a1d6267bcdc07ab4d900111ee56102d95f2aa1ca5f3a052cb7c11945e0ffba48

Analysis

max time kernel
1800s
max time network
1767s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
10-11-2024 02:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxPlayerInstaller (1).exe
Size

5.5MB
MD5

87e3d886a3716e6ca0370324c8599553
SHA1

9c0f902dcac08193d13990b2c46702ce1ddeb3a7
SHA256

a1d6267bcdc07ab4d900111ee56102d95f2aa1ca5f3a052cb7c11945e0ffba48
SHA512

860a67582c4cd2df7fe1c21307450356ca8270b448fdb96de957a5af5f6b38c87da84f47cfceb91804afdec693d52029bb7151e02a753793889daf4ff4779a25
SSDEEP

98304:edv4xixgrOYvLtWV9SxAPZl+RqgSRe4rcSRhE1RKsJgHXe8WDuLNzTf:M4QqrvvySshgSsR/mOdANP

Score

8^/10

adware discovery evasion persistence privilege_escalation stealer trojan

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\130.0.2849.80\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 42 IoCs

pid	Process
2396	MicrosoftEdgeWebview2Setup.exe
4484	MicrosoftEdgeUpdate.exe
2716	MicrosoftEdgeUpdate.exe
2268	MicrosoftEdgeUpdate.exe
2944	MicrosoftEdgeUpdateComRegisterShell64.exe
2340	MicrosoftEdgeUpdateComRegisterShell64.exe
3416	MicrosoftEdgeUpdateComRegisterShell64.exe
3112	MicrosoftEdgeUpdate.exe
3300	MicrosoftEdgeUpdate.exe
1808	MicrosoftEdgeUpdate.exe
4944	MicrosoftEdgeUpdate.exe
3924	MicrosoftEdge_X64_130.0.2849.56.exe
4752	setup.exe
4940	setup.exe
992	MicrosoftEdgeUpdate.exe
1364	RobloxPlayerBeta.exe
3292	MicrosoftEdgeUpdate.exe
3464	MicrosoftEdgeUpdate.exe
2308	MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
4848	MicrosoftEdgeUpdate.exe
4556	MicrosoftEdgeUpdate.exe
1516	MicrosoftEdgeUpdate.exe
2536	MicrosoftEdgeUpdate.exe
3840	MicrosoftEdgeUpdateComRegisterShell64.exe
5012	MicrosoftEdgeUpdateComRegisterShell64.exe
3796	MicrosoftEdgeUpdateComRegisterShell64.exe
4748	MicrosoftEdgeUpdate.exe
564	MicrosoftEdgeUpdate.exe
4528	MicrosoftEdgeUpdate.exe
2904	MicrosoftEdgeUpdate.exe
1824	MicrosoftEdge_X64_130.0.2849.80.exe
3544	setup.exe
1948	setup.exe
892	setup.exe
4256	setup.exe
3928	setup.exe
3708	setup.exe
5020	setup.exe
4212	setup.exe
2356	setup.exe
3120	setup.exe
4888	MicrosoftEdgeUpdate.exe

Loads dropped DLL 38 IoCs

pid	Process
4484	MicrosoftEdgeUpdate.exe
2716	MicrosoftEdgeUpdate.exe
2268	MicrosoftEdgeUpdate.exe
2944	MicrosoftEdgeUpdateComRegisterShell64.exe
2268	MicrosoftEdgeUpdate.exe
2340	MicrosoftEdgeUpdateComRegisterShell64.exe
2268	MicrosoftEdgeUpdate.exe
3416	MicrosoftEdgeUpdateComRegisterShell64.exe
2268	MicrosoftEdgeUpdate.exe
3112	MicrosoftEdgeUpdate.exe
3300	MicrosoftEdgeUpdate.exe
1808	MicrosoftEdgeUpdate.exe
1808	MicrosoftEdgeUpdate.exe
3300	MicrosoftEdgeUpdate.exe
4944	MicrosoftEdgeUpdate.exe
992	MicrosoftEdgeUpdate.exe
1364	RobloxPlayerBeta.exe
3292	MicrosoftEdgeUpdate.exe
3464	MicrosoftEdgeUpdate.exe
3464	MicrosoftEdgeUpdate.exe
3292	MicrosoftEdgeUpdate.exe
4848	MicrosoftEdgeUpdate.exe
4556	MicrosoftEdgeUpdate.exe
1516	MicrosoftEdgeUpdate.exe
2536	MicrosoftEdgeUpdate.exe
3840	MicrosoftEdgeUpdateComRegisterShell64.exe
2536	MicrosoftEdgeUpdate.exe
5012	MicrosoftEdgeUpdateComRegisterShell64.exe
2536	MicrosoftEdgeUpdate.exe
3796	MicrosoftEdgeUpdateComRegisterShell64.exe
2536	MicrosoftEdgeUpdate.exe
4748	MicrosoftEdgeUpdate.exe
564	MicrosoftEdgeUpdate.exe
4528	MicrosoftEdgeUpdate.exe
4528	MicrosoftEdgeUpdate.exe
564	MicrosoftEdgeUpdate.exe
2904	MicrosoftEdgeUpdate.exe
4888	MicrosoftEdgeUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller (1).exe

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe

Checks system information in the registry 2 TTPs 24 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk	setup.exe

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
1364	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 21 IoCs

pid	Process
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe
1364	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\StudioSharedUI\radio_selected_disabled_dot_dark.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\LuaApp\category\ic-popular.png	RobloxPlayerInstaller (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.56\Locales\de.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\elevation_service.exe	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-instudio-8x8.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\ms.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\fonts\BuilderSans-Regular.otf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\scrollbar.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\as.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\MaterialManager\Favorites.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Controls\PlayStationController\PS4\ButtonShare.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\MicrosoftEdgeUpdateBroker.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Trust Protection Lists\Sigma\Advertising	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\LuaChat\icons\ic-leave.png	RobloxPlayerInstaller (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.56\Locales\lb.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\avatar\heads\headP.mesh	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\Gamepad\[email protected]	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\Icon_Stream_Off.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\AvatarEditorImages\[email protected]	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\ImageSet\AE\img_set_2x_4.png	RobloxPlayerInstaller (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\Locales\en-US.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\TerrainTools\icon_shape_cylinder.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_1x_1.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Settings\Slider\SelectedBarRight.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_1x_2.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.56\Locales\ro.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\GameSettings\add.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Controls\XboxController\ButtonA.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Input\Disk_padded.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Settings\Players\[email protected]	RobloxPlayerInstaller (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.56\identity_proxy\win11\identity_helper.Sparse.Stable.msix	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\fonts\Kalam-Regular.ttf	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\DeveloperFramework\checkbox_unchecked_light.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\VR\hoverPopupRight.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\ug.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\AnimationEditor\button_search.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\PlayerList\OwnerIcon.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_5.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_fr.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\Locales\tr.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUA4ED.tmp\msedgeupdateres_kk.dll	MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\icon_intern-16.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\VoiceChat\Connecting.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\Locales\kk.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\RoactStudioWidgets\toggle_disable_dark.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Controls\DefaultController\ButtonA.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Settings\Players\[email protected]	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\Emotes\Editor\Large\[email protected]	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_ne.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\StartPage\Carnival.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\StudioSharedUI\audio.png	RobloxPlayerInstaller (1).exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\content\textures\StudioSharedUI\RoundedRightBackground.png	RobloxPlayerInstaller (1).exe

Drops file in Windows directory 49 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File created	C:\Windows\SystemTemp\18141f18-5d4c-4ecc-8476-871396dfbafb.tmp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4748	MicrosoftEdgeUpdate.exe
2904	MicrosoftEdgeUpdate.exe
4888	MicrosoftEdgeUpdate.exe
3112	MicrosoftEdgeUpdate.exe
4944	MicrosoftEdgeUpdate.exe
992	MicrosoftEdgeUpdate.exe
4848	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller (1).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller (1).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\130.0.2849.80\\BHO"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller (1).exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller (1).exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\130.0.2849.80\\BHO"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller (1).exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller (1).exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0"	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{3316A154-AC5C-4126-9021-B201E9C33D7B}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{3316A154-AC5C-4126-9021-B201E9C33D7B}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.35\\psmachine.dll"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\runas	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CurVer	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3COMClassService"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{3316A154-AC5C-4126-9021-B201E9C33D7B}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.35\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AppID\{1FCBE96C-1697-43AF-9140-2897C7C69767}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\AppUserModelId = "MSEdge"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{3316A154-AC5C-4126-9021-B201E9C33D7B}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LOCALSERVER32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{3316A154-AC5C-4126-9021-B201E9C33D7B}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib\ = "{C9C2B807-7731-4F34-81B7-44FF7779522B}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ServiceParameters = "/comsvc"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{3316A154-AC5C-4126-9021-B201E9C33D7B}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine.1.0\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\ = "Microsoft Edge Update Process Launcher Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
4168	RobloxPlayerInstaller (1).exe
4168	RobloxPlayerInstaller (1).exe
4484	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
4984	chrome.exe
4984	chrome.exe
4484	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
4484	MicrosoftEdgeUpdate.exe
1364	RobloxPlayerBeta.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
3292	MicrosoftEdgeUpdate.exe
3292	MicrosoftEdgeUpdate.exe
3292	MicrosoftEdgeUpdate.exe
3292	MicrosoftEdgeUpdate.exe
3464	MicrosoftEdgeUpdate.exe
3464	MicrosoftEdgeUpdate.exe
4556	MicrosoftEdgeUpdate.exe
4556	MicrosoftEdgeUpdate.exe
564	MicrosoftEdgeUpdate.exe
564	MicrosoftEdgeUpdate.exe
564	MicrosoftEdgeUpdate.exe
564	MicrosoftEdgeUpdate.exe
3544	setup.exe
3544	setup.exe
3928	setup.exe
3928	setup.exe
4528	MicrosoftEdgeUpdate.exe
4528	MicrosoftEdgeUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4484	MicrosoftEdgeUpdate.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1364	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4168 wrote to memory of 2396	4168	RobloxPlayerInstaller (1).exe	80
PID 4168 wrote to memory of 2396	4168	RobloxPlayerInstaller (1).exe	80
PID 4168 wrote to memory of 2396	4168	RobloxPlayerInstaller (1).exe	80
PID 2396 wrote to memory of 4484	2396	MicrosoftEdgeWebview2Setup.exe	81
PID 2396 wrote to memory of 4484	2396	MicrosoftEdgeWebview2Setup.exe	81
PID 2396 wrote to memory of 4484	2396	MicrosoftEdgeWebview2Setup.exe	81
PID 4484 wrote to memory of 2716	4484	MicrosoftEdgeUpdate.exe	82
PID 4484 wrote to memory of 2716	4484	MicrosoftEdgeUpdate.exe	82
PID 4484 wrote to memory of 2716	4484	MicrosoftEdgeUpdate.exe	82
PID 4484 wrote to memory of 2268	4484	MicrosoftEdgeUpdate.exe	83
PID 4484 wrote to memory of 2268	4484	MicrosoftEdgeUpdate.exe	83
PID 4484 wrote to memory of 2268	4484	MicrosoftEdgeUpdate.exe	83
PID 2268 wrote to memory of 2944	2268	MicrosoftEdgeUpdate.exe	84
PID 2268 wrote to memory of 2944	2268	MicrosoftEdgeUpdate.exe	84
PID 2268 wrote to memory of 2340	2268	MicrosoftEdgeUpdate.exe	85
PID 2268 wrote to memory of 2340	2268	MicrosoftEdgeUpdate.exe	85
PID 2268 wrote to memory of 3416	2268	MicrosoftEdgeUpdate.exe	86
PID 2268 wrote to memory of 3416	2268	MicrosoftEdgeUpdate.exe	86
PID 4484 wrote to memory of 3112	4484	MicrosoftEdgeUpdate.exe	87
PID 4484 wrote to memory of 3112	4484	MicrosoftEdgeUpdate.exe	87
PID 4484 wrote to memory of 3112	4484	MicrosoftEdgeUpdate.exe	87
PID 4484 wrote to memory of 3300	4484	MicrosoftEdgeUpdate.exe	88
PID 4484 wrote to memory of 3300	4484	MicrosoftEdgeUpdate.exe	88
PID 4484 wrote to memory of 3300	4484	MicrosoftEdgeUpdate.exe	88
PID 1808 wrote to memory of 4944	1808	MicrosoftEdgeUpdate.exe	90
PID 1808 wrote to memory of 4944	1808	MicrosoftEdgeUpdate.exe	90
PID 1808 wrote to memory of 4944	1808	MicrosoftEdgeUpdate.exe	90
PID 1808 wrote to memory of 3924	1808	MicrosoftEdgeUpdate.exe	93
PID 1808 wrote to memory of 3924	1808	MicrosoftEdgeUpdate.exe	93
PID 3924 wrote to memory of 4752	3924	MicrosoftEdge_X64_130.0.2849.56.exe	94
PID 3924 wrote to memory of 4752	3924	MicrosoftEdge_X64_130.0.2849.56.exe	94
PID 4752 wrote to memory of 4940	4752	setup.exe	95
PID 4752 wrote to memory of 4940	4752	setup.exe	95
PID 4984 wrote to memory of 1088	4984	chrome.exe	99
PID 4984 wrote to memory of 1088	4984	chrome.exe	99
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100
PID 4984 wrote to memory of 4908	4984	chrome.exe	100

System policy modification 1 TTPs 4 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller (1).exe
"C:\Users\Admin\AppData\Local\Temp\RobloxPlayerInstaller (1).exe"
1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4168
- C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
  MicrosoftEdgeWebview2Setup.exe /silent /install
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4484
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2716
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2268
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2944
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2340
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3416
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RENDNTBBMUYtNUMzQy00QzA4LTk1MDUtQkZDMDBDNkU1QkZFfSIgdXNlcmlkPSJ7RTVGMEU1RTItQTYyNC00QzIzLTg2QTMtMTcyMjlGNzA5MDIzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszQzc3RTJFQi03MzlDLTQ4QTgtQUJFRi0yNUU0QUJBQURBMzR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4OTk4OTAwMDAiIGluc3RhbGxfdGltZV9tcz0iNTAxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3112
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{DCC50A1F-5C3C-4C08-9505-BFC00C6E5BFE}" /silent
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3300
- C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\RobloxPlayerBeta.exe" -app -isInstallerLaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:1364

