8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
1222s
max time network
1221s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
03-12-2024 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper (1).exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

9^/10

discovery evasion persistence privilege_escalation themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Control Panel\International\Geo\Nation	Bootstrapper (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Control Panel\International\Geo\Nation	setup.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 22 IoCs

pid	Process
3668	Solara.exe
984	node.exe
1628	Solara.exe
1924	node.exe
1580	RobloxPlayerInstaller.exe
4744	MicrosoftEdgeWebview2Setup.exe
1056	MicrosoftEdgeUpdate.exe
4024	MicrosoftEdgeUpdate.exe
2072	MicrosoftEdgeUpdate.exe
3396	MicrosoftEdgeUpdateComRegisterShell64.exe
4184	MicrosoftEdgeUpdateComRegisterShell64.exe
1180	MicrosoftEdgeUpdateComRegisterShell64.exe
2308	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
5084	MicrosoftEdgeUpdate.exe
1340	MicrosoftEdgeUpdate.exe
2076	MicrosoftEdge_X64_131.0.2903.70.exe
344	setup.exe
1796	setup.exe
2308	MicrosoftEdgeUpdate.exe
4996	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe

Loads dropped DLL 31 IoCs

pid	Process
3352	MsiExec.exe
3352	MsiExec.exe
2028	MsiExec.exe
2028	MsiExec.exe
2028	MsiExec.exe
2028	MsiExec.exe
2028	MsiExec.exe
884	MsiExec.exe
884	MsiExec.exe
884	MsiExec.exe
3352	MsiExec.exe
1628	Solara.exe
1628	Solara.exe
1056	MicrosoftEdgeUpdate.exe
4024	MicrosoftEdgeUpdate.exe
2072	MicrosoftEdgeUpdate.exe
3396	MicrosoftEdgeUpdateComRegisterShell64.exe
2072	MicrosoftEdgeUpdate.exe
4184	MicrosoftEdgeUpdateComRegisterShell64.exe
2072	MicrosoftEdgeUpdate.exe
1180	MicrosoftEdgeUpdateComRegisterShell64.exe
2072	MicrosoftEdgeUpdate.exe
2308	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
5084	MicrosoftEdgeUpdate.exe
5084	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdgeUpdate.exe
1340	MicrosoftEdgeUpdate.exe
2308	MicrosoftEdgeUpdate.exe
4996	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe

Themida packer 59 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x0007000000045ee3-3711.dat	themida
behavioral1/memory/1628-3718-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3720-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3719-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3721-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3734-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3739-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3758-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3786-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3796-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3797-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3807-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3854-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3873-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3887-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3888-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3907-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3923-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3926-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3947-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3963-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3966-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-3998-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4172-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4217-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4245-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4264-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4282-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4346-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4374-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4388-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4407-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4419-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4429-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4441-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4462-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4472-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4482-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4503-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4513-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4525-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4544-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4545-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4557-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4578-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4597-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-4957-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-5114-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-5133-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-5224-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-5326-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-5359-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-5406-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-5453-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-5598-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-5627-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-5648-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-5662-0x0000000180000000-0x0000000181168000-memory.dmp	themida
behavioral1/memory/1628-5687-0x0000000180000000-0x0000000181168000-memory.dmp	themida

Unexpected DNS network traffic destination 64 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 2 IoCs

flow	pid	Process
33	4208	msiexec.exe
35	4208	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
52	pastebin.com
53	pastebin.com
243	pastebin.com
244	pastebin.com

Checks system information in the registry 2 TTPs 10 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs

pid	Process
4996	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 37 IoCs

pid	Process
1628	Solara.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4996	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\types\signature.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\socks\build\common\helpers.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\StudioToolbox\ArrowDownIconWhite.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\lib\link-bin.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\node_modules\@npmcli\fs\lib\common\node.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\process-release.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\lib\link.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\brace-expansion\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\safe-buffer\index.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\qrcode-terminal\lib\main.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\AnimationEditor\FaceCaptureUI\FlashingDot.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\InGameMenu\ScrollTop.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\corepack	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\CollisionGroupsEditor\manage-hover.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\TerrainTools\mtrl_grass_2022.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\TerrainTools\mt_sea_level.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cli-columns\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cmd-shim\lib\to-batch-syntax.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\StudioToolbox\ToolboxIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\StudioUIEditor\icon_rotate4.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.70\Trust Protection Lists\Mu\Content	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\unpack.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ip-regex\index.d.ts	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\models\ViewSelector\Corner.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Vehicle\SpeedBar.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\semver\ranges\gtr.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tuf-js\dist\models\signature.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\promise-inflight\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ansi-regex\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\content\commands\npm-init.md	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\MaterialManager\All.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\color-support\browser.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\cacache\LICENSE.md	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\AvatarImporter\img_light_custom.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Controls\PlayStationController\PS5\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-hook.1	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\particles\fire_main.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Controls\XboxController\ButtonY.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\avatar\animations\humanoidR15AnimateChildren.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Controls\PlayStationController\ButtonSquare.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Controls\PlayStationController\PS5\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\avatar\heads\headL.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\LegacyRbxGui\GravelSide.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Settings\Help\XButtonDark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Settings\Players\Unmute.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\docs\output\commands\npm-exec.html	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\map-workspaces\package.json	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\StudioToolbox\verified-badge-sm-2x.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\avatar\compositing\CompositFullAtlasBaseTexture.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\Settings\Help\YButtonLight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\VirtualCursor\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\ExtraContent\textures\ui\Gamepad\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\smart-buffer\package.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\sigstore\dist\x509\sct.d.ts	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\AlignTool\AlignTool.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\content\textures\MaterialGenerator\Materials\Limestone.png	RobloxPlayerInstaller.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1F4.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\Installer\e57ee48.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFBB8.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\Installer\e57ee48.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF51E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF54E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3DA9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1C4.tmp	msiexec.exe
File created	C:\Windows\Installer\e57ee4c.msi	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Installer\MSI3BA5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4339.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\Installer\MSI12FC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI134C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3F7F.tmp	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Installer\MSIF55E.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2308	MicrosoftEdgeUpdate.exe
1340	MicrosoftEdgeUpdate.exe
2308	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2844	ipconfig.exe
4200	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 49 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133777404195586851"	chrome.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ = "Microsoft Edge Update Legacy On Demand"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CLSID\ = "{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-8aa36bbf0eb1494a\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\""	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CLSID\ = "{E421557C-0628-43FB-BF2B-7C9F8A4D067C}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5B532AFE1A6C6E24B99C208A5DF6C1CD\EnvironmentPathNpmModules = "EnvironmentPath"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1540	WMIC.exe
1540	WMIC.exe
1540	WMIC.exe
1540	WMIC.exe
2428	Bootstrapper (1).exe
2428	Bootstrapper (1).exe
4208	msiexec.exe
4208	msiexec.exe
3668	Solara.exe
3612	chrome.exe
3612	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
4448	Bootstrapper (1).exe
4448	Bootstrapper (1).exe
4448	Bootstrapper (1).exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe
1628	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1540	WMIC.exe
Token: SeSecurityPrivilege	1540	WMIC.exe
Token: SeTakeOwnershipPrivilege	1540	WMIC.exe
Token: SeLoadDriverPrivilege	1540	WMIC.exe
Token: SeSystemProfilePrivilege	1540	WMIC.exe
Token: SeSystemtimePrivilege	1540	WMIC.exe
Token: SeProfSingleProcessPrivilege	1540	WMIC.exe
Token: SeIncBasePriorityPrivilege	1540	WMIC.exe
Token: SeCreatePagefilePrivilege	1540	WMIC.exe
Token: SeBackupPrivilege	1540	WMIC.exe
Token: SeRestorePrivilege	1540	WMIC.exe
Token: SeShutdownPrivilege	1540	WMIC.exe
Token: SeDebugPrivilege	1540	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1540	WMIC.exe
Token: SeRemoteShutdownPrivilege	1540	WMIC.exe
Token: SeUndockPrivilege	1540	WMIC.exe
Token: SeManageVolumePrivilege	1540	WMIC.exe
Token: 33	1540	WMIC.exe
Token: 34	1540	WMIC.exe
Token: 35	1540	WMIC.exe
Token: 36	1540	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1540	WMIC.exe
Token: SeSecurityPrivilege	1540	WMIC.exe
Token: SeTakeOwnershipPrivilege	1540	WMIC.exe
Token: SeLoadDriverPrivilege	1540	WMIC.exe
Token: SeSystemProfilePrivilege	1540	WMIC.exe
Token: SeSystemtimePrivilege	1540	WMIC.exe
Token: SeProfSingleProcessPrivilege	1540	WMIC.exe
Token: SeIncBasePriorityPrivilege	1540	WMIC.exe
Token: SeCreatePagefilePrivilege	1540	WMIC.exe
Token: SeBackupPrivilege	1540	WMIC.exe
Token: SeRestorePrivilege	1540	WMIC.exe
Token: SeShutdownPrivilege	1540	WMIC.exe
Token: SeDebugPrivilege	1540	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1540	WMIC.exe
Token: SeRemoteShutdownPrivilege	1540	WMIC.exe
Token: SeUndockPrivilege	1540	WMIC.exe
Token: SeManageVolumePrivilege	1540	WMIC.exe
Token: 33	1540	WMIC.exe
Token: 34	1540	WMIC.exe
Token: 35	1540	WMIC.exe
Token: 36	1540	WMIC.exe
Token: SeDebugPrivilege	2428	Bootstrapper (1).exe
Token: SeShutdownPrivilege	5088	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5088	msiexec.exe
Token: SeSecurityPrivilege	4208	msiexec.exe
Token: SeCreateTokenPrivilege	5088	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5088	msiexec.exe
Token: SeLockMemoryPrivilege	5088	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5088	msiexec.exe
Token: SeMachineAccountPrivilege	5088	msiexec.exe
Token: SeTcbPrivilege	5088	msiexec.exe
Token: SeSecurityPrivilege	5088	msiexec.exe
Token: SeTakeOwnershipPrivilege	5088	msiexec.exe
Token: SeLoadDriverPrivilege	5088	msiexec.exe
Token: SeSystemProfilePrivilege	5088	msiexec.exe
Token: SeSystemtimePrivilege	5088	msiexec.exe
Token: SeProfSingleProcessPrivilege	5088	msiexec.exe
Token: SeIncBasePriorityPrivilege	5088	msiexec.exe
Token: SeCreatePagefilePrivilege	5088	msiexec.exe
Token: SeCreatePermanentPrivilege	5088	msiexec.exe
Token: SeBackupPrivilege	5088	msiexec.exe
Token: SeRestorePrivilege	5088	msiexec.exe
Token: SeShutdownPrivilege	5088	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
984	node.exe
1924	node.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4996	RobloxPlayerBeta.exe
4420	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2340	2428	Bootstrapper (1).exe	83
PID 2428 wrote to memory of 2340	2428	Bootstrapper (1).exe	83
PID 2340 wrote to memory of 4200	2340	cmd.exe	85
PID 2340 wrote to memory of 4200	2340	cmd.exe	85
PID 2428 wrote to memory of 4844	2428	Bootstrapper (1).exe	90
PID 2428 wrote to memory of 4844	2428	Bootstrapper (1).exe	90
PID 4844 wrote to memory of 1540	4844	cmd.exe	92
PID 4844 wrote to memory of 1540	4844	cmd.exe	92
PID 2428 wrote to memory of 5088	2428	Bootstrapper (1).exe	96
PID 2428 wrote to memory of 5088	2428	Bootstrapper (1).exe	96
PID 4208 wrote to memory of 3352	4208	msiexec.exe	99
PID 4208 wrote to memory of 3352	4208	msiexec.exe	99
PID 4208 wrote to memory of 2028	4208	msiexec.exe	100
PID 4208 wrote to memory of 2028	4208	msiexec.exe	100
PID 4208 wrote to memory of 2028	4208	msiexec.exe	100
PID 4208 wrote to memory of 884	4208	msiexec.exe	102
PID 4208 wrote to memory of 884	4208	msiexec.exe	102
PID 4208 wrote to memory of 884	4208	msiexec.exe	102
PID 884 wrote to memory of 2488	884	MsiExec.exe	103
PID 884 wrote to memory of 2488	884	MsiExec.exe	103
PID 884 wrote to memory of 2488	884	MsiExec.exe	103
PID 2488 wrote to memory of 4336	2488	wevtutil.exe	105
PID 2488 wrote to memory of 4336	2488	wevtutil.exe	105
PID 2428 wrote to memory of 3668	2428	Bootstrapper (1).exe	108
PID 2428 wrote to memory of 3668	2428	Bootstrapper (1).exe	108
PID 3612 wrote to memory of 2744	3612	chrome.exe	118
PID 3612 wrote to memory of 2744	3612	chrome.exe	118
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 516	3612	chrome.exe	119
PID 3612 wrote to memory of 2820	3612	chrome.exe	120
PID 3612 wrote to memory of 2820	3612	chrome.exe	120
PID 3612 wrote to memory of 3296	3612	chrome.exe	121
PID 3612 wrote to memory of 3296	3612	chrome.exe	121
PID 3612 wrote to memory of 3296	3612	chrome.exe	121
PID 3612 wrote to memory of 3296	3612	chrome.exe	121
PID 3612 wrote to memory of 3296	3612	chrome.exe	121

