Resubmissions
07-10-2024 18:32
241007-w6nnfavfja 807-10-2024 18:22
241007-w1dahs1djm 607-10-2024 18:16
241007-wwl2vs1cnr 10Analysis
-
max time kernel
1047s -
max time network
1048s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
07-10-2024 18:32
Static task
static1
Behavioral task
behavioral1
Sample
NocturneLoader.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
NocturneLoader.exe
Resource
win11-20241007-en
General
-
Target
NocturneLoader.exe
-
Size
607KB
-
MD5
4a5b7c6a9592dd295c6c23c6b17eae92
-
SHA1
538654fa1a9453483ab2d051fad9dfe38cfa2b3e
-
SHA256
4c3fad8ea837861fe54356ad6e7e40cce2fe305b9cb323f07d8802c93a440b70
-
SHA512
47144a0eac75fb8a4653644441c8f3805e98cf82e681e89288603497ca44b2a43e1c3e794171113bd8744bc712cef31578f0e4f8e54ac029f9613531820ec248
-
SSDEEP
12288:Cs13XpHNz+8cbkAklsOnb7Ev812q94GEwX/E+:b3XbzzculsObQva91DX8
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
Processes:
setup.exedescription ioc Process Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\129.0.2792.79\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components setup.exe -
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exedescription ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 43 IoCs
Processes:
RobloxPlayerInstaller.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_129.0.2792.79.exesetup.exesetup.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateSetup_X86_1.3.195.19.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_129.0.2792.79.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exeMicrosoftEdgeUpdate.exepid Process 4764 RobloxPlayerInstaller.exe 2820 MicrosoftEdgeWebview2Setup.exe 2064 MicrosoftEdgeUpdate.exe 2024 MicrosoftEdgeUpdate.exe 3372 MicrosoftEdgeUpdate.exe 644 MicrosoftEdgeUpdateComRegisterShell64.exe 648 MicrosoftEdgeUpdateComRegisterShell64.exe 3136 MicrosoftEdgeUpdateComRegisterShell64.exe 1188 MicrosoftEdgeUpdate.exe 1764 MicrosoftEdgeUpdate.exe 1424 MicrosoftEdgeUpdate.exe 1564 MicrosoftEdgeUpdate.exe 3968 MicrosoftEdge_X64_129.0.2792.79.exe 4128 setup.exe 3864 setup.exe 2672 MicrosoftEdgeUpdate.exe 4892 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 1864 MicrosoftEdgeUpdate.exe 4408 MicrosoftEdgeUpdate.exe 2016 MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe 4416 MicrosoftEdgeUpdate.exe 3508 MicrosoftEdgeUpdate.exe 2012 MicrosoftEdgeUpdate.exe 1148 MicrosoftEdgeUpdate.exe 4028 MicrosoftEdgeUpdateComRegisterShell64.exe 4068 MicrosoftEdgeUpdateComRegisterShell64.exe 1444 MicrosoftEdgeUpdateComRegisterShell64.exe 4704 MicrosoftEdgeUpdate.exe 4720 MicrosoftEdgeUpdate.exe 2364 MicrosoftEdgeUpdate.exe 3904 MicrosoftEdgeUpdate.exe 1644 MicrosoftEdge_X64_129.0.2792.79.exe 3092 setup.exe 2932 setup.exe 2688 setup.exe 4632 setup.exe 784 setup.exe 4524 setup.exe 1312 setup.exe 3468 setup.exe 3112 MicrosoftEdgeUpdate.exe -
Loads dropped DLL 40 IoCs
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exepid Process 2064 MicrosoftEdgeUpdate.exe 2024 MicrosoftEdgeUpdate.exe 3372 MicrosoftEdgeUpdate.exe 644 MicrosoftEdgeUpdateComRegisterShell64.exe 3372 MicrosoftEdgeUpdate.exe 648 MicrosoftEdgeUpdateComRegisterShell64.exe 3372 MicrosoftEdgeUpdate.exe 3136 MicrosoftEdgeUpdateComRegisterShell64.exe 3372 MicrosoftEdgeUpdate.exe 1188 MicrosoftEdgeUpdate.exe 1764 MicrosoftEdgeUpdate.exe 1424 MicrosoftEdgeUpdate.exe 1424 MicrosoftEdgeUpdate.exe 1764 MicrosoftEdgeUpdate.exe 1564 MicrosoftEdgeUpdate.exe 2672 MicrosoftEdgeUpdate.exe 4892 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 1864 MicrosoftEdgeUpdate.exe 4408 MicrosoftEdgeUpdate.exe 4408 MicrosoftEdgeUpdate.exe 1864 MicrosoftEdgeUpdate.exe 4416 MicrosoftEdgeUpdate.exe 3508 MicrosoftEdgeUpdate.exe 2012 MicrosoftEdgeUpdate.exe 1148 MicrosoftEdgeUpdate.exe 4028 MicrosoftEdgeUpdateComRegisterShell64.exe 1148 MicrosoftEdgeUpdate.exe 4068 MicrosoftEdgeUpdateComRegisterShell64.exe 1148 MicrosoftEdgeUpdate.exe 1444 MicrosoftEdgeUpdateComRegisterShell64.exe 1148 MicrosoftEdgeUpdate.exe 4704 MicrosoftEdgeUpdate.exe 4720 MicrosoftEdgeUpdate.exe 2364 MicrosoftEdgeUpdate.exe 2364 MicrosoftEdgeUpdate.exe 4720 MicrosoftEdgeUpdate.exe 3904 MicrosoftEdgeUpdate.exe 3112 MicrosoftEdgeUpdate.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
RobloxPlayerInstaller.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerInstaller.exe -
Installs/modifies Browser Helper Object 2 TTPs 8 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
Processes:
setup.exedescription ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" setup.exe -
Checks system information in the registry 2 TTPs 24 IoCs
System information is often read in order to detect sandboxing environments.
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe -
Drops file in System32 directory 1 IoCs
Processes:
setup.exedescription ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk setup.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs
Processes:
RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exepid Process 4892 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 63 IoCs
Processes:
RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exepid Process 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 4892 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe -
Drops file in Program Files directory 64 IoCs
Processes:
RobloxPlayerInstaller.exesetup.exesetup.exedescription ioc Process File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaApp\graphic\Auth\gradient_bg.jpg RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Locales\uk.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Trust Protection Lists\Sigma\LICENSE setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\explosion.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\StudioToolbox\AssetConfig\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Controls\PlayStationController\PS4\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Trust Protection Lists\Sigma\Staging setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Trust Protection Lists\Sigma\Analytics setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\avatar\heads\headM.mesh RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\fonts\families\Jura.json RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\AnimationEditor\image_keyframe_constant_unselected.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\particles\explosion01_core_main.dds RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\StudioToolbox\ArrowCollapsed.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Controls\DesignSystem\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Locales\bn-IN.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.79\Locales\pt-PT.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\identity_proxy\dev.identity_helper.exe.manifest setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Locales\cy.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\CloseButton.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Controls\DesignSystem\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Controls\PlayStationController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\InGameMenu\ScrollTop.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\VoiceChat\MicDark\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaApp\icons\ic-games.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChatV2\ic-friend-empty-border.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Locales\bg.pak setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Locales\it.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.79\Locales\es.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\configs\PerformanceConfigs\rofiler.tools.js RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\Debugger\Breakpoints\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\TopBar\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\VoiceChat\SpeakerDark\Unmuted100.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\sky\cloudDetail3D.dds RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\particles\forcefield_glow_alpha.dds RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source4128_456882702\msedge_7z.data setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\MEIPreload\manifest.json setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\identity_proxy\dev.identity_helper.exe.manifest setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.79\msedge_100_percent.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\TerrainTools\mtrl_ground_2022.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChatV2\actions_notificationOn.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_1x_6.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_2x_1.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_20.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_8.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\fonts\families\IndieFlower.json RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\msvcp140_codecvt_ids.dll setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Emotes\Large\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\TouchControlsSheet.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\fonts\TwemojiMozilla.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ControlsEmulator\Quest3_Light.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\VirtualCursor\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\InGameMenu\TouchControls\controls_phone_portrait.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaApp\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChat\graphic\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.79\Locales\sv.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Locales\mt.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Locales\ml.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\AvatarEditorImages\circle_gray4.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaApp\graphic\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaApp\icons\ic-more-settings.png RobloxPlayerInstaller.exe -
Drops file in Windows directory 38 IoCs
Processes:
setup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exedescription ioc Process File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\msedge_installer.log setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\msedge_installer.log setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\msedge_installer.log setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\msedge_installer.log setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File created C:\Windows\SystemTemp\1f6473ce-d830-4d9e-afeb-45106919bd68.tmp setup.exe File opened for modification C:\Windows\SystemTemp setup.exe File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\msedge_installer.log setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
Processes:
msedge.exedescription ioc Process File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 22 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateSetup_X86_1.3.195.19.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerInstaller.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeWebview2Setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RobloxPlayerInstaller.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs
Adversaries may check for Internet connectivity on compromised systems.