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RENDNTBBMUYtNUMzQy00QzA4LTk1MDUtQkZDMDBDNkU1QkZFfSIgdXNlcmlkPSJ7RTVGMEU1RTItQTYyNC00QzIzLTg2QTMtMTcyMjlGNzA5MDIzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszQjBFMzBDRi0zQjFBLTRDMzktODVDMy05RDlBRTVFMTRFMkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ5MDQxOTAwNTgiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4944
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3796A0FB-24ED-47E8-BB0E-EDDDB10DF5A6}\MicrosoftEdge_X64_130.0.2849.56.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3796A0FB-24ED-47E8-BB0E-EDDDB10DF5A6}\MicrosoftEdge_X64_130.0.2849.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3924
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3796A0FB-24ED-47E8-BB0E-EDDDB10DF5A6}\EDGEMITMP_E270D.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3796A0FB-24ED-47E8-BB0E-EDDDB10DF5A6}\EDGEMITMP_E270D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3796A0FB-24ED-47E8-BB0E-EDDDB10DF5A6}\MicrosoftEdge_X64_130.0.2849.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious use of WriteProcessMemory
    PID:4752
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3796A0FB-24ED-47E8-BB0E-EDDDB10DF5A6}\EDGEMITMP_E270D.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3796A0FB-24ED-47E8-BB0E-EDDDB10DF5A6}\EDGEMITMP_E270D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3796A0FB-24ED-47E8-BB0E-EDDDB10DF5A6}\EDGEMITMP_E270D.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.56 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff791b6d730,0x7ff791b6d73c,0x7ff791b6d748
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:4940
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RENDNTBBMUYtNUMzQy00QzA4LTk1MDUtQkZDMDBDNkU1QkZFfSIgdXNlcmlkPSJ7RTVGMEU1RTItQTYyNC00QzIzLTg2QTMtMTcyMjlGNzA5MDIzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDQjkyMjdERC05QjUzLTQwOTYtOEExMy02NjJENzA1MEIwNkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzAuMC4yODQ5LjU2IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTExNzMwMTM5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDkxMTc4MDAzMiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUyMTY4OTAxMjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzM0NmFkOWQxLTc0NmUtNDVjNy04ZmUwLWQ2Yzg3YTczYTI2MT9QMT0xNzMxODA5OTg0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVlET2RNQ3VLNWJIYVNHRUFOYXFlZmtoUWVhSDhReDk3RzJnSXlDNGNxZ2hkdWN6NWJHZlQyMEJiaE1WOEFLQnllRTV0cGJVTiUyYiUyYm11b3FzNndBREd6QSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NDkzMzYwMCIgdG90YWw9IjE3NDkzMzYwMCIgZG93bmxvYWRfdGltZV9tcz0iMjM3NDMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjE3MDIwMDk5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTIzMTEzOTk3NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTg0NTk3OTkzNCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM3MyIgZG93bmxvYWRfdGltZV9tcz0iMzA1MTYiIGRvd25sb2FkZWQ9IjE3NDkzMzYwMCIgdG90YWw9IjE3NDkzMzYwMCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjE0NzkiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc58e1cc40,0x7ffc58e1cc4c,0x7ffc58e1cc58
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1748,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4352,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4588,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4680,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:836
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff68e944698,0x7ff68e9446a4,0x7ff68e9446b0
    3⤵
    - Drops file in Windows directory
    PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4312 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4640,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5188,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4336 /prefetch:2
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4716,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4396,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4956,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=872,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5568,i,9944957114305464657,6822895485097144547,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:244

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1908

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3292

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:3464
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7C358EA7-F45E-4AB0-9048-8D19835CE364}\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7C358EA7-F45E-4AB0-9048-8D19835CE364}\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe" /update /sessionid "{1CF977CE-9A26-4499-927F-147AA8A17260}"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2308
- - C:\Program Files (x86)\Microsoft\Temp\EUA4ED.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUA4ED.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{1CF977CE-9A26-4499-927F-147AA8A17260}"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4556
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:1516
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2536
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3840
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5012
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3796
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUNGOTc3Q0UtOUEyNi00NDk5LTkyN0YtMTQ3QUE4QTE3MjYwfSIgdXNlcmlkPSJ7RTVGMEU1RTItQTYyNC00QzIzLTg2QTMtMTcyMjlGNzA5MDIzfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QTE2NTEwODktMkNEMy00QTg1LUI0N0UtNjk1NzZBMjlGNjlEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzUiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzEyMDUxODEiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg3MjUwNzk2NTYiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4748
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUNGOTc3Q0UtOUEyNi00NDk5LTkyN0YtMTQ3QUE4QTE3MjYwfSIgdXNlcmlkPSJ7RTVGMEU1RTItQTYyNC00QzIzLTg2QTMtMTcyMjlGNzA5MDIzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins3RTBCMDBEMy1ENUE3LTRFOEItQTdEMy01QkVENkM5QkZEMUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4zNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgyNTYzODYyMjIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODI1NjU1MDE1MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODcwOTc4NzgzMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzY4ZDU3N2EwLTFmNGEtNDM0Zi1iZGNlLTE0OGVkYzFlNGE0MD9QMT0xNzMxODEwMzE5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUhSZkloQmQwZnAyaDZPNE15VUlQNUxGamlrVXV4JTJidVl6Uk5MSWZrSUthMHozY0ZlUXM1VTVCcmwzRSUyYnlBQmlCRGxCMDJnMGtUeHl0VnZkbjh3eGpKdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg3MDk3OTc4MTAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzY4ZDU3N2EwLTFmNGEtNDM0Zi1iZGNlLTE0OGVkYzFlNGE0MD9QMT0xNzMxODEwMzE5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUhSZkloQmQwZnAyaDZPNE15VUlQNUxGamlrVXV4JTJidVl6Uk5MSWZrSUthMHozY0ZlUXM1VTVCcmwzRSUyYnlBQmlCRGxCMDJnMGtUeHl0VnZkbjh3eGpKdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzU5MjAiIHRvdGFsPSIxNjM1OTIwIiBkb3dubG9hZF90aW1lX21zPSI0MDk3NSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NzA5Nzk3ODEwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg3MTUxNjE5MTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzcyNzc5MDQ5ODI2MzU0MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMwLjAuMjg0OS41NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezk3NUJDMzRFLTEwRTYtNDkzMS1CQTZBLTc3ODc5ODNBN0VGMH0iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4848

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:564

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:4528
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEJGNzRDNzYtOTA0MS00NkFDLUEwMkMtQTlFRTY3NTA4RERGfSIgdXNlcmlkPSJ7RTVGMEU1RTItQTYyNC00QzIzLTg2QTMtMTcyMjlGNzA5MDIzfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NDQ5NEQ3QjEtREE3MC00RDdBLUI4RjYtMzZFMzVFNDdDNUM1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7bGhWaTEyUWNrNlNsMHVVMU9CNlkxNTI5YlI2YnNleTQrY3U3ZEh4czZjaz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjMzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjgzMDM2MzciIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM3Mjc3NjQyOTcwMTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc4NTc1MzQ2MCIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2904
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0871337-4D4D-45C2-B5AB-6237DA4040DF}\MicrosoftEdge_X64_130.0.2849.80.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0871337-4D4D-45C2-B5AB-6237DA4040DF}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
  2⤵
  - Executes dropped EXE
  PID:1824
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0871337-4D4D-45C2-B5AB-6237DA4040DF}\EDGEMITMP_DD978.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0871337-4D4D-45C2-B5AB-6237DA4040DF}\EDGEMITMP_DD978.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0871337-4D4D-45C2-B5AB-6237DA4040DF}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Executes dropped EXE
    - Installs/modifies Browser Helper Object
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - System policy modification
    PID:3544
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0871337-4D4D-45C2-B5AB-6237DA4040DF}\EDGEMITMP_DD978.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0871337-4D4D-45C2-B5AB-6237DA4040DF}\EDGEMITMP_DD978.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0871337-4D4D-45C2-B5AB-6237DA4040DF}\EDGEMITMP_DD978.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7d213d730,0x7ff7d213d73c,0x7ff7d213d748
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:1948
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0871337-4D4D-45C2-B5AB-6237DA4040DF}\EDGEMITMP_DD978.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0871337-4D4D-45C2-B5AB-6237DA4040DF}\EDGEMITMP_DD978.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Drops file in Windows directory
      Modifies data under HKEY_USERS
      PID:892
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0871337-4D4D-45C2-B5AB-6237DA4040DF}\EDGEMITMP_DD978.tmp\setup.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0871337-4D4D-45C2-B5AB-6237DA4040DF}\EDGEMITMP_DD978.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F0871337-4D4D-45C2-B5AB-6237DA4040DF}\EDGEMITMP_DD978.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7d213d730,0x7ff7d213d73c,0x7ff7d213d748
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:4256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious behavior: EnumeratesProcesses
      PID:3928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7bf95d730,0x7ff7bf95d73c,0x7ff7bf95d748
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:4212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:3708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7bf95d730,0x7ff7bf95d73c,0x7ff7bf95d748
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:5020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7bf95d730,0x7ff7bf95d73c,0x7ff7bf95d748
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3120
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEJGNzRDNzYtOTA0MS00NkFDLUEwMkMtQTlFRTY3NTA4RERGfSIgdXNlcmlkPSJ7RTVGMEU1RTItQTYyNC00QzIzLTg2QTMtMTcyMjlGNzA5MDIzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InswRDIyOTVDQi1FMUNGLTQwNkYtOUM2QS00NDEyQzM2REFBQ0R9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjM1IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0lNUIlMjItdGFyZ2V0X2RldiUyMC1taW5fYnJvd3Nlcl92ZXJzaW9uX2NhbmFyeV9kZXYlMjAxMzEuMC4yODcxLjAlMjIlNUQiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuOTgiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY1MjMiIHBpbmdfZnJlc2huZXNzPSJ7QjI5Q0U4RjQtQkNFMC00NTNCLThGNTktMkY5QzlBODRCMjI3fSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IjEzMC4wLjI4NDkuODAiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzcyNzc5MDQ5ODI2MzU0MCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE4MDAzOTMwMjIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE4MDAzOTMwMjIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNDg3MjA5NTU3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMjdjYjcyOWQtZmY5NC00ZDM0LWFhZTQtMzM4NWZhMDljNDRjP1AxPTE3MzE4MTA2NzMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SlRaR1JHJTJmME13cEZNcWVTZVd3WnhDWjlJQ2tBUGlraUowMHA0NWVETzJBWEJFWmsxcnRtMlJlenZlRlE2bFg2MG5mMERMVHpTQmdEZVNHbDVOYmZ4dyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxNCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjQ4NzIwOTU1NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMjdjYjcyOWQtZmY5NC00ZDM0LWFhZTQtMzM4NWZhMDljNDRjP1AxPTE3MzE4MTA2NzMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SlRaR1JHJTJmME13cEZNcWVTZVd3WnhDWjlJQ2tBUGlraUowMHA0NWVETzJBWEJFWmsxcnRtMlJlenZlRlE2bFg2MG5mMERMVHpTQmdEZVNHbDVOYmZ4dyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NTA3NjkyMCIgdG90YWw9IjE3NTA3NjkyMCIgZG93bmxvYWRfdGltZV9tcz0iNjI3MjEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI0ODc1NDE0NzQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI1MDA5Mjc3MTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMTIxMjg2NDM1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iOTMzIiBkb3dubG9hZF90aW1lX21zPSI2ODY2MiIgZG93bmxvYWRlZD0iMTc1MDc2OTIwIiB0b3RhbD0iMTc1MDc2OTIwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MjAzNiIvPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjY1MjMiIHBpbmdfZnJlc2huZXNzPSJ7NTYyMkY2OUEtQkM2Ri00QkEyLUExQkYtNUNFNkM4Qjg5MzMwfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzAuMC4yODQ5LjU2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgY29ob3J0PSJycmZAMC44MSIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2NTIzIiBwaW5nX2ZyZXNobmVzcz0iezNERjVDNkM5LThDNUYtNDZBRS1CMTE0LUREMTNBQUExQTUzM30iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4888

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
1⤵
PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.56\Installer\setup.exe

Filesize
6.5MB

MD5
9a98f71bb7812ab88c517ba0d278d4c9

SHA1
459b635444042ad0eeb453cdba5078c52ddba161

SHA256
273f8406a9622ddd0e92762837af4598770b5efe6aa8a999da809e77b7b7882f

SHA512
5685717b2192b477b5c5708687462aa2d23999f565a43b7d67388f48eb9a3d33d9a3da54474ce632a0aee1bc4de8a6172a818239033d4a035f045e15947868f3

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Installer\setup.exe

Filesize
6.5MB

MD5
b621cf9d3506d2cd18dc516d9570cd9c

SHA1
f90ed12727015e78f07692cbcd9e3c0999a03c3a

SHA256
64050839b4a6f27d896e1194e902a2f7a3c1cab0ef864b558ab77f1be25145d6

SHA512
167c73cf457689f8ba031015c1e411545550f602919c35aff6fd4d602bd591d34e8c12887a946902b798bf4cf98aadfce3c2de810bf16c7c24a216bfd8abec19

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.35\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe

Filesize
1.6MB

MD5
dc1543edd0dcd56536304bdf56ef93f1

SHA1
1a8b2c7791f2faa1eb0a98478edee1c45847075c

SHA256
ccbb3d9a4877999a55b2ca6b8128481e91c4b56780f581226f916c0fb2db0772

SHA512
2a6b4aa39bc3e4d234909077d5c6d75b9968c1778d505cc12431afd7aebd01eb65ed2f6f0c53c67f18eed7e97b67a93bab8c44574e3918ccd5cfcd8681767056

