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzI4NzMyOEUtOUUwRS00QkUyLTlBM0MtRTkwMTY3OTlBMDA2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3OEM5REREMS01NEZCLTQyRDktQTRFMC03NjBBM0I2RDJBMzJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDQwMjg4ODAwMCIgaW5zdGFsbF90aW1lX21zPSI0MDU4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2876
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{3287328E-9E0E-4BE2-9A3C-E9016799A006}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1660
- - C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\RobloxPlayerBeta.exe" -app -isInstallerLaunch -clientLaunchTimeEpochMs 0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2284 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3792 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2040 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4044 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2080 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=744 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=1816 --field-trial-handle=1160,i,5909517071019627288,14537263628519553163,131072 /prefetch:1
  2⤵
  PID:1812

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2964

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2376
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzI4NzMyOEUtOUUwRS00QkUyLTlBM0MtRTkwMTY3OTlBMDA2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBMTNDQTY5MC0yNjE2LTRERkYtQjA2RC05OUIyMEEzQzZBQTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIG5leHR2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjMiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ0MTY5NjgwMDAiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:904
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3962930E-D152-40CC-8B92-9F8FFF8BFD4D}\MicrosoftEdge_X64_109.0.1518.140.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3962930E-D152-40CC-8B92-9F8FFF8BFD4D}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2828
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3962930E-D152-40CC-8B92-9F8FFF8BFD4D}\EDGEMITMP_8AD90.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3962930E-D152-40CC-8B92-9F8FFF8BFD4D}\EDGEMITMP_8AD90.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3962930E-D152-40CC-8B92-9F8FFF8BFD4D}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    PID:764
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzI4NzMyOEUtOUUwRS00QkUyLTlBM0MtRTkwMTY3OTlBMDA2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1RThCRkMyOC1EOTI2LTQ3QUUtQTBBRS01OTM4QkQyRDJCMjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuMTUxOC4xNDAiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4MDY5NDgwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODA3MDg4MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjEwNTgwODAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMGM0MDg0ZjMtMWJlZC00MjQ2LWI4ZWQtMjA2Y2NiZTYwZTNjP1AxPTE3Mjg0OTU5MTMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9YTJvc0xxRUdTTnFDR0h1aCUyYk5nYmF0UnhiVmFFTWVyalhRZkNGeUNWcHJ5WUxwS3BXWTdEUHJkVWFHSkllbEZ5ZVNrbG1lbTg3OGpjejJYb0syY2NkUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE0MDY5NjAwOCIgdG90YWw9IjE0MDY5NjAwOCIgZG93bmxvYWRfdGltZV9tcz0iOTUwMTIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTA2MTE4MDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjEyMzk2ODAwMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjYwOSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQ1MzM3ODAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjcxNjYiIGRvd25sb2FkX3RpbWVfbXM9IjEyOTg4MSIgZG93bmxvYWRlZD0iMTQwNjk2MDA4IiB0b3RhbD0iMTQwNjk2MDA4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIzMjg3MyIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:2276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefac39758,0x7fefac39768,0x7fefac39778
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1240 --field-trial-handle=1260,i,1572052041520790665,5236817732781368713,131072 /prefetch:2
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1100 --field-trial-handle=1260,i,1572052041520790665,5236817732781368713,131072 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1660 --field-trial-handle=1260,i,1572052041520790665,5236817732781368713,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1260,i,1572052041520790665,5236817732781368713,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1260,i,1572052041520790665,5236817732781368713,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1564 --field-trial-handle=1260,i,1572052041520790665,5236817732781368713,131072 /prefetch:2
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1372 --field-trial-handle=1260,i,1572052041520790665,5236817732781368713,131072 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3308 --field-trial-handle=1260,i,1572052041520790665,5236817732781368713,131072 /prefetch:8
  2⤵
  PID:920

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1708

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1460

C:\Windows\system32\taskeng.exe
taskeng.exe {871F597D-151F-4219-8B88-68D074E6EC0E} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
PID:1684
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefac39758,0x7fefac39768,0x7fefac39778
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:2
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1364 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2192 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:8
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3540 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3704 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3952 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3588 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=732 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3980 --field-trial-handle=1220,i,16424735054849866877,12603634093617792418,131072 /prefetch:1
  2⤵
  PID:2588

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:2788
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BFE3FE8D-F31F-4861-9F6F-FBF95E8F4EEC}\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BFE3FE8D-F31F-4861-9F6F-FBF95E8F4EEC}\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe" /update /sessionid "{9D7D0052-03B0-45F6-9BAE-705E10504008}"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1752
- - C:\Program Files (x86)\Microsoft\Temp\EUD25D.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUD25D.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{9D7D0052-03B0-45F6-9BAE-705E10504008}"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2640
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:1548
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2784
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2000
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2432
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:816
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUQ3RDAwNTItMDNCMC00NUY2LTlCQUUtNzA1RTEwNTA0MDA4fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7RTBCQkZCMDgtMjNGQS00QkY2LUJBM0MtNjg3MzZCQzZEMjIzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjIiIGRpc2tfdHlwZT0iMCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjE5IiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY0ODIiIGluc3RhbGxkYXRldGltZT0iMTcyNzg5MTA1OCI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTEzNDY4NDAwMDAiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Checks system information in the registry
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      Modifies data under HKEY_USERS
      PID:1384
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUQ3RDAwNTItMDNCMC00NUY2LTlCQUUtNzA1RTEwNTA0MDA4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntFNTkwMDBGNi0zMjNELTRBMzAtOTlFMS1EOUZCREZDOTkyQjl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTkiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzk3NDkxNDAwMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3OTc0OTk0MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwOTY0MzI4MDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9mNjYxMjQ3Mi0zNzQ3LTRmYmMtYTBhNS02ODM4OWE2YjY3M2U_UDE9MTcyODQ5NjI0OSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1mMlR2ejNmJTJiYVFPWE9KQWRqUjNsJTJialRNV0oyUEJLNGEzRDYyU3JBWnlydHltSE1YM0lsQkJheDNOamNRNHEzcWpGeEZMNWx1a3lUVE4lMmZ2Y3lXVkozQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzQ4ODgiIHRvdGFsPSIxNjM0ODg4IiBkb3dubG9hZF90aW1lX21zPSIyOTc0ODUiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA5NjQzMjgwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA5NzA3MjQwMDAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEwOS4wLjE1MTguMTQwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2NDgyIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7NTREQkYzMzUtQzY1Qy00ODE5LUIwM0MtMTEwRjlBMTYwOTA4fSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:2908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1948

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2356

C:\Windows\system32\taskeng.exe
taskeng.exe {168FD404-3077-47D6-912A-DE12946755DB} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
PID:2952
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:860

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:1156
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzlBOTczRTEtMDI1RS00MUY2LTk3RkUtRjNBMDVGNUY0MjE4fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MjE0NTM0QjUtQUJGMS00QzA3LUEyNzgtQUEzRkRBNDE5ODBFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjIiIGRpc2tfdHlwZT0iMCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyOSIgaW5zdGFsbGRhdGV0aW1lPSIxNzI1MzQxNjM4IiBvb2JlX2luc3RhbGxfdGltZT0iMTI4OTIwMjEyOTQ2Njk2NzY4Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTcxNzMiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NDUwNzcyMDAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:556
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60DB0058-6715-44E7-9021-0E5B209E0085}\MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60DB0058-6715-44E7-9021-0E5B209E0085}\MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe" /update /sessionid "{39A973E1-025E-41F6-97FE-F3A05F5F4218}"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1512
- - C:\Program Files (x86)\Microsoft\Temp\EUC5FE.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUC5FE.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{39A973E1-025E-41F6-97FE-F3A05F5F4218}"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1124
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2216
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2408
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.21\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.21\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1724
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.21\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.21\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2292
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.21\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.21\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:2412
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzlBOTczRTEtMDI1RS00MUY2LTk3RkUtRjNBMDVGNUY0MjE4fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NkMwOUNERjYtMThFOS00Qjc3LUIwNkItMzMwQkJENzAzMEIzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjIiIGRpc2tfdHlwZT0iMCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xOTUuMTkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjIxIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY0ODIiIGluc3RhbGxkYXRldGltZT0iMTcyNzg5MTA1OCI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTU0MDU5NjAwMDAiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Checks system information in the registry
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      Modifies data under HKEY_USERS
      PID:2112
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzlBOTczRTEtMDI1RS00MUY2LTk3RkUtRjNBMDVGNUY0MjE4fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCMDI4OUEwQi0xMzQyLTQ4RjYtQTQyNS1GRTJENEMwQkQ2OTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMjEiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY0ODIiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0ODE0ODc2MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0ODE1MTg4MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0ODY3MTM2MDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy84ZWY3NTY3My1hZTc2LTQ1NzktODM0YS02ZmVlMGYyNzMxNzQ_UDE9MTcyODQ5NjkzOCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1haHFEJTJmRk8xSkNlc2Z2SVhraFR2S1VoVVNvQjYybnV6SUxSeENoSlE5SjVmMnlFUkhBbGtZd3FXejB0SUJYcndNa1F5MzdCJTJmREhUZHJrY0NOaUFMM1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjUxMjU2IiB0b3RhbD0iMTY1MTI1NiIgZG93bmxvYWRfdGltZV9tcz0iNDI3NCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDg2Nzc2MDAwMCIgc291cmNlX3VybF9pbmRleD0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDg3MzA2NDAwMCIvPjxwaW5nIHJkPSI2NDg0IiBwaW5nX2ZyZXNobmVzcz0iezQzN0NDNjEyLUQyOUMtNEVBNi04QkY1LTAzQ0I2NUVDMDFDRn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTA5LjAuMTUxOC4xNDAiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY0ODIiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY0ODQiIHBpbmdfZnJlc2huZXNzPSJ7MDg2M0Y3NTEtRUQ5RS00MDlCLTg0MDUtOUVFRjUzNTc0MzM0fSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:2136