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exepid Process 4416 MicrosoftEdgeUpdate.exe 4704 MicrosoftEdgeUpdate.exe 3904 MicrosoftEdgeUpdate.exe 3112 MicrosoftEdgeUpdate.exe 1188 MicrosoftEdgeUpdate.exe 1564 MicrosoftEdgeUpdate.exe 2672 MicrosoftEdgeUpdate.exe -
Enumerates system info in registry 2 TTPs 5 IoCs
Processes:
msedge.exeRobloxPlayerInstaller.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxPlayerInstaller.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxPlayerInstaller.exe -
Processes:
setup.exeRobloxPlayerInstaller.exedescription ioc Process Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" setup.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" setup.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\129.0.2792.79\\BHO" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\129.0.2792.79\\BHO" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio RobloxPlayerInstaller.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy setup.exe -
Modifies data under HKEY_USERS 64 IoCs
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exesetup.exedescription ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge setup.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
Processes:
setup.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeRobloxPlayerInstaller.exedescription ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgIds\MSEdgePDF setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LOCALSERVER32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\ = "Microsoft Edge Update Broker Class Factory" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ = "Microsoft Edge Update Broker Class Factory" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\Enabled = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "Microsoft Edge Update Legacy On Demand" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreClass" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\CurVer\ = "MicrosoftEdgeUpdate.CoreClass.1" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591} MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\CLSID\ = "{8F09CD6C-5964-4573-82E3-EBFF7702865B}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.19\\msedgeupdate.dll,-3000" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\Software\Classes\.mht setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ = "ServiceModule" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ = "Microsoft Edge Update Process Launcher Class" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ServiceParameters = "/comsvc" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CLSID\ = "{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\MSEdgeHTM setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-d2bde6b0a05e4840\\RobloxPlayerBeta.exe" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open RobloxPlayerInstaller.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ = "Microsoft Edge Update Legacy On Demand" MicrosoftEdgeUpdate.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\PROGID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{31FB561A-CD57-4AF0-AE52-5652A86256B1}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe -
NTFS ADS 2 IoCs
Processes:
msedge.exemsedge.exedescription ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 138374.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 46 IoCs
Processes:
NocturneLoader.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeRobloxPlayerInstaller.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exesetup.exeMicrosoftEdgeUpdate.exepid Process 1472 NocturneLoader.exe 1472 NocturneLoader.exe 2316 msedge.exe 2316 msedge.exe 4968 msedge.exe 4968 msedge.exe 4700 identity_helper.exe 4700 identity_helper.exe 4064 msedge.exe 4064 msedge.exe 3836 msedge.exe 2860 msedge.exe 2860 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 2976 msedge.exe 2976 msedge.exe 4764 RobloxPlayerInstaller.exe 4764 RobloxPlayerInstaller.exe 2064 MicrosoftEdgeUpdate.exe 2064 MicrosoftEdgeUpdate.exe 2064 MicrosoftEdgeUpdate.exe 2064 MicrosoftEdgeUpdate.exe 2064 MicrosoftEdgeUpdate.exe 2064 MicrosoftEdgeUpdate.exe 4892 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe 1864 MicrosoftEdgeUpdate.exe 1864 MicrosoftEdgeUpdate.exe 1864 MicrosoftEdgeUpdate.exe 1864 MicrosoftEdgeUpdate.exe 4408 MicrosoftEdgeUpdate.exe 4408 MicrosoftEdgeUpdate.exe 3508 MicrosoftEdgeUpdate.exe 3508 MicrosoftEdgeUpdate.exe 4720 MicrosoftEdgeUpdate.exe 4720 MicrosoftEdgeUpdate.exe 4720 MicrosoftEdgeUpdate.exe 4720 MicrosoftEdgeUpdate.exe 3092 setup.exe 3092 setup.exe 2364 MicrosoftEdgeUpdate.exe 2364 MicrosoftEdgeUpdate.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
Processes:
msedge.exepid Process 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe -
Suspicious use of AdjustPrivilegeToken 10 IoCs
Processes:
MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exesetup.exeMicrosoftEdgeUpdate.exedescription pid Process Token: SeDebugPrivilege 2064 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 2064 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 1864 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 4408 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 3508 MicrosoftEdgeUpdate.exe Token: SeDebugPrivilege 4720 MicrosoftEdgeUpdate.exe Token: 33 3092 setup.exe Token: SeIncBasePriorityPrivilege 3092 setup.exe Token: SeDebugPrivilege 3092 setup.exe Token: SeDebugPrivilege 2364 MicrosoftEdgeUpdate.exe -
Suspicious use of FindShellTrayWindow 43 IoCs
Processes:
msedge.exepid Process 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
Processes:
msedge.exepid Process 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe -
Suspicious use of UnmapMainImage 3 IoCs
Processes:
RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exepid Process 4892 RobloxPlayerBeta.exe 660 RobloxPlayerBeta.exe 3712 RobloxPlayerBeta.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
NocturneLoader.execmd.exemsedge.exedescription pid Process procid_target PID 1472 wrote to memory of 5032 1472 NocturneLoader.exe 78 PID 1472 wrote to memory of 5032 1472 NocturneLoader.exe 78 PID 5032 wrote to memory of 1408 5032 cmd.exe 79 PID 5032 wrote to memory of 1408 5032 cmd.exe 79 PID 5032 wrote to memory of 4256 5032 cmd.exe 80 PID 5032 wrote to memory of 4256 5032 cmd.exe 80 PID 5032 wrote to memory of 4084 5032 cmd.exe 81 PID 5032 wrote to memory of 4084 5032 cmd.exe 81 PID 2316 wrote to memory of 4676 2316 msedge.exe 85 PID 2316 wrote to memory of 4676 2316 msedge.exe 85 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 2464 2316 msedge.exe 86 PID 2316 wrote to memory of 4968 2316 msedge.exe 87 PID 2316 wrote to memory of 4968 2316 msedge.exe 87 PID 2316 wrote to memory of 3592 2316 msedge.exe 88 PID 2316 wrote to memory of 3592 2316 msedge.exe 88 PID 2316 wrote to memory of 3592 2316 msedge.exe 88 PID 2316 wrote to memory of 3592 2316 msedge.exe 88 PID 2316 wrote to memory of 3592 2316 msedge.exe 88 PID 2316 wrote to memory of 3592 2316 msedge.exe 88 PID 2316 wrote to memory of 3592 2316 msedge.exe 88 PID 2316 wrote to memory of 3592 2316 msedge.exe 88 PID 2316 wrote to memory of 3592 2316 msedge.exe 88 PID 2316 wrote to memory of 3592 2316 msedge.exe 88 PID 2316 wrote to memory of 3592 2316 msedge.exe 88 PID 2316 wrote to memory of 3592 2316 msedge.exe 88 -
System policy modification 1 TTPs 4 IoCs
Processes:
setup.exedescription ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" setup.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe"C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1472 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
PID:5032 -
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\NocturneLoader.exe" MD53⤵PID:1408
-
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵PID:4256
-
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵PID:4084
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb92c3cb8,0x7ffcb92c3cc8,0x7ffcb92c3cd82⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:22⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:82⤵PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵PID:416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:12⤵PID:1628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:1980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:1564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:12⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6624 /prefetch:82⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6628 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:2100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:12⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:12⤵PID:1528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7256 /prefetch:82⤵PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2628 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7024 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2976
