Malware Analysis Report

2024-12-07 14:29

Sample ID 241013-lj8d8azbpd
Target clutt6.6.6 - by CYBER SOLDIER.rar
SHA256 72d36858e676360cd470943c3a22110324df8e4571c166dc823b09dbefb4017c
Tags
bootkit defense_evasion discovery evasion execution exploit persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

72d36858e676360cd470943c3a22110324df8e4571c166dc823b09dbefb4017c

Threat Level: Known bad

The file clutt6.6.6 - by CYBER SOLDIER.rar was found to be: Known bad.

Malicious Activity Summary

bootkit defense_evasion discovery evasion execution exploit persistence privilege_escalation trojan

Modifies WinLogon for persistence

Disables RegEdit via registry modification

Possible privilege escalation attempt

Event Triggered Execution: Image File Execution Options Injection

Boot or Logon Autostart Execution: Active Setup

Downloads MZ/PE file

Disables Task Manager via registry modification

Executes dropped EXE

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Modifies file permissions

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

Checks installed software on the system

Drops file in System32 directory

Checks system information in the registry

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtCreateThreadExHideFromDebugger

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Command and Scripting Interpreter: JavaScript

System Network Configuration Discovery: Internet Connection Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious use of UnmapMainImage

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

NTFS ADS

Modifies data under HKEY_USERS

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-13 09:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-13 09:34

Reported

2024-10-13 09:45

Platform

win11-20241007-en

Max time kernel

599s

Max time network

603s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "satan" C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\129.0.6668.90\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUB24.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUB24.tmp\MicrosoftEdgeUpdate.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ChromeSetup.exe N/A
N/A N/A C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\129.0.6668.90_chrome_installer.exe N/A
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
N/A N/A C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUB24.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\MicrosoftEdge_X64_129.0.2792.89.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUB24.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUB24.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUB24.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A

Suspicious use of NtCreateThreadExHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\avatar\characterR15.rbxm C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\Controls\DefaultController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\Controls\XboxController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\VoiceChat\New\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\fonts\families\Kalam.json C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\StudioToolbox\AssetPreview\OffSale.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\ExtraContent\textures\ui\LuaChatV2\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\AnimationEditor\img_eventGroupMarker_border.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\ExtraContent\textures\ui\LuaChat\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\shaders\shaders_glsl3.pack C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\TagEditor\Tag.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\common\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\Controls\XboxController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\Emotes\Large\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\ExtraContent\textures\ui\ImageSet\AE\img_set_3x_1.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.89\onnxruntime.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\fonts\Oswald-Bold.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\Controls\PlayStationController\PS4\ButtonShare.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\Emotes\Small\SelectedLine.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\VoiceChat\Unmuted40.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.89\identity_proxy\win11\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\VoiceChat\MicLight\Error.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\RoactStudioWidgets\slider_handle_dark.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\StudioSharedUI\RoundedCenterBackground.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\ExtraContent\textures\ui\InGameMenu\TouchControls\touch_action_move_1.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\ExtraContent\textures\ui\LuaChat\icons\ic-robux.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.89\Locales\kk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\Controls\shift.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.89\mspdf.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\particles\smoke_main.dds C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\StudioSharedUI\list.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\ExtraContent\textures\ui\LuaApp\category\ic-top rated.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\LayeredClothingEditor\Default_Preview_Animation.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\StudioSharedUI\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\Settings\MenuBarAssets\MenuButtonSelected.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\ExtraContent\textures\ui\LuaChat\icons\icon-share-game-24x24.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUB24.tmp\msedgeupdateres_lo.dll C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\meshPartFallback.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\Controls\PlayStationController\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\Settings\MenuBarAssets\MenuSelection.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\ExtraContent\textures\ui\LuaChat\icons\ic-profile.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUB24.tmp\msedgeupdateres_ca.dll C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.89\msvcp140.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.89\Locales\sr-Cyrl-BA.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\AnimationEditor\img_key_indicator_inner.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\DevConsole\Error.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\StudioSharedUI\search.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\VoiceChat\SpeakerNew\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.89\Locales\cs.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.89\Extensions\external_extensions.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\fonts\GrenzeGotisch-Bold.ttf C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\Debugger\Breakpoints\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\TerrainEditor\select.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\VoiceChat\MicLight\Connecting.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.89\oneauth.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\Settings\Help\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\VoiceChat\SpeakerDark\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\ui\VoiceChat\SpeakerLight\[email protected] C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\content\textures\StudioToolbox\AssetConfig\public.png C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File created C:\Windows\SystemTemp\chrome_url_fetcher_4248_1107634849\-8a69d345-d564-463c-aff1-a69d9e530f96-_129.0.6668.90_all_adoc4766j3bivaj6ot6kye3j6isq.crx3 C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\CHROME.PACKED.7Z C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\129.0.6668.90_chrome_installer.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\chrome_installer.log C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File created C:\Windows\SystemTemp\Google5844_135988368\updater.7z C:\Users\Admin\Downloads\ChromeSetup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\129.0.6668.90_chrome_installer.exe C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\Google5844_347104578\UPDATER.PACKED.7Z C:\Users\Admin\Downloads\ChromeSetup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\msedge_installer.log C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\604d63cf-3f25-4ccc-8283-25b2ca342c32.tmp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Users\Admin\Downloads\ChromeSetup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\SETUP.EX_ C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\129.0.6668.90_chrome_installer.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\chrome_installer.log C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\Google5844_135988368\bin\uninstall.cmd C:\Users\Admin\Downloads\ChromeSetup.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\_metadata\verified_contents.json C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\manifest.fingerprint C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\1b981d81-b0e9-4e28-bed7-d7d8ed5c487e.tmp C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\129.0.6668.90_chrome_installer.exe N/A
File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe C:\Users\Admin\Downloads\ChromeSetup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\manifest.json C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
File opened for modification C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\129.0.6668.90_chrome_installer.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\ChromeSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: JavaScript

execution

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EUB24.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\ChromeSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "2661208524" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31137198" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Google\Chrome C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Google\Chrome\InstallerPinned = "0" C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133732860164779778" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Google C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\1.0 C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{DC738913-8AA7-5CF3-912D-45FB81D79BCB}\TypeLib C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ = "IPolicyStatus2" C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\TypeLib\ = "{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}" C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{699F07AD-304C-5F71-A2DA-ABD765965B54}\1.0\0\win32 C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544} C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4} C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID\{53A53FE9-0D1A-5CE1-A982-92ECA1CB48BC} C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962} C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ = "IProcessLauncher" C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\Elevation C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\130.0.6679.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DC738913-8AA7-5CF3-912D-45FB81D79BCB}\TypeLib\Version = "1.0" C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\GoogleUpdate.Update3WebMachine C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\ = "PSFactoryBuffer" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4} C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF} C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4} C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\ChromeSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3780 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe C:\Windows\System32\cmd.exe
PID 3780 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe C:\Windows\System32\cmd.exe
PID 1096 wrote to memory of 4892 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 1096 wrote to memory of 4892 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 1096 wrote to memory of 4404 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 1096 wrote to memory of 4404 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 1096 wrote to memory of 3348 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 1096 wrote to memory of 3348 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 1096 wrote to memory of 1968 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 1096 wrote to memory of 1968 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 1096 wrote to memory of 2880 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 1096 wrote to memory of 2880 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 1096 wrote to memory of 3828 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 1096 wrote to memory of 3828 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 4528 wrote to memory of 1476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 1476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 5624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4528 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe

"C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe

"C:\Users\Admin\AppData\Local\Temp\Clutt6.6.6.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant "%username%:F" && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant "%username%:F" && takeown /f C:\Windows\System32\Boot && icacls C:\Windows\System32\Boot /grant "%username%:F" && exit

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32 /grant "Admin:F"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\drivers

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\drivers /grant "Admin:F"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\Boot

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\Boot /grant "Admin:F"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004EC

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\OutSkip.gif

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\SendCheckpoint.docx" /o ""

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\SystemSettingsAdminFlows.exe

"C:\Windows\system32\SystemSettingsAdminFlows.exe" RenamePC

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd34a9cc40,0x7ffd34a9cc4c,0x7ffd34a9cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1692,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1976 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2096,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2280 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4540,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4536,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4252,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5108,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3208,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3336,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5212,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5220 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5408,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5208,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5516,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5624,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5332 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3304,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3300,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5200,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5540 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5528,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5736,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5436,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5560,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5088,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5144,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4532,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5264 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4232,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5796,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6120 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=4916,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=4980,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5932,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5920 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5132,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5820 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6220,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5980 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6228,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6352,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8

C:\Users\Admin\Downloads\ChromeSetup.exe

"C:\Users\Admin\Downloads\ChromeSetup.exe"

C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe

"C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={BDD63F15-A3B9-19E8-A69D-514529BBB178}&lang=en-GB&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2

C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe

C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=130.0.6679.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x2b4,0x2b8,0x2bc,0x294,0x2c0,0xe0a6cc,0xe0a6d8,0xe0a6e4

