8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
481s
max time network
480s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-12-2024 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

8^/10

defense_evasion discovery evasion persistence phishing privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: currency-file@1
phishing

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	Bootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	setup.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 31 IoCs

pid	Process
5488	Solara.exe
5820	RobloxPlayerInstaller.exe
1316	MicrosoftEdgeWebview2Setup.exe
4524	MicrosoftEdgeUpdate.exe
2464	MicrosoftEdgeUpdate.exe
5340	MicrosoftEdgeUpdate.exe
5440	MicrosoftEdgeUpdateComRegisterShell64.exe
5424	MicrosoftEdgeUpdateComRegisterShell64.exe
6064	MicrosoftEdgeUpdateComRegisterShell64.exe
3720	MicrosoftEdgeUpdate.exe
2424	MicrosoftEdgeUpdate.exe
5280	MicrosoftEdgeUpdate.exe
2448	MicrosoftEdgeUpdate.exe
7048	MicrosoftEdge_X64_131.0.2903.99.exe
7100	setup.exe
7120	setup.exe
6992	MicrosoftEdgeUpdate.exe
7164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4344	MicrosoftEdgeUpdate.exe
6272	MicrosoftEdgeUpdate.exe
6604	MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
2424	MicrosoftEdgeUpdate.exe
6128	MicrosoftEdgeUpdate.exe
1712	MicrosoftEdgeUpdate.exe
4368	MicrosoftEdgeUpdate.exe
844	MicrosoftEdgeUpdateComRegisterShell64.exe
5444	MicrosoftEdgeUpdateComRegisterShell64.exe
5564	MicrosoftEdgeUpdateComRegisterShell64.exe
4988	MicrosoftEdgeUpdate.exe

Loads dropped DLL 45 IoCs

pid	Process
4200	MsiExec.exe
4200	MsiExec.exe
5152	MsiExec.exe
5152	MsiExec.exe
5152	MsiExec.exe
5152	MsiExec.exe
5152	MsiExec.exe
5048	MsiExec.exe
5048	MsiExec.exe
5048	MsiExec.exe
4200	MsiExec.exe
4524	MicrosoftEdgeUpdate.exe
2464	MicrosoftEdgeUpdate.exe
5340	MicrosoftEdgeUpdate.exe
5440	MicrosoftEdgeUpdateComRegisterShell64.exe
5340	MicrosoftEdgeUpdate.exe
5424	MicrosoftEdgeUpdateComRegisterShell64.exe
5340	MicrosoftEdgeUpdate.exe
6064	MicrosoftEdgeUpdateComRegisterShell64.exe
5340	MicrosoftEdgeUpdate.exe
3720	MicrosoftEdgeUpdate.exe
2424	MicrosoftEdgeUpdate.exe
5280	MicrosoftEdgeUpdate.exe
5280	MicrosoftEdgeUpdate.exe
2424	MicrosoftEdgeUpdate.exe
2448	MicrosoftEdgeUpdate.exe
6992	MicrosoftEdgeUpdate.exe
7164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4344	MicrosoftEdgeUpdate.exe
6272	MicrosoftEdgeUpdate.exe
6272	MicrosoftEdgeUpdate.exe
4344	MicrosoftEdgeUpdate.exe
2424	MicrosoftEdgeUpdate.exe
6128	MicrosoftEdgeUpdate.exe
1712	MicrosoftEdgeUpdate.exe
4368	MicrosoftEdgeUpdate.exe
844	MicrosoftEdgeUpdateComRegisterShell64.exe
4368	MicrosoftEdgeUpdate.exe
5444	MicrosoftEdgeUpdateComRegisterShell64.exe
4368	MicrosoftEdgeUpdate.exe
5564	MicrosoftEdgeUpdateComRegisterShell64.exe
4368	MicrosoftEdgeUpdate.exe
4988	MicrosoftEdgeUpdate.exe