C:\Windows\system32\taskeng.exe
taskeng.exe {140550F9-5F93-4DA7-B54D-046E416E54D1} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
PID:2404
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2280

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:964
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDU1QUUwNDktRTBEMy00MzYxLTg5MEItNjgwNzg2NzYwNDAzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGNzg3M0VFMy00Q0ExLTRBOEYtQUExQy0zRTRDREEwQUU4QkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4yMSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjQ4MiIgY29ob3J0PSJycmZAMC4zMiI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjQ4NCIgcGluZ19mcmVzaG5lc3M9IntDQzJEQ0Y5QS1EQjlGLTRDMkEtOTExNS1FNjk4OEQwNjY4MzR9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEwOS4wLjE1MTguMTQwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2NDgyIiBjb2hvcnQ9InJyZkAwLjQ3Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2NDg0IiBwaW5nX2ZyZXNobmVzcz0ie0IwODU5NjY0LUNFMzItNDhDMC1CNzU0LUY5RkRBRTUxMDkyRH0iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.19\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe

Filesize
1.6MB

MD5
f34465b4e626bd45ce9b984b7233c655

SHA1
d31182f357a2dae0ab69b2e948ad6106ece228d8

SHA256
07f829c35f0fa4b2352b947ca0764093e0a06ebc8eb759dc912360ec69d5ee07

SHA512
d64cfc1181a98cad8ccc3feba7d024d3a78d2b1ea2f07402135eada82d7d4529cb636448779444a3b20991f4b71f7382bda1c14fd2a4eae1fbc39099153db06d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.21\MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe

Filesize
1.6MB

MD5
6e6c9eead0bf1a09c9bc0f4516139bfe

SHA1
1aba1e90b8f7db2ea484521ea3247e1e1dffcc74

SHA256
812012ea1a55b4a8b6980d0c9f352be6bbdc1c69bfe13b5116400057aca30662

SHA512
f844a2bcb06b0421a94160a88647ca6d3ae51cad056b3db186da846df336bf57e84a60d95d8310a2becc32c7ca6334098e13b1315ac66f32ede266e0d4d85e08

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source764_185191073\109.0.1518.140\Installer\msedge_7z.data

Filesize
3KB

MD5
bd70ed26e6e6f3193043ac09c58c6a1c

SHA1
d733a65e17f2851d5116598dd80533efc1656468

SHA256
7a474217d20b9a6fe3c3a46c0d6d5b2d2040fa790663f6da9202ee7cb07bb448

SHA512
3e2ecade6d687b0736d5eafd7527b24095b9c51f0c8ba99398b23da2d8843c49fc8c1fa37190d385b504d8224c8c517d78d44ae32e10e45d54b19477a6970756

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source764_185191073\109.0.1518.140\Installer\setup.exe

Filesize
3.8MB

MD5
3a92a61a6e01c80ecc7d9499abb901b7

SHA1
d89d05802d937f9c71ced14282b8a19623fca7c8

SHA256
b70b2ed82c7afde8003983992b74f8182f55080b43da3d96dd29e8c0c7e8b47e

SHA512
3867efbd984ddd1eec084c70a42104cbc0057c3bed222af8963051779b612b46bf4cea3311452f6564513d7558d49a1e66a9473ad53f1b2fb4c43a9d7d0fb47d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
28fefc59008ef0325682a0611f8dba70

SHA1
f528803c731c11d8d92c5660cb4125c26bb75265

SHA256
55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

SHA512
2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
9db7f66f9dc417ebba021bc45af5d34b

SHA1
6815318b05019f521d65f6046cf340ad88e40971

SHA256
e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

SHA512
943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
b78cba3088ecdc571412955742ea560b

SHA1
bc04cf9014cec5b9f240235b5ff0f29dbdb22926

SHA256
f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

SHA512
04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
a7e1f4f482522a647311735699bec186

SHA1
3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

SHA256
e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

SHA512
22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
cbe3454843ce2f36201460e316af1404

SHA1
0883394c28cb60be8276cb690496318fcabea424

SHA256
c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

SHA512
f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
d45f2d476ed78fa3e30f16e11c1c61ea

SHA1
8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

SHA256
acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

SHA512
2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
7c66526dc65de144f3444556c3dba7b8

SHA1
6721a1f45ac779e82eecc9a584bcf4bcee365940

SHA256
e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

SHA512
dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
14KB

MD5
983eda3d6e901e8357f190e050da5693

SHA1
a04752b22519391a7b4c8563500e7cb084ceea3e

SHA256
5243861dd23ecf0c3e4855b88af279c467593ea4dea6da917c9c5124841c78d0

SHA512
d76fbe2217043505cc7c62304cd07e2d4ba13d787fb2a9cc403fa5ef0ec2b99cfd84cb1256daf5b3713219e12b93718fe2d9cc352f9f808117caccf31a3edfd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
93a897c3dc832260e2327e6381176ee4

SHA1
b0a8148c21528ddace0816754e9127c898d9502b

SHA256
112dc68f0c2f22f789dc1e43f2cee6962ecf9adde0d15743962e54c220cf7148

SHA512
220f2adf93703270350d0dc654b3ed9837caf628634658591df99e5f546cf3e6fc3b592974251bd0f82e8fa62788a915ad8061e4db0fd78a13554b126cc533a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0ae932779be706514526cb53edd612e

SHA1
2d5421a283d3b2f6c43d8f3edde3cc7f926596a4

SHA256
49f568d5acffb1b840a1864e8536e0222b1edc95003ce21bf5fa38e4e4d94fad

SHA512
94a821aa6fcbf44d7dbdedb14943779095ad7ff672c6ab34305f036d8e4e8252f68d7b0bc7e3409fa69da4199d90c9f0c1d1005702007e21adc231b4f0769e31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3ac4bfcc788fefecd35497e929e1eaf

SHA1
cdb706b9384d96ccf13ba16df4749a4f517bd7ec

SHA256
b5c9e7145e29d3cf7d942a2dd4e4b1e3fce776d28427fbebf9ef5c564d193554

SHA512
8e8faa5e95f146978a0a707292a67d33c767958470ebbf2a020fcb00f727c39797db0babfa699067927d96ca62f79f52e3a5e8f3a896beec34ba2657bf8f2434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
217e66ae485c039d581bbcdce13ecbdb

SHA1
0ce7fc66960ba493fc5e8e195612d93389ed1d13

SHA256
03e955f4782030edcebede6f6677e68685ebb2eb126f14081ac514d3181f3582

SHA512
4682cc64a9a5c883db1e0eb19e1882a7359ff110acf998bb655209bc090a3c798000a75331b8e338f7149e360e1407488bac15e15d458f6486d3cba790220fe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
343ff2d9cabea4ea22f3474180d0c81a

SHA1
066fb97979e094a0500db130e0749c3268706494

SHA256
1805d8ca1c832aecb007f2cfc72b5091cde323bb6226651edba33f6d16faf672

SHA512
1d976f29b18c9849e6d019006796daafb422f386eef93d7b9b889193128de2908646507ff66b8b7aa8e0eece38f52a69dcf22ae818c1f6ac1434e75545d603e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f0e2c424e355000e773b1d375ae8f51

SHA1
e81d29250226640972ad6fcdf3b51f2542d06e33

SHA256
23c1ee7eb734e40982ac24bea97cb9a6c2aa5a60183f1fab81e08246b7e7eb67

SHA512
05075e09422f90be79e8046204fe2a40a300985f24c804aae5cdc0699bf57d0596c78b4f5ba213b445daaffb3b3a925c524b6edd028613c362904d216748ddee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb945ca145d7e5031388a1b378eafea9

SHA1
c53f7d063a44e59a81adf197861533c8a8d23828

SHA256
36010f34fb6b8fda14cccb32d5734343e84d4e5fd3d7aa223ec9597154bc655b

SHA512
08401a7bf32047952bead510cb4708dbba89083b3718497aeb0a3707dd99d8e53f23fcd5b53cc85f1d964adaa700dfb01ba9e6b4312e682f5a92a8b615d33711

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5b8096ce4a879033883dc3a4192e3b3

SHA1
9d02e231681b0146344944a14d0ee2bb4439c0b9

SHA256
77b800e187bb75ca3978bd37ea47913a051787577fbda93e103fddd1cf016229

SHA512
9ff8dedfc0cf19879fcf895a649553f3a25b02814e13df4176e402a14dbe400f2f5fe1bb7ba616e1899ee3d94f1b6bd7c285d4511c1470801b85a3f081e64b82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
068a3732783a6e2eb744cc88f38965db