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Filesize
3.7MB

MD5
5d1108f38f495578375cf1d3d2ff70d0

SHA1
9f1f3d6defae35b9130a19fa40b709b18c581fd5

SHA256
fc2aedb68d2100ea0455da552ed9e18e8d7972a6c088a238d913911a9d90b0e3

SHA512
e4b20cce46df74b1e7b9030587dc546b0871e34d45f731789f69aea10479bc295f25a7026b104069f20136c4e51b2017af6f06537168faaf04dbbf7a9c9b979b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
28fefc59008ef0325682a0611f8dba70

SHA1
f528803c731c11d8d92c5660cb4125c26bb75265

SHA256
55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

SHA512
2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
9db7f66f9dc417ebba021bc45af5d34b

SHA1
6815318b05019f521d65f6046cf340ad88e40971

SHA256
e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

SHA512
943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
b78cba3088ecdc571412955742ea560b

SHA1
bc04cf9014cec5b9f240235b5ff0f29dbdb22926

SHA256
f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

SHA512
04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
a7e1f4f482522a647311735699bec186

SHA1
3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

SHA256
e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

SHA512
22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
cbe3454843ce2f36201460e316af1404

SHA1
0883394c28cb60be8276cb690496318fcabea424

SHA256
c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

SHA512
f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
d45f2d476ed78fa3e30f16e11c1c61ea

SHA1
8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

SHA256
acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

SHA512
2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
7c66526dc65de144f3444556c3dba7b8

SHA1
6721a1f45ac779e82eecc9a584bcf4bcee365940

SHA256
e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

SHA512
dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
b534e068001e8729faf212ad3c0da16c

SHA1
999fa33c5ea856d305cc359c18ea8e994a83f7a9

SHA256
445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511

SHA512
e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
64c47a66830992f0bdfd05036a290498

SHA1
88b1b8faa511ee9f4a0e944a0289db48a8680640

SHA256
a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961

SHA512
426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_ga.dll

Filesize
28KB

MD5
3b8a5301c4cf21b439953c97bd3c441c

SHA1
8a7b48bb3d75279de5f5eb88b5a83437c9a2014a

SHA256
abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0

SHA512
068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
c90f33303c5bd706776e90c12aefabee

SHA1
1965550fe34b68ea37a24c8708eef1a0d561fb11

SHA256
e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c

SHA512
b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_gl.dll

Filesize
28KB

MD5
84a1cea9a31be831155aa1e12518e446

SHA1
670f4edd4dc8df97af8925f56241375757afb3da

SHA256
e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57

SHA512
5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_gu.dll

Filesize
28KB

MD5
f9646357cf6ce93d7ba9cfb3fa362928

SHA1
a072cc350ea8ea6d8a01af335691057132b04025

SHA256
838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150

SHA512
654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_hi.dll

Filesize
28KB

MD5
34cbaeb5ec7984362a3dabe5c14a08ec

SHA1
d88ec7ac1997b7355e81226444ec4740b69670d7

SHA256
024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9

SHA512
008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
0b475965c311203bf3a592be2f5d5e00

SHA1
b5ff1957c0903a93737666dee0920b1043ddaf70

SHA256
65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0

SHA512
bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
f4976c580ba37fc9079693ebf5234fea

SHA1
7326d2aa8f6109084728323d44a7fb975fc1ed3f

SHA256
b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791

SHA512
e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_id.dll

Filesize
27KB

MD5
03d4c35b188204f62fc1c46320e80802

SHA1
07efb737c8b072f71b3892b807df8c895b20868c

SHA256
192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95

SHA512
7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
5664c7a059ceb096d4cdaae6e2b96b8f

SHA1
bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec

SHA256
a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e

SHA512
015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
497ca0a8950ae5c8c31c46eb91819f58

SHA1
01e7e61c04de64d2df73322c22208a87d6331fc8

SHA256
abe2360a585b6671ec3a69d14077b43ae8f9e92b6077b80a147dfe36792bb1b7

SHA512
070398af980f193ff90b4afaecb3822534ef3171eca7228bce395af11ca38364bc47cab7df1e71187ef291f90978bdc37a8611d2992b1800cd1de6aa7fda09d9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
45e971cdc476b8ea951613dbd96e8943

SHA1
8d87b4edfce31dfa4eebdcc319268e81c1e01356

SHA256
fd5ba39c8b319c6ba2febf896c6947a0a7bae6aa0b4957bd124d55589f41849d

SHA512
f1c9fccf742fa450be249dbbf7e551a426c050ae4af3d2e909f9750068a2bdc801f618eb77a6a82d13421d27949c9f2a9681a44bcb410ccdeec66b24a70f6a9a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
b507a146eb5de3b02271106218223b93

SHA1
0f1faddb06d775bcabbe8c7d83840505e094b8d6

SHA256
5f4234e2b965656e3d6e127660f52e370dc133632d451ef04975f3b70194b2ed

SHA512
54864e9130b91b6fd68b1947968c446f45a582f22714716bfd70b6dc814841fffe939bc2f573a257ec8c62b4ff939643211fb29cabc0c45b78a6cc70eaa3752c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
3bc0d9dd2119a72a1dc705d794dc6507

SHA1
5c3947e9783b90805d4d3a305dd2d0f2b2e03461

SHA256
4449ee24c676e34fea4d151b3a752e8d0e7c82f419884e80da60d4d4c1b0f8cb

SHA512
8df01ad484bf2924892129c59317f3da4f79611be2ca29e208114e5ed2cb96a63f753511dc4fe97e281417366246f2fb576cc6ef2618a67803ae7ac01be7b067

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
bcb1c5f3ef6c633e35603eade528c0f2

SHA1
84fac96d72341dc8238a0aa2b98eb7631b1eaf4e

SHA256
fdd6bffdb9eca4542975f3afe3ac68feac190b8963f0a7244b4b8fa6382381d1

SHA512
ecd79ddd9f3e6db1d0471132c453c324ab55bdead21de77392f418281bc8a2dd43e9009912896ffa3d55d4d3ef17b0aa847a084369b619eb04a2d2313641d520

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
2ea1200fdfb4fcc368cea7d0cdc32bc2

SHA1
4acb60908e6e974c9fa0f19be94cb295494ee989

SHA256
6fd21b94f62ee7474b3c3029590ddf06936105508f9bf3509620c42dc37486c3

SHA512
e63b80a5929200c85c7a30a3054bd51eee2f27e603501f105073868690906f4619a27a52e58c90ac2ab5d5c34a4739dfdd2a511574afeb7d0118de88c5544f42

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
60dfe673999d07f1a52716c57ba425a8

SHA1
019ce650320f90914e83010f77347351ec9958ab

SHA256
ef749f70e71424d7f548d5c12283be70a6d6c59cffb1c8101b74f37ecacb64af

SHA512
46bfe77a49f14293988863a8e4dd0543202b954b670940d9ad5dc6d2b46e46104d8d6206be08a941f7e02b8ff3e2e2366b7b795d02352cff18971f8d0df5fcdc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_ko.dll

Filesize
23KB

MD5
cf91a1f111762d2bc01f8a002bd9544d

SHA1
db2603af55b08538a41c51fc0676bc0ed041d284

SHA256
baa9fae4fb8939e0b5fe0c7f393ab1ca40b52534f37bf2158a9a36331a221e75

SHA512
9db864dbd194885b46f7bed9875f1e531e48f7644ce4494b8dc482c7516a6f783cd35129d2565b272dc674491a08c844a6da88bf9fa7843fcf89c96b4e0af799

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_kok.dll

Filesize
28KB

MD5
ca3465347e57624ee2a5dd2299d4f4cd

SHA1
551a151a8d49489c90400e18c34633aa2c2b8a4b

SHA256
5b9509a1ae34d89c89c8e657742495037d28cd03e1cd48aef4dfaa7aeebe29f0

SHA512
a4bdd458a7628a9f0664e1000512e056718cc924510a21704ff8c69b0b251a5a1c7f6f267d66325cadda1536aaee78440348be128d082112c71732e485ac93f3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_lb.dll

Filesize
30KB

MD5
269e84b82973e7b9ee03a5b2ef475e4d

SHA1
4021af3bfde8c52040ad4f9390eb29ae2a69104b

SHA256
c3fb0cae3dc5cdd86518d60f998c3adec1c0c5804a74ffbb9a346a73d598af07

SHA512
db716e2f6527af2dfeba4c22ff00e159d7cc0b482fc126e87b8b3d35b714bb382676066097352b6ebb87c8dfe7f6144e83100f0c9a9990b0d23c810b6c575c21

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_lo.dll

Filesize
27KB

MD5
864edbc77831a64a3e3ab972291233bb

SHA1
fa1f3eb3320c1b1a329cbe786abecf2a8e625cbe

SHA256
aecab1eb46075d1a1432b3e14537f860a2ded49a13ca82f17fac44b40ad2da51

SHA512
3d54efd01d6317fb4746b55db2c847a506f594cff055f0db84a72ede02dbe3aa03d8e65ea06c5ae365f44312a26cdbc45ad5f9a0de46d2b9c878aeeb24566b89

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_lt.dll

Filesize
27KB

MD5
7071c732cf3e4b3144cf07c49d8eb44f

SHA1
3800bf304b44d9d27ac26bed6ccc899669dc3b4f

SHA256
9c75ef5c3f53c643d7bb8c5907a0cba6ca2d1d64e6bea39ce06b4ad5a20454b6

SHA512
be3a0942e2af843adeb8e9b6acc7cd8adec956b761f71d8eb0a02835ee5be115ac064fda7088b0813d40ec3a24e7bb77816e9b67ef0cbdce1562c36880b15049

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_lv.dll

Filesize
28KB

MD5
30849a9c16061b9a46a66e8e7d42ff81

SHA1
2d0e86535d964acce8912c6bef3cc12346b22a6c

SHA256
b8075c09d33cc6b6ff22fdb29ccc3dd319ce867f4b77a1d165f6f8d8cb4977e9

SHA512
298ee10ff6cab7ff38d31e3a7826dedeab8e9ccc616eae4ca2e5ec333f42e5c6744650857031d8bf35034bd46c7c01a2646362ffbbef1f421995c73ba999ff0b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_mi.dll

Filesize
28KB

MD5
1866ddadd9397dbf01c82c73496b6bff

SHA1
b210a9df7d6a5e116fe7a9ff8d455b6cbfb5663b

SHA256
9b4bb2ca3366a1935b4869796efc0601f94356b45e8613d28e023dd516f48d17

SHA512
76fa5cade101d79d012e00904bf18692f85967ceea0ed7e81da4df65b85afc125a00127d9e06c8c59ffbfd2dcdc88488157b61922960559fa17d13dedca3ee59

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_mk.dll

Filesize
29KB

MD5
064035858a1df697913f06c972461901

SHA1
b6be99ae8e55207949076955389bc8fec81937fd

SHA256
4850260d2cbb4b4ff3490eb90ce55a412268ad699f946b1cd686ddf9f0403bd6

SHA512
9459056e919854213117b874e61b526af4ba35c3c3e195b204c5c3e59cc4dfa2b4a45c32551e1de144842844f246f5e0d025cdcc78dbf7265ba5e26e7209cd91

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_ml.dll

Filesize
30KB

MD5
7e90d4306c5768dfd1160ad9e2168a19

SHA1
4f7b17843ad226d51cfb0090235b55a29b5a674a

SHA256
8ebe88477b1493733140f1fced91903276ec69c7302deed3281054b49573eb3c

SHA512
f6d8b538915fa70bfb784ea7e6d4047759d8eecc822e4b76ac9666997a41901c8269a8185f29e5472bcfaa87e4b97483bd544f3fc8f656b60dca71d63b44d291

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_mr.dll

Filesize
28KB

MD5
468a420700d239a0cd90b95896b0d6da

SHA1
ce57e3abf57c7ae13e99546b2a5e19dec03cb9b7

SHA256
24b304bd40f8e63848f8d2a1ca6ac8bc032b7a700161efad61ad445787650c87

SHA512
604c4cc8132c520da70c4870514610364648ec6446afa47128ac3aa8a9157932705da93e8ed4e33d56f5191d611b26b76aeba1514e9dff1a13dd32693cfddb8b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUCE0E.tmp\msedgeupdateres_ms.dll

Filesize
28KB

MD5
51230a1b9ab0dad791e583b7ee57afe4

SHA1
957ba3e5d9b2df16ea3e099aab5b7e74d2055e46

SHA256
a47fc6a9a75875e75f3415f068c357dd499e533849381b875272d5994c163670

SHA512
5a3d754cefa1ab28748cb38021b5cbebd93fe513da0f4a7cbae98c0938acb10cdda939171d0842b09e97cb4c73f19272be665f767642ba1c5b25c709b5417edb

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
6.7MB

MD5
b68e7f7ae52ef8e962723c7ddda4f75d

SHA1
686bdf2057cdd7b16877fb5eec0aff150fa074d0

SHA256
d779b2acc52b4b3e72c1461dbc7e950f0b650e924b3799db425942f64624e94d

SHA512
cb0ecf531c95d657019b0188e648520b36b8386516d2e640239d99972ae44439d21ec6fcbe7902fc59c6f65db3571db0944e48f2207a442f3be5d10c9655bbb1

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b7eebc919e96477a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
16KB

MD5
aa7d32995cd9653c819b5eebc8684802

SHA1
5d25371d32fc048ab8b0912e29ef1dbcf58918ae

SHA256
c03527b0f0b48a775375a151b3ad857b29584541903e9f11f12d4972e4a9d7ba

SHA512
a03c92992056a1459ee9305e5e383ab81791d324b0aaed791c5474d53b2b7765a9b0e3f8803477cd4ab2a14329592d98179c31b496f256fcc9da3180eb5d66ad

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1722f22c-4fba-43ff-a3f8-8e9620602576.tmp