Unexpected DNS network traffic destination 48 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1
Destination IP	1.0.0.1

Blocklisted process makes network request 2 IoCs

flow	pid	Process
85	2368	msiexec.exe
91	2368	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
119	pastebin.com
120	pastebin.com

Looks up external IP address via web service 6 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1124	api.ipify.org
1126	api.ipify.org
947	api.ipify.org
948	api.ipify.org
950	api.ipify.org
953	api.ipify.org

Checks system information in the registry 2 TTPs 20 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs

pid	Process
7164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 54 IoCs

pid	Process
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
7164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Trust Protection Lists\Sigma\Cryptomining	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\remote.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\man\man1\npm-query.1	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\AlignTool\button_min_24.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\Controls\DesignSystem\ButtonStart.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChatV2\ic-add-friends.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Locales\ta.pak	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ip-regex\license	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\icon_intern-16.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Locales\sr-Cyrl-BA.pak	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\lib\commands\dist-tag.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\internal\streams\duplexify.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\MenuBar\icon__backpack.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\msvcp140.dll	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\PlatformContent\pc\textures\water\normal_01.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\corepack	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\events\security.md	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\tar\lib\strip-absolute-path.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\AnimationEditor\FaceCaptureUI\button_control_record.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VoiceChat\SpeakerNew\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.99\Edge.dat	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\normalize-package-data\lib\warning_messages.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\readable-stream\lib\_stream_duplex.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\AvatarEditorImages\DarkPixel.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\identity_proxy\win10\identity_helper.Sparse.Stable.msix	setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\is-lambda\test.js	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\hosted-git-info\lib\index.js	msiexec.exe
File created	C:\Program Files\nodejs\node_etw_provider.man	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\TerrainTools\mtrl_pavement.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Settings\Help\XButtonLight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Settings\MenuBarIcons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_sr-Cyrl-BA.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\ansi-regex\license	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\supports-color\index.js	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\LayeredClothingEditor\Default_Preview_Animation.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioToolbox\Animation.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_fi.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\abort-controller\dist\abort-controller.d.ts	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\event-target-shim\dist\event-target-shim.umd.js.map	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\models\LivePackages\.placeholder	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Backpack_Open.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\fonts\families\Inconsolata.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_as.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\CONTRIBUTING.md	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\iconv-lite\encodings\tables\cp949.json	msiexec.exe
File created	C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\gyp\tools\emacs\testdata\media.gyp	msiexec.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioSharedUI\spawn_withoutbg_32.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioToolbox\AssetConfig\onsale.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioToolbox\AssetPreview\info.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioToolbox\AssetPreview\more.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_2x_5.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU3A3.tmp\msedgeupdateres_as.dll	MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe

Drops file in Windows directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI1465.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e57f1a3.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5FB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI33E4.tmp	msiexec.exe
File created	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI354E.tmp	msiexec.exe
File created	C:\Windows\Installer\e57f1a7.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF4B0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1454.tmp	msiexec.exe
File created	C:\Windows\Installer\e57f1a3.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI185.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5DB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3453.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{EFA235B5-C6A1-42E6-9BC9-02A8D56F1CDC}\NodeIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3733.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF500.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF52F.tmp	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wevtutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4988	MicrosoftEdgeUpdate.exe
3720	MicrosoftEdgeUpdate.exe
2448	MicrosoftEdgeUpdate.exe
6992	MicrosoftEdgeUpdate.exe
2424	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 26 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3112	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\ = "Google Update Policy Status Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CurVer\ = "MicrosoftEdgeUpdate.CoreMachineClass.1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\ = "Microsoft Edge Update CredentialDialog"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{C7931E4D-82F7-486C-9FFB-E44AB90B021F}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.39\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods\ = "8"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{42580F9E-2678-4BB9-A2BC-F22A1D432A1A}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\APPID\MICROSOFTEDGEUPDATE.EXE	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdateComRegisterShell64.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
2072	Bootstrapper.exe
2072	Bootstrapper.exe
2368	msiexec.exe
2368	msiexec.exe
5488	Solara.exe
5488	Solara.exe
5820	RobloxPlayerInstaller.exe
5820	RobloxPlayerInstaller.exe
4524	MicrosoftEdgeUpdate.exe
4524	MicrosoftEdgeUpdate.exe
4524	MicrosoftEdgeUpdate.exe
4524	MicrosoftEdgeUpdate.exe
4524	MicrosoftEdgeUpdate.exe
4524	MicrosoftEdgeUpdate.exe
7164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe
4344	MicrosoftEdgeUpdate.exe
4344	MicrosoftEdgeUpdate.exe
4344	MicrosoftEdgeUpdate.exe
4344	MicrosoftEdgeUpdate.exe
6272	MicrosoftEdgeUpdate.exe
6272	MicrosoftEdgeUpdate.exe
6128	MicrosoftEdgeUpdate.exe
6128	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	312	WMIC.exe
Token: SeSecurityPrivilege	312	WMIC.exe
Token: SeTakeOwnershipPrivilege	312	WMIC.exe
Token: SeLoadDriverPrivilege	312	WMIC.exe
Token: SeSystemProfilePrivilege	312	WMIC.exe
Token: SeSystemtimePrivilege	312	WMIC.exe
Token: SeProfSingleProcessPrivilege	312	WMIC.exe
Token: SeIncBasePriorityPrivilege	312	WMIC.exe
Token: SeCreatePagefilePrivilege	312	WMIC.exe
Token: SeBackupPrivilege	312	WMIC.exe
Token: SeRestorePrivilege	312	WMIC.exe
Token: SeShutdownPrivilege	312	WMIC.exe
Token: SeDebugPrivilege	312	WMIC.exe
Token: SeSystemEnvironmentPrivilege	312	WMIC.exe
Token: SeRemoteShutdownPrivilege	312	WMIC.exe
Token: SeUndockPrivilege	312	WMIC.exe
Token: SeManageVolumePrivilege	312	WMIC.exe
Token: 33	312	WMIC.exe
Token: 34	312	WMIC.exe
Token: 35	312	WMIC.exe
Token: 36	312	WMIC.exe
Token: SeIncreaseQuotaPrivilege	312	WMIC.exe
Token: SeSecurityPrivilege	312	WMIC.exe
Token: SeTakeOwnershipPrivilege	312	WMIC.exe
Token: SeLoadDriverPrivilege	312	WMIC.exe
Token: SeSystemProfilePrivilege	312	WMIC.exe
Token: SeSystemtimePrivilege	312	WMIC.exe
Token: SeProfSingleProcessPrivilege	312	WMIC.exe
Token: SeIncBasePriorityPrivilege	312	WMIC.exe
Token: SeCreatePagefilePrivilege	312	WMIC.exe
Token: SeBackupPrivilege	312	WMIC.exe
Token: SeRestorePrivilege	312	WMIC.exe
Token: SeShutdownPrivilege	312	WMIC.exe
Token: SeDebugPrivilege	312	WMIC.exe
Token: SeSystemEnvironmentPrivilege	312	WMIC.exe
Token: SeRemoteShutdownPrivilege	312	WMIC.exe
Token: SeUndockPrivilege	312	WMIC.exe
Token: SeManageVolumePrivilege	312	WMIC.exe
Token: 33	312	WMIC.exe
Token: 34	312	WMIC.exe
Token: 35	312	WMIC.exe
Token: 36	312	WMIC.exe
Token: SeDebugPrivilege	2072	Bootstrapper.exe
Token: SeDebugPrivilege	4520	firefox.exe
Token: SeDebugPrivilege	4520	firefox.exe
Token: SeShutdownPrivilege	4752	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4752	msiexec.exe
Token: SeSecurityPrivilege	2368	msiexec.exe
Token: SeCreateTokenPrivilege	4752	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4752	msiexec.exe
Token: SeLockMemoryPrivilege	4752	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4752	msiexec.exe
Token: SeMachineAccountPrivilege	4752	msiexec.exe
Token: SeTcbPrivilege	4752	msiexec.exe
Token: SeSecurityPrivilege	4752	msiexec.exe
Token: SeTakeOwnershipPrivilege	4752	msiexec.exe
Token: SeLoadDriverPrivilege	4752	msiexec.exe
Token: SeSystemProfilePrivilege	4752	msiexec.exe
Token: SeSystemtimePrivilege	4752	msiexec.exe
Token: SeProfSingleProcessPrivilege	4752	msiexec.exe
Token: SeIncBasePriorityPrivilege	4752	msiexec.exe
Token: SeCreatePagefilePrivilege	4752	msiexec.exe
Token: SeCreatePermanentPrivilege	4752	msiexec.exe
Token: SeBackupPrivilege	4752	msiexec.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
4520	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe
5252	firefox.exe