C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --system --windows-service --service=update-internal

C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=130.0.6679.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x2a0,0x2a4,0x2a8,0x27c,0x2ac,0x4fa6cc,0x4fa6d8,0x4fa6e4

C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=130.0.6679.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x29c,0x2a0,0x2a4,0x274,0x2a8,0x4fa6cc,0x4fa6d8,0x4fa6e4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6320,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6372 /prefetch:1

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\129.0.6668.90_chrome_installer.exe

"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\129.0.6668.90_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\1b981d81-b0e9-4e28-bed7-d7d8ed5c487e.tmp"

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe

"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe" --install-archive="C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\1b981d81-b0e9-4e28-bed7-d7d8ed5c487e.tmp"

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=129.0.6668.90 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff657939628,0x7ff657939634,0x7ff657939640

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6380,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5804 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=5972,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5904 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6512,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6548 /prefetch:1

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe

"C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=129.0.6668.90 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff657939628,0x7ff657939634,0x7ff657939640

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6312,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5944 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=5456,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4408 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5748,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6456 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6408,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6460,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6396 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"

C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUB24.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUB24.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTM2REY5NDMtRDJGOC00RjFBLTk2REUtNDdBOTBDNzZFRDc3fSIgdXNlcmlkPSJ7RUJBNkY3RjQtMzRFQy00Q0QwLUI5MEUtOUY3QTAwRTk3OUE0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGQzdCNTFGQi00NjM0LTRGNUMtOUU4Ny05N0E4RUExMzBBQjN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1NjY3MDMwMjYiIGluc3RhbGxfdGltZV9tcz0iNTQyIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{A36DF943-D2F8-4F1A-96DE-47A90C76ED77}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTM2REY5NDMtRDJGOC00RjFBLTk2REUtNDdBOTBDNzZFRDc3fSIgdXNlcmlkPSJ7RUJBNkY3RjQtMzRFQy00Q0QwLUI5MEUtOUY3QTAwRTk3OUE0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1RUJDNDRCQy01RjY0LTQwREItQUQ4Mi1BMzFBQUYyNEMwQzR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjkuMC42NjY4LjkwIiBuZXh0dmVyc2lvbj0iMTI5LjAuNjY2OC45MCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1NzA4MjIxODQiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6396,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5952 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5948,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5676 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=5588,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\MicrosoftEdge_X64_129.0.2792.89.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\MicrosoftEdge_X64_129.0.2792.89.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=6324,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\MicrosoftEdge_X64_129.0.2792.89.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.101 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D5588A8-D10A-4AE3-9712-E5E65CC52FA1}\EDGEMITMP_14AA4.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.89 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7b72276f0,0x7ff7b72276fc,0x7ff7b7227708

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=6632,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6800 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6844,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7176,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7192 /prefetch:8

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\PushReceive.js"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=7028,i,2440751261181764797,16442541856802475767,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7220 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTM2REY5NDMtRDJGOC00RjFBLTk2REUtNDdBOTBDNzZFRDc3fSIgdXNlcmlkPSJ7RUJBNkY3RjQtMzRFQy00Q0QwLUI5MEUtOUY3QTAwRTk3OUE0fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGRDZDMUI1Qy0wMTJDLTQ4RTEtQTEyQS1ENjI1ODc2Q0U0MDN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjkuMC4yNzkyLjg5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NTg0MTE2NDk3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTU4NDE2MTU2NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk3NzIwMTAzOTgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2I1M2ZhMjE3LTZmNDQtNDU4NS1hNGVjLTcwZWQzNWYyYWE3Mz9QMT0xNzI5NDE3NDA0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWdmJTJiVmFRNSUyZlV0JTJmcWolMmZnYXRUaTNobjZlZDBSeVRvTE9xUE5mVlolMmZYdzFxaElyVUtvSmdjJTJiNllxNDJ6U3JIWjJydmxZOWZraSUyYmhMSzIwN2xCeTB1bVElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM5MDM5NTIiIHRvdGFsPSIxNzM5MDM5NTIiIGRvd25sb2FkX3RpbWVfbXM9IjExMzQ2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTc3MjEyNzA5MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk3ODc3MDExNjgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDcwNjk1MzY4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iODgzIiBkb3dubG9hZF90aW1lX21zPSIxODc5MiIgZG93bmxvYWRlZD0iMTczOTAzOTUyIiB0b3RhbD0iMTczOTAzOTUyIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2ODI5NyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-eadc3c90bb1a4267\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 4152

Network

Country Destination Domain Proto
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
GB 2.18.63.57:443 metadata.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 2.19.117.169:443 binaries.templates.cdn.office.net tcp
GB 23.213.251.133:443 cxcs.microsoft.net tcp
GB 92.123.128.169:443 www.bing.com tcp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com udp
GB 142.250.179.238:443 apis.google.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com udp
GB 216.58.201.110:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.201.110:443 play.google.com tcp
US 103.224.182.242:443 fpstest.net tcp
US 103.224.182.242:443 fpstest.net tcp
US 103.224.182.242:443 fpstest.net tcp
US 103.224.182.242:80 fpstest.net tcp
US 103.224.182.242:80 fpstest.net tcp
FR 128.116.122.4:443 roblox.com tcp
FR 128.116.122.4:443 roblox.com tcp
NL 128.116.21.4:443 www.roblox.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.70:443 static.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
GB 2.19.117.27:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 70.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 75.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 27.117.19.2.in-addr.arpa udp
GB 142.250.200.46:443 chromewebstore.google.com tcp
GB 216.58.201.99:443 ssl.gstatic.com tcp
GB 216.58.201.99:443 ssl.gstatic.com tcp
GB 216.58.201.99:443 ssl.gstatic.com tcp
GB 216.58.201.99:443 ssl.gstatic.com tcp
GB 216.58.201.99:443 ssl.gstatic.com tcp
GB 216.58.201.99:443 ssl.gstatic.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
GB 216.58.201.99:443 ssl.gstatic.com udp
GB 142.250.180.1:443 lh3.googleusercontent.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
GB 142.250.179.238:443 apis.google.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 216.58.201.110:443 play.google.com udp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
GB 216.58.201.110:443 play.google.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 232.16.217.172.in-addr.arpa udp
GB 142.250.180.10:443 scone-pa.clients6.google.com tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.180.10:443 scone-pa.clients6.google.com udp
GB 142.250.200.46:443 www.youtube.com udp
GB 23.213.251.133:443 cxcs.microsoft.net tcp
GB 92.123.128.169:443 www.bing.com tcp
US 216.239.32.27:443 chrome.com tcp
US 216.239.32.27:443 chrome.com tcp
US 8.8.8.8:53 tools.google.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 172.217.16.238:443 tools.google.com tcp
GB 172.217.169.14:443 s.ytimg.com tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 172.217.169.2:443 ade.googlesyndication.com tcp
GB 172.217.169.2:443 ade.googlesyndication.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.16.238:443 tools.google.com udp
US 216.239.32.27:443 chrome.com tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
US 8.8.8.8:53 google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 172.217.169.14:443 google.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 103.224.182.242:80 fpstest.net tcp
US 103.224.182.242:80 fpstest.net tcp
US 103.224.182.242:80 fpstest.net tcp
HK 35.215.129.230:443 e2c32.gcp.gvt2.com tcp
US 103.224.182.242:443 fpstest.net tcp
US 103.224.182.242:443 fpstest.net tcp
US 103.224.182.242:443 fpstest.net tcp
US 103.224.182.242:80 fpstest.net tcp
GB 216.58.213.3:443 beacons.gvt2.com tcp
US 103.224.182.242:80 fpstest.net tcp
US 103.224.182.242:80 fpstest.net tcp
US 103.224.182.242:80 fpstest.net tcp
US 103.224.182.242:80 fpstest.net tcp
US 103.224.182.242:80 fpstest.net tcp
US 8.8.8.8:53 ww25.fpstest.net udp
US 199.59.243.227:443 ww25.fpstest.net tcp
US 199.59.243.227:80 ww25.fpstest.net tcp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 142.250.187.206:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.187.206:443 syndicatedsearch.goog tcp
GB 216.58.201.98:443 partner.googleadservices.com tcp
GB 142.250.187.206:443 syndicatedsearch.goog udp
GB 142.250.180.1:443 afs.googleusercontent.com tcp
GB 142.250.180.1:443 afs.googleusercontent.com tcp
GB 142.250.187.206:443 syndicatedsearch.goog udp
US 8.8.8.8:53 css.rbxcdn.com udp
GB 2.19.117.43:443 setup.rbxcdn.com tcp
GB 142.250.200.46:443 www.youtube.com udp
GB 172.217.169.14:443 google.com udp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
CZ 65.9.95.59:443 clientsettingscdn.roblox.com tcp
GB 2.19.117.41:443 setup.rbxcdn.com tcp
GB 2.19.117.41:443 setup.rbxcdn.com tcp
GB 2.19.117.41:443 setup.rbxcdn.com tcp
US 4.155.164.36:443 tcp
GB 142.250.200.36:443 www.google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.110:443 play.google.com udp
GB 2.19.117.74:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.201.110:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com udp
GB 142.250.200.22:443 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.200.38:443 static.doubleclick.net tcp
GB 142.250.200.46:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
GB 216.58.201.110:443 encrypted-tbn1.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn1.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn1.gstatic.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 74.125.105.135:443 rr2---sn-aigl6nsr.googlevideo.com tcp
GB 74.125.105.135:443 rr2---sn-aigl6nsr.googlevideo.com tcp
GB 173.194.3.70:443 rr1---sn-aigl6n6s.googlevideo.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
GB 142.250.200.22:443 i.ytimg.com udp
NL 173.194.69.84:443 accounts.google.com udp
GB 142.250.178.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
GB 216.58.201.110:443 encrypted-tbn1.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn1.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn1.gstatic.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
NL 74.125.8.102:443 rr1---sn-5hne6nzs.googlevideo.com udp
GB 142.250.178.1:443 yt3.ggpht.com udp
GB 216.58.204.78:443 encrypted-tbn2.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
GB 216.58.201.110:443 encrypted-tbn1.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn3.gstatic.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.14:443 youtube.com tcp
N/A 127.0.0.1:51532 tcp
N/A 127.0.0.1:51536 tcp
N/A 127.0.0.1:51539 tcp
N/A 127.0.0.1:51554 tcp
GB 142.250.200.22:443 i.ytimg.com udp
GB 142.250.200.36:443 www.google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 74.125.105.135:443 rr2---sn-aigl6nsr.googlevideo.com udp
GB 173.194.3.70:443 rr1---sn-aigl6n6s.googlevideo.com udp
US 8.8.8.8:53 rr1---sn-aigl6ned.googlevideo.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 173.194.183.70:443 rr1---sn-aigl6ned.googlevideo.com udp
NL 173.194.69.84:443 accounts.google.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 rr3---sn-q4fzen7y.googlevideo.com udp
US 173.194.141.104:443 rr3---sn-q4fzen7y.googlevideo.com udp
US 8.8.8.8:53 70.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 142.250.200.38:443 static.doubleclick.net tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
GB 142.250.200.14:443 youtube.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
NL 173.194.69.84:443 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
US 35.227.159.135:443 e2c27.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gvt2.com tcp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
N/A 127.0.0.1:52960 tcp
N/A 127.0.0.1:52963 tcp