SHA1
6d69ce6971c9633a363f3fc180c6e7e97b2dd65b

SHA256
854869f671296a253f2dba8feaf0fdfa8473f293f7157bd996de8604551aa6b4

SHA512
93b6fa969ee084442573baf357800c081e308944834261606d2a0f90045dd014df34e4ae56d6048cb41171837bffe43d0f895efacdea57b0c0f3a92b3df78391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3f596e44-c2c3-49fd-b126-0fcfefec0bbb.tmp

Filesize
176KB

MD5
cb08e52e14589eef7d6cc00d33b5e8ff

SHA1
8bf76cbc7e439feb1a6365ab82e076e3305a5d84

SHA256
2042492b2c1505e7132f27173aef1221f3cc89e3d11373252731830ebba2e38d

SHA512
ff81a4273efcae468c94f1c4785ad1204da60595292340c4e7769aa6d0a78d1454f0a5dc51091c8b85eb329271d2bcc7d88ba23188e6cc5822b53c064ffd771a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\48595832-19cd-403b-99e9-f361d905b2c0.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6b00727d8488aea552a9e9b81b8b3573

SHA1
624b3369aebd4a95139ad682af3bcf5616aff953

SHA256
aceee7fe49c9c9c57fffbe2d9f2c1267a8029cce28a379ef70919a1b59d7fa90

SHA512
769cbdcd23ca54bd2ad2ab310a863c9e83dda013f7984f99d3882292a9c2801d8ef80368d6bd4f2ce26faa8f59fd0f100a9509ef651f5274740f7b8fe3ae7543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\12a55a6a-6d89-46c0-98b8-2a520948e064.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\413315fa-5666-402a-8c7d-99c078752d22.tmp

Filesize
6KB

MD5
3bf1f89b459735daad4d26a41b47e63f

SHA1
082fd99c01ec0ef8b6e20953e5fee8852727ea53

SHA256
4fdd82324690be0bc99e00e644820b9d625d5c0ef0e374b9c908f63a701c9d2e

SHA512
387e89663d4e9ff7297b03706507a2337ed24a42b53ea6e592e9009aa7ed7fc194f40e226f4aeb761c8025918b7ca63a98e8441f0f8aa8d1a2d8d24b86aab298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7b03a516-fc93-4625-ad5f-eba0121b6d87.tmp

Filesize
6KB

MD5
b9e215a6b8e2f20ccf210b5b084f7cfb

SHA1
9a0a64397378cbd86ad9459f52f321a35ce1f4c6

SHA256
8525456505a731563c826525953c56027cd0ca0efc975d61f69102717552a644

SHA512
b0e067c85cd3c95448f239d290dabe723ef63544d98c1a9d9faa982b04c2808a9f74dc1063017cc5a30243f12e9918cec91eaf02b84da43b498c7a346f532e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\93ba53fa-dfb1-446b-8512-4a995a7d7297.tmp

Filesize
6KB

MD5
1b1fc6b6c254b00efd746d5883eecd26

SHA1
24217199637f2507c00e05a096269e0462f51112

SHA256
3fac583ec2ad7843411b6264f3d5999cd2b5ca34fe2a7e83d9b0c7291461bc10

SHA512
cb29bb08b3787c13b916add8f7578e2c1f81507dab490f5c99134e5ca4d40812ea87c9ef2a04a84eb6acec80c19083472c2405a93b57b53cba19c284bf119b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
89KB

MD5
3440136c255abe7d8a9b76b29556de51

SHA1
3b99329e1cac336cfa9541fbc951883f10320a1a

SHA256
6dc8890a49fcf0f374ce4b7305bae055c3f3c8d5a53643a3c41836dba11e9b8e

SHA512
89e97e9f82bde906ae267bf0e908a999a1ff4e2f0cd0e49eda9ac639eb801b378b8f0239e3a5ba27577f34e8c2d10c3f0d318b736cf22f72f7ad34289e96bc94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
16KB

MD5
b45ffe222ba6d637af30c29b3efbe552

SHA1
06fa49844791826ceb37383355082c5631158f7d

SHA256
ebb74395a07c0da6e7ef842ed1911b2118fc59a324fe8995908c5810550c86e1

SHA512
4996e28ebc988fc87cf21aff3ff18005d0941a7afa0244c8fc642c3f9399861427b7663711c5fd697214bac68f3f269bbdf6ac8fa347cc766343391c91627641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
20KB

MD5
58e0653b41ac9a6c6b0c9c1130dbc4f5

SHA1
76e2fd8d83ef892b9e1d7b6499d3c2fbc6636197

SHA256
515ab1ab1fd5d82a897f7c0d7401107f83b91ba3e3fea8c47650d570c4f78663

SHA512
3b04b61e42063a6c2483ca94c737220ae52270579e659980e968a794b5c56d8658e2f0166cee09d3bf6787b0ad271f8efe37fcc68501f5125bafd4be3cf49f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ed

Filesize
23KB

MD5
e4b0d20f483b4c24ecffd4678479e3ae

SHA1
f0f3175f2c92922d123eac1e3a4c5bc8f6091b49

SHA256
ab25f94f51f31d69f3a7ff1959eafe9ddf3fad8e983fa216c91795bae573e13a

SHA512
54dda1d96956961788768dd0d5cb0ef9f660898b3b4fd1f6c02d5b092fe3629cb38f478e5e2fa5b074963616e63a235593a2de9e3fb420b502b40ded7430a715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ee

Filesize
37KB

MD5
303fed02c77f1f182783a0243e21b4e8

SHA1
dc683eb4d99416ec51f3f75f5770c727473f0281

SHA256
c1a17b2220b41919ae85c426619dd73ba1e7d275fa2d3613536a2f31dfae335e

SHA512
4bdbc57fe21dc227b1f227ac54cf29e5e475e70b23182a867d00965aef0001c1c41dd61296f2b63721bd8b0c60dc5cb7750cd70351c9014c6d5f00e765dd193f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ef

Filesize
44KB

MD5
28d6deba0823880f8331bd4695469645

SHA1
a9fb38e13eddaed233b777f4db8efb4762c215a2

SHA256
2897ce935bf259f030e1c67dc25840da8793d4b58bc5fc8d5450525490d62590

SHA512
05261445ce6c11d1cf49716c0a2c6c2abbc930af4b7c817d36afa7819446f7e40f740a31b8e9734a5f68a0b140f2424db8779f27bae349a429002bdb30c79e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f1

Filesize
100KB

MD5
2e52bee929ab7d56b2622ae84962e0dd

SHA1
7fd648bb1fb1f069578e992972d7f22ef1bfb36b

SHA256
58a0ed06b38f7886418d565ea4cdb15345b40a1d29e635e167870f45fe14ed4b

SHA512
c53ceaa60c9591ad0e61e82ebc1b5c6dd46a7b4a1b7ac303aeced0f4a0611e4af2b7a5e1febda5fb10041d0a9c76202ed05bc3e344bb6ac6cc35529e127e9d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f2

Filesize
29KB

MD5
0184869286788eacac1ba69396519d49

SHA1
0c5f414d628c549f94ad3a74b0afcb60e5dbedd1

SHA256
f696dbf8cecfefca50ea3fa5cf29f5ba98c37e723bbcd5c6381269e08be54e0f

SHA512
b6bb6bec302cb11e978fb40be6ed3ad6ec18afbf3bc4e81aa5aa078c841bc323542b7a4c83037c7eeef8245c29e27d0143528f071d33acf5346ccef4fd5f38df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f3

Filesize
29KB

MD5
61ffec0c3a93f1a6fab956f56b6ea49d

SHA1
942ef545d31c4cce9a36c1587abab02104f435a6

SHA256
ad64da7d38ec779b20b376adbe7093a13e2dd93cd653b189024b991b41f6e605

SHA512
bd00a51d896e5cebdc1f3c8c4d3e187f8bf544e141cdf4ca3f9c562ded91c43ff3c0d64d20e0f9455ca35ed9ccefa1b1f0246e2eff9d191b189468726267b930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f4

Filesize
42KB

MD5
86fe63fc0e7a1438f6e28c33fe5064dc

SHA1
8e2536f901bdf219649c2ef9fd4915b2778a877b

SHA256
d70dec47837e50799c46d9b8925767d32f65adda04ec015be6af92bd4caffec4

SHA512
99f6f8abf56e3b620dfb9e961a71897c050e7f6b3d3b20801e5b7209a6f0afde2de637f26e4baf5d869aab99e99f1b872b19017954155fba0340f8ec771bb03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f5

Filesize
59KB

MD5
7fd069146ea79b16633bc8b45f90482a

SHA1
98dfafac54f6f5db51e3baea698208833ed1b642

SHA256
a746ba588555b584fe98e42ac1a2dfbb92c2831b54c263f51fe91d124b9214d7

SHA512
c31822f497ebb35a5da455e77965f16a83e2007215ae88e64bc21019d8d45fff4671ab4300d9cf518bd2b652d071cc582fdfb99b4807c75e2022755e6c60a06c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f6

Filesize
20KB

MD5
efd99f6b50b61e6bc88ab81db271f5dc

SHA1
13a91d8c6aae48306779d950cd3da773bac54a04

SHA256
3eb3416904e2d4354a4760874b015d4b7ad0f4f231889eb2e80a7c2ba79c22b9

SHA512
3532987383c85b0cb80ada4314a3fd155cfb78d23470aa7ea43c40342d48982bb8b3824b65c05fe496662e433ce65598cc902cc9e51d6a32802709683221e160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f7