Suspicious use of UnmapMainImage 3 IoCs

pid	Process
7164	RobloxPlayerBeta.exe
4164	RobloxPlayerBeta.exe
4740	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2340	2072	Bootstrapper.exe	86
PID 2072 wrote to memory of 2340	2072	Bootstrapper.exe	86
PID 2340 wrote to memory of 3112	2340	cmd.exe	88
PID 2340 wrote to memory of 3112	2340	cmd.exe	88
PID 2072 wrote to memory of 3992	2072	Bootstrapper.exe	94
PID 2072 wrote to memory of 3992	2072	Bootstrapper.exe	94
PID 3992 wrote to memory of 312	3992	cmd.exe	96
PID 3992 wrote to memory of 312	3992	cmd.exe	96
PID 3664 wrote to memory of 4520	3664	firefox.exe	107
PID 3664 wrote to memory of 4520	3664	firefox.exe	107
PID 3664 wrote to memory of 4520	3664	firefox.exe	107
PID 3664 wrote to memory of 4520	3664	firefox.exe	107
PID 3664 wrote to memory of 4520	3664	firefox.exe	107
PID 3664 wrote to memory of 4520	3664	firefox.exe	107
PID 3664 wrote to memory of 4520	3664	firefox.exe	107
PID 3664 wrote to memory of 4520	3664	firefox.exe	107
PID 3664 wrote to memory of 4520	3664	firefox.exe	107
PID 3664 wrote to memory of 4520	3664	firefox.exe	107
PID 3664 wrote to memory of 4520	3664	firefox.exe	107
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108
PID 4520 wrote to memory of 4296	4520	firefox.exe	108

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2340
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:3112
- C:\Windows\SYSTEM32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3992
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:312
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi" /qn
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4752
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5488