Files

memory/5412-0-0x00007FFD22C13000-0x00007FFD22C15000-memory.dmp

memory/5412-1-0x0000000000660000-0x0000000000AF0000-memory.dmp

memory/5412-2-0x00007FFD22C10000-0x00007FFD236D2000-memory.dmp

memory/5412-3-0x00007FFD22C10000-0x00007FFD236D2000-memory.dmp

memory/5412-4-0x00007FFD22C13000-0x00007FFD22C15000-memory.dmp

memory/5412-5-0x00007FFD22C10000-0x00007FFD236D2000-memory.dmp

memory/5412-6-0x00007FFD22C10000-0x00007FFD236D2000-memory.dmp

memory/5412-8-0x00007FFD22C10000-0x00007FFD236D2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Clutt6.6.6.exe.log

MD5 b4e91d2e5f40d5e2586a86cf3bb4df24
SHA1 31920b3a41aa4400d4a0230a7622848789b38672
SHA256 5d8af3c7519874ed42a0d74ee559ae30d9cc6930aef213079347e2b47092c210
SHA512 968751b79a98961f145de48d425ea820fd1875bae79a725adf35fc8f4706c103ee0c7babd4838166d8a0dda9fbce3728c0265a04c4b37f335ec4eaa110a2b319

memory/3780-10-0x00007FFD22C10000-0x00007FFD236D2000-memory.dmp

memory/3780-24-0x00007FFD22C10000-0x00007FFD236D2000-memory.dmp

memory/3780-30-0x000000001D180000-0x000000001D18D000-memory.dmp

memory/3780-31-0x000000001F0E0000-0x000000001F0FE000-memory.dmp

memory/3780-32-0x000000001F100000-0x000000001F10B000-memory.dmp

memory/3780-28-0x000000001C460000-0x000000001C4A6000-memory.dmp

memory/3780-29-0x000000001C4B0000-0x000000001C4B9000-memory.dmp

memory/3780-42-0x000000001C460000-0x000000001C4A6000-memory.dmp

memory/1936-71-0x00007FFD03B90000-0x00007FFD03BA0000-memory.dmp

memory/1936-70-0x00007FFD03B90000-0x00007FFD03BA0000-memory.dmp

memory/1936-69-0x00007FFD03B90000-0x00007FFD03BA0000-memory.dmp

memory/1936-68-0x00007FFD03B90000-0x00007FFD03BA0000-memory.dmp

memory/1936-67-0x00007FFD03B90000-0x00007FFD03BA0000-memory.dmp

memory/1936-72-0x00007FFD01970000-0x00007FFD01980000-memory.dmp

memory/1936-73-0x00007FFD01970000-0x00007FFD01980000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 f6e2acd6f4da47e4ce815bf525667e5d
SHA1 6ae5229053cd94d271cec2fb00c84c04d065be01
SHA256 28a5b5040d1df0d6b658a5c9554eb02380e31fd9c7404e96cecfbbe9c43bb15c
SHA512 c770593bf3bb50f38f90d759d8f449bc1ce81ea683dad15a2e5b4b33642ccf6c049222962f3d6542619d7655027e448c18d81c5a0c4b35a9994d3d133477f190

C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

MD5 d29962abc88624befc0135579ae485ec
SHA1 e40a6458296ec6a2427bcb280572d023a9862b31
SHA256 a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866
SHA512 4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 d6f103dcb46e747c235936b0de629f62
SHA1 0b7790d4975885a4991f82a0db3eb5477af58b0d
SHA256 adb7212ab5a46a3349b78f3d1d9ca71cfb99f59737be1776152fbff026fabc2a
SHA512 4088c77252ba830f2f12e47602ecf5b13c993d001e91a9db359b94fad8c78972ebaeccf54818ac748f0b31854965451c8a03b5b2bf2a9cff992b14edab6976e6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 b08bc3a8043f1602ebe4f52c9967210a
SHA1 b95483d3f5393c529c1514d3872c6bff19d6634b
SHA256 cd394883ca84524fa9f7f93f3f376f1bfe9ddd53d104575c3a47ca76ef3620aa
SHA512 de8baa189470bc17a8d6183a2cabb3eabe9916295f0684bcbb487bb18aa83ee7c234a57e7b88bf5a3a56ee980bad1bb705f46f9c920a15e5c948d31193877c7b

C:\Users\Admin\AppData\Local\Temp\TCDB21A.tmp\iso690.xsl

MD5 ff0e07eff1333cdf9fc2523d323dd654
SHA1 77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA256 3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512 b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

memory/1936-488-0x00007FFD03B90000-0x00007FFD03BA0000-memory.dmp

memory/1936-487-0x00007FFD03B90000-0x00007FFD03BA0000-memory.dmp

memory/1936-486-0x00007FFD03B90000-0x00007FFD03BA0000-memory.dmp

memory/1936-485-0x00007FFD03B90000-0x00007FFD03BA0000-memory.dmp

\??\pipe\crashpad_4528_QIBMTGKWTRABBGMP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 132adea1d29b9089997b1cb30e1872dd
SHA1 06b032f4aec654ab067908b55f04761cd5a11b13
SHA256 d01e50d2da7a9d60e2ec15fa01c0b8f9337096a66252958968d7036a9bbf76af
SHA512 a5582f347a217283b660df6474b6f5701779a83d68e1f1d6360678dedc032aab28148faea295789ebf6b77d2a009e94c9025250854e0d5ba0e1d9c896c9b3702

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6130f7a364b89efe66fff754dddd4f78
SHA1 d364c778887a99b86333486c6f9d8005d8f5bf9f
SHA256 7f4e330337440ebedd84aa2cf17242ac2368da638455e875be49a49c4bcc7310
SHA512 311344acb6a3743f21fb2d10eda8b1db00b92c2bac9496145a8f60c0ee28e7b03dd4362c5a4f613a5da760e6c38fca2f1596d42c507838f99bcc71cc303ce487

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ab624c49da4149b527428231f042b3c1
SHA1 78d0154a5e8b13d7d5db6870dfa10049dd77fb3c
SHA256 83423db3f8557afea3d17026ae7e89cd5f0945d5c35a9489e423b10cbc4e2da2
SHA512 548fb706af6894a1f61dd56a5a72f3c9fcf9ad4728ecf2f785f58c5cff9235948171ee7dd878b5b956163271b09d3b9f7eca875d23bdc9638f971b8e652828c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 e80c5b2d5ab8930955e06ffa2baabf25
SHA1 968d5c9d7d275fdda92496d9e8acde69e2fb9473
SHA256 b5bb73c286b76abaf8f2c7280ecc57ddbe96bcdd0683722261936606cf966452
SHA512 e5fed314a85b8ce1c08efa466c873d4c5133e23920c8ad1d95fa586922855ddb4866d6e3614226e01173d0d351eb388925ed9a2972f346a958c7a7182372a220