Filesize
42KB

MD5
cc7ad65e0558327d8fbe8ade40ab94e8

SHA1
6c153e9bf971f196db25cb2cb3b62f77f0a1299a

SHA256
956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30

SHA512
0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f8

Filesize
42KB

MD5
b715a5dd019d1b8771a3031ff85c972b

SHA1
5768744eb85d3137d094458e4b7842c1c5c526cd

SHA256
e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a

SHA512
22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f9

Filesize
39KB

MD5
e1f6e032096b2924e561c3928b9dc73d

SHA1
f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad

SHA256
fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8

SHA512
b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fa

Filesize
88KB

MD5
cf32003b2a71b7f09b15e9ad77a42d40

SHA1
dd13a04a430ae36e5947a503abf60c24f17d31a1

SHA256
9442cba9804cbfce11010881cda395e6df369f778358e50536bc183c926370d7

SHA512
6007af3fe5be0f250b877d18351510f82fe40458033c7342e26aa4ab8fa75f728881b2b872e1bf1a6aca7810151523bb53bf9609f87d414390b45c32c0e66542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fb

Filesize
30KB

MD5
6fd1421c547715cb7b78ca67104bfb78

SHA1
cc7f1d6761d9c7256745ef7586ad53e3183f0e2f

SHA256
57b9a684f743cf229723c1a5e9936d930cf48c3b5056c16c09cdd71ee6fe803d

SHA512
f64899cf62a1696adbf62f597f69c3a1ddd62319071f9a87076977b9f6c80992b333223a07cc1645a2fd578306e30abae12e18afc41cd582ee9717ebcb423a69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fc

Filesize
23KB

MD5
b071afce30388589889799db2d4f3490

SHA1
976b2eff649868ab275b9e931e3528cb0bf618b7

SHA256
315c8a69ba1e237333b8bc8eccd22acbbeae56544a98a575a198a0e210026aa5

SHA512
6589ac7524a27870ca75382cf40d5ccc993ead4e38b2fd764cafc837861b78a9f342aa0847dedeb5088b3eb2760818611a1eda3cdc95f8bc79fea0a9866b578c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fd

Filesize
17KB

MD5
be22890c0e3b8c73b26f5acc54d2522f

SHA1
ad445c49471abfb2e76db956314c2510cb5f5a3f

SHA256
bb67a207435818e1935a93dc2847fb8b0ce1893baca38f1e28c392a23803b92b

SHA512
c11b8d1f1697a58ef4f04459fa0cfc07785886f04be3023f29db4c487c26f18bf02c79eb8216dfe91847c50892019d4ba5017860d868ac70dc00f49199927697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fe

Filesize
30KB

MD5
dc1fff091310568e05ed0d90a3040985

SHA1
50a695fc09a6353fda12c1d619aec3d3cfe1a9ca

SHA256
b7c166c771e89406cc1af7734e7078b6ee5729382a2304354dac8a09ee928126

SHA512
c3c5c6f74fe6f14c927bc9de9745e1af9a034554996aa71ab6ed50d945b39a51eaee3a732219ba86a6007f5f146dcbaee219a1b75951d4fc79d6eb6f525fda23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ff

Filesize
18KB

MD5
462fba886d9ee32edc45a9186c335820

SHA1
682a179ee7e2ab98cf5d29ab297988aa0546793c

SHA256
093f9a32b7e5ed29db07909e640faae70b49b77e3e5bee768a949223d4b5cd17

SHA512
fb0767a5eb9470dd6b36c8ddb0b22edf845f531c893bc8f4d06d7e9f18e488ff7b9c727f5ce8b5fd5dd18dd5ff047bffebb97aafb13332759b533ac0b5a0f49b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000100

Filesize
17KB

MD5
40f1894f47b77943a35d1f02da5ee60c

SHA1
fffaa9c4eb0e33fcdffc0e326ba346047b970c9b

SHA256
362d6cc83832d29b868334f618e098d112ce78d5ac8299ce2571de96e3170a12

SHA512
c2ca365e6893a543b06b9f77daa80638b37e1af700831bf8c4c719c7548e0345798fc1630e7a44f11e86eb35325008e88cded423857d454238b2e1405dbdd775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000101

Filesize
20KB

MD5
f550dad3dbfb045a5d3b91aaeca0b384

SHA1
ae0700d295166c471d2e3640134d7bcfb183bbcb

SHA256
a2d804e54d655a53053419498366fcc7e4a9e485fcc872795b22b31c6b889720

SHA512
1eeab46bbd2eaadd75ba18fa3d74f9ba0555082588e7dfca77425adf6716d9553b669250af5cb2948cd4d4a5a4453866834f018709941da5aa67214c0f6b8b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000104

Filesize
48KB

MD5
fcedd8784b86aba8f170709e9121a74d

SHA1
b4ff537a4a4bfe3a2dfe2a7d82a8e11c1f647849

SHA256
86e85d9cdd4d21f1d7cadbd47f6431374b625984cc3420fe4ad6669e81dbb01c

SHA512
bdcb16ce7ba2611f3bb98b9d6200e8c11c05472adffa1d0055b1eeebf42f8505c182834fdd33757865e1536104a0c066a33d7202464e008c4979363286fb2b25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000106

Filesize
75KB

MD5
15a2f0d9497bdefec193f1951b076696

SHA1
b673c0729fa90d589261edd38bcaa74439297cdf

SHA256
aad6b6bb918d96aa219dcb54ff8a8a9587a9abbe51b4ee131fdb1a82f028745b

SHA512
36cb398ffe146e46e57ba37a2ac92d03476ac0b0368c64ce0102ac3b9d6a484d5e4200c136db9e04f25b327641299457b8f9d140aba6bef6a9fdc04313415e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000107

Filesize
88KB

MD5
b3e0b4b87c2850f851379452213c69a4

SHA1
e23320868f2c37fdb31201d19d785634e60ceb7b

SHA256
e10bb93d5900a16cfca5d0145c068665fb799819db1e8b0b4bbec6d987ac04d1

SHA512
c15f68162e7c705e4e47c1ef97eaa8378884966c81fe7485541f41919b62ae723318e7bb8991131432e5e27965739faea93d1363085115eeee13bd3641370466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000108

Filesize
77KB

MD5
da504a86cc8120b79e6aff72ca205486

SHA1
61ed1c46f004641f924a732fe6e8a375ad912356

SHA256
3f718bd89b794ee72ac0554240317dab36f14436555fb0151a0176164f7a5223

SHA512
c2b03a02340e750d1f9f2f41bd4c3b1d99d0e931e3505f492c2c312bc7b45487c9331b535aa834f0b1ec2461c50f3b8fc75f2add786a8261f8f7f13f54c6dc6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000109

Filesize
79KB

MD5
203ca99f19d8986043de955dcdac7f67

SHA1
92ac9ceb2c22ef23f404df3ece49860d0942b490

SHA256
996894360cf8ef0a24cc5bd81825ceb6bc9131c1101cffb756c52684c8544716

SHA512
9acc8fdc77448460ce51ecacb7d8acd738448fe59f0882dbf89343210cb6c8de326b0d06c6b5aa4e9475f8811d5e2414bcad29b8dbdb3b654cf6a4b699ca290d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00010a

Filesize
68KB

MD5
2f4c4483d3f4a087d5a26b0180688607

SHA1
6f616df9d2f7feb4d7ae7e623265318f5f44aabc

SHA256
d65eb75c2f3cb2b808687bb9667615029ba71a52d6261cc922a239a7df8a8d28

SHA512
25ee93d819b12b7e8c8649a115b40fe7c70afe0884c51868db9223458f13fcd22acd46406d7a023f950862b41593957d2a435e120db0e4b81d6baedcbdfa6bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00010b

Filesize
65KB

MD5
8025f829ce65abf9e97b4260e30ecb12

SHA1
56113928b475308c318ba2b4aeeb9fe60d82eab8

SHA256
ecfc0ac9a79d48fa81b3de8bdbc22448cd85370e2edfae4510a527ee681e5f61

SHA512
3bd71609c61083318689bd83b93b5fc1773912db6cff9db27ea7ee2554e0a2ec82f8ac010bf2e13f0d23eefd618fcdc81bad41a5199f5fda9c1b9285e8752095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00010c

Filesize
101KB

MD5
761338e7d858565d6976e2c442e65384

SHA1
c36363d7b6391c958778f27956a8f033e79675be

SHA256
8dfa8eaa5ffee5d0f297c5793bc907f1ecdd88980617064d15751b0191cf5d9b

SHA512
630332ca5f39c7edb2f829f5cd445ac27f157dd2efae8670fbbf0808665917ee599c197e8f1d071db3d54d7cfa1225603704c46c16a330b79a606a07e92bef77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00010d

Filesize
22KB

MD5
d96bc8cfcc751bb4d7c1c4fc79fa7ae8

SHA1
ab1728612b94c8c8910a863fd7017b42e9ec2501

SHA256
bc13472aed9cdf363e21fa5110934b068abf640f9dbb38287a75bc73fec6f561

SHA512
e3f1720eaa3d53d28edf1baa34099c22a6cd8c20cb1b039cfa6e2c32926b0bc06265784f88fe5433aeb3422be1c3a57ed91cbec7ce22661b0af3ae14ed371c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00010e