-
-
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4764 -
C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeWebview2Setup.exe /silent /install3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2820 -
C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUDC2D.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"4⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2064 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2024
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3372 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:644
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:648
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3136
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkQyM0NEODAtMUM0MS00NUIzLUE0MjEtOUQ5Q0FFM0YxM0NGfSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEN0NEQjBGOS1DQUYxLTRERjgtOTQ5MS1CNkNCQ0M5NDgyQjZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyNjgwMDMxNzMiIGluc3RhbGxfdGltZV9tcz0iNzM0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1188
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{6D23CD80-1C41-45B3-A421-9D9CAE3F13CF}" /silent5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1764
-
-
-
-
C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 47643⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4892
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7148566368786080863,11951353954783048507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:12⤵PID:3736
-
-
C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:_ltAnyMZ9ZYcH-KFwvvfjpy5WUO4nI-vZe8KCABYOcJruwesxD0f9xgiU_qrccacP4Dw2pCuHXt9U4FRvCbgs3o3ztm91C1yqM8lh564e0OZNMasasBfYZJH4UA5R8G1xX2SFFgjtOUsUGdYiehGI12uBvMMN_teDz-je_3K8rqkVmK0y6teN5T_OT4bpYor1IoNP4LSI2UcAoBPCh_7J_8b2t3HdyTbbu2fOzBQ5es+launchtime:1728326384630+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1728325984642003%26placeId%3D654732683%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D995c9874-755a-4833-af2c-0647152552d7%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1728325984642003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:3712
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:656
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2080
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1956
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3836
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5012
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004841⤵PID:3424
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:1424 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkQyM0NEODAtMUM0MS00NUIzLUE0MjEtOUQ5Q0FFM0YxM0NGfSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyMkU5MTQ4OS1BQTM2LTRFNjktOTE0OS0yMDA5ODUzN0NFRjZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyNzI2NTM0MDMiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1564
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\MicrosoftEdge_X64_129.0.2792.79.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\MicrosoftEdge_X64_129.0.2792.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:3968 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\MicrosoftEdge_X64_129.0.2792.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
PID:4128 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D38CABD-A6B9-48C4-B576-5536A26A9907}\EDGEMITMP_7A59F.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7e90176f0,0x7ff7e90176fc,0x7ff7e90177084⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3864
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkQyM0NEODAtMUM0MS00NUIzLUE0MjEtOUQ5Q0FFM0YxM0NGfSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2Rjg1NDk1QS1EMjU3LTQ1NEQtQTNCNy01MTU5NDJDODdBRkV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjkuMC4yNzkyLjc5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2Mjg3NjIzMTQ0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjI4NzcxMzQ4MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY0OTIxNzMxOTUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMzZjMwNjU4LTY0NjMtNDE1NS04ODY5LWM4Zjk2YmIyMTQ3NT9QMT0xNzI4OTMwOTAzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PW5KbzRkUmlRYXFpcmE3WUZHUEJVNmdLVlUwMWo3SE8xR3dxYWtjYUlHTyUyYjN2bUVDeEZBUUxZbkdHSm1zakpXdERCbEl2N2ZDbU0zb1ZnZUtEdDB1Y2clM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM5NTU2NjQiIHRvdGFsPSIxNzM5NTU2NjQiIGRvd25sb2FkX3RpbWVfbXM9IjEzNDA2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQ5MjI4MzI1MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY1MDc4NTMxODgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjcxMzAwMDM2NTUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMDU5IiBkb3dubG9hZF90aW1lX21zPSIyMDQ1MyIgZG93bmxvYWRlZD0iMTczOTU1NjY0IiB0b3RhbD0iMTczOTU1NjY0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MjIxMiIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2672
-
-
C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:660
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:3476
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1864
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4408 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60D83145-889F-4B90-93CF-C316177A6397}\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60D83145-889F-4B90-93CF-C316177A6397}\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe" /update /sessionid "{5900197F-CFAE-43B8-91E5-E8C7BA102FD9}"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2016 -
C:\Program Files (x86)\Microsoft\Temp\EU692E.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU692E.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{5900197F-CFAE-43B8-91E5-E8C7BA102FD9}"3⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3508 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2012
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1148 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4028
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4068
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:1444
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTkwMDE5N0YtQ0ZBRS00M0I4LTkxRTUtRThDN0JBMTAyRkQ5fSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QTNDNTA4QzctNkYzQi00ODFELUFGNkEtMzRCNjgwQjhFNzczfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjgzMjYwOTkiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTU3NzA5NzExIi8-PC9hcHA-PC9yZXF1ZXN0Pg4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4704
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTkwMDE5N0YtQ0ZBRS00M0I4LTkxRTUtRThDN0JBMTAyRkQ5fSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCNEFBN0Q1OS03NjQ2LTRGQjEtQThEMi03NzU0MjVCNjEyQUV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk2OTc3Mjk4MTYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTY5Nzc4OTczOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA1NDE0NDk2MDUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9mNjYxMjQ3Mi0zNzQ3LTRmYmMtYTBhNS02ODM4OWE2YjY3M2U_UDE9MTcyODkzMTI0NCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1Hd052Q0NnNXZVOXpQUTM5RVM4UkNRanZkWHRJbFM0dWZXZHptNjNscSUyZmlBJTJmMU9yQVZma0MxVmVZNTAxM2NWR3A0TXBxdVRmcEZ0ODY2cmpOQnB4WFElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDU0MTQ1OTc0OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZjY2MTI0NzItMzc0Ny00ZmJjLWEwYTUtNjgzODlhNmI2NzNlP1AxPTE3Mjg5MzEyNDQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9R3dOdkNDZzV2VTl6UFEzOUVTOFJDUWp2ZFh0SWxTNHVmV2R6bTYzbHElMmZpQSUyZjFPckFWZmtDMVZlWTUwMTNjVkdwNE1wcXVUZnBGdDg2NnJqTkJweFhRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzNDg4OCIgdG90YWw9IjE2MzQ4ODgiIGRvd25sb2FkX3RpbWVfbXM9IjgwMDY0Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTQxNDc5NzIyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTQ2NjIwMzI4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM3Mjc5OTU1NTIzNDY3NzAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyOS4wLjI3OTIuNzkiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9IntFNzg2OUM3OC1CNzk1LTQ5MEItQkFERi1CRTkwQ0Q0NEQ1MjB9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4416
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4720
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2364 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjYxQTgxM0ItMkNGOC00MjdCLTg3QTYtNjhBNTFENDE3NjEzfSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MzkyMTc3RDktQzk1Qy00ODk3LTg1OUUtM0VFM0VBODUyMjE1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7L3IyNTJwKzZiWjRvaVRGczVZMXd0K3hzcGVaWDNZQ0M2L0w2WjZQSXVlYz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTcyODMwMzM2OCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzcyNzc2MTQxNzc1ODIyNSIgZmlyc3RfZnJlX3NlZW5fdGltZT0iMTMzNzI3OTk2MjA0NTM0MzU3Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjMxMTE4OSIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2OTM3Nzk2OTIiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3904