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

cURL User-Agent 10 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	253	curl/8.9.1-DEV
HTTP User-Agent header	256	curl/8.9.1-DEV
HTTP User-Agent header	257	curl/8.9.1-DEV
HTTP User-Agent header	298	curl/8.9.1-DEV
HTTP User-Agent header	375	curl/8.9.1-DEV
HTTP User-Agent header	248	curl/8.9.1-DEV
HTTP User-Agent header	252	curl/8.9.1-DEV
HTTP User-Agent header	255	curl/8.9.1-DEV
HTTP User-Agent header	528	curl/8.9.1-DEV
HTTP User-Agent header	578	curl/8.9.1-DEV

C:\Users\Admin\AppData\Local\Temp\Bootstrapper (1).exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper (1).exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2340
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:4200
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4844
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1540
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5088
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3668

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding BC6913A29B27F82FD1E2BBB265A9955B
  2⤵
  - Loads dropped DLL
  PID:3352
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DF3EEA9C084042B3ADA93ECFCFE32B6C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2028
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 01DFE5A89FF64736194AB9AB77120192 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:884
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x88,0x22c,0x7ffd0e2fcc40,0x7ffd0e2fcc4c,0x7ffd0e2fcc58
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1952,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2044 /prefetch:3
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5100,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4852,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5216 /prefetch:2
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5488,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3032,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3428,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4048,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5892,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5908,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6056,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5372,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5212,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=520,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4872,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6400,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5412,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5044,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5220,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5164,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6596 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6216,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6504,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6428,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6420,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6860 /prefetch:8
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4972,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6228,i,1296388002135255315,7455959566196884074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6848 /prefetch:8
  2⤵
  PID:3732
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:1580
- - C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4744
  - - C:\Program Files (x86)\Microsoft\Temp\EU33A5.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU33A5.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      PID:1056
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4024
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2072
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3396
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4184
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1180
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzVBQzRERDYtNjA4MC00QTAwLUI3MjktMDFBQkU4QURFRjY2fSIgdXNlcmlkPSJ7OUJBOTNFNTEtMkZDOS00QkYxLUIyMkYtRUREREUxNTM5Nzc4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBNUYwOUM0RC1EQzI2LTQ4MUUtODM4OC1EMTI4QjU5ODdDNTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xOTUuMjUiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNTAwODM0NTAyMyIgaW5zdGFsbF90aW1lX21zPSIxMTQ1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2308
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{75AC4DD6-6080-4A00-B729-01ABE8ADEF66}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2288
- - C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 1580
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of UnmapMainImage
    PID:4996

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4908

C:\Users\Admin\Desktop\Bootstrapper (1).exe
"C:\Users\Admin\Desktop\Bootstrapper (1).exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4448
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  PID:4932
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:2844
- C:\Program Files\nodejs\node.exe
  "node" -v
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:984
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- - C:\Program Files\nodejs\node.exe
    "node" "C:\ProgramData\Solara\Monaco\fileaccess\index.js" 8af0d0fdf03b4586
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1924

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:5084
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzVBQzRERDYtNjA4MC00QTAwLUI3MjktMDFBQkU4QURFRjY2fSIgdXNlcmlkPSJ7OUJBOTNFNTEtMkZDOS00QkYxLUIyMkYtRUREREUxNTM5Nzc4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGOUNERjg0QS03NzI3LTQ5QjItQUIwMi1BM0NBOTk2OEFDMEJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNTAxNTAyNTQ5NyIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:1340
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35F188BB-A011-4C86-929F-4BDD90E77C64}\MicrosoftEdge_X64_131.0.2903.70.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35F188BB-A011-4C86-929F-4BDD90E77C64}\MicrosoftEdge_X64_131.0.2903.70.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:2076
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35F188BB-A011-4C86-929F-4BDD90E77C64}\EDGEMITMP_7BF01.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35F188BB-A011-4C86-929F-4BDD90E77C64}\EDGEMITMP_7BF01.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35F188BB-A011-4C86-929F-4BDD90E77C64}\MicrosoftEdge_X64_131.0.2903.70.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:344
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35F188BB-A011-4C86-929F-4BDD90E77C64}\EDGEMITMP_7BF01.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35F188BB-A011-4C86-929F-4BDD90E77C64}\EDGEMITMP_7BF01.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.86 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{35F188BB-A011-4C86-929F-4BDD90E77C64}\EDGEMITMP_7BF01.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.70 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff7f8f42918,0x7ff7f8f42924,0x7ff7f8f42930
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:1796
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzVBQzRERDYtNjA4MC00QTAwLUI3MjktMDFBQkU4QURFRjY2fSIgdXNlcmlkPSJ7OUJBOTNFNTEtMkZDOS00QkYxLUIyMkYtRUREREUxNTM5Nzc4fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2MDM4M0FCNy02MUMxLTQwNTgtODg4MS1FMjdBNEU0N0Q2OEJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4wLjI5MDMuNzAiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1MDMwMjE1NDg5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTUwMzAyNjU5ODUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNTM4Njg4NTE1OCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZjgxMzY5MDEtYzVmMC00MzI2LWJmMzMtNGQ3M2I4N2ExOTc5P1AxPTE3MzM4NzI0NTMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bHdhbEZlSTRSUVlUeEM4WCUyYm9jN0pnUHJQb240Rkt6Z1FkZ3V4d1l5Q1R0c0dUT01kdjlmOXRTJTJmNkk2MVhmT0ZUZiUyYiUyZmk1b2FPRjRWSzZ3JTJia2VFV3VBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc2NjIyMTYwIiB0b3RhbD0iMTc2NjIyMTYwIiBkb3dubG9hZF90aW1lX21zPSIyODY1NCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1Mzg3MDM1MjIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTU0MDYzMDUyMDciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2MDE5MjA1MDc0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iOTAyIiBkb3dubG9hZF90aW1lX21zPSIzNTY2NSIgZG93bmxvYWRlZD0iMTc2NjIyMTYwIiB0b3RhbD0iMTc2NjIyMTYwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTI3NyIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2308

C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-8aa36bbf0eb1494a\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:4420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57ee4b.rbs

Filesize
1.0MB

MD5
0d7500e7db35862c3067552cd968352a

SHA1
6eb33cb316bc8e7fc35b3162140abe445a166a2e

SHA256
a3500c969f0940e021bb379fa9a6f62cbed0c9141beadb74f09be19f19e480ec

SHA512
d5ef2908a7e0280897a44c987f028dfc98af760e38bdb594ed9325a4b0a1883f9c5d3f35727e520b70a6b673091ad60b80fa80a515d61184721ce7675a62ba65

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
6.8MB

MD5
ee40308e2ffbc9001db2324ff6420492

SHA1
47cabfe872311f65534cbd4b87d707ccdef559d1

SHA256
38cd32dedb5c8c2af8ecd56827af5b4477a4b9ca3e518199d389a261baa999a5

SHA512
5f5fd0db005d49d63eaa81b288d2d6d40ce9c84cafd1c75d33723e47f23341d5ff254c2ed6274790242ad53f5360467d121cf1196ec7a073d4506166248041c3

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
227KB

MD5
b02232979af7308dc0c6d65fb13e7549

SHA1
0f5c6ead2aa0800ac7e6067a5c3438aa5ebc6692

SHA256
34fa195b464266238d7623f91ae1a577e87742038086c268f673147385506839

SHA512
c340176ef3fffd395b3ea984dd8dc20af25e7b56838f656bce45684db6e620c4a9ceda6813f353786581d66bb68c43d3c94ec5fd83cfbf197143c206f784d9e6

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\index.js

Filesize
6KB

MD5
0e709bfb5675ff0531c925b909b58008

SHA1
25a8634dd21c082d74a7dead157568b6a8fc9825

SHA256
ed94fd8980c043bad99599102291e3285323b99ce0eb5d424c00e3dea1a34e67

SHA512
35968412e6ed11ef5cd890520946167bcef2dc6166489759af8bb699f08256355708b1ab949cce034d6cc22ed79b242600c623121f2c572b396f0e96372740cd

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\index.js

Filesize
224B

MD5
866e37a4d9fb8799d5415d32ac413465

SHA1
3f41478fdab31acabab8fa1d26126483a141ffb6

SHA256
4d2f5afc192178c5b0dc418d2da5826d52a8b6998771b011aede7fdba9118140

SHA512
766d2e202dd5e520ac227e28e3c359cca183605c52b4e4c95c69825c929356cea772723a9af491a3662d3c26f7209e89cc3a7af76f75165c104492dc6728accc

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\lib\express.js

Filesize
2KB

MD5
d467bc485eddf6d38278bc6b1dc16389

SHA1
e233882de62eb095b3cae0b2956e8776e6af3d6a

SHA256
2f25585c03c3050779c8f5f00597f8653f4fb8a97448ef8ef8cb21e65ba4d15d

SHA512
2add66b4f2e8ce463449ca8f2eac19363844b6ab159a41b42163028c57f07a4245ebefe759a6f90e8685b5bd239c969fe99366eff89378cb8b92b8a703dacd61

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\node_modules\express\package.json

Filesize
2KB

MD5
3b5b76b70b0a549dce72c5a02756d2a8

SHA1
07786baebb5c52882e28a8bd281c9a36d63dd116

SHA256
bdd67333ab62b0bfeb10ecbbb23936db57b743a3eec580a354591fdf63334859

SHA512
bb266dfa725421fb26d26fda0f45a5fa5cd832667b05f27ceaf4e7fc1e032aeea8700493cfdd2941c3c38cd166eee1000d2b9ae3ddef375714e25a2027a943a3

Download Submit
C:\ProgramData\Solara\Monaco\fileaccess\package.json

Filesize
53B

MD5
b9f2ca8a50d6d71642dd920c76a851e5

SHA1
8ca43e514f808364d0eb51e7a595e309a77fdfce

SHA256
f44555af79dfa01a68ae8325382293fc68cd6c61d1d4eb9b8f7a42c651c51cde

SHA512
81b6352bbabd0bffbc50bfcd0cd67dc3c2a7d63bda0bf12421410c0ec8047af549a4928b5c5c3e89ead99aa9240bddb461c618c49287c15d9d4d3a899e8f596a