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8611f76433d43255e904cda301afeaf1
SHA1 117b14dfa7e67bee8784a6f1068222442d28479c
SHA256 4823d355aea7248e29424b7b5fd43a29a9d832a862fa75c4de76bf298453a04c
SHA512 47fa3837934436cfab414f07cb5e3728f76b33979c11b21b5cae85dc779df95f4af3f9f4c653794c74d33ec318334b08032ea006cdde1a3b2bf060fa8795935d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ad9c1ec1810c007f17d26fc897a1ebf9
SHA1 2d8399aa0a7c0b8968d2d04d4cf2f454fbef4c95
SHA256 6c76c81e81405a4cc685e1b97ee49c33c0159aa7c6ad88cd8f12e5586b387b01
SHA512 c023ed8b82a7e262bdee8c9ca9bc9f19e47fbf4b31e7e3de4d44039463086ceec027156e1ad19289b194eb69622611e44ac5cd5a8a172321427b6f33b9438f46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ffb667bac6e7b14b2d103d8bbe488be5
SHA1 f756a6625b1f233bfbcb0f1a488d80a39f9338ab
SHA256 6230579e78f9f7d7377e91f2e92b4a4c2e551fd3069d48ef7520b7c5b82fe041
SHA512 1de958e6cf19543789a6222aaf8fe470bcd8bb5a4fae316cbbfc681770a66814309e10076377c771c11e6a3d3106c06f520e5a861c0e1708bf7c70ca8501c797

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9704495fc63ce40fe695dbd0e62074e
SHA1 9710ce68ca41ec7db536bca0821430eaf7f20c73
SHA256 982785a45b3fa1ed200c5a879f61ad942dee070dac17b7951c5203b6a7b403e5
SHA512 77c9b302e153ab6d9b79a0f6e4cc00dd1be4b50b2076302e846b270b85490cabcfe79646e92913c18d2d00d96167c8708a1157277a2a30f9a6f26e65216b9859

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7b1b70d806e49d079750686ac5814a96
SHA1 6e8dcc6575d58d47bae2d2bdc3375b6e6c8c0c88
SHA256 674a4efe4f05afe2c2e8e2f624e2795908bcdcfcd6e3fa647ec80ef9afdd3fdd
SHA512 9bce09356ca9c6ccb15e380acdf4e81975224a732be1a48a3203e208780d4a5428935d5404b6a3ef71cbad952dd534b16f29b8dc8e573687f01b58e30064e90d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3910062a1a1bc290daf2df221d47d847
SHA1 b11ead6c5b2251ca3804d23b82495fd13819ee3f
SHA256 3e089b0d05d4719090b5e933bf5c059d7ccd1100e8d5efd7c89882b769c8d202
SHA512 e1633e86c87182fb7ee9b8fc2f6cad75763c13d01a52f41045523f0bdfca1df0c4f95bc0d7a5d80fe243daff6ed278a00a9cac9e89028bb7c86e9d27e61b8c14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0c6b284f0ff1c7a77601bd645dd03591
SHA1 9e81cb05b5d8a430b42210b1ed06ab0450a5705a
SHA256 3d591fa9e6ac1bf0a67fadd0e83bfacfa45dee23b168485ebf02e404a1440235
SHA512 db91cfd73150ca6a983a8393b5fcfa9ca1a769a0e073330a88907a18bb5a8097efe2e246a5464639775186daccc0982e68780ad1611bcec8247655b448fc5baf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

MD5 abda4d3a17526328b95aad4cfbf82980
SHA1 f0e1d7c57c6504d2712cec813bc6fd92446ec9e8
SHA256 ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476
SHA512 91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6ce51c311cf8d193ce993eaaf7daecee
SHA1 0fb59183b5ca1d31553317132747a9af6c042f2d
SHA256 fdbe3a63603813638fa1f3cc2e92d1c43fbeac3a08b59b1cc529b622a1121992
SHA512 2b394950e148e42caeed2f3e11f1fbbd8e639daeb0283140c96063c9f7922e2e60ca99c424787c6132ce0de7b3f6e4f2e83500d2a0f1eb6a7d341cb02698d8ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e76672f3db958f5930a07e08f8395063
SHA1 306015b20fa3c7ad9ccece502dfdb8687755a2ad
SHA256 6d8145e9048a44fc62987ed28313a3c7ef415bdcac73825b9f7c3d61d1064fee
SHA512 189bf880632fae8b506fb98135b92ce5680b3206769d1c689c9d5f196d777ace0b543390d8a7ec653b357bcadeb08b161fe9705dc4d81ea3c2d6e48437216e74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 2a269f39d847da7bf9b5d6841726b888
SHA1 3e3fbcdcdff5d84a331c0ecb9106637137cd4847
SHA256 f9401bcef77841dc036b71ec058704f10dde85bcef9b7efc42a12fbd0d200515
SHA512 40e14c79501180e5d0a28099b6df83ebe37f8b043cdd9295bffef7c4a376a6226ff330f8a0a15189d361fef1ca2bc661907c0e7b141c72257dcfcecec22719c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3a225aac332267a655e731647b96d2a0
SHA1 ecc3db9543dc1fd3b6de8883a80f75c1898d39b8
SHA256 d107be985808c4caf72ad714742c967286e61d306abbe12fe02c47e13164e856
SHA512 132867a3e079dfa497fd388c1dd9cd253e6ddc4848c5de6a87d5c81b26fb67ea037a4cf461ad5f7cf12f6fb5595d6338e73fb33b3d3c12ab7dc4928952a6a55a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c27f0761531609b79342fdb72c34d0b0
SHA1 cf2f12a0a3779ded13d6ed115c64b09223516661
SHA256 276cdf7cbab50b91e91c107caf02105d623d8f214b3e032d506c475de9618e96
SHA512 dc5df54d7ae847289f197714e2ecebcf4eabea2609074e49c5aa03c9160f77c9763c3d86b1d59dea47250be8dd0a826e7082e2271faadfcd5df9690140465ca9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 39d314456400a2cdb2449d7562a10425
SHA1 2430d907f58d97679e513ba0d02791e244e46b07
SHA256 a1515eef4418e95ef4105da15bd3d387d31fa6311e94822a1e9a82e4d07783cd
SHA512 f2ba4957ee2612fb80f0f30c96ee5ce1d18bbf6fb57d2c41ab4e92db5085e632869ba1c0b6a4852a340c5f97e5f426f9664bf4fd5282c0a15691dca2596b4983

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7763aa6a481f8a5cf56b09a99a258000
SHA1 bcbe853c282002086b64f7e4c94d5a147c5bf150
SHA256 24c948b6837b0e3a550b82610e92dbd65b35af8e77db934ce53a43071de9323d
SHA512 0bf7ddd929b03dc339b4335bd5fecf1be799c751748e56d9e6c6ce3a7507c75400da0969ca552dd8ddd55017f4b155db0798c76de441be692c6db10a2c9bac49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4352f0bf9f3dd1519fea2281b991d4b4
SHA1 474cf28c10af57e032eef63208fd1ba87a9becf9
SHA256 524e7698ea7936f69663803dde56f59c44665a00bbdc973c4cba29e0e34b8744
SHA512 b44493c2044fd4825afaa70229e100797c07f5946149e1345c7a938b35e391bc803e0ae2cea2a9b43b4b03efaf76c2cd61ab97ad0fb58b9d4bb96ba9087ef8e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5176e25282a174b1c893c9549de8f423
SHA1 0e662ec1ba17e4b41d85086ff2af05feca5e1488
SHA256 3dc5a211fc4ca764f698be800f629e3ac4de648eebf1cb70800e8eea45a749e4
SHA512 480dfe7c6a96ab2c8fb23430866761cad451bf06f588d969fc35ae5afe89d82f62793a9141fa590f037c4c1595bc28f5c638d378eec68aa7e3a9e3eeb7e701ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 906e4d23afa1e2367b7beb11ecdd263b
SHA1 69a2e4a4a6aa75b151176f17e28ad72c777690bc
SHA256 53dc65cf7f2f86a4ccdda315988214245c9982f051061701aa8d31538def7dfe
SHA512 98b262f22ec1326fa184292a29703ccd72be0933a0d56ce3a05d439757168d44b1659ff257130988f8c943ba9803c88570b359f54855e8f936c30c35b0d34d75