Filesize
10KB

MD5
152bada65feab7136b07dcc128e46cdc

SHA1
a9417e86b1e8f2fc1e546f1da7e5d6660c134cdb

SHA256
45e989917570667ff3cf88708d12151c6608e780ed9271c05fe6bb5aecafc66a

SHA512
1d3016b4987b9854e8258f9acbe4a1121d11609989db92d07f3984d79683e8a41a5bcc59226fa1bfe69d78900c5ff91e45b048731020a29c3d6fa976f591bb8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\28ab4cc2-6d9f-43c3-9004-d584a7b13d1c.tmp

Filesize
10KB

MD5
f68aa5eaf55e9c0447db55b3a69c9e35

SHA1
f0fd329ddb625b602ab85343252014db59cf9c74

SHA256
1f11da4cba2669ee98fdb5d60804d0121401d9d5173879e6b690fd20bf3a95be

SHA512
fd4b3ba2ff2e71fd6fa354eebd9c2c6d8f912dc7d3de3701c338399313179893b8745edb406a1ddf018566bacca64b19b7788637730a1ff12c990033b9e6b8b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2b8de90f-84ca-4ca7-bdb7-a552754e16ee.tmp

Filesize
10KB

MD5
f3f0c36e812f77a09a2a2c02ae195259

SHA1
3ee07140aa86895b0d252bd182babe7932c71b8e

SHA256
16969f00674c418e638ecbcf201254bf2138c99a1a77db88ee2c1e55d2cd2876

SHA512
8479c9b3e03c92db21b371ddbc0ba392b4ffa2508fe803a204af20d884914f1977346e58d2d52cfd778846c9a4099b0e7a4eef60726258908397b5d361f97a83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\34bfe633-d76a-493f-a1e9-19570bcd6eb0.tmp

Filesize
10KB

MD5
3e6b93f9b42394c7b03f436cc31f0f10

SHA1
2e52e71383abf3534137368efb9a102f697b00eb

SHA256
65b5e5d8eb89329f76f692e11714acb9e6bf3a228134468027c333b689c6cb7c

SHA512
8372eb12f27d2ff74775e67e5c9c2b01a7c7f6f382fffa279ce0fb4718100ec6ab59489cc87215642a6ffd2761fd10e7852347c4c35b7616887b76c601970643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e43d3cc4ccbce896805a716403258681

SHA1
062bdec1108a6aa88d1a775a7dd3e3bd43d27737

SHA256
f29b5b82250ebc7fc07822241ac81365cf65167d48d0bbe399bfae8f8038a9ea

SHA512
c365ad6e8eb15a0cd46518fdceb817e69c6b106f58128c0e6f541f600b61249396bc6e76fc53dc176fa65d2e16ad00d44c9634b2e3a56ec500592a41b3ebdd0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4c8c2de57a0cff54e1120209eced59f0

SHA1
54f5a22ba2665f4cf42e966188f82f25d1da6669

SHA256
6061eeae4a63d8643a1d88634678ee4ea9c1c932c76e353674632b03831c975c

SHA512
9475317eb69efb7deb7f98a73649755429c9ccdb6a015190587d2bf8f1d12c62201f2720ffc9acffaf042d7b64935a78f42b1a7bdc82ebd56848318ce554a291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3e880384b31a68d90a2afa7765aaf820

SHA1
9ac9b191ae9374f08e75ef3d127e0f877fd68ff6

SHA256
b8d7ce8a24c34c196e7627f4dbf48310f6d7c02ab49c820c42ce2a55dbb39c92

SHA512
22a12b3deb4579067821c03ab35023421c65a762529b8971a86fd3dc4bb36f92793ba957166786c5b4257589629c7f01bb4af4057380ef05220dfee0983e6aea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
117a5b3d57d7b481f2456e2fccfdf686

SHA1
fa83e21535f7ad4aa1c1012507515a9715431591

SHA256
e19a958fc7c4678994043d39f09b515699eda42bbadffaab199ac4bff7cae59d

SHA512
ca924bb27206eefafcabbf19a8de34e0598a10d8d9baa15f70ad928b353cef8c2cf42ebf415c73fd99c60591cbe5deb2d5816cd89cd1f93b6d6ea4af0366741a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e43a37d9a6083b40b6ae0193bcdddbc1

SHA1
084a5743fed692d7a574856d75d771f0b8479149

SHA256
545cf02c4fbc84d83b5db943c45101d0490a73ec52517ee752c9c21658b95255

SHA512
529c61dcdd7afe200da30773221c233ecfb1fe75c9b81787b4393112654f7c0264edfa11ad97dc2b3a4155152fdf47c7004d35b44b60ba2d5a26d6b4bd664b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
36943bfcbc054c309a6e94e5d310fe48

SHA1
333268af281b60f99572616c55d5804ec475637b

SHA256
ce03cecc656909f069406e20ae15a5332773d71379f71f630deb12786eb56f41

SHA512
390d82b909961e9dee638153a2e3518ffbd592646400d681ca1f5a2df8aaedbcf9b4b645d1222f214885720d01e004f90f1d800b736503e575c7bbec964ed580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a6951619c47afe5be4e5d98197421acc

SHA1
8cabcf3a4268419eb42051ad48108baf3ad536fa

SHA256
c4a0ca4b66f3109a0b6bed3d3679a4056152e687e42b9915a32a12d9634bcb46

SHA512
6d40daf154fb84855b9f8afc1bdf9d7efba044311ea5ab6fb4da60ac8af92a7e92fecdcb48500b739061d507737c301f5faf67752adffce114446379af58217f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8dbc96e707477b2cdf3cd912e15d5fc9

SHA1
3f856ee265d1d5757555b836517672b1419d9c1a

SHA256
08c543f8148cadf681a0c578a1dce1d8edaa46cea41702d9dc73dc0c1289e5d5

SHA512
a60bdeff2cd1880f170aadd0e1d3df03099b3c7ca3f26468b62f34bc5916c48e847460d6782a942136392e2319eec89318c5e93e2e03a0466076020cb671b9de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8d98c8bbc313542996022cb25316e18b

SHA1
311ec282c61b2c9ea0245ce5c4beb6801e6778bf

SHA256
8c4d1dd0e4c75e3136105ceed63670296789bf53b7d439f9e7f2e1de8a6db17b

SHA512
6f3f1c4768005095500966307b1b38af21bbe3543c7607566b7ef1883b798f26073065547438bf534558a75c21dc47b72c4a350225c21cdcd081ba88acdf7f7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
584e566c6ce40ba65937c5497447504e

SHA1
f85862ff97b1724e50d8de68258d8d620864b4d2

SHA256
152d5742e72bc6c3b5f13bc884a0aacbc46da61b9125c2141e86f76b881183c7

SHA512
60a2f3fe5542b40a67178201f224a884ed09f45d11017a497976519af052afe8d911330b802ca1eefdecf24502aa208cf723f2ddb31e821edd59739cf037dcf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
754f17c38ed5a0d7f072e978d00c9490

SHA1
6d1e930b3c9d78c9a2b4cae02e5719b44ecd3874

SHA256
cabcb3443dc98fb9049329987b627012c3b4d33136723b4c0509151bd5983782

SHA512
904816dd2414c29156d984b72f3379c6beca1ac16727ba0e6aa2d41a0bbcd6e6a4b5f0f8fa3bcba6bc32b951b60731735a57135e7e43cbb1eb1116d85a464e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a6d767dd17f83165f601a038319512bc

SHA1
571377187d2fc5ea2d9d8cee7641b46e156154c6

SHA256
2fbb5145e84e79e92b0bb46919eedd14a48a5b7238f701a2e5b24aeb5d1db12b

SHA512
902d6f3338d6c2b92ae9758eaa3d5e49f4f615230ce1b5fd362fe81688401eaeb93215159d74d99b5b3c74982301352700a4db2a0da1943f34fcb27430aa67b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7e64b9a93321d74fa76c14e092f8edf8

SHA1
a6d8a711d94332393aa25c0a0ebd4718c63261e7

SHA256
1b863474aafe3d103c06cd33a683f478dfb4e3aea5bf52f05a6be71f641cad23

SHA512
308989a72514d15515fec1c7299cf49916da3c9006c7f6d3496574937e3b0966fc3ba6b5621b2c4d36ab4a3f040346ef353b82cd870eb7f0c0208e22e3b94714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a82e3fe445f1d8084e7257c034a605fa

SHA1
87ff4a320273662818049fe75a34fa0e5ade8880

SHA256
05db116ce73adf5be104a4f32c4093f9df4f90eff31ed1b682dd46e9c3afbe1b

SHA512
7c0fd0832f406ff5adb19b3aa19e277ffb7a14a7322cf319050df023b6fb57a55d6b25df76928654b2205f5a4dc90f9a397e6ac971562ebbbab92c1a27b4b902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2f17896a359d338b5322b3f5438837ac

SHA1
e7013126c6e1ddd438d44a7972f3d2301e0246d9

SHA256
9dddb508f48b80fc5d26703cf8072a5ac1de7facd94fce70b8517010989d85ea

SHA512
4e1eacb3091ab6a14ad08e6572ad3990df9f7b0d3112af6b293d120a731503236d7ac403eddc431cb37ec148e3c27bf17ee55d273fc4e8fdde581f4f6627db2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
79e0dae34235231ebd21678093d7c900

SHA1
5a77519e3fa02e2bd3d7ae7431cb751633fc5a8e

SHA256
6e7ee02edfef96699cdc301e556bcdae9c94eae3483623d50f0ea75f21f7b08b

SHA512
6133c25f623e582934dc23401466a98255191557798ececdbc334b6fb0899ffe2e5b53198c89de5a80ab19d0faafde82093538ddd4d5d5c15afb78a025fe834c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
28c1a62a92e2f40d6c530b21e98ba444

SHA1
4c97083768596ebca2251d888d821a10af2cb536

SHA256
843aee935adb723d752b68c438778a2c5f408d32446676a0259213d51e82e528

SHA512
42d79f6b1ceff602fa961170555dae39923b0d66243837ad199cf74e6c19ef3b99d40f9504275b9f01a5fbeefc0c6f2395e6e103616c5a4705e4fbddb53e225a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5fbf95c44a2a604a51ec4e3920cc1be

SHA1
2edc46b85dc5bf5104564ffb6472449e869cee98

SHA256
5e66313317c9b9a429f1799682053835333497eb1424851053c435a7061c1a6d

SHA512
e587b0bebbbea518f8cc352153b5e054be3e269e2bd2d082d6a2430567ae89ca82ff9131e23e593643acef489845d41dbe6b40621af091782f4c95d804a3db42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78a5c1092b64fff68f0ad1b3d71219e4

SHA1
e2e40b29131a4fc5da35a468745ec301186b60ff

SHA256
cdc8d05dfb1655eb09cc8e806e57de4ef953db1300b0cc218491ce9b91ad9ace

SHA512
52e15ba6892ef538d3f91c30208345cfbaf5109743254c2abd5764905a59745bcc779f9a472b9bc3bb19f6e4732e2b7813acfc378603c23602c529f76adf1ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
055d057fb3ec5d74bf5a84d80413e302

SHA1
a8a46c0475169ee3be9b1d8e14f8ddc241eda318

SHA256
59ff6cb147cef7e8f97311b2115b225b33f1ce68e1446921c90308b9c820ce6a

SHA512
acaef8ee0bce108cb3b8810276ad73cf7db784fbef46078c028fd59d6013415eb2814b632cbc50f5d638aa7a39948cb874c416fc35a58ec53a809af6cf53dc7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a0828c09273c2b9304fb222fff14a190

SHA1
be4133bb6a620dbee817cb1185836520455b6ece

SHA256
fb5271cec4e19a7c790134f7523ed8a01d84d9e057f9bf3f278fc016f8eef3a4

SHA512
b8c1cb51b01e4e108631026caa7de708d7bfd29ad80deecab3a70f5a34bfeb2964e54d84b7341c38b746f5e9dd9eae0220aae82084a64a22b0da5f24d373c9ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aef336df461ca9f7119f2fd682616f41

SHA1
2a7eb6b4b3f368c304d885e1513f6ec68825c8fc

SHA256
419f423c447b36d7d46f43f4cbe1ff3faac0e3b46ca01596646d7907fb7c20fa

SHA512
196712a3cd692d9d34451efb07d83765a5729d6461de23371ae4a6659551cce7ebf5339e8db9065bb237e90ae15e080a402cf0a5790e413319b3821ed7176c3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9d5962d53f09d0e8690c66d3a84a3504

SHA1
7fc9f4e13287e368c75475473fe47f0707825bb8

SHA256
2b46001f5429ee4fca8b1bd148bf768d6bea8f20cc577f70dc2f1b98950f373f

SHA512
aca771b82e779899199a804b92f7363ec21b6c9ebf2a5a1a8cd00e6e3e8e5a3ad5656ba367ae3821d4d3f02a2fdb027edfec25b3cb84b72a8ec32f20094482d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
34b4d81b6a3416b8713f8639c16dd869

SHA1
70284ae298e29c7d9b10a909e3788d439a204aa4

SHA256
5f0954bf12a2212e1de2ba09f66ae5c7045b0be2cb1eb727862ca82c73c3df99

SHA512
46395f24c299621fb10fab39949a043872d790be6b8a41b65a2b46534c5179c838ee8239db8f54f04d3543e76e010c970cf9c9e4ea93fb27abdaa71f951b4efe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f02a80c1bfed9cdefc370784cd30ac59

SHA1
66369428d0e67facf93594c00c06a7fa0d4ba2be

SHA256
34efe6d0513d0a54391990c7fa1cc3226ca1a3d9ea23a8b6c2e22513fd836c85

SHA512
5822b9f9bd3ecfe992de9f3137c0a0407f65a2e1d2c8a77ad26bb4403f55ad234eb97f1e1c36b2a1118a96bfe0a9dc72323fbb3b104aceabf4cb88e90cbc5818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86d832379b3c5dcce40ec296561b7a46