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2040 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a7004d7-a042-4182-bf0a-8419ebfccf61} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" gpu
    3⤵
    PID:4296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2424 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3205b5fc-644a-4aee-826b-b57fc1d45b94} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" socket
    3⤵
    - Checks processor information in registry
    PID:2948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3172 -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3048 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {901fd9ed-8d61-4e93-8906-0ac264c567f8} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:2728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4028 -childID 2 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef8a4189-87ee-4aac-b6dd-5ec883621c84} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4968 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4956 -prefMapHandle 4944 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aeea35e-a9db-4b9a-9666-71b3d9635a44} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" utility
    3⤵
    - Checks processor information in registry
    PID:4536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 3 -isForBrowser -prefsHandle 5332 -prefMapHandle 5400 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b11b1fd0-cc6b-4c4d-abd9-968a534f6339} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:3840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -childID 4 -isForBrowser -prefsHandle 5584 -prefMapHandle 5588 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfa9cf48-44e8-4789-ace5-d6ca565efcf2} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 5 -isForBrowser -prefsHandle 5760 -prefMapHandle 5764 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30d1eb90-44a1-4840-b6a4-55efea48add9} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:3520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6148 -childID 6 -isForBrowser -prefsHandle 6160 -prefMapHandle 6152 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0739459-0fc6-4e94-b642-8658e3a2194e} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:5232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4896 -childID 7 -isForBrowser -prefsHandle 1392 -prefMapHandle 4696 -prefsLen 27965 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e046a966-a3cc-458b-ab68-10e1cb41f34e} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:1444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5692 -childID 8 -isForBrowser -prefsHandle 5208 -prefMapHandle 2780 -prefsLen 27965 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec13d04d-7b27-4773-bde7-a9d749af67d5} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:6088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6608 -childID 9 -isForBrowser -prefsHandle 6536 -prefMapHandle 6620 -prefsLen 27965 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {757d254d-df9b-4221-a9f7-79a274e774cb} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:4484
- - C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
    "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:5820
  - - C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
      MicrosoftEdgeWebview2Setup.exe /silent /install
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      PID:1316
    - - C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
        5⤵
        Event Triggered Execution: Image File Execution Options Injection
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4524
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2464
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5340
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5440
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5424
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:6064
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjhFNjFDMDItMTVGOS00OTcxLUEzNzUtREY0NTFCN0YwRTY1fSIgdXNlcmlkPSJ7QzkxOENCOUQtRENCNi00REY1LThBRjItOURCNkQyQ0MwQTYxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4RUNBNjdFMC1CMkUyLTQwRDAtOTNBOC1BNkFDMzgwOTEzNzd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MDE0ODA2ODIwIiBpbnN0YWxsX3RpbWVfbXM9IjQyNyIvPjwvYXBwPjwvcmVxdWVzdD4
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3720
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{68E61C02-15F9-4971-A375-DF451B7F0E65}" /silent
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2424
  - - C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
      "C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 5820
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of NtCreateThreadExHideFromDebugger
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of UnmapMainImage
      PID:7164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5840 -childID 10 -isForBrowser -prefsHandle 5852 -prefMapHandle 6052 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e7a9187-e4f8-40ed-83f8-9af7b563aeea} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5728 -childID 11 -isForBrowser -prefsHandle 6484 -prefMapHandle 5732 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f900474a-eff9-4396-92a5-278303399982} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:3440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6400 -parentBuildID 20240401114208 -prefsHandle 7396 -prefMapHandle 7388 -prefsLen 34656 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca63e89d-a90a-414b-be4d-c2333e1a5128} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" rdd
    3⤵
    PID:4392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6164 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6236 -prefMapHandle 2736 -prefsLen 34656 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dfb8c98-3fb2-4b25-b08e-b4122bfc3e3d} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" utility
    3⤵
    - Checks processor information in registry