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\SolaraV3.dll

Filesize
6.8MB

MD5
c3d8a566119d8fee7fb2d0db4dea86e4

SHA1
c8094d474337ccf4dda2b1888a8235f73c20eaf3

SHA256
ca8df8f0b5d9981ed0e284f809472e8013252e59bed1a0f08c98a4b0726920ee

SHA512
0cd41d5d7c90e4f780dd92b03ac0938dbbf082c5658ee660c31986cd8e9d9c68f386b9989373cdd25c34a21943c266495c4f4c85b44487bb97d0edebb96555f7

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\ProgramData\Solara\bin\version.txt

Filesize
5B

MD5
a550e39a1b99146581652915aa853a6b

SHA1
3509c9a74b8fbdce7069149a65b86c70d1fb37c0

SHA256
f637e389c425692bb6ea379c4bdebef58ae2aea6aef7d28488816613e7bf9374

SHA512
4a62903c599ca8cc0ed9f48c9dfbf1cadc4953e2c87a9c5fdd71bfd8f689809c9223bf51f0190e177eb477cd7322c64812c8b4061065346d22a95b79d1c52104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\724e46aa-6dc4-4dd6-a4dc-ff42c32d7c38.tmp

Filesize
11KB

MD5
de8876a887a0e64923c633171ba24007

SHA1
c790296625a63883b3b8cadfa1ffcb17fb2cfe50

SHA256
b8e8dbb3f61893d1b83b8fda0e5208d1d4c08d12dba42af6f21a0cd5596b83f2

SHA512
11d3965b1e940dfe213a634acc45af0ea04a72c7bbbc31aaf8866b7141be4f21ddecf60c6f5d16937a617e951fe031ff6a3fab3cc97278ed8b04e8fda6bdb0f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\825d68ea-2bef-408e-a24f-d50250912d0e.tmp

Filesize
11KB

MD5
003d05ff60c3383ae9ae8623710ecb88

SHA1
c92e0a443ad578b88f45a615563b6867157e712d

SHA256
af071a970dd03453072022ff2b99b2c4b39e8aa67eea3755246b7db3a25e57dd

SHA512
2ae3a52c766f9828803fd283ab4952c1e1a49da1f2117eb7259263667c30a65b3fdd147c5d03a816a9eb36920c3063e1594d90f7ff2a27bf892b1e417568b742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c580205325a6f6bdaaf0ef141061c4ce

SHA1
6e66a7e6e7c522b65672c75fa455f3e920fb99a8

SHA256
dc46869d72e9a156f2c66aeb98e78de9586e89ce3474e1760dbdbbff884cccef

SHA512
39d44e5753c96d395907911704ef8fd5da1117ab44fe74d2d61044932483afb1d424a6a3dc470d1f91a691a2fc632b55a76c8f267b62ec1b60bcd5fab673306d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
276KB

MD5
d0a1c6dfbfca59185902e42f6da1281d

SHA1
a41938d4488bcf1f669a1d97f349615a54af076a

SHA256
dd75f19e9c02868f48ba13192b9533a53ca7241a5b34f4c3d5b461553a029c6b

SHA512
bd1ed43dbd6bcf0ded7a0b68770405c0621712207ec27297ada7f0fe9f1c78f65fa1a23ad2147b0128b63a2fdfca11b8c81ce0107891eba44f1dd924cff08598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
103KB

MD5
8dff9fa1c024d95a15d60ab639395548

SHA1
9a2eb2a8704f481004cfc0e16885a70036d846d0

SHA256
bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb

SHA512
23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000116

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e95c4081819d70f5b80e97f8b6a5c396

SHA1
f3023c57bf03ecdbec2eecc8a9279de86a7a329b

SHA256
c49e44f4a76ee5905da32c18edc10a880a7112c06f3e2682e8d1751e5a1dba92

SHA512
3ef041fd857cb93bb24e437bfd8c871ec4dc7c65a6f253f97d91cad88eb6b92797aca332ec27fd17f50f2864ccdbe7ec47231fece658f64359c59d63098a8a7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
16bb80678e9443df056d46deaebd2166

SHA1
dcdd0b4e9b628bdf0fd318a9398d844ddf13bcbd

SHA256
db6f965e2d3eb823d8da263d34b720863fdc13b59fed2cc095fecc49ad96b849

SHA512
0286d5c9312ccd4848743f63270b43bf7e75dd6b41963781d45a79d4727891afecff145ba406afc9fc587465d0b1cdf8336d9c3d13b16dc245549a6f5e824962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3a95330b3517a1019cd33fbe232a8ab6

SHA1
af6bfef3fceabca3682e3b73a54ff26ae48d36e8

SHA256
303516ad328024ad139abb2c31d4d2791d0875baad257d528877ffd27005bd95

SHA512
89184b8ff71cb068cdb6343cfef9edc7143ef0f9fe4780aa51b7733925368615182b655e4a65b0917ee181d91dc8492f3061515a932b6fa81b51edbcf9b01e98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
54cffa134226d4854a4ee36d694ce669

SHA1
38b4b7ac74e131ffa154ff16d9bc4a8e0730491a

SHA256
9a602d5f09b03f3d5ac5f39429458f25a23f880be41cab04b65adcda31504dab

SHA512
7281b71e94c46dcd11690353aa4b13166850661398753bdc7a74240061cedc870118b132a344cd780277de8c488dc08ffce570e1596be290c9a78c634cd5a8da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4304ff5da1a807c5bb376a302d1ec9a4

SHA1
8d03b1cd34d86ea6124d1654443bcca5def260a1

SHA256
e6e1dd821ba4c86334bb2fcea51378aa34599edc0551f781b7702a5e4d59871d

SHA512
b82cc5d5a609d8ce696a0e2f520a8392b80da66b7dff9fef0fd912964f4b5d11245830c1805353baf0f864a6d5a53fd4584e45893c916b9a42f418ecfdd53ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
a4a9ebdff30285c9edb83b7da6685d66

SHA1
91bcb871fd311ef57e7760a4aea18b120d7ab2b3

SHA256
4dc3f0082e37dae7e163c1be42c71bcf012ebd38ebc9deb156d119a090b2f621

SHA512
6b51989a868250e05f9766da9a4e4b42bfe2bf2939308d83f4447cb61cf204ce9103433f282921f82e480e6d309aa902bd7d46258016d93d586111e79c6af8cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
9586d76c7dae240e58e5722a39c1b8b5

SHA1
16bb39602d10c645aafecab6651edda299348b33

SHA256
3369391ad7709b0d6ec20f4ea1c0e03209cac75acb6d41c070e33067c753651f

SHA512
8458d4ac3f0ef117149447f7c986c7e4e68f3f83b5f5c1bc55747c74758743ad7cbcb14f53b0620c11115eaafa97f7d0ce5f76de8184c7af8e76da4155884769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5049a3976e511988168bb3b8b598716a

SHA1
51f58a4a866da524a5a5985f7e042035a6f02bf0

SHA256
a7cffc5f6a1228bd96ba16505ee588bf41508cbd9d6c98feccc3a7142abc9bcd

SHA512
804b276ebaafe02379ab71f59d4267a6d724b6e1fce2314864c18bcea533b4f1ba8db6fb2aaf57733e492c8d1da34e7240d8c6fe38f89c2d3c77462f058117b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
86c1bc0e3017e6cfbbb3544689eb7d21

SHA1
62abc9e33efbc517a2ffd77cb0260833b1dfa2c3

SHA256
e286a8a3b828f3aececb0fec34a6c398ed83806256f0faee6d61185cd61042c0

SHA512
95b5cd967beeba73707f95de96fe683640a39a3299485cdc392ed398eed2dfa6a8b60996e0689dcd3236a21d2cca9f991063dd31853440e2708cb93cf91c33ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe666ff7.TMP

Filesize
669B

MD5
aa0116913c940e30c8b84e2dd35737b5

SHA1
85fb18c5c749b60e7e47183d70f9c2e494fe64bb

SHA256
cfe685b18114a38e381e1f5f6cb6dd4f6ef91f1d95f92aaf76a467a48066cd01

SHA512
4c3f3ba58988eb44686a68b188fd6411b7bad01970fd034f8febab05e23603c7bea7c790237a0e540508d1a984d12780745c4dc74d5e17123be81bb498ceefed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
18098abe67c07da8ba82a28c4f645264

SHA1
2a97539499c4cd3ad0225d9a42c711f2c26fbc7f

SHA256
dfdeb41bef53aae56766192b58232c13612ffeeb7fd0261956acca21d239f402

SHA512
8eb5efea4dc08b3bcba0cf06a6c183520d047570edb6984e0821bda40d90e61dd3ec1a5d54e906a33f4e7ec32d05ba1b8366330ea4e0da9f63ec8b7efb88e8e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3ed06000-e3d9-4c3b-8dcd-04a05d3f8462.tmp

Filesize
5KB

MD5
dcf866d8493c203acd9ec6daee8819f0

SHA1
ef9940db3731016891d7fa7069faa7ee2f065f32

SHA256
b8c0360604e129a0d9b816c1888a308815916597154b389296d0edaeaa62d7dc

SHA512
19fb9ee57093f3dab41407443348cd9d4586c68bec7e1b766724b4ef5f70a34bc0721fc942d49a631e3890e8360fda27ca9dfbcb821222ffdbf0892832b05388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
65935f8fd9479ed9112b61054288230f

SHA1
83d487fc60f036a4bb225b6da4acdfc666b3067e

SHA256
f641154a3915c2102084c7c6a56033d048fd9a5e7512ac0ab1ce8177cce6f648

SHA512
447f8cbe7dd3ffefd5e83b501fc3d39375405c075c251c2a5de7ec9b98f424451bde687ce29c74de4613e5993d0d9ee565beb5845e5761464cfe2a8cf2dd94f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
e211ab321bd788d7efec665fba84c0df

SHA1
808bce943a5d8b7e32c8ed1ddf14f73ae9622cbc

SHA256
a63946e527f580dc2ae8da645b8026744aa4f211785b55765992e7ff3bc67eae

SHA512
aaf4f48278c9f98ab89756efe8798898cb9cd8fd552ed2db24fbaeff67b15ebe0f391ccf1365bbeaddcf5c507b2ee6a218c519cf0e9980c5b9b90643bc3bd311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bae00bf44c89dce60fc0cbc44d58b8bc

SHA1
9bff64b2b1afe92cf007ec5c4f415acb7b84658d

SHA256
b5e30834defde424f6e4662e0802f7feea9bb93929881893bab866b776d4f2ed

SHA512
381df03160fae9a0b4aa7d4113a50ba6523aa89268467f848eff6ad11bb22a1b5f2e07e647503ac508e96540ca95d12413363e97446e809492e86ad4f1580639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9baf07a1b1f3391ab100858663796155

SHA1
7bf3ad18061171f034d88355f70cbdf975eb3d14

SHA256
92babea699d7726bb1cd609d4a409454072b5a960526cec2bb53f9bdab723ef6

SHA512
cf0272c44bf70494816eaa5b47375e4bd8b5b421fc6fc2d47bae4d8ab36b8df90b362ac23c4fb826ccb6dc11b818055bd63945a646441f84964a2872f82ab0bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
c0fd4cceedefd5018ed5c9ad9594f7de

SHA1
907ac0a5bbe2bf43fcfa91439b06451849ce6139

SHA256
401d34c48e61f7dc393230527f6913c52b87bb564b3333cc4bf645c519e6a862

SHA512
2a6410f14f948166c18080b99bc238f59edc96673a7655055f0ac40b8e9b59a4f0b1bc4520164037a25c37d6f5cdf6c67f4cff27e6fef757777995abf6a4270c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c7a80a4fcb52c7cacf1130aab350dbd7