Filesize
40KB

MD5
f1cad4800853bba09a023250de102801

SHA1
76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6

SHA256
e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b

SHA512
4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000110

Filesize
41KB

MD5
60df02cbc9b6a531c2d3cf32025a4dc8

SHA1
71ce31d6e0f59f98855a01b3eb9a37a86352189f

SHA256
2d73eefd868f115745117f76888a9b0124453918522046796a55c3621ad2c15d

SHA512
cfc2d4bc147bc757054c07a7e347091922d4ff9b7a0f856d0a3c278f5a98fac1a539d05ea5c375868b372f006a530d14558ac7027723f83f3b22087bd12992dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fd222470fa02e4413a446f6dd14d7a2c

SHA1
f41111705698231c6827c6678a3a9b1b8f4d8bed

SHA256
35bb63a996460d84bcf942ddfa49adcae534f303bc6bb9bfb502e4c0f50d6e01

SHA512
170a670bbe69cd91cbf731c5a61205d13a6b5c40e2307a64d3580f40836722ec3a1d9331030b4d9132ed11d4c3b1b9270a37cb73f03327d5c25f0230b3ca3b9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
437c03aa9f0d5c4e3ba446535326bafc

SHA1
1eb4bbd66243a3ce1c2329d27e57020b021d1fca

SHA256
d4f8b4f0ac051f24d3d2d77c8da4ed8240aa75c149ae03898d6538c7bafce834

SHA512
6e754e92e170dff69aaeceaf8a7922300fc627e0c6ce353e9e8e6e7f33478c360cd6ffa4bd03f5ec6a5a98f15e2cca49ee827d98679ef3739f2050d0f1199601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000011.dbtmp

Filesize
16B

MD5
6de46ed1e4e3a2ca9cf0c6d2c5bb98ca

SHA1
e45e85d3d91d58698f749c321a822bcccd2e5df7

SHA256
a197cc479c3bc03ef7b8d2b228f02a9bfc8c7cc6343719c5e26bebc0ca4ecf06

SHA512
710620a671c13935820ed0f3f78269f6975c05cf5f00542ebc855498ae9f12278da85feef14774206753771a4c876ae11946f341bb6c4d72ebcd99d7cff20dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\000012.log

Filesize
19B

MD5
beca1aa35dcafc4943ab24ea48cc6299

SHA1
a0523abc9b98c85f282f5e97f6e7f1a62a882138

SHA256
1ab46701a47552c0210a67a71b25bf32b5756d0d20a76006d0f2e13faea17ae9

SHA512
1b74157bab86e49afb2eed755720b7edbdeffae1bcf1f49e55932e84acd47d12f699a7073eb921ef1fee039c6efe1e4ab21616f792af383e3ef1b1429847fbf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\file__0.indexeddb.leveldb\LOG.old

Filesize
249B

MD5
5852eb82d6b52976fb5e8845b7de3f7d

SHA1
82296c1822e6ce5e4e937c77f1c87702b4ce6791

SHA256
d44f45a855c037d93116751400c43c8935ff630b1d7f9ac9209cecc12b1471cb

SHA512
fbcad1f751e9d860009ac5c39b1539a8f43d95f1f4a8bac192780b45a21c00b5c350678f92f56c3225afe382fbc9bc78b537689300eeabb2b71884510a8b3319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RFf786ff2.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\418e637c-0bd6-4bd1-97a5-2cd6e1fdcd92.tmp

Filesize
5KB

MD5
cc5c5ae766e02009508217f73a1d775c

SHA1
8484595b39aa94c4056dee93cc43b58047680f31

SHA256
80db49ae5fd1fcaf85ba247d14491fc152ed104dfe58c0cdac38706f2e448b29

SHA512
07e1109402e9142d1bf960ce869e65eff97adbb310cbca678d78ac2b3f21d7b0a7ec878635773d491ddffbad6af29098e75b1ece3352a8218c85d945a502e8ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6d65ef9137c817e8e83ea509d8e1db08

SHA1
2efe5999d23a3c0fc75e313be1218409b3a2aad9

SHA256
f9fff2c6c98b15f705596064a753a0d09e19c5b1bacda4c57692f98b7ad21bab

SHA512
4224092fdbc656a9e18bff8da25b2ac2f812da1b6223cd5a9ca43cb5a986964893f8f31a91f60717db17deed38ab6d1475a8a2742b07cc63e2b3d917e520b0ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ca9f3f4aca26bfd420879d97277f4db9

SHA1
8067c7b8664d06c6ba1b3f0eadb961dc38cf77cf

SHA256
8307b404e55f6fed92f9679a651232efd92ebad0f4f34f1023d2300fcd797bcf

SHA512
af5f236f219cf92bd082640571e0fa8949b54a184786a892d987e51a245fefcb5175635a8582852442991a4d6a23f14d3817ad8eddf01f5fe2400820c941cfc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
879bb9146b163440950a4bad59051525

SHA1
124384d6e51dcf4621722595fc66a2dddc896f05

SHA256
6e73999b809313ac17602aa8f14861109be99d8695137ebad2554c538d8a43af

SHA512
e649f12480a00c3cd126502bdd424e77861394f80585352cf5616b06fc9d82584e2a0e8b6f788a5377ec06593cf9f6cc42c8fbb96061fb0d01ef80b181878f1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ff9cf314f098da61ffbeb60b45840fde

SHA1
5765aea21cec0e3c2219cfe0261ae080c94b8d02

SHA256
9446583dffc9244b81bc00ddd5a418cb00e3805dae1476db90e9ac6c48fe272f

SHA512
abcc4c0502bd95a3d3680311f92b7589800ce44163885727c0cf32fef05c4401d4466abe37e9e1b11d5758a960789486869afda6182e0debd5103a459799ac17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
90c276a15abfb69c1a0fd2772f06dd18

SHA1
7079bfab6d0434f4654d687da7a7d6b38b593da1

SHA256
cadc9bdc97cd8cfef1efa02a82263366e429bb055547cccb63ebd29f01def6a6

SHA512
7b38ddc987f1896bd9f40ee80c191c6dbe3c14d46d05c26ff1d6baa16657678c956994ff219fd7c60fac3321355e1bf3fc4f84467bd69e4fb6e6847f4d17a5c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
45c7e3f6719f1c039fb884e8f80d1432

SHA1
9153ffd079ef85ec691c76ec0e910e264b35becd

SHA256
fa5fa8b2664126557cec0a6d817c4c325ffbd1b88c19789afc18bcca9e106374

SHA512
522027a1aab7b07177cf0e83a0c62efc1680c7235078998e09435ae60442e67633705f9b7fa0b0211d93cde693f107a302ed0c1de82d86d63bdc45f5ac4f64c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
43a681a99d5fa30ea9f32dd78a2f3e4b

SHA1
42576e508f08de115b3a0b872b00550adc41d420

SHA256
c3cb5eb8ae0d0c9dd2b1b7e890ab1823c45ca34a2bf8e8ee40173d7e7f55c7da

SHA512
8d34cffada2fc542b0f9b2f3595c4fbf19ca596417faf37f3501446301b601aeeec0d8e1224242b71dd3d2b24dcdd94cbe525bb36c5e549e32e8dde264788418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
513a7bdae645041eb8e1f562629747eb

SHA1
c13eb577489094e86d5ea995a724131487c987fd

SHA256
fbae18875b3cad77114b73765191e674a78400c844b17d8bda46749e6dfe399e

SHA512
f420a5d51198fd3e1ef7f8262b9d0b55d14a2cbc401970ab73ddec5439b1b55f0ca12006c1098d2401ffd7ddd7d5d9b19c90cbf778263a9138749bb5ba9b9d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ae65ce949facbfc8989c2ec699b3fbe

SHA1
0714262ef819dd8b8353d5d19a88925e91c094f4

SHA256
4d6c1fa59d2c77987f57ae83311107d2253f3bd561334377c9fe9d8ea8c73292

SHA512
2cf6851607dc0b6637d403187fac6eec59a7d771c0fee533813997ee98d4ba382110d09c1f096b4a004e8459483d0c26578d3793e5108abc0ae7090dd902e8bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5fbee900d01dd4209b618611c6b3d0d6

SHA1
aeb9b4040efd8c4c3f1e05bfc2810cd687731f79

SHA256
00d317b9917c2845bf5b6c1093c9fad631d9f9b5ff1795c503027ef1939c08a9

SHA512
7bc9b902e188578ad679c5faf619ea009fa6780e7dbded21b370ce6062b6649b6fc4d1e3afa3c9eaf79dfba3db8a2ff20294e9bc82fc4093c8a6aa1aecfbd0d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c9280884f2e0cd95df461b46a79877b7

SHA1
dcffc57633e7a43ab592cb8730741a8c7e85a6e3

SHA256
172975fc7991ca553b3e80010d7f75426841d2652c9e12fe103f8512784a3624

SHA512
32d81001d1afe8253a37ddf89dfe45a24d296870b1705399be293a087b996f3ac89c1dfe83c3f65d540f687eda7a21600c196f608b0e0f366a228360cb8d2a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c60a7320d74414608f60ee3a05bf7dc1

SHA1
ff14618262528bf3ced439ffa46d38178fa4854e

SHA256
7fbf475498925b975eead74cceb42e4b083c3f2ac90cabdd073dcabc71fc014b

SHA512
21d75894b8486c44f52729a43594912b7e0dc75556ef7328e7d9be1e7e2936f47f3577e5c712ed872df3e71a2e5ed8287a08c95ce57c0b49f2a2bcd93a2e3fec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c02e98de3ffec45d62533d1d9fb44633