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\MicrosoftEdge_X64_129.0.2792.79.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\MicrosoftEdge_X64_129.0.2792.79.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable2⤵
- Executes dropped EXE
PID:1644 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\MicrosoftEdge_X64_129.0.2792.79.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:3092 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7321176f0,0x7ff7321176fc,0x7ff7321177084⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2932
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2688 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7321176f0,0x7ff7321176fc,0x7ff7321177085⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4632
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level4⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:784 -
C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7bd9776f0,0x7ff7bd9776fc,0x7ff7bd9777085⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1312
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level4⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:4524 -
C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.79\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7bd9776f0,0x7ff7bd9776fc,0x7ff7bd9777085⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3468
-
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjYxQTgxM0ItMkNGOC00MjdCLTg3QTYtNjhBNTFENDE3NjEzfSIgdXNlcmlkPSJ7OEY0QzY0NjAtNThDRS00Njk3LUE4OEMtQTM5NzE5OThEN0JEfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InswQjcxQTJFMS0wNDdCLTRBQjYtOUQ1OS1DRUYyNDQyMTZBOEF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjE5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0lNUIlMjItdGFyZ2V0X2RldiUyMC1taW5fYnJvd3Nlcl92ZXJzaW9uX2NhbmFyeV9kZXYlMjAxMzAuMC4yODM1LjAlMjIlNUQiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuMzUiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY0ODkiIHBpbmdfZnJlc2huZXNzPSJ7OEM3Mzc2MjktQzkxQi00NUFGLUJCMjUtRkQwRDA4RTcwRUU3fSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IjEyOS4wLjI3OTIuNzkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzcyNzk5NTU1MjM0Njc3MCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM3MDQxMDk2NjIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM3MDQxNzk3MDIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM3MzM5Njk2NjIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM3NDg0Njk2MjkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MjcwNzU5Njg2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNDIxIiBkb3dubG9hZGVkPSIxNzM5NTU2NjQiIHRvdGFsPSIxNzM5NTU2NjQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjUyMjIzIi8-PHBpbmcgYWN0aXZlPSIwIiByZD0iNjQ4OSIgcGluZ19mcmVzaG5lc3M9InsyNTAwQjExNS1ENzM4LTQwRTQtODlCRS0zNTI3NUMyMEI4NkJ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyOS4wLjI3OTIuNzkiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBjb2hvcnQ9InJyZkAwLjE3IiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY0ODkiIHBpbmdfZnJlc2huZXNzPSJ7NTE0MzJERjgtMDEwRS00NEVDLTk2RjEtNzU0MkRGNUM0NkZFfSIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3112
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
4Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.6MB
MD55366d353cfe8a8f4ff9b4b8fc5ce1e3c
SHA14262b83fbfd1c4a4647fbd3a0af85eca81f3d338
SHA256dae41fa913389c700bd64b071bff7cb827c666cd95cbf106ae47daea2438a3c7
SHA51260a16a0866e0574aea9640927c2be205c8b32894cb4e3e76738cd3169a45af97aa00ff31b66a90813c04c43f4e71282319af2a5bb25c4cb602f14a884dbd6eea
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.19\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe
Filesize1.6MB
MD5f34465b4e626bd45ce9b984b7233c655
SHA1d31182f357a2dae0ab69b2e948ad6106ece228d8
SHA25607f829c35f0fa4b2352b947ca0764093e0a06ebc8eb759dc912360ec69d5ee07
SHA512d64cfc1181a98cad8ccc3feba7d024d3a78d2b1ea2f07402135eada82d7d4529cb636448779444a3b20991f4b71f7382bda1c14fd2a4eae1fbc39099153db06d
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9A94051-8400-4E96-8CEC-346C2D9E0257}\EDGEMITMP_48944.tmp\SETUP.EX_
Filesize2.6MB
MD57d9b08085e191a947af59768fe7ff86e
SHA1ec5ea25bfbb1d9e032c11a33211787db53cc3b4c
SHA256626fbc297f0402bc5d9f19cf073d0125c21bbd494d17aa5c4c2babad071e31d9
SHA512e8028bdf4a46a78c7d491db1b22b7deb32cab945f43a51c663c62d77f4e31e608708893f37f450fc34db781054ebd35da7ff5a369bcd8a805e8b30905c49b496
-
Filesize
12KB
MD5369bbc37cff290adb8963dc5e518b9b8
SHA1de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA2563d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA5124f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1
-
Filesize
179KB
MD57a160c6016922713345454265807f08d
SHA1e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA25635a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e
-
Filesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
Filesize
212KB
MD560dba9b06b56e58f5aea1a4149c743d2
SHA1a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA2564d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7
-
Filesize
257KB
MD5c044dcfa4d518df8fc9d4a161d49cece
SHA191bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA2569f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c
-
Filesize
4KB
MD56dd5bf0743f2366a0bdd37e302783bcd
SHA1e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA25691d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e
-
Filesize
2.0MB
MD5965b3af7886e7bf6584488658c050ca2
SHA172daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA5121c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4
-
Filesize
28KB
MD5567aec2d42d02675eb515bbd852be7db
SHA166079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA5123a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3
-
Filesize
24KB
MD5f6c1324070b6c4e2a8f8921652bfbdfa
SHA1988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA51263092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100
-
Filesize
26KB
MD5570efe7aa117a1f98c7a682f8112cb6d
SHA1536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA5125e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8
-
Filesize
28KB
MD5a8d3210e34bf6f63a35590245c16bc1b
SHA1f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA2563b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA5126e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a
-
Filesize
29KB
MD57937c407ebe21170daf0975779f1aa49
SHA14c2a40e76209abd2492dfaaf65ef24de72291346
SHA2565ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA5128670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7
-
Filesize
29KB
MD58375b1b756b2a74a12def575351e6bbd
SHA1802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19
-
Filesize
29KB
MD5a94cf5e8b1708a43393263a33e739edd
SHA11068868bdc271a52aaae6f749028ed3170b09cce
SHA2565b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7
-
Filesize
29KB
MD57dc58c4e27eaf84ae9984cff2cc16235
SHA13f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc
-
Filesize
28KB
MD5e338dccaa43962697db9f67e0265a3fc
SHA14c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA25699b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9
-
Filesize
29KB
MD52929e8d496d95739f207b9f59b13f925
SHA17c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA2562726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957
-
Filesize
30KB
MD539551d8d284c108a17dc5f74a7084bb5
SHA16e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA2568dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA5126fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2
-
Filesize
28KB
MD516c84ad1222284f40968a851f541d6bb
SHA1bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e
-
Filesize
28KB
MD534d991980016595b803d212dc356d765
SHA1e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA5128a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed
-
Filesize
28KB
MD5d34380d302b16eab40d5b63cfb4ed0fe
SHA11d3047119e353a55dc215666f2b7b69f0ede775b
SHA256fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA51245ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538
-
Filesize
30KB
MD5aab01f0d7bdc51b190f27ce58701c1da
SHA11a21aabab0875651efd974100a81cda52c462997
SHA256061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA5125edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e
-
Filesize
30KB
MD5ac275b6e825c3bd87d96b52eac36c0f6
SHA129e537d81f5d997285b62cd2efea088c3284d18f
SHA256223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679
-
Filesize
27KB
MD5d749e093f263244d276b6ffcf4ef4b42
SHA169f024c769632cdbb019943552bac5281d4cbe05
SHA256fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA51248d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9
-
Filesize
27KB
MD54a1e3cf488e998ef4d22ac25ccc520a5
SHA1dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA2569afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245
-
Filesize
29KB
MD528fefc59008ef0325682a0611f8dba70