SHA1
5adcd8b18e0ec4702b401971e50aab37918415de

SHA256
0d5802bf7953ae67195f876ced0118ad633e0f04bf95ce884e41a7b073f83ffa

SHA512
c01be676f3add22d0d38156ec25d57739837c1ccd5b5968c66e76365fd7e78ae9e29bf04eba9f486f31c95e9f8392bb91983d1aadbab4035ad966abb22b3a562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e2a29d1560096311d749ddc611d7178e

SHA1
8fcdfc09a0ccea56cbc20de308fd01aa1e41715a

SHA256
da315fc9c22263d19a298f66291ea6834d4a778f0b89fc155219401b960cfafe

SHA512
51158422155972a60c10c729b278b0697cda852db409062606874f852e9ec11d58e7eb7e3260591e3d1ac981b8179e7ef10be79e2937bf83291157df396b26ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fd17d6cc17efb6e982c5700cea6d7c77

SHA1
70e9b991c8f2efbb90b0e7bc6d3b2a9fa1d2d204

SHA256
4b5c0251da2c2cfca053e34252c5d867cf0504b19afcecefae5966ab4524b9b4

SHA512
09deafdd6888eadca64ff747c78c623dea08b03485f1548e2a914a84606b7f63443baa5b91fc842b60ce11fe9cec80031762a858db5f763a8cfecf02927cc32e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
8fce09b05bf609a71107cbdb13dfa1e6

SHA1
a94986b65648f851c1d418a5bea5403547420dbc

SHA256
b09460b6676f616a0dfd0089d0814fbd41544dbaeff4479fea153086d0471363

SHA512
31c80f9f8c81d4c96eb8d8fa5f6157f7898b0606aa8b6b9aaef3b4560075fdb4f25421fe4b1d52e41706851b849d88ff0c6991126ccf290eedf664f0fb2da542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e38b1bdf70932bbe751e232dc5e9ed13

SHA1
f1fedc7fe26a823c40a33c8df1cd0512e77b6f23

SHA256
a218c97829851a3af054a01fa344f17e232e8de30d1ce354511638b31f61c127

SHA512
eb5e54922053e67f44265f6ffd40cb408a407d633d564b92559b38d9ce21ca9ef9754e703152b733e59fc470f1af7602113bb203ab357c6dcb31e1ea3a8eedd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b642da2141cecf6a62bd0f756d705ae3

SHA1
b94dc8a7c24627eaf850c70164b9cda3f7de2f7e

SHA256
325f9f534b1f9dc78f71b86825661e050afb089853ca5bc21df0630c2e4d15cd

SHA512
565f8a469f608fb5e6d1ba521d9efb00b4322441dd8cacf5a45fd42e98f0b22ee512eb20f0a454f3860518cffee1e3a5657588a272a075038d8aee4c7b5a1fa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
77de729515663cd5f4eab777a02a3372

SHA1
704d74ae2faa6cf08525de350a48f268e1f3f764

SHA256
80d476bf968c21e5d6032084b5035ad4bc761d63f96cfcc18c1a246fbaad6495

SHA512
d748b74339d6f2a5ac74e95080c5d979056f3d8051d0b5fcea6afd9c5fddcf1f5b7b42a08eb80552375dd617785cf5eb69789a892b1e27e37133b59603ccfd87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
eb2496abef34262907220c5f66b261f5

SHA1
ff3e4ff869a78e7bda3a058161441d304c599010

SHA256
7cb92a43aad96d480a2cba596792a0343646c61f782328cca2c2decd3bc5681f

SHA512
5b4ec8acae71667ef29b19158fa94b09e34b2cbde462a52c43fbb7322e86ac81532b234380c4bcadd1b40173cb6dbcbe75c4c430ad026876d01d171826a2a1e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
79348abcfdbac589b6d91c3e5f1ddf79

SHA1
b537ee0672213f30e49e10db316d4f2590b54415

SHA256
16b3122df4a1629bf07e91e68867b1202be1acf91d11d4d98e608ebec9adba7a

SHA512
7f49dff4ae5c3c803134b9415ff5a94dbb4d99e2840f2ffc5492460b366167d814f8fe54bcd1ef921c04253814e3ba620e77d2b8646b2bc228d7f36be8cfe983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b55ff590c1abdb2cfd64f1016793c47a

SHA1
26bd71a20a42c01dba76d8a47dd367df44664c04

SHA256
9f461bd3681c1ad5119cd39c90147512c704cdade3e1a837401b9ffd2d0ec23a

SHA512
3cb0799cdea97bd0d07c7694d5443e193c6aa54cb6c248a136c581672ffb34c6a76a0bbba5bda3f27cc124349cb79f9dd3d3efb89ad6ef3ac287b1782d1affa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1995070ffe02d84308891bf44f505b16

SHA1
8a125ca11b01ffd33d1d130533d5646a4237cbae

SHA256
1915578a669fef6c245a570ac83acf44a181143e25aefe848d1c8fbb1fd6c2e5

SHA512
85fac931b74761508a0adfdd2f704ac3d407531501d9f39019eee82368d5eaf0b14d5da14a1bf3c75a4d809398b14a17e0df211bfd1505f0bd36f75c10b69f62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e005c050251b3b0a3708297351a42968

SHA1
00a1d5343ef2abfc6359f2d32797b17fbdbb98e9

SHA256
10bcdd8d512ea8046db95620c0a6cf39b4d13cb58920a813b046b609cb37886b

SHA512
725c3e849b4274704131bb2cbc2d1758eb03ec1d373b4b7aa3f80c8741a2db473fbada964ab678acbc39122a9f46c7950c2db487150760f2f2ac372de04950e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f58a223be782764b9831294bcbbe3e15

SHA1
7df7c63949ebaa3b95a4e8b9a30175198ff41cfe

SHA256
de04c6269370aaa116fcdc5f055f73cca7bda79f12dad6671606438d33eea4c1

SHA512
92351810e22a275ac99aea09c303094e326b7c0f8af1e3f4ecdd08ee4c15488cd3bf575489fa592a315a5b24b7043ca0cb89fb81a36a391446959c4869b92bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6d172e95bf9b4f888055b00e12d47b5d

SHA1
c787e0cfa35adfc0095c57cec31b1ad829d71965

SHA256
c57bd5219afaac7d30e5aeaedc14233ec6955e37ca12049fdd86e66fb56a83c4

SHA512
a5069d6f5266228616c3564a939361bfdd34ea5c892dadacdbb348791b4245d0267400f52fa79dc13c951edd70e5576bf4c68e054121fcb1830c13e41e5afedb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
df7ed0d4df1da9be86a03f7e9fa82036

SHA1
476ea5faef6e85f237ca143497b90b63a080bb1f

SHA256
68c9a520f454edf57a40f61def74c90e14c00d349b4789d75952ebf90bf514e5

SHA512
49dca6ea101b0512bb58bb2ed6a386a98d52cf3750b1eee89325e9441edca44b7eeddd12f5a044fd57468b0469392cc3c2c5530a400bd428d115473d3b8cf378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
edd1193fdc4ac1da59973c1ac0f30f2f

SHA1
b64ab070ddc65a5e7962d6012f144df6d27daae9

SHA256
fafe545891406a82db1938ac9262547e910938dc275b3303cfa7f165d2ca4068

SHA512
6083a51278fca4ce2641bdeac78e5ff2abce781f37cf05adb1fa323c1f5447738b5759b2ff88c6e91c87c560ce25b7f143753d8175c82a3114d9bd6aee523750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4933cda20adb907d4a944f1495e8a0c3

SHA1
1d516de53f8748ecc23d54706225cea91b369d27

SHA256
bad218512e398eec53cb8ac5009d62ee3d5deef0f71f7ba2428df34947005a5f

SHA512
69f92a17022661b9754beb87ed50e7cb2378f7273e28101e1b71a47ce209c5284d1695f405796a938e0de038cf23519168f35f2566d73d4c3184979bfb0b2afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c083ec997b7f5183d54fb3e52fcb0bbd

SHA1
e0b684055a12d2325e15a993fa5c2571b17bd270

SHA256
04279ad4c3bc5918617f24b717cf53e530d2578b88ae3aa024a1148e5de416e0

SHA512
c167b4dfb1fc701aa2cba1a5eb8bc8cd18e79f801dd2257c972f5275f5de22c0188423146bd5b7452f89ab2b9e5c47e0101726a15d3342f80976a2fb52e82f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6aa8c7b13b0cf762e050fdf8f8a5478c

SHA1
b1c4b9f06a46581187144c8ac8b72978fe604df4

SHA256
57144c7e8ea898f4e12f4466a2ff865e414f2c6e047bc68b4c6fb19e736b3175

SHA512
58784a9ab4f2a063f9fcac4df64258554bd007079406c6039d5487f6b9ca779732ce409a6a955a56eabc2b43bb3602f577ee115acc17a77731c4b4b2ed94b1c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ee6db1bc66dda4e4d538dcde535b8f0e

SHA1
fb4a260dd14a1810228252ecb8433a0ae06c91ee

SHA256
5c3f042875d95e8d7c6abfb660303f611d37122a5b149652ab89803b02c2fc80

SHA512
801aeb15a98a659be8a4e7ffd45a67c3cd42df30e81176b90e4bde699829ecc87a3f75ae1d4864b08e7581f4b8d0729ae3f0c00bac6c633a70eb4f1a3d2683e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
705b0f04d85548dd19cf7718a57cf8e4

SHA1
a71f240b0eee9bc081691332ae36c48a4d2e14b2

SHA256
a1dad7121a27c06a9b1ac22fdf1423d464f46c0176397d2b8c7915898009a499

SHA512
2362c56aed8b2a5558a1f670f3239eb2e736e017332237a77f6145791647f03804c03810ae1c276b18f59640545c4fbedd88279a0964c93fdc9801c29e3f4caa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
2c71c23f0e063039993686386b90acb3

SHA1
27a2bf6501c44f52eb4d9de05178362a81245209

SHA256
9d9a41ec8c3b6ee7dc865f888ffbd7a1f4113a7979207fc4608defbf7813b38a

SHA512
24e5fde425459a47cd64848b9c82f3d5d3f3301368f40e7c8d0663225980d3a93ffba03009f5beff52450750ee50e6221b10ed99c7c1be086c4f806247e7f840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
26a8416a388c6b8108281261e87ee9af

SHA1
a21e139d7257a480a0f742bb1fe7befbf8c1787e

SHA256
9a5a1d076fc45f888d67392a55a54be800d3c5fb45ad54e93eaa325938cf2459

SHA512
5de0a2bc7e51d825a135cda20bda774321dee2ad5c31ff8987c966ffcaf1b4897caaf60a4965d4beca8f98423c3ce2a817616b8fc99a327f6d788945cee617e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
dcfad342d8afc313a2c679213657c73d

SHA1
1ed5c6633f1dac52a1e8345722c6282378e2f9bc

SHA256
a923f5a57b16040fe81574db0c43309106f6496155d9d5a497543b6d256b771b

SHA512
a538bdf9c32d4e8720f692efeaf851a6a6205d660f33d9416a21b482034c995ae0612ece795d5d59e6f63c4e0eb76780780caff537b43998b6e7069c5a45b927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
909b3c734f4eefe52bf6e62bfb2f356b

SHA1
c0a9fe7d8115e9fe571977e6897f7a30e5cc22f0

SHA256
47056d5b2bb70c26005444b2ac6167b8d49b1a63a5e48f1e1b10ab063649cea3

SHA512
992ecac3416b586bd4757be6544d18975aaef3fcb89629a4c230ec954f51f56615bab1fef9daab6037f958a4db2ae9345f0d51be23284196c5ef28c07a5bef23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6705660d974909d32defdaced49f4738