SHA1
302064eb6c3b706ba318d12e9a5637dee1cf0359

SHA256
d262c5a34008016987b03f6f2142f49362a4f391bc6366b37e67377902cf0b5d

SHA512
336c3b5ab081e0af9410bdef6cb844b5ede2cb376c79d480d9d53ce62082bee2d94d9c91ff763d284592e4f95fbdcd0293c89fcc1b9d43d7522e0b2ea0c933a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
1d7cf2bccf7add0540f8c8d07c9296cd

SHA1
2dceb5af250e5d8fc21e730614a3187ede448c8a

SHA256
128348719f73150625e507a8edf164246fb111da4e501cb02d3c3518ad9bbf66

SHA512
a52217614a98f4af794957a76f38ea5748d5493730a941bbf3dd0bbb25530c65ca7a37fc86bc971ed4052568d03683652b70f5fe69ffb01d7768aed0d036c95e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3cef15c3756dac0cc8d374d08e7e790d

SHA1
2e376727933a885d01b76d62f71e1edc06079d23

SHA256
165299ea5a11ae5354abb02835d4d742070dffeeb655b49306b2ab66db5ef713

SHA512
998106f1ee5d7d354f018477b4ef0983c88209f9fd962a8f75ae59439c94b982daa0f64e1226a4a7c1107e81694bb906383a5a869f5d2aadb6fb53ad63046539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c810128e42d4e31c76b859a7a6c5b463

SHA1
a1c97e48a9e58327bd16bba50bfed4c319857379

SHA256
eca64bce1cc19a3d3af6f2b8d02a4b13c2b3767f73df59347c79919027609132

SHA512
422d5253d340f326a2dfa99a78523922f973cc5c8413da8a392141c985b2dda698a601e412792b2ed0d081e1bd65d00be81fdafa86ea1aa8cf38a26dd2043fdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
73aa392517996e35df7cd65fad291e86

SHA1
b1d64cb5c43b0ff267524a1901d93f25488da280

SHA256
ecae639659578ea1d3ca7825382c5600978f3dd0fafe786c08cc9a4141ce822f

SHA512
9e2b9d558c0c3dbdf4c67e824f85e9db3f98a72046c0ae415f580836f817031c43a655cf6659af94d3ac61da34987108d1f582ea3cf1a0d5dcbc6f5e877a5661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7af1a38517a566b8741b6b063628c785

SHA1
834c9af857e8465d16df4935a7641417993d7866

SHA256
baf45e10966430156781a2aa1a45eaf460fbbb68b44394cc35bc0fcb4254203a

SHA512
69a48dc11edad4ebf48c4a59026a8f55be9eaef12d1db329df588cfc08019a9160431cde9aa1c527e5f9d5f6008c88f3d4eb033239b8eee5ca597c474a369bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7f88bd8afd679d8dd70275bd6f9af5ab

SHA1
16ac46c3834b866af9f13debe58b413a80c672d6

SHA256
422a6af6023b2d9eece20861fc47a194bf6a5cf33145be9c0ab8006ddeb96e60

SHA512
d2967bd7d459b3cf084cb24c39e3a5431f7e1952d3267e84410f08e24c9a7de538034cbde3db3239f8215e35f8441a639941af6bd3b63326519c6db4fbbd655f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
cc7b49a1a3f7ddb806c9bc25033cdb8a

SHA1
d98346d2db326773afd1c911c6486a60a292f473

SHA256
50ac100480c25b517d420c3ea87908172abb95c0aff8117683e2e1744b6d7893

SHA512
8a8eb48405c440e0d138735df5cf4acd7110fd8f956d27685b69c9d7ef3fea4234f8b00765ab76553516c0347cd096e2cdd0eb5d129c03135484ac91d9761d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
20773ace06c34b8d912d2d474adcbc8e

SHA1
1f755307868e8a7b59704a59b161ea4d5c7371a9

SHA256
0abfa5107ea614ec37a98a2476a83e24027e22549206ac2786d58c2adee4ef62

SHA512
ca89b9c9096a4659a7e3c805123f92dc98e0f3b0600c45eaf29921ed6e614980e32111b64469a7a0897b7eac7dc3b0c80fa8d2aa2691cd93e0a5b4c459bd7d35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cf4a3977e7dd30c0533e75f052610768

SHA1
6566a0f05d45c25ff3fc0827aa266cabb97b63f9

SHA256
ea9f3028c401e38c2dbc3d8e46821ecba9132bc697b46b0cded23c2a4a3700e1

SHA512
8fb286ee9dae94669e39d92d6bcc07c947c244515ec23d379095aa4b41c349fadab60e6d2a3dd79341a822171c7d5d2ae57aca56328f181fc3eb46c8b2346c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8117215085160dcfbd028f84ccdc0e56

SHA1
524a4fcfb11a86ecf797cc9980070dcc345a560a

SHA256
381fa67d1f8d756fec1ed60a69f2853d72e0a633dc8c3b5cc17542d7d98aa7a6

SHA512
979ec742ad9c945d0474ebd1d2405e89783299473c23b91d107aef5658b1664f161907b274fb17d84f8099c80fbb71f100c55373ad325e2359349936a4ed973b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e1c2d08aaa7599a41c157975aafca2b9

SHA1
39e3fa7aed49630cda86b60e197e850e2d9764d3

SHA256
82efe645f13182a0db381038fff70898c700b1699e78c80d5e1665a641c7bdf3

SHA512
174679dbea554a541987d184e9fd74327e0a8da8512bc1ddf1b58834972de6df8d54a4035ff493de40b0c9a8e1d5684d916380ae12a737a79053f668dee17fa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
0081c3f068275fdd7a0ec9e139f20317

SHA1
42fa9a048e8a5a195fc8e86a6ab842c3cd616ee4

SHA256
d06dc12d9ab9a2671642a3f6738306206c5b8d70c61244d3b81bf9ba2fa13fa4

SHA512
89df563e26dd5a9875ff72916be34a8daa550b1fc6cd5d246c8d2cf0f6d8622079415d314d6a75f9b4aebb0f549fb82c7f31d6cb4a2beb9140ecce5ee77c376a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e167572f959f6c8b77efe6ab15e9abf3

SHA1
ac39a7e85e909faf4f99f615df48f021cf432697

SHA256
3f652c1444dcf918fa8c8a68760e072606c35baaee33687f0327c45f7641dc15

SHA512
9521c6e69b77039861615dc44b14d22dc5b66c2b4472a1ab8ad2e150404a75435c682ec94f1cd3bf3cc95c6bddacce15b4ad1431ba23557781bb3a44eea8cdb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
67d39c4ec5967b74e76fe3261a246f96

SHA1
ba241e34c39ee7b042c8201562fd6f6bc3e99991

SHA256
c3cdc75a0cd7e1ff4883ade22038dbab5690459a50547746491afb80f719b1bf

SHA512
20da24d7768276b8912cc07607de8e7fee280bbe7223d2f1766c5a7e8261c575834e5e55ad89e1be9ce7de300fdc6d3457edec992feba7a415e1a95d3b9b5d54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
913525229a556145d981ee5ec9b916ae

SHA1
ffef23e539f1fa07b9bdc15bc10748ad44f8c0f8

SHA256
0ed986bef0cb3019551df82c09387604a2c3e8085e42e8512c3ad5966e48b74e

SHA512
305a1dfa5a2c2babf2122cfac133233d16047cbe608eedc4a21e2d92d49f7d3d5c828904e1987b9bca3b73fe1169ddc1177b6227da932a9cfb9aaaf654cf39d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c101ddc71e65993966c7c30ad4c975e5

SHA1
2c6086e33af6c4a790f98495f81a49d7bd9353bc

SHA256
ca23f0243f00054cf65c3614b906b13a2b6ade7df194c7bb13f51089d834ba08

SHA512
a527a42fa281dfde82db1774128edb62024fb3aa4d87a6841aef21d938379751ddef2d14f2a5e2dcf105ea3a1c6087e7b6d466f7f10104b10be5b8f579b34657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1e3d08cc15efd81f7e4e00ee9316f95b

SHA1
5d646febfc3bc666fb10f41429f343e7db27165a

SHA256
c436e8f42418f3914c5801fce08be182a5e9b78e282a0d94ab19c637e11fec3f

SHA512
e11fba53cf7cfb468091f1eee2544fae839854b787e5b4965933cc165ee7ee1b2eb7a29388fe135efb0332a6b8eec2542039db25816a7db5d96e5187091accf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
643fac47145fa8e5af7c43689e7a00dd

SHA1
63f7c73a9606b772c3651adeef0882c8c3c8ac93

SHA256
97488eb8ca6603ce539364389f8711b115ecaa92fb8644595f5d28bf2b3de5b6

SHA512
686b756080c9393e72120af527fd4f3f0a063f52231dfc64b10fe536690955e2dabccbb90640aef58295a3d022b5c9d3d7bc92d6f995a0f44f9bf82dc526c0a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
60734e061bb3cc17b4ed71edd65c0451

SHA1
08c0f0ad08da9a1b2089582bdd653d4ba6581eb0

SHA256
85f8cb90aedbfd17b2560cc80677fc7f1e04e6a182123ecc42c9f835dc763179

SHA512
12e5960cbc782dfc27b973291983f9e7f97e13ecbd72be291aad8e606806fc5b265cbfa6f25c07d8add395ff6f0f2fca9904570de3a14c339c3b31e615710b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
455ea59475a60545afeb66f847afdbc8