SHA1
558fca60c6fd17c1802c986069933c7335be0077

SHA256
898fedc2d9cea27261d6f266eaba6af0294cbe0c01ab9289bf03689f459b6b25

SHA512
d607263e2d5b16f97ea3f97f7d05ba1c0bb80add7198fd6dfeccf73fb320015a42257c78e876a103a6cd195b57205812fd3e62c62f4522088c844777cc20a776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e913e78d6482c0d3316b89b895bc87ef

SHA1
9509b1673c40994bc7971acd9a005136d9e7c1cb

SHA256
8bc0da4ce1ec8475c7307d932fc62b3dd8f3fbaa4c085aa9f8c7944fda626fcc

SHA512
a0856643e153556b96c84509c3bcbed221b4396f4f7265878e496e110d798e773219d1c91b053e2b910d2d6fba35162c1cf19e363a3fe22d2af4d9e394be4475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba8e05c179bd8e9e92bbefacb5b7bea7

SHA1
20c73ce4fd5a50eb0f52b489f3365a3e0b14a2c1

SHA256
8382ea51582606c42939706e5420bd82ccff3c0735b4c55d652852e2abb9c8fd

SHA512
bb8b42148ea2703b31b8b888cea64805d3ee7fa498a921c7f7243c610527d2c157dba9065b0416ba8226ce92e8afaf52e99fb43ad9393c5af4691ff873deb4bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bb97b03c179494224e1c05aea9233ef6

SHA1
7cd9bec428a57b9a84d86dbe2021ba366497a92a

SHA256
a760fd362fed40eb855bffed334259275fe0dfd94fa974508571029201a323b4

SHA512
471d0b81515bc88723418131a4cbc9449c5e16a4cfe4bc9a60144258b64f9d34077074d806086b7a3935302e4290b528bf0c3017f0ff3e9158504ce932547206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5dfbbffedb824245e79428cdf06d45b1

SHA1
31ac6ab4994d828e88ee3473ee711f1d6c33519c

SHA256
15300cfa9a95e07073c96d14d4b2f635ca9af11c804a4207942098f0d30919cf

SHA512
15aee88e70ac3415e51abd4f7a7c1a209a4ab7f2665620df6ae5dd0cdaefbee111390a152bd71c297b4bc012160061a6f479336a96a0d5694e9ac09e739f85de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0530a26468cb9f8d4aa04623db24fb28

SHA1
ec7fd25701aa030be137161d4b6a05a7ed3340ef

SHA256
0ef19fb1ec1ff1d504f43f3d7a49982b2d785784ed5b99f07ff4f47d84980fe8

SHA512
b6973b068d6b1935ffd505bc0757a019f3a121c9a0a12967eea88735f062809d5455b9f9ed11918c7cf659349963fb4c449de2aeee93b3de57c3cf5d0a9a0710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc7edcc2c0743b5326342b1ed00524d1

SHA1
2d3218e619ae0770ff259117968ba7b632bf2800

SHA256
a9b2e20a0fed170b0342a6d8a8cf550f9edf7f41ca59cd89e106f1351d3b439e

SHA512
e57297f17a25b19616a697cbe9e7af1aa2078c90a4d4591f1544d5bd16f27a855aeeab7ac231595671d02b2d101bd9281fbc1aeca47fbf86a3ba11ee91a2e2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e9024072248da3a6143156d986656013

SHA1
7a615da3efe4d0b30ffaf14c1471a030d62a5107

SHA256
144cf2e99fd46efe5ae2f83e64624444cf78b14f0526cadd5891f06e8cd6868b

SHA512
a6031eaf3e29c92bb6de1437eb9d05935cef3b7710af53c5100b4d48542d9eaa780ade8222020e2e0ec724e1cf3304e55df5cd3d79b6013fd486d14a3fb8a196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
133ac7278872841f1fe4c86882c7b551

SHA1
403b92387be285dd15bd12dcd3ab48f0cad6cd66

SHA256
b8b7c9d9f6eca8df86a92a0658559b794a114b50d6d2a9ef9a64db44d6f8fbb6

SHA512
48e29b10bc6c5b0f25c1b86bb27caf44869b725b961667471c004e97fae5326679bd6b3319cb9e52917c09ff3949621ba2bdfb8ad06db888eecd3504f560410d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
83af53addcea08e7f6bc4c15f958fc03

SHA1
81d3513379b02f889137b6cb8c43c22a4bcf9d79

SHA256
cf9969b85525334ef9c0c2ba5c1e6a3dae1bdb1550020a4abaef4c58f281a8d1

SHA512
d65b61dd1f25d2b4731cb21734a3d6fb6a12595d09496a74130a0b075cb1e41e8a5c5c54b6ac583f31a452427266d86a58838365eb841d23b87de0082e425602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
72ac3c611b50d644767ec61eb99f4cbb

SHA1
6b1fd24095a6f23e3920e7be31cde9ab736b32b0

SHA256
93c72539319d071a33a75927d751036ee2e9d91b8b01ef4f4743419010cd8a0b

SHA512
53f373f30133207836d8d6554e210d6f87f420cce421f170ab516baddeed5d3ae728aa26e7e3b4ccbc622c75680cc94f84ec17c838a05e963d6cbce71e127ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cb7d5c85cca81f1a9ddbee869f04f54b

SHA1
7019b54f3e4f04bf6fe8a67e276e417fba88a211

SHA256
ee590c4081471e28af3487add14769628321f9e6e66b615cadfd8204820d306b

SHA512
268e799905eeb7a99dc4c51904404ed27b9cff27117db0bd1111021550d8e07827bb11be2b453627152ae64d019c6bb553b88ea82af0ab2d867447d1b4f295d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a18fe500326119e7244081367a952b0b

SHA1
6520ce2f08a2fb75bc5975d9a02e934c212f709a

SHA256
755fa8049377af36fc1218178fa080d45a59d39e2cbb0ae762a3d81ed2eed013

SHA512
6c5e3ed95283760c18feb1449c6d43a8f5204f0ec69f7e36cd85a1fc4a837096d6de4c75e10cda1f662ca7d3d6ab276924db955e8ad18a1a72228ea7730ae74e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
da33fa887156a6e03c1b3c6e32dc8d92

SHA1
9c463b59ba7a92f46dc2437f0324ca325464bc4a

SHA256
7cfd1dacf063140c4be613eab4be481d235bb9d5c5083a2e8b337c89a744da52

SHA512
31e1195f5c8ce0e321e0d45c3f469d43213724574772a99fc0c134f2ad454d6a49dbbd8b6d38f4cb3796a0e21eafd75afbb72d323771e95d7ce12a77c655a68c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe74bfdedb7ae3673b03ac9d8ca12fde

SHA1
4b8bde4b1855c4115dd3f41135c2dd17d26bd9f3

SHA256
b2f5b4e3a59d205e6f6e84fff8495029e1ec1928cf0a4344775c72a9649fc034

SHA512
425fdcc71131df4a7e72486167a684064078ee2764a3192eb5e5102125c86678dc9ea01d50258551ff0a998bc58644927a37b9f77db7a22568c4c04f2f7c1f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2660592b26a9911b57b5f3ec206fa96

SHA1
886072619ffc89f265ae96ae0eac2b43ad473751

SHA256
1bac96515f78206b38c12a10bcc9158791d13e12e050cbb29fd0ebedfbe25756

SHA512
76f8f32ded5e76c94daad26ed7e596b03d04d670325bf605e9cb86d728ff4f486a3dffbe0ffcda029b57e1cd6c9a0f0bdd1aae823cfb5e7ce155ba2ecd4dc0bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
525c09ad2a00811b4f8811c8669898db

SHA1
d41ae8a5e393b01845cfba6d067d78b30ceeb70e

SHA256
cc605f328f394a68b8e9a3ff14703c71325e5c9c5f68c39fd0b85d7d1d89c03e

SHA512
f32ed87e706258a71faa8ccc1bb9712856e7883686851263200ba44aa4996e3f3a3c2c67921349845f23d4332bd6f3f11c3180a400861ed4436225e72d67128d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
922f7b0c544f4bfad9db16746507ed25

SHA1
384423b7450bb3e4423cc0f90f58edd203768c29

SHA256
f7593d51f2f55c6e51f45c9a35695654101397d268e4447556d3e38acea40e1d

SHA512
a97c597e799f4d69f6f924fe3fc831ab87fd568018cf6a59ece0e38fbbf73d79792fb2c6cac537eedf8c336dc979395a9b37bd674d43cbd22b2ba974c26d348e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
304e77bebfbcd7834bb4926c5c87869f

SHA1
a9807cfdf28370e08cec16d28443b3ec8780cdcd

SHA256
dca056b7bda299290b31c46d125217c1a1ce384207927b52ac2337ea49668bd1

SHA512
120faa12f460b8dbd4a11a740defa6f66ec52d51099f61d5b9bab54b094ef4d76bc3a4dc586953b66ee81dfa506bad39a3ac6bf9188f0f3ca31b866584a997ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f77f2fea752c68a7ca5b01b7363586c4

SHA1
c446805ac95468fd76efbc073d18161c9305e3e4

SHA256
801182182df884ce4c9b3d89d79efae4f684802831f96638caf508dd1103290b

SHA512
e57425e3f78f2fd47cff9078ddf542b68c4e57cef5360c4b09eb3ee765abd414a3cf71138d9231da059a14c59ce251976f20fc51969715cd651c431fd67fbaab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
25a2015199940105dfb215e2725e22ce

SHA1
df74d36f54a6a8fc27329f25ae7133454c339473

SHA256
cd6fe6e1b997ae77df9698f5b0ef1d0b15b50104150ce71be3339a8404fb5d85

SHA512
b6598ac6c4ae0d406f836db7e62f8d825fb0c6c69f9a73d76bd780045722766aac60e8f79ff319d7626384ce7ce4a46502053e85cc7c9a61b8343ab30884db72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a799f33d4750b07119beb2de5b1c2f75

SHA1
64b24a3060e94ef86e8569988beafcf8bf8f95e6

SHA256
1aef39f516699cbc68c49e34dcb029e539f4b1184ca7b205f272c7ebf469d655

SHA512
63163fd7e19495e0381aac27df19051c4469bb3ed4776154727753ec10fcec1917a41e170a1d9a5b9ab71ae47748880616a3e3fd7f45a5aa30a9b6161ca3a06f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7d1980e2a2794e55c41669863be93a26

SHA1
9cbd814a21fac3b014c6324b479b1d56f90ecbac

SHA256
d9b985d90d5530c69cc2d9b9a63bb7873ad656d19cb81e0d47e4fd2d715c733b

SHA512
2b777ee9454dc232f38cf6b93a3ee572f07053fe52f73f60043198a734934598bbb253bb424fbe02f3f33f1bb711ccb1d3b2ee487a971da67fb3008ffd129bb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09c68c860c6481ab069b39f944aac805

SHA1
36254a3e5dd8c7bec2b8abd499a8687325ee27e6

SHA256
428e8011f348e973e10d371a332eaff438c252d0e9902e996af62b4266014438

SHA512
159e533ca6b0359eb1561757cbca6701e298a877e80461b018c56cff3127e8d9783f62ce8efa350dde039e08e9deaee08a3ebef3bd1919d1de475ab5b4b405ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e4d0bd00292247b7eb2e502205bc6e50

SHA1
439b4dc062be508dd499e463e17254b0b57e275c

SHA256
488cdfe38aac6aa12a2cd0e4449ab18cca8e4d9435cafad0d0bb60fc0875096f

SHA512
84f058f0c7bb1594cdebf27b4a7bf043b3b2881d2b8041980261c5401950d0ae1538e2888642f5081e16a0559e3272099b2e7b16389b50cd2ac19a5eee42edd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
429bb23ca6648aa4b70d42969d4ffdb7

SHA1
10593614caa2b685e7814a21d2f4f3004b8a580e

SHA256
340674860d5a4c1f7f4e419fdc0f5eb414113f9c3002c122d99dcf04b1630031

SHA512
713b66fb9c41f559409bc0649a41c9deddbad21ce777e817312911a6d7a0932c0a9532f2d52029b1f9c7e0b7f7fe8b24c1ebe61543b314e8507dba6be2ce7a49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a7b64551a76bc842fa44d106491f29a2

SHA1
15396c85c25484f61188a23f1bfbc8f9c3b66649

SHA256
7901ba79958d0d0806a6c942a5f2b64c0d607d8dc313da83c2d905e22590648e

SHA512
0360dfd9109c0f786ff07c16b9d81b98ab045562a949bea13f28f2684fe92d87945a9e474633cacb84aeed8bde549a9cec686f56e250b857986e26bacbef619c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
98958302274c492b90c1445589acbeb2

SHA1
a4ac50b03dc1af0e8dc90b0b3911f254fbff7c0e

SHA256
1495277c4b199047010ef92a97a5c39d5619644b0de7c4107d9b7a75e5c99dbc

SHA512
512b84e2bcbefd090544beb158f5c1aef80d3aaec494ffa093473816f2bf8d6f99a3138a699d43878e9267cb0eb2b63ec15a1de4bcba8bfe3db9b9ef4c1ef905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2b1f5142777530761def82b73934efba

SHA1
8803e3f26d9023cd16d26a4238c4bc3f754df98c

SHA256
4d893fb5c41124cb8677c987f1472f3c99fb85c3ad8c5aa46e09e79801c0a260

SHA512
ed9010fa63b7a58cc5d80032d9c2e7eaede67bec1d2b3c8624ed914fde8670b4218af29a17c5992ab73fa28636683d39beb554c3922c5bfcad69b318db686597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6ef32ab89326a16d39781cf519e0c3ca

SHA1
712f90a929c141f42c9f39fec4c4c8d2f9959e2c

SHA256
54d3fcd512a7b054bca89cfb121953afb23f706364024c051de7a619eaa7e1c5

SHA512
6891be8c845cbfb030269c60d46e3de274648fccb02e1512d33d2653289bc3f293285529229fee78702f3212044a05e8c4f937ea270474be6ea1be26d999fc68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5fe9470800992a5395f75fce4b9618d4