SHA1
54137b1db897d9b1e68e6a7fdcaeeb6499b74c76

SHA256
e64e90f52e837a7c4580cc313a4a749aa14d81567c7fb6de289aa07a989c7516

SHA512
012070eba04a00e63bf8835a5b186cd714e690f152d1bffcaae22327b2e68eda9a476eabb51f8be4c0256f74dbd4d3b250f98e25814802f47cba8f9bfeb50c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0ed4f5942b371ee4a370b2e1540b7abd

SHA1
61e2f742bfefe0b480024bff5f1595ed257683a1

SHA256
2adf795f478af2e337836132d09f231333181ef1cc6ca01c6eab6a461e8f6824

SHA512
4571fa5f64b35adc53f48ee74d6e709c43b0973576cd9eb17996a9d583049df91d7605bf210c21194736dd27df500fe52fbb6d03d198a480b1b26f2ce2a4c079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6ac267d1d4f1f12fcaf8b0afb902059c

SHA1
0b88fc271eabc149306467f4abc98d04b55d9b96

SHA256
e1b43e91283837ea442a89a26655a6a8f4d54239e6efa2968b7e475a03c6ac2d

SHA512
e553825fb074adcf9ee5f2c49cf86844f246aa1a9d65e3f006b73237f6ec3afecb7a5ccdfd825a8ed7b612f5c7c2d4657156d8fc0754b66500e311008f094596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6daa92778fdcc1bfa5cafb50ff5caa9b

SHA1
f4627a54ccb2e2899a483ccb8cf541197b47371e

SHA256
6a5a90ea8cecba75dc054eace975cc0557c4c600ab7f152a2bbccd0d2b729ef8

SHA512
99b569ceb0c469756401dea3b17f023d83ae469f945fcefafc4ce4afd24b0df110dbc95a21188a2855df64d2be468b92b16c707c5110b971c83a8faa48e0fda9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6d318d2360a7d6e19e887774d483147f

SHA1
bb8e06efa9e599324f0cb25d923e55add94248dd

SHA256
bc35378e86f610ea315f4e98fa4a0a5e0e420bf7adca917e293c6afb68d92c44

SHA512
024bea2a50ae8b14cfb40c1cb8e8b5d28f16baa67f7e6e17607cb2a080d74845f55676eb4d02c339e2ac50a8c601931ee44f5af1264ab5b4dc7864bba96f9175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
45755fe666fa4e6b2c5ebc91ed4385c8

SHA1
f6d3624bc5543a8afd31188a2154fcdc1ee03763

SHA256
6defb97f4386c8f236028c97c389067ca4e98c23ae42793959751e0e60c0ab0e

SHA512
14bcf3ccf769d28d4dd9be82dbe66877c7a3d662b47b05f83cd7f49f935391abaee154e8c992b0e653e17064744e3d787f8668d717d45e4374551478bc611d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5d2a793511c849fafa11f6d4fd22e52a

SHA1
676bb87c537ada7fd5f4d9ca7dde124c15ee6978

SHA256
f83e0d5768d0ccf24cea2efd887007f42c3f728af90d340297ec5e12374963e4

SHA512
f3cd250bcd0c3e6f8dc1d3a65cd582322abb08d5f773ae81376de369fecf7d136c660dded8a6af37fe682b4cf4298efd923c6fc85255acfa286aad41662c27ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
f9e2fb7f941dfbc8fea713667bf18507

SHA1
fbc39f388a8ba46ea62f28e0b06c38fdd32b68b5

SHA256
927fccd0c092c9a3f8fd7c8089ce34c8446efc0ee72892495da0aa858ea1ddf2

SHA512
e0e83abfb0bcc628125e3047df931f016f9baa2825c98e8b2e6efb0b18929eb935cfeda0a70215a34c13a430eddc61fd52c16c06dcc79537462a036e2fce28b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
5cfdfa498864d5c52452dfe2cbaaae62

SHA1
d95badb524aa86eb05d32f87413645a98eee3756

SHA256
4c24d1a17991cbcd579941959ba77f8531bad9fb67ccc1bfa49a0a875ee43355

SHA512
15dce98c902af26dff97405006571db3e6d7ea9dc307ad64d7e5872dfecc0c73d11f422d766472cb48b898040e84f8fa361236c532a15fbb79e6690b4469f1e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5eaa9b0263dd20864de2f8737c1ed40f

SHA1
b50da495623e376a1905d1de2fce43e28103c13f

SHA256
035061932bb0328d8dce7a498a9a2a79909e644e659c55675230be5916f15f05

SHA512
f18641c25bb2f18f13854536c85605ab56132fd4ce4c5dc692894551cb70522d5c8e66865b3c043111ca87c2250270b9db73253d3b1101499d0b88e5726c5af7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
41d9d0245db4281311d308c277bbd21e

SHA1
7a83237e16f5cbc12e88d80dace22057e7dc6f29

SHA256
ea47f02b57e4c64d9b897e3346666e315ad18f29254d69d2c13f2247e7292cbe

SHA512
d3b99ec23d9d5f6fa893fc612f68ae62aeb0769945cbee980b47ee087f5b36eea9d36e5713c50bd3832171a537978bc3f4a12728a6afe369f9be1c061cb7c62c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1e74f0cfaf94dcb82cda5fd52b47e858

SHA1
4f4247ab2dad000a02071792c81d166f36899ecc

SHA256
aebe30b6852a2c52733c4699ca0a0c9cadebb8549e6e121603848e43a03dd737

SHA512
2a203996aa36e1cb720013f800128b4e09100ffc28d1448b71230ace0101df4f424731b555978714f4d9b46fdc71e68225a59a7160cfb713fbd7d0c4f6497f2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e0ab889520a71b7c620fe9b518c1cd9d

SHA1
378e545ea28daca693a7ba75c4602698281aeccd

SHA256
e606bf7163d9def6a0e5a6d6144ce718445690d2f71b45ba056c2829484e87e0

SHA512
ddd583a8f85d4392090546c6bb2d2f49b4e0b62593390b31d6c308411dbabccf46c49ee93a9e5861f8f5f52ca1a1d307093be4b5cd5c6e26181eacc49fc1e442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a896fa2204dd2682242d047df37325c8

SHA1
d388c0bea7971c481247349ad6d50486f53944a0

SHA256
c6e9e1306595532c4139a628d4473051c2bb3ee8df5859c0729fe3496db95468

SHA512
1036e50a1339342457ddbffdb020a704422f85956c37261c98308660165e25789f300b0973562dc11c7d518c70fe50d5d6fcc08338f40802703eb5e48ff1cc20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
789734cc3a5138510713cec676acab53

SHA1
51c0664ec9a09a4478147a3964e0f2fb06c1b0df

SHA256
09edf27897ce2cc410a2eed644e11b6e59e358ee8c09eb65449579f270ebc22d

SHA512
3cc994788a93df3c1ec39ab4a1759f054cb91620206c6feafd9995fa157000e7b16fc388982c7f7e2625d299f240135c0e52e93bcc509c9942624c1223472374

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be529bad21ae2b6067e1b85f30519826

SHA1
64ac0c0e531c5ebf782e6f5b20be8afc41c2c464

SHA256
078f2e07704934f0334aba7792bd34c7a587771f935f5f449b3b9cbf8518fe77

SHA512
ae6d3544ab4420e13ef6818c0d196a5a60dc3c69e9749f01b01e876af235b530736172c414bc4d5c83f3dfb28b9fef15e4f0f961c2fc331db3f8b97334f6b83e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fad1f60f3a6d7678e30aaf9555eeb770

SHA1
e522d8d4c05f53f3dab2670f6d51d8ec1e84e5f4

SHA256
a930e99e7a2b1e051d4ea308878090fcca4b7374a9fd8a794873e13973fe6d62

SHA512
6e84a08d0e2576cbc34bf638ac4f24b7a0b2774e8586b9d6f985b79fd7a0afd52f593de14e5c0748e01f8477b0c952a516fef170bd13fe033102b8a411788e8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
240ab6e734760dcd54825019a49a12e2

SHA1
4a36b262633dc82db464fe5cac39407085e467af

SHA256
c96d58edc76dcdc9d3fb83f10a5ebd0a1a2607b2aba5ecd72d2b37be3c64f605

SHA512
75b8f97bb45ba23ae21cbd8c2b595e6e5103bc9bab2aed3629761093ed64cc5612e48d04aab8d1485c7250d7ae3053f7938f0d57147d3fb3f74f14ea43bc3b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96b6e9a4e769984b106733ea3255377b

SHA1
fe7c95f9c06e3011168c32734093460a34a0f11c

SHA256
fdd8ea5c34f70ea745af0d173f00556c18bca924df297acfe4d603b2c2bd7e6b

SHA512
ab925e4da314cb139bbb976f49853ecaeae3b8e23c6e8fe6190d14625ecfe1c5e04e1ec6bc677ff2dbd4a67163a2492e60419026ab9547d3d3e32ce9fe9cd6cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2888daec8e3b963a655cf91b9d6f78fe

SHA1
475c9f50ec6fc9d500d3d7a3a2e349ce42c7ee77

SHA256
f9a3e705876ec95be0721ec040c5f59ca6dc36173f68d37fe75c42d4ad9ea640

SHA512
5d1fcb878f4ef761d65ffb5a87678fb2e06c6d112e9231d6d38c4665907e7d92e8f46040b0e615d2bfd13865fd2825d77e90ad961e3eda0432c38c450fd6249f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f2f8d9e77c75351391c8e2e996121f3

SHA1
4657d73ca20e651ea4a301964d8a7014d3a90496

SHA256
07c961606726b51e9b34be40b43d356c449c874b485cd61c5a623a5c083f1ac0

SHA512
50b06c1a65531fdea8b3deaec8400443a53558f633e31789adc4c915ab4f9903df2d2165e721a705e5f1b0b9f118d5a95edd7fbab7872100354167041d798dc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96ba51176f1e6954e428a68e102b0918

SHA1
16221fcccdfa4cbb5c4237299ddc9625922f3b6e

SHA256
a26ed98a1a111d2e2a54db74a3b3e95fc4243c530e6e8f0ffa03e746c12ac096

SHA512
523178a8e7728db3cb83afab6b8de59fa7bbabecc7fd8c64de3ae0b9f1b3f3cf9b05189330537c7e4194d72deb70e1abcdfca549b962660623b15fadd11aaafb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c74cf3d5fe185adb2e9f07a82065fad2

SHA1
64d3f52c74ea996525093829804effe4343e5598

SHA256
1fa4bda2792958e7f2f6925539f483214996e1434448e449cf0ad513e53eb16a

SHA512
6bd6999d4adaec2a9df935c8d618fc6f39d3081c023d38dcc907190d0528997ad25578e3d35b3cb9fce8a71b6c97344bdeb863f2516e64bbee2d7735312fc0c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
23397b3f58156e952f3df5456f817f6b

SHA1
a43d290f4d3f6005d2d8d39d53fc4fb21bfefb77

SHA256
ad42a6f2b80d988f9ccecb99c66357d2eb4fdb4f7ab18e69fce0d7b5ccd92f02

SHA512
6cf5b36e09ebb4440c9dd7a99463850af566f1946dc370f9edfe8549babd23c4a19581b25c4e9ffed99c11788b2f15027ab93fbd9e37bdd2802c71f0a900aa6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ff19ab6367454d198ffc4b8b29366a5

SHA1
c3701e91fb971c7ff52459dd033e9de67c075e30

SHA256
f8251c291d29bb2f073c852514861782ff820ae4fd0663741010984d198c2f50

SHA512
afc8b10f3258d46f3ccee25725fc5786c5277181aa8064085f6d210539266737ad54999bb87a8ad4dbdb8123aa3ac8e15d46be79f49f48f6214305fc2da99307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea126802b9868d9d98ed8bef05ad3ae5