SHA1f528803c731c11d8d92c5660cb4125c26bb75265
SHA25655a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA5122ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed
-
Filesize
28KB
MD59db7f66f9dc417ebba021bc45af5d34b
SHA16815318b05019f521d65f6046cf340ad88e40971
SHA256e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952
-
Filesize
28KB
MD5b78cba3088ecdc571412955742ea560b
SHA1bc04cf9014cec5b9f240235b5ff0f29dbdb22926
SHA256f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085
SHA51204c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf
-
Filesize
28KB
MD5a7e1f4f482522a647311735699bec186
SHA13b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd
SHA256e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4
SHA51222131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57
-
Filesize
27KB
MD5cbe3454843ce2f36201460e316af1404
SHA10883394c28cb60be8276cb690496318fcabea424
SHA256c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59
SHA512f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73
-
Filesize
28KB
MD5d45f2d476ed78fa3e30f16e11c1c61ea
SHA18c8c5d5f77cd8764c4ca0c389daee89e658dfd5e
SHA256acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2
SHA5122a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b
-
Filesize
29KB
MD57c66526dc65de144f3444556c3dba7b8
SHA16721a1f45ac779e82eecc9a584bcf4bcee365940
SHA256e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d
SHA512dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f
-
Filesize
6.5MB
MD501f0989112da697033f70198ad68b34f
SHA1f148db894d6f59f379dbc01a2e15ba0720fd7b84
SHA256619d6cf3346f9383988041d29a0d060d02f16e9ef4ea8f709eb9438234c88433
SHA512cc739b6d8a7eb9accf382cf1c4f90b681f08641ec2e211693e81768f73e0e423f0c7f46f3bde1b420714051b598fff46e477fb7b14745e840679b86047783ce8
-
C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
Filesize1.5MB
MD5610b1b60dc8729bad759c92f82ee2804
SHA19992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA5120614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4
-
Filesize
14KB
MD58089c6dfbd240ef77a0ad8d8fe40c4d2
SHA1f4fc6cd00095d4ae4012271222b36c93eca96dd4
SHA256fcb7c46d1d02cb09f676d1f22884b6b2d53e5ea34cc69707b2c88968d44e57be
SHA5120a7a89f170b555ad1b169056c8f172ca8c71dbf4f6fd38fb38c7e9fd471ae84860d9c6546b4ce0fca643a82f2b75baed0b4afe8c167d3fcdcaeb83ad45bc1850
-
Filesize
152B
MD5003b92b33b2eb97e6c1a0929121829b8
SHA16f18e96c7a2e07fb5a80acb3c9916748fd48827a
SHA2568001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54
SHA51218005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77
-
Filesize
152B
MD5051a939f60dced99602add88b5b71f58
SHA1a71acd61be911ff6ff7e5a9e5965597c8c7c0765
SHA2562cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10
SHA512a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\672113bb-ae23-4fc5-8daf-0912da3ac99c.tmp
Filesize5KB
MD56607e8083b742803b7bf5b46097ce4e9
SHA14eb36cb5c5184900fe71ae3f8a5e0568dda1cfe3
SHA2563a520a586a7252714ee37ca5ee0e802454688d8179c9cb58b0d4e6e3aefdf51e
SHA5124463a9910a0a91562691dc4a3fdcb594eeca1a42b23f1d9a3f04245ef82de6d1f88b882a698026d86506675a6a25d97496ca805c8260eb2c4ff4f0bfb6b13445
-
Filesize
100KB
MD52e52bee929ab7d56b2622ae84962e0dd
SHA17fd648bb1fb1f069578e992972d7f22ef1bfb36b
SHA25658a0ed06b38f7886418d565ea4cdb15345b40a1d29e635e167870f45fe14ed4b
SHA512c53ceaa60c9591ad0e61e82ebc1b5c6dd46a7b4a1b7ac303aeced0f4a0611e4af2b7a5e1febda5fb10041d0a9c76202ed05bc3e344bb6ac6cc35529e127e9d8c
-
Filesize
51KB
MD5588ee33c26fe83cb97ca65e3c66b2e87
SHA1842429b803132c3e7827af42fe4dc7a66e736b37
SHA256bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA5126f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5ef59f25c0eccb441bd9981cbf1efd601
SHA1d1a76e2100022762bee068ecfa4de200bc27f0fd
SHA256c7a0b90b8ab6ec51451c988ce2442ecaf9c7d90c62f58c647dae32399093ea43
SHA5121ee1caffbdecb821388366adfd1122ad58b47f8931b80f184fc85773788287cd2498d645fb3a74ba44fd78c8c1470f1f6566c57d29e19a26ea6a034aeff3d544
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD56cdd107b4db6515b963d170c19f02972
SHA1308f91193307284b5d0cec999bb38261adf7c433
SHA25619ec0405e43defcc7ec7fd920b92cd1fff88f44e2ae7c7571b79e113527df720
SHA512f5c82ec5de08c156444d29dd0b0b87a8a089627da1be0f867ef8d4c5cfd60edc922399b4bbe528218beb2812fe79cfba06e3a925091702b66203f18bdce9a06e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD588384615021e63377fcd260c8c5b813a
SHA19668833b35ed59b29e65ef61604f43da2b397b53
SHA2560d5abe96d9108fe17559a389ea977fb0d580b992a387677c345ea8f0b615d67d
SHA512032a584aa9f7d4d97de763316bd121d8c3f302c3d2b2ec6cab53e1f8756395676445cb3b0cc1ae1a370347598ca5a947a311f70d9da8e0a4ce9cc2cb24cb615f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize743B
MD5c161b8b3ad756027c5d7b16784d2db05
SHA1e84d66f4e9a518b964f1867ecc9f0514cfa172f7
SHA2565b0f5f85c354a18663e4e68c2f40341059b6c5e9513680f0d1ca85f0b9902ebd
SHA512c8bffb8577213dc03bb0443c142c726cff2a32f6a6aef9e04888a522ba2d866e360d29f16b750e8dd7631884ef08917f817945fe96556fd2e0f15bc8f0efc462
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe58ebc2.TMP
Filesize770B
MD5287ab84e5ee5f589756045ec9d8ce3cc
SHA1281612bb9f1c22fe017a6c29b78cc0a90f037465
SHA256d2872b7da86c824bcf909d7e2fa397cefcf5bfe519b7ea8e8eeb5ca23056efdf
SHA512b118c94e066440c4c84b3b9c2a92ef5d8e36bb87cb958d6833a7cbff0cdf5c598d81d94108fa9debfa23edaf7caf2ca11aecbbb84659c013601db566cf73de71
-
Filesize
4KB
MD5267859eaee8163ca1045600a729e0d07
SHA12cae4b33e6698c49e8f0a5a51a9b48bf061c6d0d
SHA2560e6aaa2747865027ea2289235add94f1970786ea096c9fa962f600e899b5b006
SHA5127ed4000781c7f61b4c7d03aa298dc339f382cc07ec987f9da05018e54cf5e565bd475148421585c99d1399480933360e42c39992771652fac423a9482a7b9b7d
-
Filesize
2KB
MD5f8422b23c5653b383978223e7dbb0617
SHA1414020040f1de5b779295014971ac41bdd000e1a
SHA25640ecf47aa01f5bfbec50f279869a8e7c7c2cebb77f7126e8038b2b6655999c08
SHA512160cf9ae8feb055e0425a69f0b76b6616de558d46622c8e1073db4a62f708c16b7bc182f654355603607798f9534366b8c21ca80f48fdf2c813d20a598c699e1
-
Filesize
7KB
MD5750cda91f340d3e74b6f1f28182471d6
SHA10fb1dbc6a7f9fa75a011b88c8a1c55ccc3d33db0
SHA2563cc578de7cab247ee6eab8b74dec9d2f13074ce78ce64a75af91b3eea470e03a
SHA512ddab1876a39333c7b31a62d0d77dcf58e3250f003733fb20e25a6f08da7225e2f91cf2a5bb58e9c107629af96f5cb3fbb109bf50a67a5864c973c969884a685b
-
Filesize
6KB
MD59a70274f0d6b9564fef1de52cff834ba
SHA1c7a902879a7b5c4f4c36be9e9870c4eb67b19170
SHA256c92ac8e3c4ba28694da260f4a749303da3c1a2feb4502b9b657fbdbe7f102d3c
SHA5123e9d5dedc1de133593c5198e5647787d5b4f49867fe382630c7b0a23555121ed7a5619435e8050ba0c26e26b1ffc3cdac833b833ba327674a5b9f6557dec039c
-
Filesize
5KB
MD56deff391026e4c5e45617104c67059c7
SHA1a5b82cb07b8ee15e4b11073476cb3e0a7b28269c
SHA256ac5b111eec86d3dc858f76a20110248a88e743026dab6d128b7fb027c5313e89
SHA5127abd0b2455dc048a6dedb1b748735ae6a542fe379845c33208ebc3514d939e29f8cea62a5dadb9f113445910acfe5b4f31ebc4dbe6f1fe6caee2782d0c41e9ec
-
Filesize
7KB
MD5065a41476c178246573962bfed23b0e0
SHA12232df696cccd1e6a26c952537efaad367d14f81
SHA256ceb9242a9976df2e75732900ed1c00abd3d46d188c04789a57ecd16e99d17e2b
SHA512a11005b338599433c1b4ed2f41868875b24e563962f8a0d550354de5a4e3e00704c1787dfc9758e67042c063b15a5358699a5f1b37d23b8d53b08d8107040b75
-
Filesize
6KB
MD59da588a066cb91b6139758fd06cdcf53
SHA163f8cbe3609160e5a30713d7a6bda53de85083b4
SHA25671acf1d069f52a2c913e6880410a21ba76eb54d45673423e5275b85e2c62bd6c
SHA5122b7a79aab5754d9274069f2c48d738d8df85d4b0dfe151bc78819f0ad1374c3dd52e6433f41b1f59d7910b009be6982f50a7af0b83bacbf4606e4e267f284b30
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
Filesize35B
MD5343859b4ad03856a60d076c8cd8f22c3
SHA17954a27de3329b4c5eefd4bdcb8450823881aad6
SHA2568c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f
SHA51258014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe58f538.TMP
Filesize99B
MD548bf871480ec1ba7ef87aea85c392eff
SHA12df1df3aad50a3546df59223c175eb54d8f5a63d
SHA256ca62c5d354f97d995c1ba60ee41adff57eef853d33d7f9c10f097b511ac1e8b1
SHA512b963323c43e5d40079e038922a658a7d2ec564489a0e031b559cfca9f1460b3f72868eed9e6e38697c69c449d85336742df4c1ae4e9e105fe87eb4ce24cd68b8
-
Filesize
5KB
MD5d75144698589623fe276ef611b56c33d
SHA105a4fc38a03b01e8873b5ddb90708aa4f459b44a
SHA256b8890ed653fe10f40fbebb3a71998f20c90ba2b64d3374acd6961d38e54d198c
SHA512852cb4f98ca0892dc65f4aa2c8018c3c3d398e66154043f05133e7d38e1324756d673e34c92cd63cc1a8e45952d73c33cd63de33e3744af48b48115b5af5cedc
-
Filesize
5KB
MD58aa90d789186571ff3ca5cdc8b51ed42
SHA1191ea58a12c26790f9cd21e31a3452c427e27e37
SHA256448176f6518530c42ed98e1f0f556c1b430d023be92e6ca2dd25d7708c08d673
SHA512dd5483bdf8f0cf30759bd9c3af863e532362a74d6a0c1abf9d482819978bd3c02ddec9bdb5876158ba8774ad0a6fe3b66d13c3ed3cd974922114f8f3f746a96d
-
Filesize
5KB
MD51cb07b7d60b879c3da2b757eee54dc70
SHA1e5ba21d9fb5971b6ba2cb42305ef1e23770c688e
SHA2569412e448494b5e01720d22bbe9572c88a8bbc3170dd74b1bd31c65299d30368c
SHA51202b78eee3352ff047f62e9defb64995e7dd5f176ca8473da1e6ab5b057c50f07dc846bc1cb07f968f0f32a521ca2243ffb2265b8a8efb56ec2090ef52ac458b9