    PID:208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6052 -childID 12 -isForBrowser -prefsHandle 7660 -prefMapHandle 7508 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5862608-dca0-4d80-a27c-a21a4a55133c} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:1616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6424 -childID 13 -isForBrowser -prefsHandle 6540 -prefMapHandle 5148 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {add6374c-4458-4f15-9886-0817e6e03603} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:5760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8796 -childID 14 -isForBrowser -prefsHandle 8736 -prefMapHandle 8744 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cfb1e22-35d2-471e-919d-d87ac643a0e5} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:1224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8972 -childID 15 -isForBrowser -prefsHandle 8980 -prefMapHandle 8984 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88a20ed5-39a3-4ede-b1f4-3b48a0172da8} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:1300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9160 -childID 16 -isForBrowser -prefsHandle 9168 -prefMapHandle 9172 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da0ad78e-5168-4152-9d98-5b4d43f0f261} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:4864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9040 -childID 17 -isForBrowser -prefsHandle 8736 -prefMapHandle 8796 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {682ee71c-4a11-4ed8-9b58-8916d448e763} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:5852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7780 -childID 18 -isForBrowser -prefsHandle 7748 -prefMapHandle 7764 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bee8d467-ed59-46cd-92d5-36e47f36831f} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:2548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8848 -childID 19 -isForBrowser -prefsHandle 8816 -prefMapHandle 8988 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bab65748-b8f6-4f43-a64b-dc994480e037} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:4116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7700 -childID 20 -isForBrowser -prefsHandle 9716 -prefMapHandle 9720 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {917ece93-ccaa-4edc-81d5-79dc6c840562} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:3112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9892 -childID 21 -isForBrowser -prefsHandle 9884 -prefMapHandle 9880 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fc70cad-d1b2-4b57-a598-721a0787eaaf} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:5944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10168 -childID 22 -isForBrowser -prefsHandle 10176 -prefMapHandle 10180 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90c780ff-2ff6-4377-8988-e2dcb3b21ecf} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:2192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7708 -childID 23 -isForBrowser -prefsHandle 7884 -prefMapHandle 7892 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1adf4a5f-b8be-4a35-aecf-69acab0dafc0} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:6288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8720 -childID 24 -isForBrowser -prefsHandle 8784 -prefMapHandle 10320 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ceb31824-2a20-4a6e-ab03-19e469bbbc16} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:6572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9132 -childID 25 -isForBrowser -prefsHandle 8428 -prefMapHandle 4984 -prefsLen 28328 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79a17a73-e521-47a8-a6a2-1791b8fff04b} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:6856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1392 -childID 26 -isForBrowser -prefsHandle 8980 -prefMapHandle 9576 -prefsLen 28328 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec4c9f99-b07a-4c0d-9e4d-6bc6a363dc49} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9332 -childID 27 -isForBrowser -prefsHandle 9324 -prefMapHandle 9336 -prefsLen 28328 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9eccafcd-4aff-4f12-8d2e-6683741adca8} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:5860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9080 -childID 28 -isForBrowser -prefsHandle 5684 -prefMapHandle 6276 -prefsLen 28328 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04f84434-1ed7-474f-935a-4f52e038a18b} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:3680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9272 -childID 29 -isForBrowser -prefsHandle 10064 -prefMapHandle 9388 -prefsLen 28328 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9a31d20-f58e-417c-b7e6-603428eea8b7} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:5340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3588 -childID 30 -isForBrowser -prefsHandle 5272 -prefMapHandle 5288 -prefsLen 28328 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24683676-cffd-480b-a943-1c934d670b59} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:1780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5892 -childID 31 -isForBrowser -prefsHandle 9432 -prefMapHandle 5316 -prefsLen 28378 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53bf3c96-38e7-4fc1-8c9e-8ffa52075d31} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:6052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9972 -childID 32 -isForBrowser -prefsHandle 10152 -prefMapHandle 7768 -prefsLen 28378 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06777d80-7f5a-48ea-ad46-57ff8fc2e548} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7408 -childID 33 -isForBrowser -prefsHandle 10276 -prefMapHandle 10268 -prefsLen 28378 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {671a5650-631f-42a0-baed-d648e7f3f58e} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:4360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9552 -childID 34 -isForBrowser -prefsHandle 9484 -prefMapHandle 9480 -prefsLen 28378 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89d7271c-41f2-461e-95e5-a175b2786dd9} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
    3⤵
    PID:5664