SHA1
208d997941287ebc640827f0d1b0f3076b72c76c

SHA256
ce40e0b4eb49a0dd84b91b2e56fba451a0de03b9ded360d0ea985674c9701842

SHA512
6e2c9334673af4179e2cebd635063718eb33224b830918ea908df7bd2a36980ba51eacef65896e6908a8faaeef11bbd7840017023054f07ddddd223614633c45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8cd3a73bc73aba4ddad82a35d487e700

SHA1
167c8f6a62e83dffa867e9a52718a8bf43b4ff57

SHA256
6c1f2ea5ecac0dad308521cccf5d9c25ee20bc4e14dedc9daf61f9d41e97df01

SHA512
65892d404aec86347cceda1614803ab56e8269cc1112e8782ac5a4e2a600fa411301804db9c1f5e881f02d968261ff13f755ec0f4f8da06d5e5bde8a93392af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83631efbd3ed639458caf7cfd9a87c1d

SHA1
4d5b20294775465e92a99fd53428e34bad821b0e

SHA256
455ac16f19b7e35e7167df86f12dd5121d6915035b21828a78f506bc626e93e2

SHA512
06cd7e22b86ba5c5e0b8e08fae1de6dee24f2f667d48913fd955603d3f467a26f57f1a9fca7b5e299ef89257ac6857ff4ade2c93f760be84c19c1e07d3ba46ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41dd2928677876c39c4c4bb349ed8f09

SHA1
aea9aaa1200548eb09f7365c8e982fa0b7c1d67c

SHA256
ebdbc48e43ba2c587aa0bf2001837ff4ce899f90d7a61ae97c4eb0f8dbb51a6d

SHA512
201160f2f13c020a21c93cf495e8c99b8cf2b087b8695f49683b9792878568a6e9a11c02bc5d29c72f0fb85e97d6a9fd3f7a298ab72d07c638051593f47ef50d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7892d874a5d5cd9d59c0baebaaf0869

SHA1
b50e1c0fc263b0c0198e5a3a64f4e5dbdf4115e2

SHA256
055d732afa9a767cbb6f9ac10b4b028dea7cb88fd8aa30ba2d3ac93b5d006dbf

SHA512
44df398f89931f5c93cb9669f782e5975790a0c5069069ed3206ff59b2b101b02dfcd5a98a606bc6170d8329794c491312ed14e59db29f137c97d94f6bd013ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cc359f280cbc5cbf5d9e982bf72bfdb5

SHA1
c8bdf5cb508d5dc99f5549ea96263fc9acd97b67

SHA256
dff4275dc1771c7ee17c308b773f27ad4f0eccb3469568227286a7b232905a8e

SHA512
033ca29761ddbdcfe06dc4ddc4d0f23250cf5416c522ce6140160f845cd8b04efe09e160d1c4151632954bb13c556f39072e44881ff4be377e3ca471151f2c35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9c364f4b6014a932c61b4477383720fe

SHA1
2fa707e9d2b29056ed5c55442e832c8c6d79dddd

SHA256
ae2d6e65272475166347ea11c7722406440d38ee853da468b6ffd8fa0000888e

SHA512
8ebff37828cdf6e7e1a850cd3099bfc33b0c9b5b7c5bc0afce4a3039a8a9977f3984b756874cdb4063f896b8da2f2c9f63e5a66f05b31cef7d9a0fa49b1538e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0fa3095482680fdbcbae052e4c29308d

SHA1
1466c2c2faf34a4dcaae4be6f56c3089e2d239b5

SHA256
1346c926279f9c622661c665e02bcee91bab38211e27e9e87749515b7e62e107

SHA512
1274e0fc38800218a11aca1d8a91b1a39cadebd5baea8426763097eba22ed07a36fea461ee717fc8787d35477998dd794710bd96c2887f26739ec3c2347ff6b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
50ea34778ff4b2dba7492efa79b7ca4f

SHA1
b6bdc107813022010cff711680b91317b38b4d6e

SHA256
b55dd2ffaaa6c707d28deedc14222f97e21ce860ce799570d0cd78f00aae9c32

SHA512
dfefb15fae5fbd2eaf4ad708b424f25f2c84a2924e1fb48a1e45f3a272cb53d97228d2454fac898fa1726ab711572d37c1c4bc429a0dd2b5e55ec781a231c4e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5cd93837f86b04228ea87f5babaf8247

SHA1
9171c9099d3fc44cceee5e7435fea3fa304b4254

SHA256
0453d06f61e4db985a0c9b1f209119420f329e12a2c5866cb845da3158f57d61

SHA512
3aa1eb5fc1e7ebcf8383c17d4d0de39555f021210e5fbaab6fe27ebe87cc9f86eff2ddbcbfd896b48fa6b7876e11946d6d401030d58f1da1eb4b731a820a82c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4aacc65b2c9d34bd276514d3ae43cb3e

SHA1
e5501db4d97b6b02b47c538dec8bbcac2a66e122

SHA256
60578884ad1f8139eccd32d40af691004698b070db8ce50bcee9262c7a84151d

SHA512
9aee4b9de97129c5e9534716672b90e8a5eee9c3e08ee6789a62801c2c3dc92df067fbd41edd0aef60c400c7ab1bf325fd227a84e3e0e48b408288b2ccfffa36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
17a0df7fec4a932024513846519de88c

SHA1
eb4e37af9a6e9afa14156d4e0302a1da5d975cac

SHA256
784cd496e0355302efa9665afcb2e45f18207f3e826c89a6509b363cb3ffe5a6

SHA512
46b0f1b09811e08ea3428a63d542c675b6a5808e1fac342d2b9f4a1b4fdb84261f47bddb2a22bd469e7627a665503f83742eed8eef3eab97e74702a7b0c8be6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bc1967b928433353e21b54b04b6f01af

SHA1
9527dbdb135648665081b9771d19dc49c3794803

SHA256
6f2a80f98c0ec590a33211166e946c03fcf264d5467e66e273e83452ced87168

SHA512
5e604105c8dcce358d3d985a6e7b9b14daa53c86090582350ba8bcb32227e32ead93da2b0f43a02038bd8473284f7058e181948bb9d6095a49f99eb85a30227b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
721e193918f5069990fe1ab62e8f0720

SHA1
aa309ee586f24213d92d0ecba5b4d7aa12a8ff46

SHA256
79cfc3e59dd54f12504d4d14711f1049810c408db6cd3a319bd16f6ba6b35a72

SHA512
7140354b75fe6f69034a875273c65cea4c9a4d8301b21fc67e62a37e1ae91af849078165c2b0a2bb6e585622a927e235f28916a99082ea02eafa2c78dced80b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
841ec8f12ffd3c1910c29fca05f75ec0

SHA1
5314d7cfd29c1542ac2cd55f04b89b698d01e9c0

SHA256
3ab92e0de3786a3f8e6a56eb5947d71e6973e1bf8776a0787a2b1eb6e09a03c8

SHA512
d6c20fde0def11ace76f9dc141c8490017be89b9f2b37141697901e593d4a3f3950aea811c5b96965e01477c42f76fac066590daf0be1c72203c6b7766964341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2e47b1016c3e69e2d6e353694f651b04

SHA1
c83feb0da8d64f3d9aea6212141cd32e69dcb32c

SHA256
d21afae8909fd5064ab3dd7b48311d8b4abd49833a2b352bfc7b74abe479ef67

SHA512
57bbfabba504ccbeac25d673e0fef60d435adc56f5fc4e027a1a31a1da879ff9d911ff03c6a7d9c0cebbd7bd3576bbe23aa2067cd62b779c31620c40fe8a5962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
85fac965f429bbd294d99ea1a3ea1666

SHA1
bc18f8b54ef9f1cb5cba1a64b55e46a87d844963

SHA256
04d2d1d8256deb758e6815483ef1f3f312643afad7c1dba2da1ece069d26c04e

SHA512
9522c58e3fc051d719aa9bbacf545bebaa7dcba890975bc81acc014b7375fa75bf8f4b0729e94484b1f84891ae2f8be5a4ca7627cf5e558e77dbf0752b603c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1c6067990f720e430712dc1ce3b33669

SHA1
04473b9f526c08557e6a5ac1f2fd5050a83d24b9

SHA256
d9524eccf81f382ca3f2c7523003362b25e6586cf048eadf2d9d3c33864f9826

SHA512
3a9086ddc5b45f7b4c5868214e81187ead264d9a760d71d7740b5d4c14bb7221064d70fdafc5e62e4c396adb2ba37e9af97d2982de8272892bf76f9eea876208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e12c3e6817cabb33ab2d3c2cacf3560e

SHA1
43a5688c2b4600a08a86e0abe18e133aceba3b95

SHA256
bd626ba2531c517f5ba03ca7ac5747a625d2f749dafd53bd7a12b67fd048b6f3

SHA512
e9098d12de57e401c069837cff25afffb4926456a27f83d186772a4fdade5416284cd684873b34b8ced9aee77754159b60652020515468bf041aea8e1c8b7380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6ecbde1b2577b3970c12fa3794491f12

SHA1
4cffce34996046d3ad0ce025ef4d4baf0ba0f31e

SHA256
bb6a9f1d5e86e717a8512f04bda5bf9633750986287107186c1d4e9353735a0f

SHA512
0ddfb3c89ef99748f6b8c0588ec7155ff74abe66c75952769da31961a44d49dbe6186b8a7db4f6903ba01af8bdae09cb44bc31958d1c1fae021a231bedcfa8e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
289372fe2facdad7f71d04f6d2d069dc

SHA1
7315918b7ea99e4e1ab8176c853fa1bab1979994

SHA256
2441ec2d5b8cccb7060844dfd4954ba7dc6a765b1efbedc36af1ed0700d584d6

SHA512
d88f4bbfeadcb4afb3d8e8b87ca9e9e4d4076ee60cc20eb920d544aa402de04a218b7a032fdcafd2a6676b0ee1c3935935dde1a46ae2fe2afa2f5fe235856186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b93f87503d862ec9f5b8e4fd4fb87d95

SHA1
5a2963ca1e2423aff17c63711fa73f6745312248

SHA256
9c26bb1a20e1596ff6f73f9642342a371cc5a74b5e52a68e7fef9ab99ba5a935

SHA512
5547f890f18bc261a59def7022d187d15c5ea5548d0729beaa74fc9777881653548f182c2093a39354d598a3a51a69a7086e83a23c650576ac055123dc5ce482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1c192ebd4b8779e0cfc94c54a8e0c179

SHA1
6c5e0b9b878916425b015e74e9d75b015ecbe1ba

SHA256
d86fb8bba0eb4c06b42684a79734621db59adc53cace8f7c618ae9a341f1e8b4

SHA512
afe8bb13477ee6949c03329a59e361c0d53ca77247ce74afdd2159c196f4831f9293aaf46d1319a29d2c3201c2e03396715177824444f3f4383b9b33e70b3b14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c1a76979a9132a6a66b9bfe7cbcd283e

SHA1
e3a5ea7ed37ed45954cad32ae96128559f781cb9

SHA256
d091668c659b9fcf543f1525b7c5671044e757e0e43f7fd54e97aa20363b3570

SHA512
894240ed4b91aaf6ae68e3af06d936d486157da0f53cca04b2d3a74050c3c724d55187225e121a763f1ae11b3651a2ee7445bfab52809c2da320d40e107b476f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fc7d8565831c1b1ebe982bdc8e4243d3

SHA1
80cebe68b832e98f934df1b1ec54514e6ed5d326

SHA256
ca644906b6244a6bae987ef3abfae0b3e6256e9649a0a79b07e461a63c308122

SHA512
c2c9bbc7b60fc50004b6eae474d1c72f52ff3733aef6f7a8aa716e86fddb4ee183f8afa9a9cec5b7878f2eccd1ddd03803d9fc02d0a306259140b9560599750f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
555ebf63a7672419ef0dbfeb8c2ecf53