-
Filesize
5KB
MD5ea1a2642a2b302fdc9fe401bc96966d0
SHA141cfb1aa2c80d128797413ed88d324fb09a9c95c
SHA2561bd66dec0c4fa5e04959513b869e6141ed03315abb18a4f617adb88fae04d073
SHA512a7a16f66057d9911a0b17dd60a4cc7582fae53964a3484d1e005b5b677ddf8b677fd072e24a579ad6d13fda656764382e8dacf372876b2bf11cf0b663d323986
-
Filesize
5KB
MD52532b5aa02938b283b9730c77235d77c
SHA17aaa27bca3e236f3c3c730b3dfe6a640d62768c7
SHA256f833ea5821a9579fcd381ff506070d183e5cc01bfd6d8d40245782bc02dee9d3
SHA5124edaa08faf18a27f74fcbbdb9b2b14b90a144146883de91edd5925fac7931d29ddbd40d6cc2e2f4790b4f1d8f833f107dc90d61376c05a62390e67255b79e26c
-
Filesize
5KB
MD55f07fc7e2884ba127ebc5702d62db17d
SHA1553743870edecc6732205ad023c97ab98851a3c0
SHA256d11dde0bdca676ade8e32eedeb901d2e24187032f880452adb53ea631acde5bd
SHA5121be7652ae2a9b523d1b3f8c059fc17383620ecda6d7911c40d51e6c2e0ebe878ae41fdbcfc6418ab83363fa68ab6694aa32af7c87e8c564e969f3fa9fe9d60a3
-
Filesize
5KB
MD5012fd829330bdfe40a069b6ea204b6f8
SHA100686385f9811249c491dcc4c7082fd077f349e1
SHA2563e3841d0dbceb4157f4ca313eed73aac2b50bda276d6695d3597f76c90dd5872
SHA5127aa4c2adf9d2fc2e237df16aa432f1d8b2875a22cc46b4b533e721e5c06886ed976457eb4c1743e798a68cccb56f9de1cdc13c8dceab9c90acbc7735e87674e6
-
Filesize
5KB
MD5cd72724bacebc54f0c33dd65e2aeac5c
SHA16d7f2d1d16472b7127354b79e5967f337d260cb3
SHA2563d803deae1fd026e97c35c645d63fe9269914a1e0059af95a6192fd7f10299ba
SHA5127ae8c031278a55aefa9d6480471419bec94939edac85474547f30afd9e50c8a3ce50f11ff5a3a23ca695bbe04215d87c4c858696f6a7b87c616eec691fd7fd0d
-
Filesize
5KB
MD5633e68378acfbdad5c79eb882434eb16
SHA10c054bdbc929637c4539437d826c9f6bd57002ba
SHA2564d89f97c0151fcd4c41ec216f3ad0f0f4295fea5a590ca8bb4e510caff173eb5
SHA51239f26ab8bf33a4e913f3f78b892e9d6a08c63010a83d458bd3d21754e43b7f9449997639720d5454249742ef323fe476b5d65f9434e0d88bf5e87d8278f9fd24
-
Filesize
5KB
MD5e9eafa4d58aafa3e37e7c1cafb080781
SHA133c3ab9335a1a1862868d0682bb8c250c5017535
SHA256ab84637b5c69a53da6ff8eb2291fefd428b8cdb7ce5427569c1d6764618e99c2
SHA512154e14cae4dca79585a4d546051641a4857914ac0bf1cd6e81ccb0dfb08414051c54d23f2217b8d2eeff5d8a2d058606079aeb1da7f9d04b1f11f2f6e00dbcc0
-
Filesize
5KB
MD5b1d9d7f51c97fe15fb7ac1dff4bf94bf
SHA1884158a6987326d8464b78e8b0103c721c580ea3
SHA2560ca22d9813b7ea6db2167929d2d1492ad687de4b7eb4801a4313f5dd842ae9ba
SHA512da98b0689001e347c20068838b63b21aef69d7b027fc22cd6533146d0008b83938ac6a08a7e2a5474fafc6ee77fc766a0d9fece68b9a8a15cbf0a54106dc1574
-
Filesize
5KB
MD599a58db6acd1b110acb89e8276ae2376
SHA15bf2416ec53a5ff632f258c65cb727fcf28ed67f
SHA256978fb68510a3910a7ad4191915fbe231061521b50986b089a3cead487c5ed768
SHA512d403df9b568f32ba67435272cdf5a4bcba67220c680c1b514d7f45f0ad9c5cdba4938c9da1c418e45b42f28cc3c0444c575ce818667e0f7403d63d1d100378ac
-
Filesize
5KB
MD5d9248b0ec3a9da6e10ca24fa8c702e24
SHA12984da08a88ff9d42e56b831ffdad1de13b02d41
SHA2566d8ac29cfc765a88994cf3133a45b70f9f31392016662311115c74741bc35488
SHA512754011b3b1cc85037bec8d5d2dab407f9af494d3f1f2c40bd0c30714a25351c8dde29a9d0b3c7a029ce0e9b5a886c74dd4f135a8a227a213dc2a2d2fd41204a6
-
Filesize
5KB
MD5c867e88110c010db02492ade31c59520
SHA1b5615fa93808ad4b533ed779e7b223f363b1e819
SHA256ec8e4dc4d721262af1351fe81e1024c431c5f9e9698fe391e8885937b275d853
SHA512af874c369a045a44be180e5978afa559d1193f4f9256fd3fa3667a1a53114ee66bad0b23e0815ec155146e9096ed3e91efcd1f6f5a9b819ec24469ecdfa040ee
-
Filesize
5KB
MD50ebb9c193f800743bd8d574b8284d97d
SHA161f10e2a89db93dcb2c6a220b1114c514078051e
SHA256d86232ec8fe82ada699d2a5be5441d1910471d302e1f9fcf85000ea2404cee21
SHA5126e880326a4fc18fb5714d89f42030e761807b5b31e06ae24e218e52f0bf5bc7b552775024a53ce8f277458ab39b60e0fc2df93bd06de8a422286b3a0fdd53586
-
Filesize
5KB
MD54629d01e1c034682d074cdc36d69fb11
SHA16e599a293394d3ae6770007ffa93ebc81c4a18f7
SHA2562c9a890fae21051fe164b8479134fe9b5311222fe073aa2b5b2d6172c5f3c723
SHA512f270ab3a83af2158d5dc38b54683f0875e9339fb0fe625df5575a8e553db484cfb5168d378d0c9a7cbeffeaafc7747a375b2d5a6e3895ffc793359dc4a15d1e2
-
Filesize
5KB
MD56a3506fd49608ea8ddb95428e8f772ae
SHA1f54cd0b9559ba7381432081f073d4ee4765ad86c
SHA256b19fbf5a18ed78a5390b5959670769bde5d97d024bfafb49614a7dbd08b8f4ae
SHA512ab1bafd99fdb3036174e7f924d5a845410718d737debce28022b95861d55d6aaafa13a8174c38d4e9643a9195c00eb68c7654edbbe3408c2ecc173e62c743083
-
Filesize
5KB
MD517463d619143047bc41a76429d7c9b61
SHA1cc072a9c5e322c1e91f7e74ed9a7f0044e75edfb
SHA256ba134f608fe38ad8de79dd864168283efdc9954674283a4f9e03bf75d2f5a52b
SHA512443a1d24db56e2f1375144c7f23dbd25c42c30687671a5db8f517ea2c06d6beb62a1b5b366908660e3e2b3d912e39a8fab3e053db8f15a0b1a702d6c8cc5ed35
-
Filesize
5KB
MD5f635fbd11a387a6adc94c77f3e55e260
SHA1ee7fd40e39b7941c27b7ae7bfe1aca36abb527b7
SHA2567144ac1e13c92cc86081d3de53faa204d59b5e4fbc24b7992b437c5703b6865f
SHA512b3951fb53448625d583f89477f2d7c5c88c30c734405ed2f9df88a129058937ddc7e924153369f8c7ba7ac6bf5c5a44376eb241be64c6557ffa32b57ac1a1c16
-
Filesize
5KB
MD5f7a682a066f1e4eb7316c05c24a5f620
SHA1a09afe9bc1954a1c5bec2fe7fe0bedb289fb778e
SHA256ec0e81d59598a41e50b6fcd7498c19f19fbd405954f8459e3fdb284f0a3884cb
SHA512c376d9cab7cbcab530fc79990939a97e19e13964b39bc6766ab3f81a1bb7bfcb4bb1bfae907e6a787623b44955d83de92808be403826c94af324ca785d98b1e6
-
Filesize
5KB
MD5d32bf0ff2983dc1d26291c635f3ce113
SHA15b590e18736a270475cdc85ae5f1284fe8953eb0
SHA256d9533d3271c20395c0a4b939c91e3ef976fc22223a361cb94b37ba7433f6bae6
SHA512cf5ec04dc193850c7a7ff9d50f0936ebc3d30fdb1e224037277d4c9393482a144e09a55594ba8925749caf3facd44a1800e387a4818d93f0ca0846ddb9ddf5c2
-
Filesize
5KB
MD558c0957eab69b02b16a5c5a819062803
SHA1f0a37cd9841fe90018e272808ce5869c54dd9fa8
SHA256cdc57ab277d9f1efb349cf80e3c0a244f38d147ea3793e162d681f97c6291563
SHA512c00734436bd44f999a482fea709b8875b6d6c2407c58a07e3de25686a0074ce5fe23013425a869f4987b5345a1a2d4d6f859e537a405e242583d6335c206cef1
-
Filesize
5KB
MD5be4e72cbf75395b98c517c3d5187046a
SHA1581e8151e15e71284e7cc089d22a881e3a3c35dc
SHA256ea27172562d1e9a4948856b433622ea1d6f3db1f3b8a057a80d80a333cb24fb4
SHA51214ed32001eaa2ed67135a70a51a42020160204fa64fd0d152d3eba10ca8be181f6858878313da9d8db3748901e0517d84629da7fc46840106bd6f08eabe64113
-
Filesize
5KB
MD54b7d44a8c858589eb3dad1b872ea714f
SHA1c7747206eb0856ef10a62c06d749f8491d6b37b1
SHA2565ced5cb3e23ae31008d4ed233ee6cf48537c659f1d930dfdbbbeb51d2872b407
SHA512cafdfe6dd6541c02ac6a1b5338a2758d54123a58f4eb5ab23c06c246f8b705dd7eb18aa150e3e0444d9176ad4263bcbe1070bda459232c0cd5c9455c7791e6fb
-
Filesize
5KB
MD59583184d75ddccdad63d6df74ef28696
SHA1bbcd3dba3e5112b4db6937cbca7933240d15bb22
SHA256944bf5a3e3d70f63563317fe4bbf244e0fd84e5ae87ba22499fb2a7020d9921b
SHA5120092df08753fc6b7fc023f6780b53ec8700abe79b5b6140dca2e9bb53056386c2fce0f424a423eb0cb222abe6e5af3fd53ee810168cc5e59104b7c61954b470d
-
Filesize
5KB
MD5c67c537f157b5ccc87cbff1f10b0da3f
SHA1f4cc5e6098e84c799000b5316e470160dec4f6e9
SHA2568d0b247d367df719e17db2ed6bb6382bf9569c2d24adc3dc3c324773904ce431
SHA5121d7bbf24ec82fbfd29937f1650e2b3f4c030dd7bac2dc24435e88db9afec0ad98a11cd1c71b3030d919b76ce254718102ac16303586e0a16cbfa5fd0eb3f7521
-
Filesize
5KB
MD58817123ff6ce4862aa96c186dd5da82e
SHA1771f4485a961de9acaaa43a410580f8b794ac56e
SHA256915013285fe3a6a6cc43b0ed12c29c8d9d7ed9c5376a241ec4c484cb277666aa
SHA512adc9eed21251677d29911f6086759dbbfe7ee7d86f684903d849d4a7406fba1666d1e2f0f663a3eb5311623a17b132049ae06884bf55651c1e0506d8ce44e0c2
-
Filesize
5KB
MD53dbd806c68359861a928b35fba232c86
SHA145bef55284f6fcb44bae820d51ee335d66c234fd
SHA256f555593036b00640fe3d94a104c33c106da97566259dda52c72cd4aa2ccf2866
SHA5129759f03fd9625397dcdca2ff31b997d8b9e050c0ef0fd8ef6e91f097d48a841adce56e0fe29dfd16f0faefa4a378bbf0c4a49ace2fb716c9098d3b8d99abfe66
-
Filesize
5KB
MD5072d1360189ccfdba3834c4113492476
SHA15e415553463a7a239115b12423c1c530ce9ea70a
SHA256a9fccfa509ee24a5d3ab8265a5884c0e827285c62f37d0148972334b7351f221
SHA512dc69606d1d102f34059bb6762308eaf5ecde512f67f84db4bffd8557221dc3ec4c83ea72a229c97a8696dcc8228665c82cf9174e3d33a0398491b7495850da5a
-
Filesize
5KB
MD58b84fe9edf9dc2430accc1373ef71210
SHA1e87d039373de6e8a3b3dc32f00f0286b64803394
SHA25692cab0a458949c951471ad7f0d60f0760a219dfe5eba1cfaa144a78c5a0e1dfa
SHA51278e3c5f6aadec58395aea37c2076c626ca105325bca30d40a86250a57ef7e191dc9b42fa170eead3edf09c2990df1de610662911b18079a0ead205b100d7772b
-
Filesize
5KB
MD5a9a96bcf9ab79efdfac347cdb443eb2e
SHA19b2b2d54b304bac0b06c40d8e1dd0abc60003845
SHA256320f82f61f46d33dbf06138873d927bee3996757670d8cd55aeb42a0cf2395f1
SHA5129ce0237864c658f0e0c811f07a11bb8d1362e94dea1bb01e9704eca617d9e9dd2d2e2809eb198f857fc60e9e2ed4c9f0ee45d0c1accc376851e2c00a58131b16
-
Filesize
5KB
MD57c1766f09789ee71e0352082261690b5
SHA1b0c207a1927bd7ba947563ab18c532da2098e7c0
SHA2569fb760740a0a1d8283f5b4212d33873775c972ad8490074e334571fd0858cf3f
SHA5124a2a1ddfc0c561b51a4a40283e5988956a643178fdcb031cf3f2606560bbd26318e48d77db7f9f53abed47f5d4d8e2155c42684b12f47e5bd636ce2509b8fb40
-
Filesize
5KB
MD5fcbbbcaa231911d15b6935abe35df089