SHA1
e3ad5138ae02c9dbaeecef84b707cc79c90efa4d

SHA256
fb3170c260690ae60d0bd43588f23b41e31a72aa6dfc0fcd0f8ae31011540f3c

SHA512
f3151c797f25ce3737b5f8a28203faf34ae648ea57f9b97485f44ffecddb47957d3ffe5e0d99a6c2c8919579c4602324a6576bee74704aa39521fa9fb70d7431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
64245405fc3ebedf62d78d03f311bcc4

SHA1
92c2260cd2b6b7dc9d0e81acb71a5a40b5f36df2

SHA256
a0f876996f167ded89cbf697f77a360e1da2405508138591371f6a4b081b198b

SHA512
92001656c066962daace7a536ece103bd3e7d9a9281a4948772c94f67c890630d2ce31260cc14e36899243da3c2261bdfa7bbc755a18396d5edd77bb689a66bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
983dc0758b78e22e991a5d809b6635a8

SHA1
aaea1e11092e3a081e3050f5e0c12eb0c8b6853b

SHA256
de3b84e032fc1f57661c6cca0da0c6a57e64b9cd16dc8f0c41c68834a0d5836e

SHA512
4bc8c0076103c89c8efaf6b7cb6a19bcc9938ed4794da9deba3dc9faef81b295e8ca4f3915cb4742f7572e6838902b5c467dc5efc1fc0739e83be16aae22c668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
afb1ffd8165b0175aa33427dacb9fcaf

SHA1
c5296e576d138a869dd333a7c580bbf609a1d4c4

SHA256
83a79db83445245b76622010a6e6022206de33d7d423878827828b30774ab1bc

SHA512
7bdfa7cac3d1e3f2bc9885568802e0e8139b5621ea7ce71851d17c82ffe1e4be93cc88c2a83cf4b8d938f715a13c9ace3df5c5b18c8b084f412eab29b6278261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
30f854f4a78b683a4835732b468d5555

SHA1
f195fe5988d9bb9003affc64a704951fabfe1c26

SHA256
a9c4c4d6cd0c57bace84982bd6d54e66f79d75e03a0d08e9fbf5606f90fdb3e9

SHA512
dea059932fb095b07fbec9c03cd344e1d1cfe2b0de8f459507d45c3a351e7e2eb929fb90584ade9f08e75ec7c2b87cbe733dc75f33af36b953a7cca3a92a277b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d5389a4ca26c763d5ad74b7d82974a99

SHA1
ca432afc15ee693ee608da74bf78d0a1f8886205

SHA256
f0f5f6b9579986cd46f32f040722b373dbce4fd9bfbdb7ced753000bbaa6446f

SHA512
6a0213fab2b0fef395e5594f16f159de7cd0cf82476d8b7f9ee4fa2a5c3172e2173fb9e3385d139551ae21437b970f26a90bb9244bd2d6b574a6fa5e705e4963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
454d4a4ca61d241fa5010c66a3aae152

SHA1
0ad3844308c77a4878698cdb481d52cfa5520128

SHA256
2de2f6f37a944d4fbf367800098106a65a9e660b9b697fc4324606d75d44ab39

SHA512
8caa7d219744181efd522f842bb7399782f4bb62066f5420b6e162ab405f4c80fedbbf770dde65d21422a719bcb311745a498c66644153a037134c50bd4b1acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b9c3f280e364d2b5df8dd7a4da12b976

SHA1
6221e07b976ef0eae4442b0afd8b99a7484955b5

SHA256
95e5550868b481a28ec9fbb19896f7cd37964b30125a03f52c850465a65a5f29

SHA512
f5ec31f2dad45253c3cbc1a26587077cfa5fe765107cb9b9c4275578e2645976a6335617905d3e2f0d0aeb378fe179099fc37896c12efafac3905eb5601cde5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9e794b48781f99a3d8feded4744b5a8

SHA1
a23b46621fa2228bb2dc149ff581280ae9dbe0cb

SHA256
293fb3eb18748111f68c2b418f417d7adba6532255dcfbeca451c97bd645b98f

SHA512
89a5f7ac83479456c5c4e846e7dbcd9405142ab952bf63666e4cd234730ce3d4d4150a65d0fbf1a9e28573032ce295db78a4544db5dde241fbacd93eafe02f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb822321ee09b685286c41b8fc96017f

SHA1
6b92b17f5312e648c65cf69f0ef16d53ae823ba9

SHA256
073353dd1f2716b793bf6441796d12516f93b45d20ebf0817acb7a5d28707dad

SHA512
9639b6d8643c94263384e164822bb0a62866b2d6042233dd06b8473a2471fc42bcfebe8c474a1981f8f897adefb04711299961f47ee172d673d65b731975f626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f76970f79c0d333a505887e5847c0da

SHA1
fa5b315a5226301587192a87f440894b82f165e1

SHA256
0949cfc44172c26ced581f2feeccd89d6b277dbdfee3f378ab5ca471d5c03367

SHA512
952eec6ed8641b8ac48cb3353c776e09016fb6526cb0fa5390090f72d38f0a1f52d3574d9048414691877d03970b27441329012992ce5cd82ebb55311395551e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
56d39088d392092d5e1411a202d6f347

SHA1
80ca8d69a69df19049abdb7e7a85f1b20387391d

SHA256
bdcc66bbe32f330a121dd6fa2675ec6299fffe0e4ff4e0be37d580e68de96e4b

SHA512
f2f270e9f2776c6c5f11bb86b3e942b815e8a3126b5d3b2088739a580a65ed9b4f52e1343380f7ea2857b21c8d8e69051b2ee6943f6ba22d197ea2a169e62a73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
081f718a318703d79cff4baabdc05355

SHA1
b00fa7a6feb088d06a6a4d65425b75c5fafe00bb

SHA256
3d3a9f818835f53768343db1517872b962fa610f2a7dd702328ab4e21c3644e2

SHA512
cd68d3f48abeeff394dda31daaf77e64028addc904c80a3be70a07bdc91ec67ba042325e5f8c60f057197277ab9e4fc00c4379398dcebd595c69c770bc1d5bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02a30fb95bf1f9f6aebf731fba5e7dfa

SHA1
8db80e226350c44125183923bd6e852bb40117d2

SHA256
36aea8a3f74b55e7cdc939fd96456bb49d340b962a7bdd4ab354409a92e450aa

SHA512
574f3b0d45ecf9d730c036a04c9d6723a498b2d03bb7401ad09af74c61baa8ac0b765eea4d21a6bb6b69624c852ec3b1927fe2674d382d85e01c9368ec15b6dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
61380bee4caebb404b903be882a5acc0

SHA1
45b9cdaeaf2e9e6ca9e272abd424115013a055a0

SHA256
af3dd38afd97e6dfbcc07c08af6c992b7d0063f48ab489b72e45b71b8aade3fd

SHA512
bd924f5a59e5875004741027cfd6861029cf8e4ac0e9cf5f7ddb3be4837f824ef6e1b4f630d4addd2eaecc31da2958fd59ddd7e57a379491d984be0e1a2d1c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee3df3d3122d1c48776085584cbac30d

SHA1
9e07f246dc690a95d2d6c48e0251706c39cca581

SHA256
6f2334248ffe3ac5a28d9e48c7b287fdd6f06af388f94e30e5cd6681df26693d

SHA512
c3f6a43ffc0e83eb6b8a39591cc69c83889c8a4b5a586f7969a5fa60a870e2d01156b421420a81c5d2ef0caaa68c540539ef09ef296acb09a5382c1ea5763181

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f021e57d5dd55bb74004d1ac479d82e2

SHA1
abe397e094a6000fa0a3925077ec188e93e15ada

SHA256
268cd90570134347607b9a6c9d08e79a88529f31c7ee29a74ec35a2fcdd5427c

SHA512
9d5d77efea25ebadaf53481472a2cde173ccc8f065410227cc137025c3edc111e196bf5c85c64f0c2bec9370364c1f86d4220d5c3334ec586d8ac6582897d02c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a87b06c927d4bbecf3b9679e26e04f0

SHA1
156dac3a9a1a56280c2e75703e2b93721c7f7dd1

SHA256
bab0e594349b9c0697bfc5904d7af2871b8ccdb41087dd185c21073ffcb32032

SHA512
14fd351ca0734d669d565c19d8d2c2e044b1c3cc3d222b5f95060de6fe691391227c819ce4f78b1254f0cf7830c5e25fd53fe3e40d1ab440f84284dd48c6dde1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
01fc62225e4f3dd0e2f242a835b2b073

SHA1
e323440f058f801ee19ab7d695df10f851bcdd59

SHA256
21bca1c0259dc5f5bd41d3279782d53a6b0ff50d05e76271a9c3615f9cb40c16

SHA512
6145ac0f39e8313ce59e248438081288deed8cb2c41a4f6d70a2b4660c6fcdc5a839222e7d150744a565516f763ec77f908fdbec163b3b60def7d813292b3dc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8177f04142bef98f1ca593f93d33623c

SHA1
b08887a7a2761f0b95a15fb3cb67653e58c4b200

SHA256
8672e85f223d6422544ddfbf689cbeffe8bd3fcbbcd3aea679d4336b72655dca

SHA512
f0d9a7f59da5e849919cd59c722c627fcaf173c61d7c698e57e5fb863c28ae2875f38a34644eab698ac27274e77d743e1b01fae3f3f3bed8f34ae3f579f48511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cbc2fb85dbe9e72385953cf0ed7153be

SHA1
2d6808b5f6a1cdecdef88fc167681fd12daf4046

SHA256
b672a412aa0c1691bc108834395416ef4bf5c1b62312d55ceaf314752da6ea5b

SHA512
c873bbae3d810e8e728704840cf1aa2d217239b11dc7906270aed081423210914882b01eabb24dec17b149c2a24cb816e1ba307ea8a1abd7f44b7789fc0f8342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
26a9594d7b9fc986dfb3f2b6f8fee381

SHA1
df3fff843f121eceeead6ca29649205ec9fa66bd

SHA256
d02481d0e0d7a59caf5d30fd5a4a4353a2752edf5741a8ed9bf75808180b1abe

SHA512
e6e9afadb3bcec5b9440b7565f4da4291c5ec384f94c747ee9b956c37e4af242830f7e8681a07bd9d276687b17434d21c33d9e89c6180a8fe4dbc54b91394862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0697b1f49467934c5d304a5359d9c72e

SHA1
e0a5ac0df6fcbe79b1d6c492d734022dc75c778e

SHA256
a3a78af5a0f1e07f5de03dd91512e38906a7650d896f723c7333d2602a3a96a4

SHA512
9116eff8fef8f5f5db48790f072e25a5e5cd3ccd209a644bdc8eb1b0358b07a14ee9c40be22253d894849a7ee1d0f56f504c0602f049f55a1758b2a157843a7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5967d7cd3b8965ee1f74d711d60ada79

SHA1
dc4626c2ae24b384b837ec8ecbf8f4c1e87ce5a2

SHA256
750f262959eddb925b09f4fd3518924c189335e49441e87c086bdfc0f6f6fb0e

SHA512
07931933ac3de4310e93c3dd0de8ad74ab8d1c1da1ee91d08f8f89abb673a969c590bcf4c7dc0b3f07e8588b90b394b49e1f9290f9cffd11fc2c957241e78c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
12aaa96e8a8f0f048745795a10cb5b7d

SHA1
4cfec4d0a029f50c8affe5a19adb900a7ad6d6cf

SHA256
2a5eac260db19169feb7549e753ce196f177b82f3e07a05b417bbc25dfc4e789

SHA512
9304086a17fe17d007a5238abc0318a9de16a8e02a1fc1d22094fba264fe603d2e642e70daa1759f5ff88f8dc20bba2606f0f2e6d0b8ecbda790314f241d12d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6978fb3d749302560c79211b40b1de5c

SHA1
7d3e89d8bfe5f18ae555de5a1c301054673e08c9

SHA256
12ac7e17c2edc2aa8abba8d16bdcf512f572fd067944a0ea79ae887985e9571f

SHA512
b16e4acd471f310d47067c2f74edced57f053ff01fd3564f5f13734858aec452c015f65b432c894acb155cdd00fe1e37639a258ec024ae423efbf6be565c97a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
221cabba06fdbf194b4e86dec815cda6

SHA1
152ab078a91f075fd5929b8ec617a3ca9336fa51

SHA256
d3813a60992fc1fd5b88a91d0022d623623e8f1e926ae9ff48512be2e74b7a42

SHA512
f9a482f8f7c25dbe84f013eda969de1027526d03e013de6e88aa827b819ede1ca469671fbdc5e9b9294bc4a7e6b1d8d8a655e884adc40ac5c4790842f7fd9dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4cbdc70fdba3eb27047611fbb046c02b

SHA1
6922129f09ca6f6fea039773e136bf50beca177b

SHA256
0e02b11f9c0c183d6e19eac39442750545fdd55ade30b62db4fea8044cf406f9

SHA512
2f527b58a9fe1d325c572f6258961a007d0095f341e45d50425e5035869b798615c1e24d3b962392ea9cfeb4475d4924893059fe61b564ca18ccc4f5ead1dc1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5dff66c6216707933f5c5ae6b461f86d

SHA1
be3b29dace2c4ca4d846355156f2eef139212458

SHA256
3667c0fb26d4f8e7acef01b1e9a24aa3e54e600ffe5fa7d7bfe9c4317e966cbb

SHA512
2f1729928bb33b7583f418ba9db6b5df81f708a568a5bfdb93d867d8a25534c986ae245c38ed11c060fe19a7132b473462f34d33ac6b1c17214204141f43b15f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1483c812b3679b4c7599d1b09c8fd709

SHA1
e0a8c51c418a1c0bfbb753554a965334f5e02a79

SHA256
353f52874ceef85d9d22df28dbf07f14a003b7ab3d470fa189adfd5daf173210

SHA512
8a6bbfd69010095d73a419bb94cc5cc0e2646bbb72cf1f9dd9c343b3285bfa72c371fa1fd71464c2791eab069951fb02f8709d429bf06f1593270ed34dc3f4d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c018a1e61b79dca950ed53e3b8c0e39c