SHA1
701293ca2488f9b8bb70982424a8fc5c0b9eab3a

SHA256
52809df4c95ca35a9fda3756bd635d803da64360f9545d2d9ed99c26fcaacf50

SHA512
1fe1eb4138ede930b9a7fc735610dc907ff88034b647f62742c2bbf42b734f50a6add52629d5615e4b15b858142e95d11a70b1fe138cf74baae7614a6518d76f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82f878755d880e577a4cace47bf18034

SHA1
b4db201a6de7cb9c23109e13f3942d3f8ee34587

SHA256
9889b749c60f95f19dc88dc2f09b0ba51c2963e2ef9d920482bf3a14e975895b

SHA512
e611c28c60058186236344171a68ae5070030b8ab6eb126b3ecece83ad40c8c85483e9df2306771d2a65140ddde926c4b99f5eee5af30e32f8c0bc9e9b676bba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e067daa71951fa8259ede4511365b83c

SHA1
27e739cfee94ea3a6b39d6c9385d66c96260a68e

SHA256
1fe1ba5f120ac14094eb421f7edf055241f1bd195d120967935c4c831e61075f

SHA512
fdb88fcbd6f1e424c857b851b9c2411334f75a87f7d8dbb64b9465a417aeff6f26e3d3eb271535fab4641c3b56a9abc0bfa96ddf89d8e7acfe223a87130ff9e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
791bf7efbe95865d1c2bf3de5e116031

SHA1
0858e2f9c79d60919ce9005056478126a24ee1fd

SHA256
6f10ae3e53b679a6058071aab9a5c3d08d38c3887a424f82606e9d3f7fdef1f1

SHA512
6ff135e99b7b46fe3c467d9fd79b1596ad190e7a18770faad06acf5e0e5bc0a26927eac52338be82b0de8f42ab61349c175503c1a5d4a0da1664e65e2330da15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
79af64161ab6d8d6236d8870b98cd5cc

SHA1
a4db7b8abf94c0ceb51b04c23a86700d105262b7

SHA256
7f350f67dd31369a7e6976f5fcd3cc909f776bcc7159ca7b8008b16844d70124

SHA512
406cc36fb70c289d5bc8e53c4562b63dccdfb72846b44e463757048361591ba06dbfaba8747fb4d1db094196c4565e5031de823ace685bb23bdb5adb013015c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a936d83c0f50e917068395065170062d

SHA1
719b73812a3bf5688410c9a9f890d3427a545e98

SHA256
2763b7289d9beb661fda1ba807c8b1a8f2cb53580b1108063e2931473d1f15a1

SHA512
3e1f349ceccc4eb6ec21a8525dc9fb9c12c64a60f4a64296b28f1d8ddac4358789b216f2f3266bacd7774fb1e39d62e8723b12ddd2d3b8564455678d1aa418aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7b14090b80c95299153928599a09c497

SHA1
25ef6cc940abac39de2ebf60d311b79e4277f831

SHA256
bb24cf262d7923eee0a373adf4098e18b1a0078b483e08bf3950dae80f11c3c9

SHA512
de4d35a75f6775c73bbdf778430667771427c662578b6becddc4115e7cb4446538c1a0afd57f6bc92d54fe4b7e23d661b7625ef84214accd0216aae83b72e6d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9630cd6f22779470e5d35f5be07ad4fb

SHA1
f6ca82cb714f48095eefc45327f47936593b5a2a

SHA256
cda021efbab966b9150ffbf1b012fd8853108f629daef714f2ab489249bc8b8a

SHA512
ccad3d8575b08eda3fcc166685be459d3c807824aafcfc1514530bc024fd92b685964f284c4da727ad16c17af05664994ed944111115a8681b8e211c6d1f1c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
62c189f2c847fc2c3bb5d60eeca09bef

SHA1
af4a0d4b88d0709a7793b51e82fa997fd20e67c2

SHA256
fa7dbdffc69506a4a3ca105d96393d83c3039c650a91f91c113479a01f3c97e9

SHA512
7360fc8a4e81013346f167ce045ede8f29b3969a723b85bddf0833c71b2b94d19afed26483e09c04b16be71bbf713036845314e3e23ac5b1a1e8ff847e6022b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
acd759e471b4e14ef94d19725ccf72cd

SHA1
3d04c3dbf55992b98929126077b4396ed4cf9bfa

SHA256
f11105a2b0cc8bc99798f2de8d83e4119360dd55bef4d1f0e928f00e8b456b85

SHA512
8f4831411026e57dfa2643fd6338fab5523ef6c7f56b464f02595dc1f9fe5ab7c8dcc2da57237a2f2bd9a84381a879ea75c19308cb883c34b6c51008908a2441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
209ee3b49314bea215e69eb721026f3a

SHA1
9974c6b8e731c065feb5e6390c3a85007fe84222

SHA256
b26c29178988c178039b37152b1cb5b9cace9e069114130715f110fa19ba2681

SHA512
a23e061cedec86f380be10ee8fa797d08304168faba6c1d93204aa5a061a51e8f1647417376f5ec7c3e6c1a87a646c5902b9022a342f644ed642d2fc0046553f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9b3c7a9e5258b43149977aebba5483e1

SHA1
b6a1648e7fcb57ca5a50fcb1036747c82cc4dcb8

SHA256
3c5a58d46410eeefcc8ff0c964af65830f216f025578074befeb6347784088fe

SHA512
18545154fa3ccccc97b3f558af48f9cb3826bdc8f197e712052e3c9981166ade903e86418707a4d89d0690df181b5f9531d6837ca425cee886f65c9fd28b7a6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7d5b4b3d6d44d866515411b08d618b11

SHA1
087fc80448675bff320e7a98dc10f55e91dfccd8

SHA256
c285a6715ed14550aa9da0dcdba412e8b5e5e7a96f59d4e19394f9b4744068c6

SHA512
4a68a40d359e7cac3cac85310756d54e3fddb248513f81078b393f4fa017a2684c34070fc5b9ddf695f6c03267eeec972d1f21434c5014fef45571fdc194a7bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0c1b8330364096b708ab46f4a4121d5b

SHA1
05c27cc74ce7ebf3d48883c16503011567916b8d

SHA256
b00ec2b304464e20b72f6f834c467fb957eddb517d9e8226f9b84826fe2c6171

SHA512
549258d853abc19464af5b41f2cf55a22696be8d829d7a26f9017f4f7767f42152a4083daa5b2ef0fc356fab7b4d6ba472de11c504070b1a7bdca7467108aeba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dd3f18e29a8ab25db17cf26c4d1c03d8

SHA1
307ff0811c09524c618d5dc92ce808609e0f18ce

SHA256
ff04c0b8f2381d3eca56c891cdd13e90434dd4f771be99992a88f9c1a97b1003

SHA512
79298e813c3b5acd9f6fb34d755f928155c13cf1336768e860f07967b7b7a18cac8e0956fd5861811b38d08fd254028d30910fba8e3d71c11b65e3ef96d99891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f3795afcf4729184bd7cebfa8703a04a

SHA1
a408b6815a0c412441ae534e3ed997d3bedb4cae

SHA256
1b7ef21bac7f72ace1cf55f03055e61851ffcfd5aacc41fceb33bf774568f132

SHA512
db4bb060ea6ce6183e2df31c1e1c28fcd9224bece9a1dad58ea0745192a47dbcbac092a088d56586dd283d064e24b324483ef830e1e943936e45b521ed974cfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
671b0de8ded82c3a047a62538ed894ce

SHA1
cefd4e502c500fb0ab32bd1c2a71128dd72049ee

SHA256
907840ea09bcc51ebf5b9641d70bd60d1b45a3af47af2b3c956f3920ca09ac23

SHA512
096a4d9ea25a98a1a7acb261d589f21614b62388bf36b4d2aa945908b2cbd68f087ceb5788b7ef3f13f49bed846ca1f520561bef8ddeddda325e5607c6f2e78e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
45b14d564d0855a011e4a47925354162

SHA1
1ecb63f5f069e3600e4b04f4228842430fe623a7

SHA256
b45bc3549d3a8b3934ae05a491e339f0820fdf09d066e816876d46424bdb520c

SHA512
e051223e120a49b7d1ff59a7299d6d4dffa5d48e0ec3381cd93b2577f731c2073c8b8cc1784b33a213400df43c47ac094cc220b374151651bfc30c9f873e5ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a73a2e0703625d3c05eddd83ca7c2754

SHA1
da0fc579b624045b350fc16fd9dc771697ab50c0

SHA256
6cccb3ae7a0da88c0a6acbf8d981d2a84d8fc4ec2428bd8208c25fa86ede169f

SHA512
08b7e707947066c2ca63cacce5bea0c0e2939336d59cd6e7b5121b59b640bf8e1201ee8ab9a579a2e9b7ca823f84a896b8e22eb148c6fe9193f3fe5584cb696d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
01da9aab0458eca510878f9d6ce3ee0a

SHA1
aaeb5c2bbbbc1709a56a460fba9171ae9915d8b4

SHA256
887b2062522f8eefb47534325a8aabd1ea52b98430658cdbdece2b4b0adede7c

SHA512
fc575ebe93b845a7283f73e20af44d9373b785f76121c69faa1b39240616a9459e536d405af661b96f156813b41867561cc7c6e78fa8a5d2f05374064ae777ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7953818fe9487a3fd19df654c7d209ce

SHA1
470aaa149f7a8f02dbf40c351714d558f6647e3a

SHA256
c5f5b871b7a9f5d319b5b672a36dee46775655952e521a7a5f08519dc7247c79

SHA512
a659ac28096e587adbb5ec077a4a6549b2a7a5ba4b5b1caa6e1c34a266313b8a08f28f00a5caa563f53408f4697801407d016fdab02e2636e3182076d31406a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1c9432e35c967c8f9f81a18f2f81cc87

SHA1
bf56e641208f92a38d318504d8b957882d9c5687

SHA256
6f1d72d745d86cbae14c80ca0bff01abab310c84bf5b8c3b04cc440882ad9d27

SHA512
9d1ba23af023d2d81f49f7c486cece7aa776fc6d709fcc9fd3f0c8848c619f8ab09e684da03d3caaecfaa3bc88fac7517b1a354b6df133f51e94fd0a3e058165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e010a32754ba9f9e38edaf32f1eea78e

SHA1
47a5feb033552b49925be33e677905a27e087f69

SHA256
bdd70dbc804bb55d55830930153d4fca1b9283659abcad19878b7787b574fb2a

SHA512
10bef8c01f6dfcbfad701093d162461bbb81aed6c9b76e9a8eed8c1204d6d7daaba99709167736f956e33b9402a16c9b8b534f1f88409876951d0d8e820a3284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
98271f41ec832f6ef324766f6f15ca6a

SHA1
4e2ce58cf6239b7b35181fd76185445029ad186f

SHA256
12ed5bb4ea3f956b8a5035bd5faaf1897fa7c2e828b85ccf6c115d2cb10e48be

SHA512
4a5246d22d65ee67ad19bac78e88a792f93efd30c5534166bb101ba20dde3c7ff1c58bcb964c96ec43c0859f2dd7fab02032c4c4c3d49d14b6d5e062416574d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5ddc72ed9133459c28ed2e729057d74c

SHA1
261926d7b7760b861aea00f2372f7763e0be77e1

SHA256
d3b7c0eb0de5dfb33595eb0abb4154224c8405d3f705b780b6281ad2e16fadea

SHA512
7076ce0c14c1cc8a4b83cc5d0537e7d0a44b4000a7f690174585da3586114de1821f6aef1138de834dff7f74319d10d1cc02fce207a1765033f8051e61b7960d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4926851616f92a338b9bfb318585d403