SHA1
400cc42fa47ebac2c8cf6eee4cc6b54d922484c1

SHA256
b85ab127712062fe70869f1c48378bc1bee4889b949a74e94a372f98e14d6552

SHA512
98ffe7fc79074da13da258c74a31ce6f6a9f31bdff943ad42ac8ebda1e1c3a11e73edbc5a6e4beececbf577f29c5a8b9b5fd450d080c869388e129c5a065b4c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
49b263927bbb00442f4eac0cf27d59e8

SHA1
96c99cb18c1267118af75573b51a7788081e47dd

SHA256
65cdb948c350d652d87e6a2433d1b36c28fb084ec4e03c10f22ce5f86985559e

SHA512
a3b13c18949d0ebf2e8eae26c56fa9432d0f14df00f3962f25b1dfef852466afa3aab8635bce871494c9ee120baae43569f5ff94ad3df825767b847c840d7459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8bd30ff838a6ba621f459dcb1ed8adb

SHA1
d99f883b58f089bcf898710fe2ca7d0c586a2513

SHA256
ff7c1942b150af08df922e03215d998d882f670c481e08ba6a2b436a6c43885e

SHA512
e9f795148f40be4ee2fd0e0e89e22bbc3238d41894d2e6c824c05d2ccbbe2b2455b800a4b0afe821d0ab98b6398a2cbd0388786d2e5c8a59d720ba01cbed38ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
663371020b71ac49cc346a36abff0982

SHA1
435cec32a0bbb3af052fe01e82f7cc7ccd7d3acb

SHA256
cbf363535ff68402cc5140da8d9bb5633069cf0e543c792777643f5070c41d2b

SHA512
d0bb792d60c240d4ff6d82ccbdf90fd2c09002163bddf5a297dd13be56701705d4a3acec126727a52da4638ab08c7d0c24fbcb202b07a7d56bb25fd1098c2024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e30d31b78d2860f1cf6f036cb584752d

SHA1
3e52e8d6fa2c33454d24b1d4b9395d59429b51b6

SHA256
a9a9093327b116951e6b9585e109cc954598ece9f06464f6916ea61277a2f965

SHA512
a8251fb8b5e022e2f43f41b2cce5df57ca381f831e7990ea4719eb924acc7ec6869bb5b59e2790d087a5b937951906d509f156d7a81b71f1d93a18db842a62c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c7ecb6ed22fcab4f72a18babc4992c28

SHA1
d55cbcd834fabebe4f50424cd3c9f62e0bfb30db

SHA256
fbad1700fda19107aafb551685d2f6ddf8b674edd62fa429e390a053f3d98125

SHA512
f9fb9074168c20ffe2496c73eca892809139bd27e34936a6fda75c4157883f606526e93073f26c1bf21bb2eb59e1fe50484cc8755716394546671339e000bd59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8eaab1657a7a007ae71e2df543b5b3c1

SHA1
ef509f05c6effc9d81a83008c2e80c873b735b7e

SHA256
ce2212eadc69878b1233dd2deae5a0c95268011710a564fac07b38f42fe10292

SHA512
0d5b619f8d73ab993e4f747ae8feb8d06b586a67df242399bf95c0bc88d3b36c659af43e87777124b89a88445f4cf44a6b7cbc8b65dc5eb0d5b4382836e7ba25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dc7e4211be26941da9ede0cb93c20601

SHA1
83374ec683aea8b2609b81126d050baf9512cbd4

SHA256
fbcb4336295de56d2f0397997279c7a85fa0bf7b0f240101f88fa08cb8e8572b

SHA512
43f1ee6c868b558c1ea911bea3bd25026b3ab84d72ac7bbc1804d02ff39fcd7094e012bf22dccf693ae1fcd1f123d18997bdf6315c02b01bf05061e187548847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e201cf4830de3a517572d1904e9ffd3

SHA1
4ac74df7c5c6c4ec7c997da366e1ec5aef208042

SHA256
d6685ab6b76f189c5cebc3bde9d288fcaedd156374d048b62a0eb6078f9f975b

SHA512
8004805426cac7676379f6fe1e89bcbd7d9da0d583dc2992771aacffd208bd81957ee395b627f4c41772a4efdf35c6fbd8e4eafad017403b28fa0d9a6c48ba28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000013.dbtmp

Filesize
16B

MD5
a6813b63372959d9440379e29a2b2575

SHA1
394c17d11669e9cb7e2071422a2fd0c80e4cab76

SHA256
e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312

SHA512
3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
341KB

MD5
3f5ab51dab7aa9c088e32724a1bb9d12

SHA1
b40385fe6222286c32301da6ce6dba3e1ae1f4f4

SHA256
fdbe4c40b19faa230a79a7b98d758d5b38d2b4c4c330aaaab343e3925f699df9

SHA512
8b2eba33ba1fd662095528c9d6d9c3db1592135aa328531a709e3ecc825981bab4369cf1076a86f03e44f8621b5a7ad85b51c5049ed7601490f8f48f743162a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
341KB

MD5
77419ef440b345306d23cd74d3cc6d9c

SHA1
c139ce4a0141b4e6c0191103caf9093b32e7e6df

SHA256
95b09a7f46dcf6e438f949149aee139f1875e96125256f35cb51a584d25da0e2

SHA512
d0c740f3cbd747efa5a49052166608e311785c07a4dd372fe10981d21dba2b8ba6da20b7051cfcfb18e351560140ecef918833670dd415074d9881adc0694b5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
1e36fcb50941257aa5765f795b94589f

SHA1
2b0f1e422607d994a65b224e688783e07437239d

SHA256
77139f2846ff4ecbc8f729d6f60c4c2e580644aa5083b07286f5d1793c58979b

SHA512
0b293ec0e44a2cce5f8bd0d03e6644079be9bd63472e61f2d332258d144070cc3b996c2c31322f537148e0f9f54e5b600431d61da0b368a7d15c22b08c633f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
363af05cbb6bff9eb919eebd49846d35

SHA1
1e742183fba0118456db3f9fab0d31abd33eec39

SHA256
44413b92d926d4ea4f975befede674d3a2a0ddcf966a0ceb109db427136f3b58

SHA512
d3d7e1dc52540e1aefe24fc5437e9a9f7fc7e215fe20265378db7f3e8748eb804940022e63f8df4eec50daa13b4269da3a459032415ae84eeb7a3fb0f01fa5f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
06d9f2e105bc1f955656c54098c056fc

SHA1
6318b4f67483630509f6392e31539cc8b1830fa2

SHA256
b83967a19854dda18a20abf376f6a8caee6a61d42249f6003be36ce6bad50a96

SHA512
74656143eaae940096867cc171a59404665177c6d5e6f653193c709b879a8612c58ce93e1db3097031d7b1c0e4bf378511d22ef41f7c94c42e92990aefa0bfe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
f46a82e6f121d9a1ee6a4e1aa5c56dab

SHA1
29339f6e6e06a34940f4b41c851e48aec7ea66d2

SHA256
abac9c4905127fb40f98bab7cb3358459866d0b39d877843e33103f3aafd84e3

SHA512
4f9bcc30d860d30f48f5dc706d552108ecfecae01eb57121d0b6ef5f015585aa516530a785a64e4ca16c45123663334d3c83f70be4011bb9e27858e32533b962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
77KB

MD5
7819e002ae6af42c596057d960289cc5

SHA1
530c540b296b38e8a94259b65207d766b1a10fd2

SHA256
b9d5f220a2c3a75fe7b94b231f396ef40ee4608e617a01fe28b090f92adee45c

SHA512
b9c41811f9ac671cd2a1382674cf2c31c40c72129edd0e17245206922baa50268c66a94a521ac4a97e5d338943ba787704928d69379cdfe7022bca8c1f7eee2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b78c7320-1026-4f15-962f-d45a543ad473.tmp

Filesize
176KB

MD5
55e18a34831e32d392590452041b17b2

SHA1
e2ac064a57707a347ebce70937e9726b90083041

SHA256
4a11b6f2bd6300d767a58f56b4c0d5a28734ad064020a34b88d513d299e42c64

SHA512
0c769f893fd1d6b354d79e1ced3dd5dced4c3ddcf2297486f6e24c86ec2cbb5d26485d84d1b2855fc243845ed42efa5afcd91f725dde8ee5853728200c828359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ec75a55e-6be6-4d1f-b52a-9bf811ab0355.tmp

Filesize
341KB

MD5
f09f6e7ac5525893ce5b7b31b6144fcd

SHA1
1c0493c0e84d43d1b9344c520c9316beeae95b44

SHA256
f368776a446cb0639622f8ae6de5efb2643ea0267f1f5171d41a498e6e705730

SHA512
9b6358acd011b2a8ff676f366a9b6243a5045386b86641a7428b9491c64e77edfd9524a4a112707e08f721112cce3bb6ee260b16dc3954027dce5554510bc50d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDF2A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDF6C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
6.5MB

MD5
bfbd6cc26087166af3a64398260ead58

SHA1
c50f08bffce2a709dee9af3ae6b96bb482abd4f9

SHA256
95c5f519a5f729ec1205f9f1c69b3e370e468ed5d1c7675502a9c9ef227509c9

SHA512
c23683291b4b0e0f555fd715ba6e685faa5a952df95c70df69010e2f6c9f0fd7f593f030fab068207ff97583e049b52674e85bd41fc5901f817b4ec080d945e3