SHA16389a97c74c6a1525f85e5e537d376181bdd1703
SHA256632180f8a57e50c32b4cd76d54e0cc790c01c0e529842341898d674134d04342
SHA512c578764fef24858ad30832fed9af5edcbf915cf992fb32b29b691ccfbb31a2f2851c23766a023267e435a33952a16b449cddc5fe67fd8e8cd64319d8d4d6ac8e
-
Filesize
5KB
MD56e5f916effee2a4774c46fcfe89c8c3f
SHA1c32de4aade8d3df9a98c408d6056a633d8ca7b3c
SHA256a1db986e1ab96b91fa8c0684e65082a76bf91469660bdeb96860602a8ea3f4af
SHA5122a27ac8fd12938b76eedfde794d2e4d04fe6d6c939bb8d616774f22f5cf6c16d708855059bffe13051dc5f49037bce3a4052738926fae44bb705c06af6026011
-
Filesize
5KB
MD5a588fd088f4cd02180f6c7c2a1dfaab6
SHA1e548567da1301156530f3fe3815ad884a7108663
SHA2563468a2c2cfdb170db8c0d95d7f2c6ebe1e1300f998baa9572722fd6b677a09ee
SHA512e83116fee9a39741bcd5df5ecf2e0834dce9275c2009e76860c69ec7e44a7be9e97be4156ba2ad06e28da42e7c730567040ca01269e21cb3675ba27bb30a3749
-
Filesize
5KB
MD5c7a303d300c403ef857f079da2c2874c
SHA1f0848bf3f27513d9642d4ee0916bfd5a2a1fb5bd
SHA256f2b67cf01271d1649c5402dbd6e90e49aa9aaf35b04d45988d3a9cbf589ff8af
SHA5127b74bea7372b9f495a88ed60c9325e4d8fbe87db60c7eedaf7b262a797870f98ddc0df52f9de231662f634c9406849dbe4587d9e7a09c01ef73138852fa004c7
-
Filesize
5KB
MD5582791b0a96142e56a568b93da3fe2a9
SHA1c419a7a9b6cf2bdedd5a471e24cb426166dd220f
SHA256beea36d51fe2b4e060c7f95bec0ac18c55c66ad5c2d294615d297084e52a56bf
SHA512644911d8884e6a3d58635ca735a4aaf7720b7d59e24113ef2cd33cd169a13d45d813f6e972fe6a2cd698ebb8538bbedc6d89baaab6d69e2502639c49f0d590b5
-
Filesize
5KB
MD57609d8c19cc15e1c177c12183c8e1fe7
SHA17836d9d13b2d3cf3a26e2f75b3e4f8719246af87
SHA2567258bcbc5bd6a02d424d12fca8ec649cb56de61c48ea14fe1d2fdf923624f276
SHA5123e1e980f6ede3db950406bf8e1fd2a446a323717e9041317758dd2d6c0ecbf3b1341bbd64dcc0a1dba9461843e9091caf51fb217adb91521a525f528f8a252bc
-
Filesize
5KB
MD5ffe4e110ad86244ace4c7c63b447e0a4
SHA114cdddff5230f200e649c5951097e781013be507
SHA256d876c3099992902c684569c017d614866ddf2073af919ee1ae37663ecc490116
SHA512a53a4ea828c9947ad92d8dbef0b19e69b6c4b19f9e0eab313d56686216ab72c2efb8d780fed3cf9d87b5e75f0ea0f9173693293492c30f03ecf6973c8da2dcc4
-
Filesize
5KB
MD53be52114ec117e02d1a778868272a30f
SHA118e5b56132fbbc616b967da6b7f826de07b89dc9
SHA2563f07fb29ea66568fa31b38cd9e31fb5dad506b61c648a68dabebebea3f877da0
SHA5128c12ec6f22b97f40644105c6ad750ecf23689e309a3bbf52ede816fdd5f26d0a975acc07554ad885d70e42b6dc3e550f83a4962372280fb9bb02a22cfa120775
-
Filesize
5KB
MD5e519ed4fabda243a17c9b97ead9d8b42
SHA1b23d0fb64ef4d19ae8c3339830cacf298e5f2595
SHA256bbb8162c638f291d9178a91e7204078aacb75df7f75a43a47828611018983691
SHA5127e147b3cdb37bc36fb097fd3abc12661177f98214296f7807fbfb361da27b1a71d883374c6d0dd4b058afaacd3a92ae6f23f5c6460043886ce144039bad05ac7
-
Filesize
5KB
MD511758fd55c4b40ad8a0ad050180f41b0
SHA177fd6732d7f4465066c07974513e9885e3a75737
SHA256f993d56cdc144372cb6c6482d281ddf1f8d97d1dd7eb7600e65844e6bb00fc62
SHA512296359657519b70940a02bf43412103319b30e04c8895c7e38d6ac66cbaf1811e71ec90ec2053b4a6633e4f762edba401009932081e403b097d03a60cb3beeac
-
Filesize
5KB
MD59467f87ae3712fb6106a889bf3b050f4
SHA1c2f79df9236fc45936437e5b1ce4b34c88e3d0f3
SHA256412a0a664941c6259efb17cd4a4c8f054a09239a26ef07f136326641798f9a32
SHA512e111c1d4cf70d51d0e67b8db6734367c41ddfe4728fb41d921a523a28bbd70377f3f0d1712d5d0838bb29c1633e562d6084fc4d14dacaf5b8f22222228f1fcf2
-
Filesize
5KB
MD545a43f0a75868059bd4745c12fc8ace9
SHA198790b69d91953b86c98838c1318698f9a55d006
SHA256543de917889f9ed1a8d1018f3baa4d5f5fabda3a289f518bec71842d5ee4fe1c
SHA512577c5a0c89c039935df1912ece3879ee988fb8baed671d20e0899f3fd8d08c2ab6da9d82bed5413cbd363e0b11a3491716635aee9016254ed39f567d17996657
-
Filesize
5KB
MD559b4d14769439fbcf5aaa1c327bdbc2f
SHA11e88fc601527d5aee68f547a44cdf7deb09fff51
SHA25695b5dc0098b451f97a0f198c8476d27a6ef38298ab652831bdf246e4af03871c
SHA5129ef33edc0b8d8cc2cb17a94a228c3705eb0983aa798137a5e1a741d74c559e624d991664a1855b63765f990cabf6b3224945df82e5eeb08877cbc41ce62b02cf
-
Filesize
5KB
MD51c784f5c24d3781e19d73963d197896a
SHA1a2e18a694928c3a18b4cedff141c5f8da4da54b9
SHA25663f542ec474a244b8d3733ff1f5236e9663b8285e3512e029882456b4bc8440e
SHA5126a3a1d52d16e114bff533053901a4a13feaf08f8c7ea390ea93ac172815edc9276869f2b5bebc986ff9199ee1ebcdae6c005142c67cf5109c81fd73174683ea4
-
Filesize
5KB
MD56918c5a0e4f323c94e08059471198095
SHA14dd3b5624c3d6b278cf8322d061f89e078d211f2
SHA25616142b3a6c37f330887218e54fc25319c7397fe6a4c39a2e6aede86854c953be
SHA512475917fb3a2d3c693a37f24e9cf27f66bf6f9db8c2fc08078cff0cbaa6f3800fe9be719ce725c41120467d5d60cac7b807b5edcd0431e69706685202c7086e76
-
Filesize
5KB
MD5a48d75714c6b36a1944e890eb436e468
SHA1c14ac6358b4f1dceaf59a5e17c7bdbd96ee93957
SHA2563805775dc7b43cff7d66237a0300a4c3af12b61e9028b0ba7d99a328539e21ea
SHA5125bbb0e4e70731d044a47528cbe7e52cf44cc5e1cd5676af0909f0825d85de0d71d78ff9c53e40616272d44e8264dc1fed06404371f673540c9a40d272c1cd627
-
Filesize
5KB
MD5cd9c92959e48448891a3750ba572a4d8
SHA1f13f2d06b96fc608717dbae62cf268c3168f0396
SHA25663f1c6b9277e5e65b0a118897e0c9a789d1f6fad13ce79708bed24e61eccffad
SHA5122b39ffbf49e4a7bce42612767b52eefe3ff3800f9fac4d309f9cea4297030e6a7e16dd2e37ea19c0c285302e1a6f6833e37a91e971a35b24d02a6ebe245916e1
-
Filesize
5KB
MD557f7899b9ed5eb8385339c711e20734e
SHA176fe89678d4fd72c417c236d9ff2b7ef177bcd08
SHA25619b5c9f99fb7de7ae904a95d87a4a200ca5fb0403c301e0f778b689d29ee559d
SHA51260cef539402d5b9ef807d5abe22a1273a93bd85b4da5c1262a32c769660c3aa2c5af9f3a08857762e24e32d9e2ce496941cb7a4dac2dd0231b08f13238f37473
-
Filesize
5KB
MD5596edd3342b48f1247601cdad6fb3483
SHA16b493786274f7aa3c5c021807d142f70ebe9da83
SHA2561832fa21fcd6e4dedb39d0e77d7f49b5dc5d6fa269ae493bc28b9a9580c438cc
SHA512f76f7ed0d94fca989a756f66793ec1b1e6ef8f0ac7f6de4bcef94fc7c135857e2c25c9bfa55b5adaa9924030b44da0eac09f63eb2897bf0f6bf5aa79b96d3af2
-
Filesize
5KB
MD5e0a59d7714f7478a1b7624d7324691f1
SHA132fd866d44c7bdb8d209ace62645cabf758b3117
SHA256cefbf161f3cecaa3bd28d4a9fcaf88ae596b91eb3da5586d6c195a57151d6874
SHA5120747eedf27b8b92cb7ab387c8eba1404cd19729220e62a6cf0727f94a4cac3bea83270c637ad86aa59c1160f8b75e817878acd85ea87fdea5a12e9460962960f
-
Filesize
5KB
MD58a45b9507d7584ed5282d13a42a144f0
SHA1ec76ed9c750c49e799119418757fda3cea37f9ed
SHA2563af19296b8a9b380b77791fc830333d14a2ad0c0edd4983195aeabfd37c42104
SHA512c719c835ad249152a77ff2d125ce5677467ecc61939fd09b6a5b3eacd4722f00772ed639b94b1aa8e1f13d15880970060c81fc57a0b96602582de7948c18d23f
-
Filesize
5KB
MD599a37000391b1f63f8f12b508a32663f
SHA127f34d12ce5e90ff3fe6993cd9352fc5c1ee0ca0
SHA2563fbfa82349d42bea612ea0c6a077942077c26d45e3d5fb238372d4d8fbab33e1
SHA5125f6e7305fa9d33064ddb418109bd0b49fdf5c8104684c643e085d7a6ad6937988d889d6e4b67fc2d580498fbd68a90ce638674b8de9cda2cdd3cf1fd921de792
-
Filesize
5KB
MD51c01f30d5130a778e06095cf96b03d62
SHA1d673a041aeff971934c30a36ab0f633d86c6be5e
SHA256261151239aa16e81c373a87b7de23f71a185709911961c6dfe52293c6563e3a8
SHA512c8b366f60d9254a1d6b75ef5892cfa695578698b762409548d7aae411f7af5d35564715997f6d198c42bd4d50fa62be631687d403d4c928dc19b10f7a0db2b7a
-
Filesize
5KB
MD59778a41eabee8ba5d7b4118cbec563ff
SHA12a6625b822c5b3d9953810ef94cb90dc25c77ef5
SHA2560d2c5215faa6daeec4b64aa049a4dedf162b98228c5585780c48192403ce8843
SHA5124b190e3307e2c09548eb67f083fb68bd3d1d11b05e1a7a4679da88181cc3d7a0c8f48ea786d896f26348cf642e1ae7f20b2c07643850e8f121eb83ad198bdb8c
-
Filesize
5KB
MD59ccf6f02ad1b0932219cb4e4470dee74
SHA119780f4d55b0b9e6a3827c393d8535acb24baa9b
SHA256db3e83bb0a440781295e13d65237c63365ae163b45aea61b339fbf953dcf6c03
SHA512a1b10e74d1df862d1400da4a19ffd1df04be97425caecf3f058c52ef960ea967747206b727a1bc0ff2b9ddd27faa4c5e18a3d2356e4dd81b6a350de79085d956
-
Filesize
5KB
MD5c2b17bf5f712064befb6ed90e68037c6
SHA149a906e62957ebbe11e617e60348e5e0531f317c
SHA2562cad4f739fc53482df24fe19aff17aa12797122851ffe7b7030e2512dd7b23ac
SHA5129e21b1a575f2cae7a82451cf564e4f06bbe85f6a2468cd242414a3f4e27c36f20307d4dcc32596f4353acc5f77fc801920a774ea63a1028eeed0020624a8328e
-
Filesize
5KB
MD5c7643bc6e52d17d19ef3251ddcd8b262
SHA15e3d0765127a3f6f26a86b78649ac18772aa107b
SHA2563f031bfc721b9f1cb582b08132e62efd401ff538c1b238b56037f6f09fde2297
SHA512bc6ff56327dfe0200f690489313f1cc7e8b7f547003e37c9fb9852b50297c7becf0d222ef7dcf6a314e3f79bc52feb6fd4f86b2a307bf1c0c6345fd2d50d48dd
-
Filesize
5KB
MD5bd389254a9f54138fc6edf8d634015dd
SHA12efc777eef3915525e702a0015c045312b81ad13
SHA25604e4b6944c89fa1021f947b525bcdfd8d8b4eacba2c2eb3f88216acb069f0833
SHA5122c7c68734c70e83cf26885f7864844bc439be405800d886f776f3a2aa014f898f1904771b3e39fde0b09e998510d7f281a745f68cb35529d4f3d6ece7694af76
-
Filesize
5KB
MD5c251939085ee052494885424378cada4
SHA1da80db8864fd358edfd52b9a3038baf768e3e7fc
SHA2560a377b20d94a9f94b615b0ade4d316806b70a550d044f949aa44e939fbfb7ee1
SHA51200dd908d460ba522f1a32b8d06948498aee58aa210c371a20cbb3049db1718d6b33259174e3cb4df9acd01be4cb656d9f3c63aa1089da661a5a67a2ee87582b4
-
Filesize
5KB
MD54eba1ab9ccd41866639a38a2d6e3b697
SHA1c722794a728fdbc8553098b4250f07b5bf19bbce
SHA256d9e451122fa054cda715580ca875ba60ce0d80a2212bd6965ba6ed2f6146869c