SHA1
ca85f36a2d18c7a37c99b2470fb8895f25ac7c8e

SHA256
ace83246ab41b3d630e34b010c1623ad8bd2e8ebe35246d2230cc9f43e53546d

SHA512
ce58897f556f6c3d520e3cfb9eff047a32d7e3cea25df07d4ac1dea0d45706a0e941359915b0701555172a698f32456e757a3e280495025cfb67450dfd56479d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cc6d3204f318f047c2c7c4689f959815

SHA1
e5d88e94dfe1e32c28c7fcaa97060d110423ce66

SHA256
a94ae615d7210fa853fc56c9820b6bd9d2ad38c4770f8bfd35739512fed69ef3

SHA512
e8516adfbe165791d0610380e7026a46ad7d1a990a407579a75fb56a6f89931ccc2f4d5087343c96d27db03e2eab1bcae8cae3a4ff0f60b5c45a35f9f085af13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
941128fc1041ee7eb0b620c24e736c7b

SHA1
aad7b320b238ed42da541d0295bcebaf6869ae86

SHA256
6d35d29e0a416bfe2b79563648a95591836c03502dbd612c9f3abaf724cf279b

SHA512
29a16eb0ce0f78b1eec0bc0fa1e29111c8452f2583b9099546d9e36d9fce6c71000bb28933941cf0f3c791221aeeeaaee59cacde4cecfac9272a8432e055b695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
017491850e365c086891a9ccd6327a4f

SHA1
d628883bb8a715816fe8343968b78daf08ebf3bf

SHA256
12284eccd93129447e71d05a8f389e958682b60492abda4fcdc73b901ac33484

SHA512
06f4eb294b9204c837b059308dc70ae2f4a823f52711576c2dcdb005bb3716a3301be271c4e8edb0760abe4f0346a09c848330efe0562000dc93c4b73a11910b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e45e7bb6a097ca6527680acf82d373e4

SHA1
d177d0dc73751766d69e9039a89ed9d6f9c8c495

SHA256
43415e1db004f0cbce7c26d4d0198a9c11b1aabda8d727ad60646d190e882caf

SHA512
7144d93315563c6563802530fe0d9436b331b019223a607fb7263c0d0f8acfbb8ca78d76553de041b4430100abb2756cbb6fc81248761829fd8148ad0725298e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f66894e3f3e3f05467e7099624545790

SHA1
aacc174ad784e31a750a08d66a2b8767311c89b7

SHA256
951657d6897f7fd49744564645f6179dfdcbce586129abab62edf632efba0b96

SHA512
2a4607868b28276cc7b52fe4fa9537f059dcaff2e06bf9a96793af46f069aa6ebb276c7d243898dedaffaa886f5be8c7a2371e8ffd5cfa2e34c3d8f59be7e778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
05bc87c8e7a50e24f01c2278d46d60fd

SHA1
f44bd4b0836716cb13f91bf28e6b8747cd1da1e2

SHA256
92b450eda49a46c3ec3359e69ab4de33f5ea8792850d021a062fe7f10f7283ff

SHA512
70a1bd0b51413a8d9281086c07d044b1bf32dd940f367974d5b8f06c493bb5d3f1b49178d26050d5a00e6d3406b9e169d660ea8576d15bf2bd97af49e25817b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
558563fcd16ce1d5315808dde141777d

SHA1
82a79ab6f8b364db6b15625d71419ebb3ab21d63

SHA256
7ebf553ece2d0f9db20c05d32222fa2f207fb364ad400252f05cb20f6abbd191

SHA512
8c8b02f88c6221a885c16fff403d3e5ffc692386b5f772de61cbbe9fbe4e6355002b969f54f844ae26c46a52bbf051ae4f25f691ea556a60ad1db1a25d24ebd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b0cf1624bdcd9dc68349ec93490da3d

SHA1
279c4fba54dfa2472e292e54dd83aeec7765677e

SHA256
c9fdd88f53d0febe83b0e3b6bcfe54996b92c6ad68f3a279af21810d0a2d523d

SHA512
f1328383325cf04fe1279f3638c0f61ef09fc9998211ed67cc72e4dedc05e7da7689cffbd079ab2537bc8909bee1b5533a5913e4d6442ae197e823c45c1f4c36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6c80ec055f82f7a679ca6e17d3f1f7df

SHA1
b6476dd90f1283c37c70be1c55a7161d96d36d62

SHA256
887c47dfcf700220b768d90f184f20e88ffc000a6d494da035d02162f3862477

SHA512
bcba89bbf6cee3bbecd99567468188fa63958a5ec9b128e3b5c3863340ad2cfd9b57867436b9fc80f4da1c9c8d8575e80b7fb37c3f9d9f810f1f3521986c08ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b1f1a38a0ed6f13bf3c8196de615ab6b

SHA1
bb22bbed7c0bb470b1b350666095f88f9d096eb0

SHA256
87963c490056ad7b03fd4adcf81d576a4c6153234eb23da0629ab51110175320

SHA512
cc6ccf620eef6b2f1ba2a8ac4377c0cae36e74f96da9070fb0bfa3d5c3434700b0af450117aedf4b71b3b59a3c357ca010a23f180724ee30256a935eca2a16af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ccde526c7225368da2c11ac965c51c42

SHA1
49714aab63b42564179e7f689b109703222abaf4

SHA256
621970f498e3e694de95b98d9e9890aa8b3549b0609a4fbbfe7aedfaa6b27d02

SHA512
4e23cef1b3abe79799f5c75e06ad1bc8a094379d30ece5ecdd894827e16bb846ee75e06a634c7c6e7a3da02b145513c107a7a57b748c4f2d4daa0f8b500dcf5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c3a97da38696602f7ef74d6f76985457

SHA1
52ff876d6ddc1b9e363a88bd9a9ab3a4fcd239f6

SHA256
9221121ee78aae19b164a5f2b6a06b521763c065bd9df0d2fd0ff6ee099315dd

SHA512
77cae6641be5752a736461904ee801b75260c21cb4e624d911e55b8c2ff2236b2d5704492d7fb08fcef31930bd9d93029664688ce09e7d7e6f67d335c17b06e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
add1e83e3759c6bb5be53ac38de916bc

SHA1
bc698f04be62bb7adf116cb0e92c35a1f38170d9

SHA256
606357bea83b47279af8be6203c8d42f421a2ca61fe6fe6fed73f88d2bd88501

SHA512
1e1fabedd20e37098f28d774d27c107495d40ca7c013fb9e555e60082ffbd946887a47e6241e2683da73324abb724d153a0b7c8114a284515fe94ef937f3a00c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7939f398830a85655a5df60d8d7bc9d1

SHA1
48eb9f4360d65e3e220723d35c4150273b627d02

SHA256
54fb34485dbaec950723da4494a4555b1661f544d2a0eab3d444bc409b5d15bc

SHA512
5be710c5ed4014e80233243f8ec613b2905f22cd21a7d2b49c595bac05277548aa9f2324f065d13f458fd6fe7a5c2db4b96b408d83ec3d20b545010992ee2869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6987fe26ada5f25bd18a829c79ae4e6c

SHA1
3a31ae9580172e3769a47358d21f289f6c10f384

SHA256
417ebffcb2a8896285eab80e17eb08b39a87d670e5dffd36e1fdad7ce552422a

SHA512
37839a7fa03fa2a17217399fa3bb78a5a1c484969e3f040d533058d56a0e110d3c38f3cf5d8d5acb2ca07b99a9c16d0cf7de8c9ba5c71183bd475b3ff0f87697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c7c0959c3c4d6199978ea5520c7fd9bf

SHA1
2a42ae48f52fe65110889af10e6027917cd06668

SHA256
404e8b78cd43d7d9f15cd2f08e5fda7d919091b942f627277525c302a777cca1

SHA512
1a03e596a423a4cbd351a09388d717dbedc5ab1ef18441e54150003d20070ac943f1f1d9053f6c3cf35dff0bb69bb272bb39ddabb056383c283b3f45901f4d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a308d94885494eeb4ade95ad318d66b

SHA1
b6ecdb1e1db34acbdaa49a67525cac6e4e8a5192

SHA256
193afae0f63cc3f5337d65d4006e4b672d132c7a5d297cca60ceddb3988bd1a0

SHA512
af7fe1a550182e69102fd1f25174805c38820a7b6fcf10d976b5a69bc93d94afeee136dd7a77903a252e7058878180a44ec7302719cb5d2afe0045fbd8e242ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a0eebdec64e25ba1e5824922f85f814

SHA1
80e60f8d7ee5bbd0ae57f696e9a098716ba1b703

SHA256
6522c653d12697b5a9543a409485901c3fe626d390caef5c90ec143bb7992c06

SHA512
99a21c91480c927d822da897924aeabf1f499dce0564284dbdfd8eee04d3ced1dc8baba9fb3211ffdc6d11736dbb155e646617f9596e33189da565eb04f07e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f1c9c6651a5110d799b18bdd3618f717

SHA1
9ef6c3718b4522de9c64b53239068084bf852caf

SHA256
737cff4721c18e7bc60d369b458b193e7d056c963dc60824064c8c41f3069053

SHA512
8ca2858f6fc45a61b72208d688e7c219498172271a6f17fb8f3e831f2fa1031c7d4ff2bd0bcc4a55173d6ce8f3900ac894a5c4db5e0c665a1a3fb4c45e74af43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a82f83cd4ef17339e5e73378ab7169d6

SHA1
04cf7aabc1a1de43d0215296dccc1cd92c44163c

SHA256
ace2ad081af135428a205c9611718d2cad203b8ce7b89dee4f86087e70aa66c5

SHA512
c9d3c29a7ef395c48769b4f6fe1b14db37d10b4182dafd609af17a4f7caf6beb01858cf1b328531d17cae158082390c16a5ff5b139ee35157f1ca312d306432b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7393fa70cc0e4d51a649a7c8afcb53fc

SHA1
10d6475046d8b0d4fb25996d89558356fe1f8f9b

SHA256
888c4388701576a88cd2918ab22d3718552c39302b6e3d1df20dfc66b1ea4311

SHA512
dff49f653e092395270c72d454b5a72dcdf405ff5be9bc140616d8757e20228ef2a4226c82607e507751bb74e46e4e55f1a27520143e930e593c7565ea39ebfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6de7168b224334b8e26c7faa2a7bd233

SHA1
bb6a44480edbd35cdf27073c9cb8dcd2ffab5059

SHA256
8aaf3c538a04aeb63ca3c9a247fc55758e488dfe806dd9d15685179680b586b7

SHA512
02013202c31c93b24b4b2c5216ed815a3eea5ee3ec0b31ac7d07dd764b749bdb27a29a09ee051c671b81430cd2f051928560e0cc08df78e7383989f37a538e77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a41f61da19e980f0e34331e2a1bf5d0

SHA1
fe268e153269658de183d44c50b553a23de90ab8

SHA256
3388e60b752345198706653b61939d456729949ec56fcc44b51026b1c6ea11b2

SHA512
9132a041b0feb1f453e85b8528ae43a723b43931318feacfb0e2b263eaead87942a7e490cfe27f1b30b05008223cfd52ecdfc42cbe2579c5d6b6cdf29bb7aad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9ab98823ce797c860b44a5f89ef87841

SHA1
4469925e1043d6e46d7e040180aa25e7a8c785ee

SHA256
a79d8beededd6e723a883431552d9f012a4d9409f893a14297f8546f5777575f

SHA512
f8b31fea9b8b90eb6f05f70dd7eca845646b4cd6449e839304139b3bb338f64ef4b38f7a76bf34ce2ce9f1e234daf11905135bd345bbac790c9662fc7e21f084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a88d3b7c153b6d1d3eede15671c084b

SHA1
13b8a364abbf6e3aa2e520b57da4afece7486a21

SHA256
ea9018bf01ef30135c2d4a23626321eff4a2bc06bab9fa557f6c67dce4209139

SHA512
176cbd1896193d1250527e3438c88e359f67216155196969deb7dafcb880e471dec1df2fc43571aee6379d8d9c978bb3034261306790284078d5bff77c5d3baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7bcd32ef4fb78c1e322e8b1719420fbf

SHA1
42c604a93cee6f5c010ad8a004e2adc6062c88a7

SHA256
2308e901db66e16b4d67c2d2c2b6236050a6a81ed4fc5a06e76c71a6da9e0ee2

SHA512
c3909e32131a140f263a2dc5eb2f4cadd8271c96e07513885f6f7b03863947bfdfb1820a6640c28a28c94c27d8b8ee761313dbedd5779c469ac2b803b0312cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a7dec265390e3604b2049d0537c8358e

SHA1
08a5dbdbe9a0b70507e8f70693dff12da7f4370e

SHA256
1dfe63f2bbb34da0eacafd2053322ba4e5ec993e94436afca3643c09041050a7

SHA512
3845c0e9ca2131ad90199d8391e79d4eca19fe4416a7527230e2759b47388f803f332d53cc7ce07769aee35485b4e26d2452db14df69695058646e0728e2b145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
592f5490c9e94a5d3baaeaf5868eed80

SHA1
ff93c760479166c3a6df87d48c95fca2e9ade829

SHA256
a62bd1a70b703db0baa68106fb36f7cf556d9a9c772f57c84cd8f3963969ba9d

SHA512
693df2eb152b0c96adb08bbb97e8b03fa5b59dd24dbc83480fa57aec41469605466de63783be135bdcd58fbf0f874882d11548348b46d0bf7061580378271f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b8bf00aae9968548a062fc81db205bd9

SHA1
dcdc5fe054584e50826ca0869888dd6a866ec15a

SHA256
9537bd09948814ca032ba70fb2b817be70410b25565ccedcdd21bf3e05b40a97

SHA512
8302455cb8e84af4990cc99a8bf56e75a4aa9f031c1583ee83e054eaab4a401e303ce60e2d5c242baf35917389a129184e5c76216e38041c3aa8eacc0af80032