C:\Users\Admin\Downloads\ChromeSetup.exe:Zone.Identifier

MD5 3f55ad397f5ba51793e4524732599f8f
SHA1 26802f09509a766776339fca1c46138efde86e62
SHA256 ee74ec74ed2c3496f083d74aabe9ac2907ed3a1e51b694f725c1e643092076e0
SHA512 eb2fcbf31e9683accc0e7305f1e809058bc88b4f40e14d3eb0c06bd002eca2e04466356f19228a5a5a770b7b4419b945684ad913d3fa34af3ff02986bd0eaea6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d7b825b436072347c3cb87d7ab1e588
SHA1 c98b8664bcea70d9780c2335de5f98f23fc16881
SHA256 57be79f9873da20758063a27139127d2ba65fee6dd5fc2cc7f106149695cf407
SHA512 0847eb08e3c60426ae0e674b7092981d37215fe5bf766e10c8e74cdac4f04d1ed410ec14a9adaa7f2a3f7c3aad4e18dcdd8e299f8226703924efeabca874e60d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c2147685a29e8ce2401fd11479279d22
SHA1 a68f61e1a562f914bfc4eedb0bca5bb67077afbc
SHA256 d75c0acbc217fecba086252960a54c5b1444fc02fe7d74251a2222c989a9dc31
SHA512 13f23925ea1349fe7ae479f146c873474307dab678a9e1d01e0c663dd4193dee0a94f96d87bba0d5bebfe8127f2962b5fda8734eecb5cd998f1e7429a855b722

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1514f180fbaf59114ee891a2d61ed493
SHA1 e65634fbb7ae3cf139e3bde3d099d6246fe3866b
SHA256 24c239e7735649db5f0a979e95fbd0c9929a6d06860c46a32ce011515f75e274
SHA512 f67ae929299afdee1be577a3a806c34e367c20d8d681e0e606973cc1593690f90db1cc5bbe7be7eab4d97088d62036bd735883f07d33b8aaff0cbc457c6f8ab4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e3495148eda107b4b60deff6beba3eb8
SHA1 4527946b680fc915265da71f342e97edd65e4515
SHA256 518c3263c09567d61f443e72868c8c615c50b0f4940c0c321c68b7e954a5b0c9
SHA512 3a2c66d44ee952d22691c8ba32dabf35a3fbd8e1158b0069f05900f674f0e61065bfe74320f17ff889d33d5db8e5f43525a3c194c307977ec0719af432790e8b

C:\Users\Admin\Downloads\ChromeSetup.exe

MD5 fe25ae786b1678849785ce4695d528a9
SHA1 ee6616bf0f4a53eb991b107609210b535ae8c329
SHA256 2036868529e6ca078209807a3377ef878e91922bb07414fa28c0e3fc0901a15c
SHA512 9946d7bdc694a529892e14d08a2a9aab46cc48bcb13437b1efc1ee7a2a320bd39c2d694ee86e3aecf4de32aac479e882583c050c7ad566d85f3e8a8748d3884c

C:\Windows\SystemTemp\Google5844_135988368\bin\updater.exe

MD5 c583e91ddee7c0e8ac2a3d3aacad2f4c
SHA1 3d824f6aa75611478e56f4f56d0a6f6db8cb1c9b
SHA256 7f67129760223e5ddf31219f0b2e247555fbac85f4b6f933212ac091a21debf9
SHA512 0edbc9a7e3b6bf77d9a94242ee88b32af1b1f03c248290e750f355e921f49d62af13acfeed118ec624fb3e2c6131226ac17bb3d206316b056c1f7cf55642e069

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 1cd6d1767217a848bb46d1080e73f82a
SHA1 68b6adc28d3073a0bfbcf49561e3650dc6246f84
SHA256 faaa7a613c57326fb2fc0f2c8a45b1070e8537448d1d9e11fe12ebf0d1cfd9dd
SHA512 7d2187561ff4ee97637e30848cae683a675b0afd406a4edcff007ac3a773f1a9b03f6bd18a5c56c7ab85b8fc0c42fa97790ac3c2b4fdfc095b9d50062a25b553

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 e91bf706ae646c7d2fd2582590415a5b
SHA1 eed84091184848c0ec0a100a6589804f42ea9fc1
SHA256 a9e0523781b576a71671552520464135fae154bb1af6c5a358a885de4ccd1610
SHA512 38e7084cda6f84bb87f90c1394278f7102bb48264efc91d9b0f55545c337082383a3b8b2e4f86448bd20689c58a4f0245c035748f4c9811f4db69ac5e7da480d

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 c88c3ad52765a523b2b598bf2c5a9216
SHA1 4ebada495c7ec0e2ae7d92aa2be7c049d2b0e512
SHA256 e450a8d057f11bb4cd98343448b3fd8a70b0f22bd7eb6b84b6fb03731b36fc32
SHA512 a21348e047b3e84ce8a14a6298f518d1c4f512a7155360e1d85121d77ab9b4d51d09dbe67e6aad5a19b758f69b1a177a54c2e848de23d6cb66f6c7ff9b2c40b5

C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad\settings.dat

MD5 d7d763e94d648c2f25693fc91cac815a
SHA1 652ac78e3587143bb16102de0e54cae210dc0bba
SHA256 d1d10cab3f76ee2fae48afb549f03fbc28503ae5257a2ed78fe0f459d62a5f31
SHA512 18b6f624efce7e27db2a45ab7a7fd1ea02d6ca4061792b4e8561411be5d63f841f50b2dc6f61bf5ebfad0e268667c67709887ab475de00a1bcda4187e0d49f1a

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 227350f44c11f7dc5e4229d041dfa72f
SHA1 66f6d2bfd37e6b9df9ead8c40500db5fbd4ea9ba
SHA256 e82892f132a5432c6e8c02d6f36faea67b272497cbc82c5f0cfabde79372ac7e
SHA512 6231d93293181be9e398a2e811a0e5a0b141fd8a02523656b6c6e6740e6aab37d53139c1cd3c30b9cc0b1dac187d594189ae0131e5f44b2739de74c5c1fa146d

C:\Program Files (x86)\Google\GoogleUpdater\updater.log

MD5 40aac89c48e9b8a90a520186f7e06e1f
SHA1 f01b0e7561877561f6987427c9226d97fd1fa654
SHA256 755c49444ed036a875c4c832a32b1d54b578b69d31e773cd07ea9d46ba1207a3
SHA512 5d5837628ade8690ed6e40a483637a11ddb09ab4c4623eac0a874fb0e10edc61bf50a8f868e666d5f86ec10ce442c982136bd30ef5195af51f17f2f1fca29903

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 25697cc24182a7edb593e2584cdeeceb
SHA1 94f6347822712a9b21311e61314e28f911fe3d3c
SHA256 082812d3ceba574d603fd933d49b453ab8f42fb850661b41686363d3c1b6ca88
SHA512 0e1afef70a797d35c51b37da38f5085a988ac474d0a4c942f30bd77edeb4379b4d7d2463d6c7dd1d3f07d8cb5ce48b4fd7b55983005543535468ad63ff0bdd31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9e33ad5ca5b9fe6982a70b99848c167c
SHA1 71ea666d9b3425e1d03a57b2303b81be9c7ce4ad
SHA256 1b02fb8abb6a2d6eef53d0636c1110ecfdb5663076441b7f5a2d8d6c90109af3
SHA512 f5103ade93eed9194757e418e1f2198ccb7ac25cb389c6f2cefb98de8a08bc8b25eb72808d139ef3c342d2d77383fe34aa1b685398c2e0c4750a2641556d6da0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2017e1a51dc0c9b2031854c768db0391
SHA1 4f8c071ca3e37eb03445ba9a4a4f5c20d7bf86da
SHA256 4b50c1e1eb6010f9bb317654e77841c393193964c04560340b1bb77069aeed60
SHA512 23162cee7d757a5518708c7dab2da727422e5889a7352b2ee8701555bcfa8394889625d72e96ad7690c033e3b650dedb3176592197849d24e1db6b0512fb2c14

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\CR_81518.tmp\setup.exe

MD5 2bff61e098cb435c0680f80c6ed9b261
SHA1 62ec8eee0a1da31677eda7fdeafe0d18c86e0c0d
SHA256 c78c91a2b491d0f42c9f6754bbaa011c65c73160ebff2852ceebac41a535f4ec
SHA512 8c3bcae53a0012c8dc728d8742eaaa94feeb9644cd3387a8ba953b6b259da894dc407064b527a958b18a74a986728c3c0cbfbad8f8fbaf5c8c6544b0e3246662

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4248_668208762\1b981d81-b0e9-4e28-bed7-d7d8ed5c487e.tmp

MD5 c620869e359ff3affb638909208248c8
SHA1 8f7787dd9d969c9637a659e6fd7f903eab1aeb23
SHA256 db92426f540368dfd6b7e8ea1e04df9bc4e545e29941e794115f99d22583ed1f
SHA512 fe46aabb695d20965e67c55f21a4bd8ab5a75573f1e4d81645014731a4da16b3b87176df256bcc841eea386ed7235814ba0445b28444a5e67aee2ecbeab1a7d3