SHA1
20e855c6053e68f9f154e21336690dafc2f56b19

SHA256
f0326df398ba5dc1d5f44a4742fcf6da6a5489fdd63ad53260aa7b29d713830a

SHA512
dc97f0c02c01923f8785c6e1661a1e7beea91356ad1c6e53ef2401480d18f581a7655325770bcde0ae8d509410eb33d2d2bd27adbe7e5ada75272893819025f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9f53de514dd283d98f635c7130e6dadc

SHA1
cd1a1764ed20da68eeac5adcb715834f6e68c5bc

SHA256
3bb79917bb6ebe707885b398c81cf12f92e86e7fa295a208b9a0a5be2d17419f

SHA512
707f7cf4046874163460d09b9e8558506faf3bc2bef603424104e21f1af4fc4d29573a9abc24bf914ec48667c2757b8849c6df3c4c82bb86065a147c086727cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a44980e4b55fed2a9dc84199166c0434

SHA1
25ad466aac51e7aeea123787fa5f322720807bcd

SHA256
c6dbe91886ec19a579b34e254714192de7ce56e051a0e30ec243da55c3df998a

SHA512
c9aa49543df34fd9808a4cc99257077ca834495937f4c987687698f545148185c84e29a1576915ff2cf190ea9c4340b8f3a17ce48582c97361ae2a0989c612b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d768a1ff14d7b9fd778b07ffb4690c38

SHA1
949860a6c0c53856234bd1e0f0b14a44c6464077

SHA256
06f55728a8723c2871cae9172b8942af49b52a5f57aea6a0ae7312345facf4a1

SHA512
26feb374292d9c5d15d4f160c10964cff3468428fb77a86f6931e17f0626a249409f210ec7d6ba50cbf797a6d3c7147beb3e8c3a865b57617d35be2caf7abc02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd52c4593b91f7c525802409ecb4e81b

SHA1
6bfa634af9e0ed8559848cff1567514df370ae91

SHA256
8f3d6649a9348ff5ed8815ba7db333f0d6621c9d38f8ec8d1506a938982356ca

SHA512
e72d845f30e38887953e9baebc859e7f02d9a2e8ba2ee2722387e89eca7250301772ef3b4244ad8e99a90fbb945ec240da2a96cc5708d9c11ab963fb7e2183a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d2373abdf4caf7c8eeb46deb3e4944a3

SHA1
c11092dd471da0186ebe14efdb9f18b91bc26eb4

SHA256
71e4c41ef3331bea01363acf49d6aaaa57b07660f9014601ca8a1953690686cc

SHA512
fb41f848ce99c62a315ea053a410528d96db904acba3a49d71b5832a86788675265e1ff945cb1d3626d0f2b09dbc0e943f44727ddf88891ce12ab73b38c1cfe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7ac90788cabb06d187893d1e768a8878

SHA1
fbacb9a45d1e5cef7b18140db1652706fbaf113f

SHA256
40d0c6513081c427628170207bffcfda96e15ea8938fe6e65251b0c7597121d2

SHA512
15b701baef76a967424c2437edbfd087421f7e87dea2c7ac0cda5def9dabf8d992b5753b530060cd0b531d908df8f9bca3c9af2f2f26d9d4ed286b622a336e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b8a2de17f74e5dae8cfaf9b3c190a369

SHA1
4709b5020b57671ce92729c0c308a89b877966a5

SHA256
2b07c1e2d7100e073ce491dfca151a72af202328171da4a2068790bfb86af190

SHA512
74e0590b98d5cd244bd0c3b47fcb10ee846af45658687d918845aff962b9b72195136f8a9cec59c83627d5b9ae8b4baffee1a47d3f26c698e2972f9692a4dd5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt

Filesize
94B

MD5
927f7abb17ca831411d25b71065df57c

SHA1
0ec9fa2470d8270188a519464eee20143d061f19

SHA256
d6560bbef84205249a2892d4050ca65645b30ff79a0bbdb6e13e6eebe10fca5d

SHA512
e3119735ad6ce2e1aa9d744e39becef0758db1408587ef62274d3b872cda4de062d9c7b9d432f438691b3b74006d0b14b8596d96b75519ae85e99c985c9bcc4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt~RFe6679cb.TMP

Filesize
158B

MD5
06c0ba7160d75bca38e1fb3f04f4ebee

SHA1
7b5cb3ab7b2ec02d2fbc68d5966754639f0831e0

SHA256
2d2034917a812365e9b5656bdff0e902617d1775902c3217203ea03b7e056e2d

SHA512
9a990e5f6b9acb5f05ece427b57c4260bb649287d38f50ee5d5072c4af66db87e9cfad5dd21aa3851f8bb62eebd1df21bdb4b7c5602cce242905a9260e375afc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
13134082e2268f486410ad2efcf7d329

SHA1
ad664ec2df6567979f0952ec0803d6d7f0ae64e3

SHA256
650147ae2224307132797f528e7b1cd4ac56bf0896298c594ff3b693ac6944c9

SHA512
4574593adec1dee57b979e3a30eb8c670f9dc6dbaffecfa84420a0d2db1d5216d16c78774330467fe5f6ed2738742551221c575924888d6f9da75356984fc5c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
9891f0425c72fd83a6cd5b055dd947a0

SHA1
ee723135b8ea5e40084f87f651c9c6738ecaef6e

SHA256
c841a9454d0717c59d58d1eef749b17288f1dda453ae10d003f8ccf29bc21efd

SHA512
f2f1c8f8d9af1841f5d55d45a69ac996011cd69a56d5e79125ace30644070e8ccff4bb7147a2195b49b825b796c19dd1dd220fa2d0d8000c3d73134cf5635b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
8160e90260b5ebf65575e40762ab7189

SHA1
7bbf4633b98f758e0e335a1bc97a3675962a9102

SHA256
dea05c196ee3d106fdbb72106bff10648404bf5701606228c601a6351a1fac2b

SHA512
075abcb32d7521bddc6a0f48ba501774b794e7ea18ab8b557b4705f119590c5ec9e20194b4993f8dcc3671d13dae7e6d38f1ce9ffa4f838bec7d4d7006f9c83e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
a6818d71c4901be141a6200e473ceb7e

SHA1
2cbd19019cd168929cbbe8e6437bbeb3af1b6e1e

SHA256
e8d94d7ef42ac771f36e056418f48474521a22e1bdb8a0c7bb3383c9c68a3790

SHA512
8f6d93019972ca82b7b6b23b0fbd549fdcb00407b688a605a449c98c4ae59182b1a1c1837dfdb7f9433ab2eb65882ccaaa6f283c36c90dc59d83cdabb7be3003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
b8841765bf7976774ce49ee32b4d4177

SHA1
8bad749e3f28000ecbccabbb09277d5ff6de11d6

SHA256
7f9a78971fbd6ec3d60d6f5277132bdb823e711354e0d9bb9c8d3c022ee37c23

SHA512
1550640cf53033874f300452d1fd11cd21446a94e8204df8273991943d298f34e52e3fd6ff28df2c7a7e82b16eba54b373ec1f6e749f976de40c5da41dd5738b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bootstrapper (1).exe.log

Filesize
1KB

MD5
7227f2974903a25d032dca018f1860dc

SHA1
3480b1382e44c150bb50edac56e8661fe57a97bf

SHA256
27113670aaa6b62a004b9f3c7562c3f9bb55e6df47d166e32af39118a27b0ff1

SHA512
952cc7522a27d0cbe05162d60c5df874f25897cdfbadf77f60aa522ab5e582f991268e5b0ec6034b16486d17c85b12791667fc887e8f450e0f767c9ae84642e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3612_1714848307\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
6.9MB

MD5
1c4187f0b612a9a473010dcc37c37a82

SHA1
34d46733452812d481adeedad5eaea2cf4342540

SHA256
c8d55b0f4f25caf135dabc7f21b9548263022107e9740dfe692b402469cd47bd

SHA512
075678e24a867d5630da324e934837d81a3fa1d848a15feeb2a7be268d38b81ca4210cd44a22e9869173edebecd1947968327ddce16a85b71c03e6307e365def

Download Submit
C:\Windows\Installer\MSI1C4.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
C:\Windows\Installer\MSIF54E.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIF55E.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
837146144a994e351d09d9a64bad30c3

SHA1
d9aa1e8ea396976074d2801317098e39bf858872

SHA256
cda0f624b383a3a9202fbac367324d475917c7fdc611bb6bd3ce11d5868f0911

SHA512
97125424499e558baf16b9d3fec2f1cb11824b2619169cf3a01d77e34744dd0e1588c1d719e46903a45163b2cd347ea30ffc68fe07a71bc191a024153a86dc66

Download Submit
memory/1056-5628-0x0000000000F40000-0x0000000000F75000-memory.dmp

Filesize
212KB

Download
memory/1056-5629-0x00000000733D0000-0x00000000735E0000-memory.dmp

Filesize
2.1MB

Download
memory/1628-4545-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3721-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3947-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4557-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3926-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3923-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4578-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3907-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4597-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3888-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4957-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3887-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4407-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-5114-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3873-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3854-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-5133-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3807-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3797-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3796-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3786-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4544-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-5224-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3758-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3739-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3963-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3966-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3734-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3738-0x00000212F1870000-0x00000212F187E000-memory.dmp

Filesize
56KB

Download
memory/1628-5326-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4525-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3737-0x00000212F18B0000-0x00000212F18E8000-memory.dmp

Filesize
224KB

Download
memory/1628-5359-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3735-0x00000212EC9F0000-0x00000212EC9F8000-memory.dmp

Filesize
32KB

Download
memory/1628-3724-0x00000212EDB60000-0x00000212EDBF0000-memory.dmp

Filesize
576KB

Download
memory/1628-3723-0x00000212EC4B0000-0x00000212EC4C0000-memory.dmp

Filesize
64KB

Download
memory/1628-5406-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4388-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3719-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-5453-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3720-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-5598-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3718-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4513-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-3998-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4503-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4172-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-5627-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4482-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4472-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-5648-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4217-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-5662-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4462-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4245-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-5687-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4264-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4441-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4282-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4429-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4374-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4419-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/1628-4346-0x0000000180000000-0x0000000181168000-memory.dmp

Filesize
17.4MB

Download
memory/2428-5-0x00007FFD0E6B3000-0x00007FFD0E6B5000-memory.dmp

Filesize
8KB

Download
memory/2428-2385-0x000002286B6C0000-0x000002286B6D2000-memory.dmp

Filesize
72KB

Download
memory/2428-2383-0x000002286B610000-0x000002286B61A000-memory.dmp

Filesize
40KB

Download
memory/2428-2808-0x00007FFD0E6B0000-0x00007FFD0F172000-memory.dmp

Filesize
10.8MB

Download
memory/2428-30-0x00007FFD0E6B0000-0x00007FFD0F172000-memory.dmp

Filesize
10.8MB

Download
memory/2428-0-0x00007FFD0E6B3000-0x00007FFD0E6B5000-memory.dmp

Filesize
8KB

Download
memory/2428-4-0x000002286ABF0000-0x000002286AC12000-memory.dmp

Filesize
136KB

Download
memory/2428-2-0x00007FFD0E6B0000-0x00007FFD0F172000-memory.dmp

Filesize
10.8MB

Download
memory/2428-1-0x0000022868EB0000-0x0000022868F7E000-memory.dmp

Filesize
824KB

Download
memory/3668-2804-0x000001FB2E220000-0x000001FB2E244000-memory.dmp

Filesize
144KB

Download
memory/3668-2809-0x000001FB488D0000-0x000001FB4898A000-memory.dmp

Filesize
744KB

Download
memory/3668-2811-0x000001FB48A00000-0x000001FB48AB2000-memory.dmp

Filesize
712KB

Download
memory/3668-2806-0x000001FB48F40000-0x000001FB4947C000-memory.dmp

Filesize
5.2MB

Download