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c8a66aded95a45abe6b3d1f3db12e449

SHA1
c0d3cf78524558506a93dad534024d46d2c764a1

SHA256
a8cd39077573a3215ed18914a664bac9084e2f5be9126a4f116a967b99396b1e

SHA512
546766f031ee5ef3a3c5b8123867a7313455be1b0e39f0801859dab8fde750b2ca0af1efe79a296fc67c02074f944572edc77de4c5d0d13b4fdcb45c4090bb79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3fe8bfb58f87d1c48932d960e1811690

SHA1
66095f7f557452ad012de9ddde5ea4488f0ad4f5

SHA256
66715961029cdb035c6c52bb4ed6fd6b7c3a668012301afa61e4498a4548487c

SHA512
836b55d99a2f3e22e1a18a636ed0156047495fc50a3d367f4343cc8ebe481b9fea90e78bc1022787241975f1948c5aa0ca0ecceffae86daf263c6ce30b1b2cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ab5ce06477b46a9ade632bc4553255a

SHA1
b5065f53dadbed0f84f6339835c9d17b2592eaae

SHA256
2fa1e99f29bf05218ce8d5bb5f13c031d78875ff76a5621a7089ec1079fad9dd

SHA512
b4b5d4db71d74cb03ebd1e87b1b67c7eb4beab0a8178a430b9c8147c532fea86141a3e3473526e857672d0de6a8089ca9003e55e2a751a739b42f39b31a57ede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4c230c095e5bc5331f80a5a51ac8b7d3

SHA1
f48a0409113dac377bfb210945b8ba83199f39aa

SHA256
915e0f42f5c12ad7c89cc893f5e2a10c8b8f8579b88ca979d2909f072e42b0c5

SHA512
ede023f29b432dc8520534a2c7791537d8bd351fddaa2c8a4a0922b762c8dd1838606e2b941111ce47879fe69be908692ae7778e055e85e085fae57e56f56d0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
18980f4538950d93065cd785a9cc2da7

SHA1
bc04e493b3c3fae55b24c0ec0fd13349cd61b161

SHA256
3c052b3e8c882f03b82324d6d9433d40537838b588aad52fcd53aecd215ca198

SHA512
3f83a4178abfabea383a7aa57f2424414e23068c7182b6a3e88569f8b111ac8ca010884ac550f8be97196d311fae156d64e39580030f5a82fad81419058bd282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f5c6bba164a389d0a9dcf39507b63eb

SHA1
de60dede71b87fa2883e8c695c1559b4f7909af7

SHA256
356d374fa5022ea64b62f55dd3b20a50351a740ecd66a428f8b07529d0a8fca5

SHA512
6acd9e769c0f2430b6fdf7040c86d2ce543caaedf821384f6556102d49878904d6230a5c98da8dd71bfa220a135316c457ec3b3583c7fb25794d876cc479c2cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4f752f66456c542dd27902b994b20513

SHA1
91a948cb5ce2a8c55ad14d7dc166653651e27430

SHA256
5d374f9dad0d858f65afd1405d859d695ef0db12d47bb959528cfaf09a40114d

SHA512
503b734744f739fbcec40b90a352f8ff450f55b137a31433f7aafed51b96e1fe2aff39fe523f1d74df795107e72e55a0f5efcacaf785ba4104db10ac906c2c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
55a6f5c3efea345cad14ebc3e396d6fc

SHA1
5be088a7a6c286147299eb6be4dae7e6ef708ae3

SHA256
39537c5f217643e8d6fe27018650b01d8cd1bc8ae1f31ad9926d0eb3ff289a8e

SHA512
8ea7236ecb8780753388f508ca41f4e02124cf1499bd705826c26fcbb6dc422da5be7da3ded2caaa11bc738f8c156409d2f907744a433ad1cf6ab6c2cde9794e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f77f52925091429e5e536135e0fcce6f

SHA1
638baaf557751f9017b36b30ba12b455914033cb

SHA256
c22d8b9175cc06412a7c47b4cfb0178cd1e56f17cab4661a9f814a4a89351fce

SHA512
83901a52b0f34dbd7be2a2b3837c221bf9a0809382b40f90dfca7a3c5b468ce7de87198ff57cb04b9a1cda2c30fe07c0dc2803b8e21f3ff738440ac6762bbfcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4012b5791e5d5bd860b8a5f6fb466bd8

SHA1
87119aa8400a8ad7a76aecaa7acba1015836eccf

SHA256
046a27567d3d2174fd7f1e6392bafc5bc02a806fd7e924cebbedc9b977e0d137

SHA512
c1852037d1d0156222a6d5b538cfd846c4e2f95915a24db906696c40757bfe59bef1a265bf30f69b6519b66441bf22902d0169a7765d035989a934c2ca0a0b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e502e968d8e31c73893e4c015968c73f

SHA1
ea3cf7d592c3363df007b8c10c9f43c22a7f6ef4

SHA256
c5dcc457ad1fea481d2966a68935fe007d108e369cd2e144517e482b3cbe4fa1

SHA512
d81c4ff4b6dd6ad092a94c466fa022b45c13fcaed78d97b9cd70b9545df64b799ca631f9917526c232dfb38bd9f21fb93c63bfaed10ecdbe9cbcf03879496481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a99f03d52d6c9c32b6d868abb0559aaf

SHA1
74baa4c8a929f7f49994187980cc81c323a0394b

SHA256
2415eefa45ff104816b6615dc3100b547692fd0a26cbbb794a39b892702fb500

SHA512
f2805d636eff081611243edf99bf73b7492c230a81e04bf8f54a3bed24ff3497c2d6c3a7d5a6d25ca8a2051bc172f01b0024eb20e5e0fcc04f678c6d40c714a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d8577b85-c646-4288-a868-b20d7b48dbc2.tmp

Filesize
10KB

MD5
ec856405cf491bd4ff7217355bbaa034

SHA1
446d57b5ed48f44f1a57fe30d64d92247163945e

SHA256
2488120265c70348801955795fdfb72f6b46ca33efaefd39cc7f4973adecc757

SHA512
97551e84354b7645ff432cc7dd92dc1acc35010ddb523b665abd6a6a525d21e6c293bf14df53d1fbfe472e3ca42f0533dcd429474d4b674289241f4e6a93b199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
e6586850f1287bc92acd096b10f07675

SHA1
22714597dc8384a6a6f8bc6d6fe4e04e0d64630c

SHA256
77834a1bb78ee0bf488b0f708e16c589a6bb9cbfb23bac4fdab6fe31bc022dc3

SHA512
267d4a85e52539f4b0f1a740370a3ac8a25512d1fb302642c2788fbe86581925dc24908bf76a8c25936deb86094541df585f89c39c659c762d7e73040e4937e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
d6c08abc589a319cfd0cd8a7129592a5

SHA1
69eadc558786206f9236f8cdb805571c5643c3e7

SHA256
272907c54d13bf98de65428ef5d34005d99d4e0cd9ed7f9969034a32c63d377e

SHA512
886240583bf56573fecb33964ca769066328eaf494ebfba54b7d5f49a8725945193d4a310b86fdb4ae64033353c6b64aec2de97bce394c0748e66c6875bbf9a4

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\7f3632afdee7118812dd116069729b41

Filesize
6.9MB

MD5
7f3632afdee7118812dd116069729b41

SHA1
ed116033aff765c3eb24c3059aff6c6fb0be0c0c

SHA256
6c98e86a6d732761ef8b8b2df2646f55190657e02201ec8ab8b9137345154c5a

SHA512
44948874e9d243c234882ab1db269fd729f57ad5fb36a3b22428e0d78a9fe5a05366ed2eb97d0331caa0ef1b622528130344016e13f809b266dc1bdc10ebf9ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4984_1013701598\8dc24704-7cc1-4c25-97f7-b8acc0168944.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4984_1013701598\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1364-851-0x00007FFC66B70000-0x00007FFC66B90000-memory.dmp

Filesize
128KB

Download
memory/1364-873-0x00007FFC67AA0000-0x00007FFC67AAD000-memory.dmp

Filesize
52KB

Download
memory/1364-863-0x00007FFC664B0000-0x00007FFC664C0000-memory.dmp

Filesize
64KB

Download
memory/1364-870-0x00007FFC67A60000-0x00007FFC67A70000-memory.dmp

Filesize
64KB

Download
memory/1364-871-0x00007FFC67AA0000-0x00007FFC67AAD000-memory.dmp

Filesize
52KB

Download
memory/1364-872-0x00007FFC67AA0000-0x00007FFC67AAD000-memory.dmp

Filesize
52KB

Download
memory/1364-848-0x00007FFC66AC0000-0x00007FFC66AD0000-memory.dmp

Filesize
64KB

Download
memory/1364-879-0x00007FFC676F0000-0x00007FFC676F9000-memory.dmp

Filesize
36KB

Download
memory/1364-876-0x00007FFC676D0000-0x00007FFC676E0000-memory.dmp

Filesize
64KB

Download
memory/1364-874-0x00007FFC67AA0000-0x00007FFC67AAD000-memory.dmp

Filesize
52KB

Download
memory/1364-880-0x00007FFC676F0000-0x00007FFC676F9000-memory.dmp

Filesize
36KB

Download
memory/1364-847-0x00007FFC66AC0000-0x00007FFC66AD0000-memory.dmp

Filesize
64KB

Download
memory/1364-865-0x00007FFC664D0000-0x00007FFC664E0000-memory.dmp

Filesize
64KB

Download
memory/1364-867-0x00007FFC679F0000-0x00007FFC67A00000-memory.dmp

Filesize
64KB

Download
memory/1364-856-0x00007FFC66C60000-0x00007FFC66C6C000-memory.dmp

Filesize
48KB

Download
memory/1364-861-0x00007FFC664B0000-0x00007FFC664C0000-memory.dmp

Filesize
64KB

Download
memory/1364-860-0x00007FFC66300000-0x00007FFC66310000-memory.dmp

Filesize
64KB

Download
memory/1364-859-0x00007FFC66300000-0x00007FFC66310000-memory.dmp

Filesize
64KB

Download
memory/1364-858-0x00007FFC66190000-0x00007FFC661A0000-memory.dmp

Filesize
64KB

Download
memory/1364-857-0x00007FFC66190000-0x00007FFC661A0000-memory.dmp

Filesize
64KB

Download
memory/1364-849-0x00007FFC66B50000-0x00007FFC66B60000-memory.dmp

Filesize
64KB

Download
memory/1364-852-0x00007FFC66B70000-0x00007FFC66B90000-memory.dmp

Filesize
128KB

Download
memory/1364-869-0x00007FFC67A60000-0x00007FFC67A70000-memory.dmp

Filesize
64KB

Download
memory/1364-850-0x00007FFC66B50000-0x00007FFC66B60000-memory.dmp

Filesize
64KB

Download
memory/1364-853-0x00007FFC66B70000-0x00007FFC66B90000-memory.dmp

Filesize
128KB

Download
memory/1364-864-0x00007FFC664D0000-0x00007FFC664E0000-memory.dmp

Filesize
64KB

Download
memory/1364-878-0x00007FFC676D0000-0x00007FFC676E0000-memory.dmp

Filesize
64KB

Download
memory/1364-868-0x00007FFC679F0000-0x00007FFC67A00000-memory.dmp

Filesize
64KB

Download
memory/1364-837-0x00007FFC68AE0000-0x00007FFC68AF0000-memory.dmp

Filesize
64KB

Download
memory/1364-841-0x00007FFC68C50000-0x00007FFC68C80000-memory.dmp

Filesize
192KB

Download
memory/1364-846-0x00007FFC68CE0000-0x00007FFC68CE9000-memory.dmp

Filesize
36KB

Download
memory/1364-840-0x00007FFC68C00000-0x00007FFC68C10000-memory.dmp

Filesize
64KB

Download
memory/1364-844-0x00007FFC68C50000-0x00007FFC68C80000-memory.dmp

Filesize
192KB

Download
memory/1364-843-0x00007FFC68C50000-0x00007FFC68C80000-memory.dmp

Filesize
192KB

Download
memory/1364-842-0x00007FFC68C50000-0x00007FFC68C80000-memory.dmp

Filesize
192KB

Download
memory/1364-845-0x00007FFC68C50000-0x00007FFC68C80000-memory.dmp

Filesize
192KB

Download
memory/1364-855-0x00007FFC66B70000-0x00007FFC66B90000-memory.dmp

Filesize
128KB

Download
memory/1364-854-0x00007FFC66B70000-0x00007FFC66B90000-memory.dmp

Filesize
128KB

Download
memory/1364-839-0x00007FFC68C00000-0x00007FFC68C10000-memory.dmp

Filesize
64KB

Download
memory/1364-862-0x00007FFC664B0000-0x00007FFC664C0000-memory.dmp

Filesize
64KB

Download
memory/1364-838-0x00007FFC68AE0000-0x00007FFC68AF0000-memory.dmp

Filesize
64KB

Download
memory/1364-866-0x00007FFC664D0000-0x00007FFC664E0000-memory.dmp

Filesize
64KB

Download
memory/1364-877-0x00007FFC676D0000-0x00007FFC676E0000-memory.dmp

Filesize
64KB

Download
memory/1364-875-0x00007FFC67AA0000-0x00007FFC67AAD000-memory.dmp

Filesize
52KB

Download
memory/1364-881-0x00007FFC676F0000-0x00007FFC676F9000-memory.dmp

Filesize
36KB

Download
memory/4484-831-0x00000000008E0000-0x0000000000915000-memory.dmp

Filesize
212KB

Download
memory/4484-265-0x00000000008E0000-0x0000000000915000-memory.dmp

Filesize
212KB

Download
memory/4484-295-0x0000000073840000-0x0000000073A50000-memory.dmp

Filesize
2.1MB

Download
memory/4484-266-0x0000000073840000-0x0000000073A50000-memory.dmp

Filesize
2.1MB

Download