SHA512ce089cf982c991106f2f8463dff031b69693fd315cbb9342c11bf82aa24cdbcc4f9a7825e8bcd68dd52fcd0c5fe018e68ed9ef6e5e656c5ba36c568352b5e3b2
-
Filesize
5KB
MD526b8980adeb376a8fa915bde444e274e
SHA1a5459871732254b2ca661fa068b857e84a022e48
SHA256c0576117e210f0c77213efb8fc92c837810200c1ef5d4dba602ca933c41fa40c
SHA5124810312fdc0ed0dc32cb65e1f6b9051150b34a5ce286ac82dcd2acbc7b297f78a09c477fb4676cb421993dd30fd26b0a651acc17720f001ef5fa764d8c7137f6
-
Filesize
5KB
MD51e6c7ec89a0bde527c06e36f3d5ce5d6
SHA1cfa9dcfb33b104c30d2687e469c31b6f2afa1cdb
SHA256940d46d1fba931ea98572c7ed3f72c5710628cd17ac9ebc6c20bbfac697091ea
SHA5121aabc017678fafe3ee34d9eb90f3d19e2753078c3ee7f44c99c612f924076cf8c9ffec849e7fbd1cc701052b5555a963b6fd453ff616a438404e369ee53e079a
-
Filesize
5KB
MD5d6dcf3b16299012b67de4bf79c8d118f
SHA1e1bc37eeca657eb006bd07dd456a9389e555e084
SHA256874fd198635c99a60dc6e789f598f2b981fac363f4cd6a666e9aa12e52560462
SHA5126e7f13e17e121e731b4aac01194be8be9c5d1e33b56b89234cff6db6fe439ba833138928a682f9157b61e50136e3729f639bd41ae0d9d6630aeb313568032089
-
Filesize
5KB
MD55930b3bf6efb93c57a001a2c5c1696dc
SHA1791f16c74893a231a99666569e20cfe477359b55
SHA25669b9427e880a5dd95438bc1c2a84df95029ebdce7d2d70a427bf6172627c2c2a
SHA5122353954f7198198493c99961bf2c3d6bc3ca79ebddf396b6362ede5d038d9a33a4cb244407160f5284b53896092339ec1007124664dbfaf4ca27c95b7231b09d
-
Filesize
5KB
MD5521067522fc7d4f764be0d280ea0fbb8
SHA1de2dca416d9044f8075f649d9c8bc707c297b4db
SHA25692724c9cad9751eb8f514ee74130d0a570379aaa571a047483e5b882aa730bfb
SHA512de467297354c26f280a31c555680a85610f38e646704f2776f5b39f712a7decd9ae593d2001ddd5db557336d413fcf435b0c3bee4f8981ade9cfdf470d043181
-
Filesize
5KB
MD5a18ce4544e225a18c12e9a7186cd4e8b
SHA11c874e1712dbf3660dbba691da5cc88a5a814d0a
SHA256406201512dcd1b7d38c557264f16a1ef533d31dcc282b9ba52dfcccc0af005d5
SHA5123ad4f22e8e2ca31b85d5d2d38015482c04a31e02e97ee57fe9b7435d120cef5215c9534c40faa3f12062b0ffbda3f330da1fccca7cccce823f8e2bc1662c98f7
-
Filesize
5KB
MD5079c97d2941b4d4c232199f53f4401a3
SHA17ad99048cb78d5b00911d65a7002733fb76daa73
SHA2560a43388366c848b6275b823dd3003a5155d053b6e0b1ba1592463cc305a9fb52
SHA512520d0b8a5a7ae61c3f8e697f8602bd3e6b68dac717d5f93e644083e9bf79dfe556de8ee5145b3a670ae6c6156f468b9e02260d18cff578ef69e07e88f5df4572
-
Filesize
5KB
MD583eeb06f940c396938f318d5918981c3
SHA106d62a8b99a2d9b312ca569440bcffe4a7ed6f86
SHA25622a30cc9ccb4d72b9579cbee1a2988d03be7da5b010492d5a8034621c3177c9c
SHA5127344157169ae9f5e46408d6e725a826a5e109d472b0fabcfb105e11882da624203392adb32853717aada2ac1c64e0e2272f004b3524d21cc7724e7fc6b4869c2
-
Filesize
5KB
MD53899c3b63f993785b074f063baa4e48c
SHA168cca2f5f089adfb47b4de9c8cb730e53e0c3efa
SHA256d1428624374861865fd3168f9065aec0543356fc33808bc30f29c1328905e765
SHA512b73b425d38d47fc76670ad7b36ae51828c4355e18735ab040de4ddbdc671ccd7954007459456d26de23c8c33c4f11451244d78f22780ba211d26cb8541d1ab4b
-
Filesize
2KB
MD509d89b6f2691c37af6579cce4528b4d9
SHA1421eb522aa384688fca2368c949e458f47bb5398
SHA256666956eacf76c78ef0f6a2e0e9d493e2ec37bf787aabc30f48501032a569fc03
SHA5126da5d7d2f06023ac2efa985027a9e8349cf95733b7704b0d1594e9e15083730d1cb96afdb5989bb260259a3c161ccbb710f97478264a4c42fed701f922c93100
-
Filesize
4KB
MD57543dbb2a7e7d187ca6d46f08a9b1468
SHA1fcf5ae5e43a9145d6e46743a325493f1b8036b13
SHA2568cc3bbc51ea1d71d7a5fc4e80fcd11b64f94ef282a88d47144519c37374a06d7
SHA5129cd71877bc73c2e6536aa5973b78349b9f6de82b30f05555195efbd49108aca628e6a6c819f19c5bfd4276540715284e70d5e747ccdaae6c5a43a3fbe9630651
-
Filesize
5KB
MD5b7c6de629d92f7f6463cdcc24046ff8b
SHA1211bb702210aa696679b0dd096103b3b40ea07cb
SHA256f1188870e11f5d18ff3301f9fd89b9118e17938776b41d9bddb4f7b93cfd05a6
SHA512624f3387c211bccfab6e4730a7668bda5d16e8f30b9f7a9639457e80a29370da4de0dab3ee0c3e7882b63bdedbc3c547372b7c2ebe411aea7aefec8da30bd688
-
Filesize
5KB
MD578810d8f504b2d0d19621f76ea8852a7
SHA16493507c7c3320480e7186f04298314c640d68cd
SHA256107fccb52fa28a9a24051817b508f3080a69fe1b213312cfc91e66d3a6f78bae
SHA512269b63ee07e7bbf615e86c04316e8ccb7a903dc6eb587170c90f742b43afc0521dbc5ae6fb0a19256b80910fb0e89c9bbabc4753e3b046ade708508ca4a49fe2
-
Filesize
5KB
MD565754f8f8b6989789170862de01e7a13
SHA12badab1c69069154f37c18ce32b9e1912eac6b0f
SHA256daf7377ae9828cdc2e5593fb69e666e79b2796cc301c9056a4ec2a1436f0ec9e
SHA512cf2a9a0c290702a246a819a8d3f58d1e39b5fa377b5bc1de76696dcea902ea8c4f04d8fe217d9c982934ee8af9cf680f7100d0ab95da09dff8a17afc98b9537b
-
Filesize
5KB
MD552c275fcd2a33e0a720c99abb26b4ade
SHA15e8248140745663f9e5b81b3e217b9fd3e6d852f
SHA2566cb93afc07f12d12eb63df19961f89d63a5cf0f6a8488d4f7634a371688f1fbe
SHA5123c57bb8061697bb6e16c1777bfc587024932628a2d0e24096468f6c1a568e29080e7aafd32e08563e429a30f0d4faa8a0df8f3cd3395f4964f4937df5a919d44
-
Filesize
5KB
MD56928f61755234e04ae6709b25b029f4e
SHA10c01770986f65e294247dd31d02d7da45cff174d
SHA2563a81e68dd325abc68d68444310bf8ad33af04c5ce28a56c3af30acbf066751a9
SHA512552128ab2033d2aecdb38a93e5d0021655639c7b3834ce854eee1421e7b2840b61e09ea14261ac04dca80f765304e8dc5083749745cd3fb6eec0c5e0c401cadd
-
Filesize
2KB
MD52fcea3f9006d2d501ab1c354e1c671c8
SHA11c8cdf45b6de88be7c77e82d88b870ea8e5ede5d
SHA256240ec8eff8fbbd96dbe58cbdf6d0f2c7cc67b9f7dcec3cad8e612e9a2fd6d25e
SHA512c8ff88d09d9ccd1dd3b2bcdf59d5de5b7f52dfa78f580ca3e98deb61f48931a7cd2dea33df6106297707226a944958d7aad9c683cfeb3941c654b8941d5ae9dc
-
Filesize
5KB
MD528af0f7562858231381926a6c77e393b
SHA1dafe95b1d22a278ca7ec4948095418d674dba98e
SHA25614b10b2d7ba4c1efd730bde97af2048d134ee69acf82e0ebc703be64feac7306
SHA512f891005b27325821c89a0a09929ad9b6c9ddf1d626c9711e488f87ab993333486a3606647038d6fbed67c9839aea739dc311671bc447ec61c2924485d05eebcb
-
Filesize
5KB
MD5370267f39edd725eaf93515faca96c19
SHA1abb813124e8042160da5f975c9dd90a45ffb2491
SHA2568070538f71f9ebbf2e700762fa50aaf6584456b2d3c5bffe38809903c26e85e9
SHA5123d075a8414f44ee10e1a90a35be2485427f39ec7cac95816cacf8582e964d3c5f83b55a554e55d14d5e7f78b294733df5e49bf1dfb48341c1c2aeb7606690a94
-
Filesize
2KB
MD586cffc19794149c515fa33db9b1143f9
SHA1cd082d39519996e9bd16b8e131d990e59d1c23ac
SHA256ef879fda0b2ba675db45a9779184712ac1a430b152c2339c3ec1e8b65b94cf42
SHA512e34bc3d696b39f0307288431b59025098c9cabb38343501671cff0e55e0ef5d526a2ee7a5e875c8f2e8375a61c231e71b96c44261e4ae4e2ac01724af15c9ae9
-
Filesize
5KB
MD514d71fb1979de136331b7d7427964f45
SHA1be3d749212561ed5aef440d0123aec1870ad64d8
SHA256887bc2f8e0ea3edbecaa5e31b761168b3b399fb97a135274b6b0e89ce6500b1e
SHA512659ebaee5d1e180fd4b535b58e0e688f64b81863b2619864e62c8aced4393d55237d79e53b6f0b233850833f9f7c70553cb486f485bdb7a6026370267953a33c
-
Filesize
2KB
MD5a22483f26c8204f6727ae94a3cb324d0
SHA1edfc3c7d126866e34d17d6fed62457b32ef4baeb
SHA256ab09bfc7224f142378a109a58862c8440aa7ad4e1b85e14edae16fcf3aa1983e
SHA512eb866cc0b76f17af776f6b10db618792cb4e353a0db6e55820065481979be152dc518c26048eaafff9fa5a3aa300fe8e491659770ed499a03578e08c005f86b4
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f033afca-540f-4deb-b4b9-3dbc948df4d3.tmp
Filesize5KB
MD5698fba9c049dafa6d12c5a4a6fa4c1b9
SHA1249348420035d2dfad253ba40787c3770d611985
SHA256c8e6d4487fefeebcd8df86de84aaf09262a8461c2f0ffbe6a3a22e966cd9897e
SHA512e3c50854ed909d48bfc701bfa652b9c326d040384fb2b58390ad69a0abc307335c3770a2176bdd6413bcd59998d5e734723328c93e7bffbb0d0b1562c3ad8417
-
Filesize
11KB
MD56b1514d43a4b6eeb64e38af8f15d0e82
SHA15460f064adfd52025c91fc1a41555c3a8d46a1a7
SHA2568044b646d16b725034cf892b2449220e782f041883c6a3fd288895a671ca19fa
SHA512bec6b98834f1696dc2f3de9cf47d917488e6b79afc95207a9ac19284a94d403dabc34e84388cda8f2f55587ef347374f0d11bc712fac09cc88699c0ffafc4398
-
Filesize
11KB
MD5610cba74b9f8fb95253ab85d5d2d974f
SHA10a6bb0497e09d08573d218b7423dc9372597ad38
SHA25681378026b31b6930a85295f5f6702aabd54efa6299eb8155a2801fb3a453e38b
SHA51233391c888d22c626122bdd4fde6d56bcc6c61eff4f63b96e7123ac67f6c16d557de94256aade6a992e40ef6e4fc648700478db300c09ff012b5fe505d1bb33e5
-
Filesize
11KB
MD5ddbe1d65380b4ec10789d1f7f0beeceb
SHA1d003d138d6baf6868b32bbdaf8b081537313e0ef
SHA256722a084e8356bdcf951abb84be4ef811745b38d86a99e4b82751a6f58e0b2108
SHA5124c8474eff966eea65c9994ae43594c686061c6a77bdc804bb7d4ecc60b0cb6d2be836d0f4c912204dfd61996a59776f34e36cc06ee388f675b006a773fdd2856
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
6.5MB
MD54541a5097100cedbe1ab8ba8ad36eb47
SHA1236a9c043bddcd0cac31868dc550fce020547f86
SHA2569d9c1ffcedfa1c9a38b19d0f06447d7ee068276b91e37f7ca29c87de652ff261
SHA5124d1ae838f6b4b4b160d308cc7c1cf95dbc86e81992e5bbb9a9c1e14047cf378c3cffd6e9d6cde5e7b8fd636bdd397cd7294655175b0dbf7e2b0ff72770b784ee
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
280B
MD5ef8a7c7cd2fe22e2a9f9bf740d369230
SHA1312f977a89f0f4191755f62c8edae6163dc2416d
SHA2566dbe6976750acd60e2e35bd1d749a477363f94249790b1ee463a65caa60fe85c
SHA5124ac23788576525ea4cd9ddb9aa79a5da721787c16b8003e30bc7487e0755228ca08e73b69846350dfa7e6cdeca287aac0c6b8b5c6f5506e9b99eedc60a5722e4
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e