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f053733e52e7f2e9e95bf94ebcf9c3a
SHA1 48c98eb201f51277c5274b4aab5c0dd83b109ef9
SHA256 ba3ff131e41425212f79c3bb33ae582cad00c34f23d197cca6f77171115fefc5
SHA512 bfe7ae1c0b4c5980ea80252ebdeb311e62a6c63af9b881a40546156392879667f51eb55359193f5c7c13f0a882ba0e5b97b0c704e9142d35ee1b74690547ca1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 64425978b28c983a330541b68aafb3ce
SHA1 9ca26e1031ab29b2bef9e6f8e3840e2004c62dc1
SHA256 972b4f23d634b1bc0e1b32fe04f73b99050495f8f4e75d30e2fc07db08459277
SHA512 8f0aef4ff5b1138bddd3923e9574f96d1d03db0add5b0cee92eecfc969471ca0bb91b5abae38977117d1b21b09a4953a10b61dabe7a3effb0f56ed23ee3c8774

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0c27425deb77db152d31dcfa852b3ae8
SHA1 e15a5c18f59a5f3b9996a278730b304f51bf8b17
SHA256 bbb48ea88a612f50fdb6cd914e6ef802f2dc23857dbf2de6bf88dc9cc4cc3ace
SHA512 493fc52d6f38fcb49ce1c60f2d0e04df505fb87689edf7c4cf92d1258df918f8923fc937ad1cc87fe3e2e5cdb9b5b6eef93b1b1982eac0de7b1a815f999eda58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce0d773f72d3ab812465d64e9a4e7367
SHA1 b7058e7b6d641e62b4a593c76a2e3ca35cfeaf69
SHA256 93819dedbbd9d4c55cc7ef88281b00a95ee1416d221a6bccaea5a894ab064875
SHA512 90df4fe7a7138e4af1f03f49daea94eb374a2b0fb9f82bd6721cc39df4d47b7708433fe9b50c7f66560daae7521ffc29135dcd972e3c2db4d16a42ad8da2e3c5

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 aff5ab3dbcbb30881020c4deb88106ed
SHA1 4affd8caa51f3aa6d18bdc56a0387668fb60027f
SHA256 d8b1bfff20525084307f1c36808d57f17e6c0c2d886861d725646b3cd2e9bcd7
SHA512 a4218c60293399dc0a1db53cc59e25c792ff1f0a21f9026473e58cd8a5c5fe5e1f3583f8103ec77e056a1043ae1af920f171a69d8580e3098c1661148281df5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 937f3d865c4183d82d5717a39b1dbe2f
SHA1 ec639a2e7bb4662ac9a6c321df7be69216bf3060
SHA256 a02284ffb184930005234b897195d927dd3bfe52c31e23ee1df23e529921ebf8
SHA512 2f4f4febf14440ca8ace375fe3913251059d4c10e9999529cf4b2509c459063dd8de9490aa07b1b4906e6d0e6676147b87fd3e69af078dd9c5578dabf802cc31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0438bf6ddbdb94244eca6e2d68ad5354
SHA1 731c9ffc1a76d9703417b6cf78c9ef94e422470d
SHA256 f2e36bbc2ff2ef6d07fbe320db06474541b032e908108ad97fe5e503576fb708
SHA512 37c68ad6e702f67d08cf0ac9bb5c36d6df2472049565edd40f65a5cf92174508290a0118b4c0c7503504df552e1400bc4dc5739a8625ce3585aee48cca087476

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d58889ca1694d6716a53d44aaba2b32e
SHA1 20e64fe32c5c03840a2090d09126d995b6764d32
SHA256 4c97c8f280e1440cba5f1e25ea841698383bc7515d46e40f5658c02dd3d3e924
SHA512 d298bd85f0e1d6001cd37509075a2a3de90ef818bff3d48953365336f1b14da78e4363c66ce2c8334fc002c3dffa2555d2e4d040e01281dd410df76a9e58e542

C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

MD5 5b794d63ae37a70dafde076b14f13960
SHA1 c61ff3b39739803048232dbfb8fcd18d4feedeb9
SHA256 a9de88a9e0ef908e7683cbb26e3b9d203c3db4de03f16220a219b3f4d61ce402
SHA512 5be5ca2fadc8e970cb13b3b99662d4ea65dd6766579ef9776b8a958675d04afd0199b136e55a73907f2bf43880a539e08b4815f3dc56b0d4e6a82339ec60c63e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3901df672f2b6e0a48d24dde44b0c210
SHA1 301e232fc55f382d27c130bcfbd15117d2f5c6d2
SHA256 92f972e1a555ac3ff80873b2896121b2195ca005e01ee055a12378a3e3478a84
SHA512 c13119468954267a71d8148962e1fc514161ba0ba4cf223b4f171b0856a85758dff03f6b3d8cfbb54ef2aba3219015234e8d23be6c78f7685e77ed4297f6cc5d

C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\74515548bb70650c0176df71d7e108f4

MD5 74515548bb70650c0176df71d7e108f4
SHA1 1892ea497636c4c2641427bc2fd466c531d0cd95
SHA256 6e0dea6726076158e4569745c0793202dfd6fbcc377117898c4c29f5be2a08fd
SHA512 0272691263875c882265709300b40f4d1dc62e13699ace6fa547457389c8a9f8a7a6e4902914f2c813669db80d980d8fc8bfccfbd1aff4158444cd2d238ef99b

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 58ddce13d274e344bed648a7faca8810
SHA1 dae3996ffab61c30a17ef23d3ea71aba42964560
SHA256 d6b6e8e8ff5f06e9d1a848678a7731b0790508e5a81281128ee31514a666d613
SHA512 75629404a4a31c6b9bf731bac9d234a58887cf0095669f8f5c8f6225caf5bab453ec0c37b6a83589c29f8aef4f14d6da4909a8d99350eeca7a4cd12511c29517

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de977e7a46c0a62d9f1ce95e41e1f86a
SHA1 c5a7f3e5621807c3f99f17cacaf175a0a5ca9633
SHA256 e7715163a62547861c3cbc40ca283127e03cc1a89f4c3757bbf486f97299e5e5
SHA512 3934360aab40caa6387a425305c52242cb3c2f9af31d03dd97327779827cf054d0c0fe2ca5b49f7548c475c0b2f869cdb71faada7a0205b158504ccf855f64c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1d1386041edc90d0914c27afd920c51
SHA1 3a0649c07f9e7041400952f630abfe81ba5b8047
SHA256 ff29d74386b6994707b36c6193c128f7e8c47acc6f95174b718c688d91461312
SHA512 4b23af278d7cad2b84c80c63538f9d0b1ec7b93f900beda115e94f90041250deec1506167d7b9463eace6a9bace5c2539604f84220b974b4b655a94415e1ff4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4880b8d0f3fe5a83a66775ec7bd1b286
SHA1 49a0e58541fe2f2b50b4e418bdb2fb7614ec6f7f
SHA256 3793c01e67cac9ce0ca98e9fc66d7d78e3b3265f0b9b89572e65ed34d1592408
SHA512 adb9c7855748217f3fcc1dffff064eede2571861031b62f1a389af39378e9e85272a136c1cd1afd15f87b8151d6b6038de6decc2dfd2408941e122853d788297

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 766b5bd9c630aa5d771ac76ad1734aa1
SHA1 11466ad6f53e31a02aa5f6e00095b59a1ddb821d
SHA256 e5df945516c28b255eca91af25d2773f7b5da46394bf730d177d5668daa87613
SHA512 5a66c60afa0cbde0f43951c9f0dc2dc3007f7cd4452cd7d33e4d2df3c586d142abe4a73b59710472160807584804e0148e55baa5a01fe4f3adb55ea8b193dede

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0c0578fc1648ab8112f073ce6434d94a
SHA1 db8781b1e8b5fa0ed260b132e5cd0aa082e0a024
SHA256 5faa30a8326c45df3aee49bbc02d125e9829212c7af8536ab573549d093315d4
SHA512 5fb65bb5ad32cf58d0375caf68baf9e5b96f26829d6551c183ba5998598dd60545d841f3a94794664f9c01583d4589887789bca8ad7164e1795eacd783c5c1f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e

MD5 2f6f1f80c4ed1fd57f214bf40a885a57
SHA1 0287e82d5044c01ea99f69ab02673fe8262bb9b4
SHA256 422596b36956a2800b4dbdc3c81acc6e960c73bbc373653a471d713ff7098d68
SHA512 06fc97aa33a16b411d601f61b308c5e34f984eeb10acb752dc909b591feac285c4ab313571c70e70d2a81441bac1fde4272fd4536fc2f13ffd683d8efcc90129

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f9b327c78a5bd7967a78b88e85d15c29
SHA1 723c79e666d2022e7c524eef12cb69c91db6d8cb
SHA256 856ddb141f852a423c735115f2bcc0308dc0a271ddbce0a1e360c5b5fd6be325
SHA512 07085bef1a20e7c9e426760e7468a1860871e4d5133a857d11e8144cad0988e834f5ecd8fbcbf9c4979dc629c435116fbb7e57abf394745915f43322ebfc733f

C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

MD5 9c5c56a88f7f4dfd9ab01c30d61828a2
SHA1 d7debbcdb00acf185ad20989ea1e5632679e79d5
SHA256 03afdf64cc290ffe2070c3cfa4ca52179bc8fb4cf5065173fb5aa83f8381e1bd
SHA512 9d09f7f5e3a05b27d4b3f2d7ba3fad6cfaa046604df95870256799ab93fafb58edef7495502041e3411dd75795f84dbaa9d6d20523ec96c33b635431da9bd735