Download Submit
C:\Users\Admin\Downloads\home.htm

Filesize
88KB

MD5
4b9cefa46c41a8bc2701ec56e24e1b15

SHA1
02f980bdfe378f25caccdc078a9b86f77982534a

SHA256
c64a0c2b6c2754725cff0654687362e7b4090a98e102ce5d34764b229a055eb4

SHA512
82d809dbe2541c2a2bb8b39d79a32365dfb50150ba67743e6f2bc51969713d9d3a1f43610729dd25e97173ce5e36abf2a1aeed80ac8d86c875da77a1621b5420

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
37281aee17ba395f79d9bcdc0fc9478f

SHA1
fba8b7f1c4a0e969daf8b89e85ddffadc27f35a2

SHA256
59ce0abcab9cf590c3165660e69f68aa1cf52d36fb5e1962199a6aac8bea0afe

SHA512
110dee9cbce4d16858e9e6fd20f638abb6feb22aa9205e7fa6c6cacfa9a7f616e0ab9faa0a99c7f0fcb94f3e4fea9c3d3637e4e55c2b79e5549ee8a4a477f5f7

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a84771bb1e4792e8a8cc1a469377b833

SHA1
e5514d814f8601eaac5918054aee8b6880d8a2b4

SHA256
a2e21848395786fa638f2418216da015b2f5c43dfc57e5ff0d4a1d7f9f5fea59

SHA512
5f47926605798a4bd020b96dba400ccbd8aefb1491f3ed23899a36134042aff211f261a3448ec7dfee18c6447ca552c71cdb2571f15fcff2933fc7ffe575a71d

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de065c834594cc7a62a12384be4c6f20

SHA1
4d115daa71760cd88f1dfa023e5ebf6faf98eb24

SHA256
1d5cb2d8d23aefc41c41d5b6313fa13b4e7429ee90c6a3dcdb2e41e5659ec3b8

SHA512
fccd40b3e4b9eb813096b8f72aea538ce0494df7b03ebde83df3c9f2bba7301d4f676afdbecb821edc3936f31ff1fe04ca8aeb401cadd09955365e473bafab6f

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59229f03e8e17a1a60aebce3ee360672

SHA1
f3dca20f66a74fcc3ad1e1851d7b9ccaf972dc5b

SHA256
0ce399ff588c21fd32a2ae9533bc89760931a521c4289f92a0a59beb18847d43

SHA512
fc9ad92ad454bc2fd6ca0a6adeb9b8826602212a4e1c9b379bf8ee79639d0f47878802be55133513d9671dede671cb390a734b74ffc663cc627cdf7152d8945c

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38c7e087a033712538c4dc7a08e60584

SHA1
d741b7d6ab4c50b3dcd5d7072936404672565537

SHA256
201087fe038565565f7e1a4189e523e6f838f603eeaa3c4e6988b29c22f770d8

SHA512
3769fd5aff089ff79db09d31bfe84c79e729342fb70dd253d541467253a48d2bc249233f7f9b480328ddb71148df14b602ba383514fdef28fb7355b8ef7dd644

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6dfa4f4b41e421305167d19c52b63023

SHA1
b25f34876cfdd7376b984538c0da2bf0d09532dd

SHA256
74c54c7304987ebb08920bf86119519c4b5e0b49f2f1f044045b95fd4d3cad7e

SHA512
4d528abd1a750600cdb48a7441ddb565f00eaf658b35fa93b168959c5c1101ace3d95332e02f29448b69f6bf4f2db015440044504abc512f91cd7497e9026537

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46816b353d6b68f23918c5bb72f3189d

SHA1
8217c35674a840582c949bacd917a503b8cd7d5d

SHA256
30b6a3ac13a852631a91e88a459170aa2fdd6c8e47086dbade4d2653f1566142

SHA512
9817107bf712b3a7712c8c818b7d21562fa8588c0a5609df801bd796a50edf4afab123728555d8ffb73ee9c264a7c62987ef27b1c234c4f581bbd1d3b22e4993

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
712d42ca6077e30b547f8727930df2e5

SHA1
574e07f16fe73dbc99a4e1e9d13277382a60e9e4

SHA256
24c64c9bf0772706e753943aba420b6c197625fa00ccf95f9332728771f3d7b8

SHA512
f7f330515d593cbe94c7abeeb4bd7202e3ebb02676ba321fc83bea18d9dc5741752e3556c62ac75c25817942a2e48396cd4d43bb8aa0f622f3e75594e4d30fc6

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3aba320e4ad97e1c883aaf1eb522e055

SHA1
a6c99b8e868af01d2b299b8ab75837ca4d7fb8ed

SHA256
7430eea2ec78b617fd4b04b041919f3fd075dc220516f28d81b00c111215b1c2

SHA512
182f67daa0ba0bdc939e7a384bf64f2ebd74b221c43089edcf937777d17efc1a34f5761102d1e30134314f72fffb37988e21d3fb30e6eb6dfbd94e63973d28c1

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bb5b1acdd3accff9c112c892c0ab6c3

SHA1
695d315f6a95510030df2ac71d98ed23f1760973

SHA256
9699b42c7bf064fedf05d4535a3ac4abfc2cc68e2e07366e2c9b9e34fe092af1

SHA512
2065a5a404eb55a5773be47c5cac870cc0a938080529eef5432dade9763e8130c76eac4e88f30b34f87c4d44f8224ffa570f0117a3dc15e4ffcd693b51cdfd68

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d82f8fe43be130d5d3cb264f9fc5cea

SHA1
f94ff44f1c5bdbcfb572014e02fb98a593ea90e4

SHA256
14fd61250176d09ccbcef5777118177bbb1141c90bb2123dcc7745e6f179e912

SHA512
3304ff381dcc887d1b2b6f315996cfeaa22c7d92369961af4706913f14b15cc367bc5bb2203ab5c05e184e369574f6ae97e4ed950aa4b26684df5fd480bedbc2

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
428dadb3be33f9179131f28af93ef8a5

SHA1
2e263be2e8ac527958c52b383018a17c5cc51258

SHA256
674583e28bd9d36e28f9511eb8e30a5f855199c3e5b271af4f9058d679d9c287

SHA512
425a22405e9509b0c12ba1ab82857a711ad491b07f2826ec1b9064586bb0f08f861adcd36901faae00dba368daddf5eb6122d6d2bb94dec3f919a57278f6e9fc

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3317b14a1818a14ae3a69a9dfa2bd9e2

SHA1
e35f967108de992dd8770edc0bdccde5b3e50681

SHA256
df085f84be5129e9c17f729eb8bc8b8d4980232d7f24684f02c02b934f398613

SHA512
1a285f4b5bb4be89459751d141eac9a8af89a8c2091f3b4362017d6b445150cf8d7803c8363142b389e4e7da173d7c971ae6ef5a0bd566baa0a5508b8765d0f8

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d46ffdb5d970ad476a9897cd0b9a325

SHA1
3289bfc02a7ea3409dd2806e08351d777262b87c

SHA256
919420977b98d7886f0c54845636f111c786c1b61fd9ac59f6fa4ac6a8891912

SHA512
cfa31286286aa0ed37254990ce655e37a56888bc7ebc33e999508f2bc0144fc9e0634510fb6bc7c4303c66091b4d0078a9122d25b105f542a4e34b7d23ef1c64

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
74d934010d0fbd9c683231456a2739f7

SHA1
c6991a3d46394f79f9136cf434c3beb76c56c11f

SHA256
a3fd40b087c48d2bdb478ef356c5cce79edfe97d115a1a1896eff85bd30cb8db

SHA512
59ca7753bd995bfabce2c37b5ec59db30960daeaae732c08c415bc940d441d1274eb223a92d9137992852a5fd130d6acc04952424e007e296511f07cb1636658

Download Submit
\??\pipe\crashpad_2740_UTZWKEMWGIAYTCIQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
\Program Files (x86)\Microsoft\Temp\EUB6D1.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
6.5MB

MD5
fec78f1ab5646cbc24229181de0c504d

SHA1
571db81600725ca17cf8763752103423c0ed09ae

SHA256
0ea5b6fba50d2a05704486398ece6ecee7a859a69e021b21cfd0dc08f4d39f6c

SHA512
4d4601c191d16f7cf18d073a7ce425aa52998b4316ca916cbb36d6ea9e8758a03697b2e4111da08dc63022e6af5353a885deb3e3226e26af27e1df7effb7102c

Download Submit
\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
memory/904-2272-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/904-2887-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/904-2619-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/924-3025-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/924-2992-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/924-2005-0x0000000000290000-0x00000000002C5000-memory.dmp

Filesize
212KB

Download
memory/924-2957-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/924-2006-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/1660-2913-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/1660-2242-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/1660-3026-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2376-2990-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2376-3005-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2376-2955-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2376-2921-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2376-2966-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2376-2932-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2376-2243-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2376-3038-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2376-3027-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2376-3001-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2376-2944-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2376-3016-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2376-2618-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2876-2215-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2876-2490-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download
memory/2876-2821-0x0000000073AD0000-0x0000000073CE0000-memory.dmp

Filesize
2.1MB

Download