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c20ee9f7c7650c80013b33b5346de41d
SHA1 0c9f7dd247e484f04df5f028916929c83c423149
SHA256 811cd95c4d6aba8cea0d833a5c8272dd84f5672e090fb46c924a1680ded6caa7
SHA512 6c770b50a704cd46ab5d090dc05fd4b3452a9c0e43aec3f33eadcb8487e262428b2b99ab8ef48637e32a8e1aab7de9dc28bf5968bea8fd5054456d65eb1d8171

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

MD5 a7a2f6dbe4e14a9267f786d0d5e06097
SHA1 5513aebb0bda58551acacbfc338d903316851a7b
SHA256 dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc
SHA512 aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5f742f.TMP

MD5 f66526fb25c4de99635c883a6bc6d974
SHA1 6ad80633030ce9f580df68216d15545d52dad5ea
SHA256 742e702439c442687ed3a2ddbf982c747ade9b476d43e487ac544dd9173eca8d
SHA512 926814f21724db8cfa1058a92b5fe156a3fec91adee53032c65feff673d50ed6e93f8ca74bd01690bb5af9fa99f22124072363aefe9fd7320c42952b963dcd80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 dba47d73cc1ee28b814eeca54fbd2270
SHA1 07bb43a2dc487a2dc397f657e76e91afb20c02f7
SHA256 5597396d1b6f82ab48a7b14d612efe8b4b9a540cca244fe59576a7fcf45576d8
SHA512 db6406ff467db346b0b5e1391b31036c0e70433b397c31ae0e6de645e8d0899b76eb361dffba1f8f968330a6f6cf607ee5c70fcabab3e89c91d170f67cc9686f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f8f842ac65434b77ffbc51124104d16a
SHA1 c0ee04bb4e186185e036582b56d59e621c6fefbe
SHA256 f0b61621e1976ac0a66f123b7ba344a094f330eadd94c53ceb615aab72e36288
SHA512 aecb00607bafc0f8c4d45984f44b225c4cb0f15f38dc5aca5a8b0099cd5cb9989bed44df5d2d54aed904710209944fff8129827749443de2804b3566868ea773

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5f81ac.TMP

MD5 d71f8303ccf1eede9c3914fe7865d8f6
SHA1 c51e22b4bed436bc8e24b1f7f1e739511ff156f1
SHA256 9c0fae7ed4f54cc617bfc96c0b150c29ad3350d1e18f7e63b82dd6e34f3387b9
SHA512 a180447b821a6a8421eb484916762b477acf39f207d8cf6eb611e1c9529df747563962330ff7b1d9e42c1fe71ef241ca24c65d0221021a845d9070e8323cfb51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4528_1609239844\Icons Monochrome\16.png

MD5 1b3a4d1adc56ac66cd8b46c98f33e41b
SHA1 de87dc114f12e1865922f89ebc127966b0b9a1b7
SHA256 0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd
SHA512 ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4528_1292890115\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 206fd9669027c437a36fbf7d73657db7
SHA1 8dee68de4deac72e86bbb28b8e5a915df3b5f3a5
SHA256 0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18
SHA512 2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4528_1292890115\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 529a0ad2f85dff6370e98e206ecb6ef9
SHA1 7a4ff97f02962afeca94f1815168f41ba54b0691
SHA256 31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6
SHA512 d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 896f966c881abd16d82afdceee00b836
SHA1 0fa23ae0b4dd8d25b67d8f0d2a11b78fb6506f02
SHA256 7a2a9f6125834beff7ef271a57d56414b5502d78cdb32edfba9c35a1b2569334
SHA512 7ce4c22cfe232f0e2fc3f82decb1704ca63c1379a559ac5336f2b259ef16bfb5c5aed65dd7cc35576f923d15ae1141a25ab74560a6de3880dc0fb6447b8cd39a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b7d71f2b300ff6191abdcdeb13c208bb
SHA1 d7dbdb4d28440b4f980918abf9065e327fa92fea
SHA256 f8e325b3f9883f00f5cdbbaba52f05a2df4fd997a946b8027761924a4b4316ad
SHA512 8a52d4d743d9707d7e1119c3c8b118b80a95156699c9fa828c0972899c2f877aba64759849ab2e73a36121f42fc4e10d24f6832a5ca5b4b82c98c5efc5baf321

C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.89\Installer\setup.exe

MD5 b2b8b59239badeaed5735309a8ee41f6
SHA1 74517558c67543cc43205fa5a3103983acc6695d
SHA256 b835fc75b2cafd3860b419eb711697e15aa30c7912fd989312253e19ff0b8a50
SHA512 67a90661cb5f8923062a5364a5c3461a928d8425e9b5c3a260431f91be55343aeca0387b8f374468dd0ec46c52b46c2f2e12f5c9c5a4b9ce72889ee159d0bc61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a5370db48459445ffa4ea1a8f7041a77
SHA1 31fa6cbfc36a388b1a3cd792085409f48d108011
SHA256 bc7ae12e26c17f8f710c71092f1ad1f061312fec39a388dab161e09518585e57
SHA512 d751e897de0101d9b4f965d508afb10e7a3451af0dbaf320bb5e3507cf5befee43d2f710340ba04d77066fb179b4320c64fb7c9a289275fa0a21d08c5cffae3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f8460d06c2189ca925f6176af4497002
SHA1 117aedf533547c53623e14fa2fd72bff92d867fd
SHA256 93a6f5d519f0ced8ac8d9168d09cde96aa3c283b733fa11bbb50173afaa56961
SHA512 749be6a368ec17eb0436df7d78115b91be86e2f47afdf69bfdb401f152fe5424c64d9d0650aa65189484424f51bfc4602f4ada4a4e4061dc04a2143303e5d1d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 34193bc2f5978cbf4c576f2aea291fc9
SHA1 87124ce6d371ba3634f6e8f4d9508960c74e40e8
SHA256 527cd5a8ceafea164b8cf0cb680e06f234312ce7bdf6de07bb9557313ecd2b3b
SHA512 6f20c5ca98336cf43b76a04088501dae0e9495ff5defec20af3b9204d88a61c9299beeed2f597b593b9e17633e2339322f3dd58d7d17ad5b7fc2b1ca0f0fa2e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\df0c62c0-7fd2-45bb-bfa4-050af2fd9a94\index-dir\the-real-index

MD5 bde27153090ee88508ab138f6d2f71e0
SHA1 929fa56217f792119978cd4144486675d7fe83c9
SHA256 402826d9be1ed8759dd665faa4cda90bbd4d62d6f639aef4b4cb0e5921885bb1
SHA512 af953d21329461fdbcdd8ccf4bab96f3e4ee1ef13dd8da508a939b96a60fa5c147a36dcb4d365ff6aec75e5374b62ee7af787b14766c4ce165084cebcb25d403

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\df0c62c0-7fd2-45bb-bfa4-050af2fd9a94\index-dir\the-real-index~RFe5fdb94.TMP

MD5 2f7d51fdce151bc4869a0adacd7b8757
SHA1 9059647e72c66f63dbcb3e02c908414ba47225e2
SHA256 43da95aff52acb6cb26d8e6789e678562082e27b51d5f72d447ef5cff6f37c20
SHA512 dcb23ac469a5669d20ca38944698cd8f805966cdf65c8cfa373d4007a39bbe4a7dff0314857ab6039f53281b4447217b8ffdb3aade47524fe00e113c09c05c1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 dcf6f60c2b6cd54867b45582f4882741
SHA1 7b1b571b0504202f303d7b9b7cd4b55dd0229154
SHA256 1d55ec2a1a44f9fc21c8e6567e62d314ca5bc9844d7feb0884a9f030360a06d0
SHA512 d28d1eb40a6fd76cc1da37a91559706138b176368bb58ce933e329402bc01718957154f2618c5dfca2f5fee396dab981433bb70352ca1a51fed8a05d09ebc972

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0718b1ea979f9e0a0f0f6bcc9ecb6dd0
SHA1 5120727848a45b7a56bf7dd73d6269bc48b78924
SHA256 6ad649bf910f98718e6fb6b27b687b248e0d3bc8fbbe8d4fa7c276c5c294d162
SHA512 4c881a95edabc34e1d23e98c0982c48c23f0fd9815b74e5a84e506294ae47c795885423a9a17d8b86283e2be0060276565262ef477b644941ac8c81d15da625e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a1

MD5 1fbfc2ba1b544583815404b4ad92dbfd
SHA1 d4f89ec5247bf715e314e45848a2710b35e79715
SHA256 35683e41edb1cc791cf6d8c925431d63b500c4e8436b61a26d4676c3f1141476
SHA512 17530db85040c96d7971f0aa4cc768d297f2bfc3075533302c56b2ccc4f4da862e8226b9e642e8044c2061e26a1d2633e344439244c55cdf271d0c58d8b6a83c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b1b187564d2c7ee3c714797763603caf
SHA1 332822bf7011ad93aa9be434ed5e70f2ad480811
SHA256 7663fca724a4a8fae3fb38f5d730b046c2b1b7fcf76443352a338385786898b4
SHA512 083274b475458d9918c3bafd2189b444d114154a356b7bf36dd2bcd3a8484fbf7a2d6f4469ee27654fc68d45e9cbb745e7c37b1cdcf33bfe191271ebd95edcdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bad1abcf-c908-4521-b5e1-f2bd4b285a3b\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad953c42fd8ade9b4d4892848cd4bd77
SHA1 6e2f5b045dc6b759fb54443fb96867d10329713a
SHA256 35b2c45809e5cda2e9fe8165b7e076a346eba2ea97754173b4a2a50da2283989
SHA512 c4c8d381a053292e8256f13ff49d50c81a732bcdcdcd2cbf89c539fadc7fb9407426ff087ff6eb33698b41fdcb9c6c0f35e6810c88ba32e3f77829625a24997a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a944fecdd8dd9da99e82ca72b8025171
SHA1 9b92655527e10528402482eeac30ccaff7c01994
SHA256 654cb75e38120fbe469044d702c3c278e1b4deef224c7116b83beddfcaf1efda
SHA512 71245ab8861639757309ceb8ed9fdd2ab3f0e5e393161ae29690bdbe7784bfc8d2a7b416d79638dc80caef68ef311e0f8e5824459bf6fb2d9b08e04e859cb911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009c

MD5 fccb518b72760b85abb965b59571adf6
SHA1 d35de204e27829a92cc2372085dfa22b00291368
SHA256 bf2d2c81d5197a2b0171fd5d445f7e2066d736bd0aed15d443ebc7dc14f546bb
SHA512 a059ac6d076d8f99e7a375206e82ea91c3675f5217b30cd52d888d415be20d0c39bd49fccfe71e12d986155983e44032cd4e5aec396b4e0c37bfb3fb93846b87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009b

MD5 430e1ab1d525a05692d565b8283720dd
SHA1 6220b1642b5fd7d84a84389f8d5c963c5efe6e42
SHA256 b595a37b77b2d1a1f1b0c6b189fc06e9bb1c409b5a45b0dddbde182937c1db55
SHA512 c81ce8b14b268f31bba063cb2e7b397cc94fcf725183dd42be8010e5f5526fd755d6723c6b02a36b68a46b1fcf0de09cfb12f8219524c4c658f54137cc220512

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009f

MD5 1a2d022a5a903ddfa68c8f93bde1937a
SHA1 b534331f2e881803d349c8787f3cb961c65b9779
SHA256 172c3e90ec2c8b69c7918c64f0a0bf09f9c3b7902e0c2cc17f3fc05508b647bd
SHA512 598e8264b3af0ca44831403b0ea92ef1039b1be1736927862325d58dd23bf5c08c80d82fd6481d5e51dcdaee5c645158c3720649c5a73b81efbb0a820ee73d68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009e

MD5 6e2a51539d4397457ebda8454a1936f5
SHA1 ef7d320c0b86e3e781202592fd2e3f3c30570647
SHA256 3d10aec7fe2514f5c8da104394c6bb853097ded5d54bada617c7e0eea293142b
SHA512 479a953160660170ef5a9dc90cd47b6d65f90c2c0763fda0ba0aaa12503208d595e81c3a79f3952c95dd909109aec3ca5259108f946386f2b3bbbc1d92b4cd95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009a

MD5 97244a4b866e404446dc139016cf23fc
SHA1 54b2c9d1498907d75c6722b145729361b2353f47
SHA256 2fb7c27a7ff245726c6d886d5342cbd81ebb451c0dcd9a231af2252e8952ffac
SHA512 aede88d704c2bc0210189880d4260b9e35a9081eb21c51409048287ff35fa88aeecb036661baff2605419897ab644a4fc8e7fcfd93c14096d5e91503f5a4fc65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cd6b92d89e159e4aafa949b52dc12993
SHA1 7c85cd9706dc5a06c2d55e88b1b6a4631b4184fc
SHA256 6e710faf401d14d57ac4dca4d3f7c149b857d9a161550aced56655a6d3d3908a
SHA512 0246f2e6dc71db091fc69e4db1f7bc612ec1cde1104a1e9fe413695adf92130d6c4b296dc84d71fa189a30c4813ee3d01aad6afabdc232afa35dfd06b164b76f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a2ccb2e5ddda31e8a265702a5b99b2e
SHA1 bddc4db2cc285176fa9791e445337841b64e9277
SHA256 7a9a6bca21795e6768833e9ba7e450c39c2ed46ecafd474cd8ed5f4d19d6416a
SHA512 08e0f97e01172d134ccae29b532d8578c900eddc06bf00b0134347852b9b38ce5c2247045aef908d9f36bed85270d966a43b54ea3566dac428207ea9822e2b3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0564caa847d8ef8a24e835682fea4931
SHA1 1009747d5ae3b01c62442a9692a88612dab4d7c8
SHA256 d46c3bad7de40e7424ea65d259b216949460e5857958947ce412ee8f0f4f49aa
SHA512 63018016934a916f7b1f576561b222fb56a021b2bd1c95221ec541e49338097422c32ee7736bb53071150c25e74d8d42a3f899fa34698c056a8c94be04875dd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d67982012a58ae41b9ef7763136b48c8
SHA1 14324f2b8750ee3d0eb6b4769a9d8d0c3ad93914
SHA256 f756e21113f7ec0d828c5fab6a09850540a4a95336018ed3ff500641f59c86e4
SHA512 2871a8948d41b8f63984360e6d0c3e12aee0a716c023cf3f0797e387b62a10cb513beef0f78b8ee6874e4b34a9e72405616ef82a61e9c20ab1e75e9f69aa21cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\76389e53-cf61-40b3-b648-cd048e415e08\index-dir\the-real-index

MD5 aa3e69d881bdaef1173c541eca48eb0f
SHA1 f6d7e28433c884015c744114dda0701a60846a9f
SHA256 ccf9339b59624f055232d42767fc24d5457d9a843a7ed325eae0f387b7fe342f
SHA512 1e2ffdfd87f7896896d68c7b953db3fdad4bef6e0b4fc23c1fcbc95952489b39db60b3bcee5fb01d456fcde610fe1fa11cce3e243395f55441a909a6aec5fc37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\76389e53-cf61-40b3-b648-cd048e415e08\index-dir\the-real-index~RFe609e67.TMP

MD5 e6fdba9e593d3f5ac4ab8a2b5577c8d3
SHA1 369ad6b1017a848d0c96b55f0fb38d427aba687e
SHA256 590bfa95ea55882c123103781223950cd7189275db24b5ed55b744bbb42ece13
SHA512 3d64559e2b439b99509aaa59368ed9be2f1b1da8cbf17f01a4e46f55528fb653ce6e73e35fcf72709b5a023c1bb0856bd609b2e9451627fe8726d97057c9f1bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 45b0b83a03507bb544b9d4010fc5fc87
SHA1 d6f4e398723e7ebb7c1f3cc7e11fc8452c2c6129
SHA256 7679f555a8a76573859bdc4c3ed795ff3becd350d2fd0a9912a9e92a1caf006a
SHA512 6186e8e069d9680c2fc0a551a633dbf6a22c095ad88a3d6bccde18bafe6e2d6d3681ba98ad8f5fe48b6f8a5cb15e2140d5f9a1d62edf2d60f8636499b158e326

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2a3bb5d1fd492072972754da0882a552
SHA1 3ac2387b6b713adb70e929a98a13a8480763d7bf
SHA256 54f0250e5e66933412c2a73d9068d21127388a516b8f0d27c278c3487ab93bb3
SHA512 7992c3deca77e5a97ba271450a1b2f66d0fcb7355489e7e1f15e9aa43e409ffd79d180a6d09fa80396040dec218d628301e4dc86ae17819fbaf2a5f49b456e8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0deef60f3d04ea198c467a2e8fde2047
SHA1 2ad57bd8f31668f96cf46e3fbf63f13e662748dc
SHA256 e1a8352acedb53640bb9db043ad328c9bc7389e27069d8faf81f03047e7eed6e
SHA512 2ad37eca1e975a6357c03bfda8e915d862251880c69818e60714e37d84a540ef623ef4a365cea60418f3c68cb249271f7de4fe7d19b42785fcb5514576a408e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4fb759cef5abc6c21219f14702bf78a0
SHA1 0141f02ed417f93471eab39afec6f79c5ce2dabe
SHA256 c49484ed993b0af1015952b6be5f860916f0fece2ba1a5f15988c28083d9c2d5
SHA512 6877f69658cf817f9dda948852cc7b95b96a244c2893a3d32fa2ccc5b2cbaaedb4b0773050eb8e1ea2cd99afdb2b42942cddfeb2b2162300d3d2e185017d2d18