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2368
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding BF1F6839E09993F3C4025CBB130D24F6
  2⤵
  - Loads dropped DLL
  PID:4200
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2DB5C046E52F438BDACA0D2EB21700E5
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5152
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 66A99B1F31961C83B489F1EC6A025EF4 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5048
- - C:\Windows\SysWOW64\wevtutil.exe
    "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6068
  - - C:\Windows\System32\wevtutil.exe
      "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64
      4⤵
      PID:6120

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:5280
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjhFNjFDMDItMTVGOS00OTcxLUEzNzUtREY0NTFCN0YwRTY1fSIgdXNlcmlkPSJ7QzkxOENCOUQtRENCNi00REY1LThBRjItOURCNkQyQ0MwQTYxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1MTlBN0UwOS0xQ0RCLTQ4ODYtODdENC0zMTNCMkVDQkY0QUR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYwMTg3MDY4NzYiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:2448
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0CD2E010-3492-4577-879B-273A0B14F510}\MicrosoftEdge_X64_131.0.2903.99.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0CD2E010-3492-4577-879B-273A0B14F510}\MicrosoftEdge_X64_131.0.2903.99.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:7048
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0CD2E010-3492-4577-879B-273A0B14F510}\EDGEMITMP_82302.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0CD2E010-3492-4577-879B-273A0B14F510}\EDGEMITMP_82302.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0CD2E010-3492-4577-879B-273A0B14F510}\MicrosoftEdge_X64_131.0.2903.99.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:7100
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0CD2E010-3492-4577-879B-273A0B14F510}\EDGEMITMP_82302.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0CD2E010-3492-4577-879B-273A0B14F510}\EDGEMITMP_82302.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.140 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0CD2E010-3492-4577-879B-273A0B14F510}\EDGEMITMP_82302.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.99 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff674592918,0x7ff674592924,0x7ff674592930
      4⤵
      Executes dropped EXE
      PID:7120
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjhFNjFDMDItMTVGOS00OTcxLUEzNzUtREY0NTFCN0YwRTY1fSIgdXNlcmlkPSJ7QzkxOENCOUQtRENCNi00REY1LThBRjItOURCNkQyQ0MwQTYxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxOUI1NTE2QS1FNEQzLTQ3OUItQjU4NS02NjJEMzlFMkFCN0N9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy45OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjAyODQzNjc4MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYwMjg0NjY4OTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NDI2MzA2ODU0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wZjZhNmRkMy0wYjIyLTRlNzgtYjA0Zi02MDQ5NGViNGM0ZTg_UDE9MTczNTA4Mzg3OSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1YV1lMcURrZ09CRFZaaXF0SkpLUkFOTWwyWWJ3cVZnamljRGJDdzlqTFEzaXJiNVlCTkRVWWRxazZGbkVHNkRtcERqbDJLcXNBNzl1VVhHUWxwb0N3QSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3Njg1NTY0OCIgdG90YWw9IjE3Njg1NTY0OCIgZG93bmxvYWRfdGltZV9tcz0iMzM1MjciLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NDI2NDE2ODQ1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQ0MDUyNjgxMiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzA0NTk3NjkyMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjYxOSIgZG93bmxvYWRfdGltZV9tcz0iMzk3OTEiIGRvd25sb2FkZWQ9IjE3Njg1NTY0OCIgdG90YWw9IjE3Njg1NTY0OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjA1NDIiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6992

C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4164

C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4740

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6024

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:6272
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{941A45C7-C952-49F8-8321-513323AB6A98}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{941A45C7-C952-49F8-8321-513323AB6A98}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe" /update /sessionid "{1CC5EF4D-14CB-4AB8-B0DE-24E902B0BFB8}"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:6604
- - C:\Program Files (x86)\Microsoft\Temp\EU3A3.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EU3A3.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{1CC5EF4D-14CB-4AB8-B0DE-24E902B0BFB8}"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:6128
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:1712
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4368
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:844
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5444
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5564
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUNDNUVGNEQtMTRDQi00QUI4LUIwREUtMjRFOTAyQjBCRkI4fSIgdXNlcmlkPSJ7QzkxOENCOUQtRENCNi00REY1LThBRjItOURCNkQyQ0MwQTYxfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NjJDNEM5OUQtRjVDQi00RkJDLTg0NkItMUJFQ0Y2Njk4MzI3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjM5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzM0NDc5MDc3Ij48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NjM2MDA2MTA1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4988
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUNDNUVGNEQtMTRDQi00QUI4LUIwREUtMjRFOTAyQjBCRkI4fSIgdXNlcmlkPSJ7QzkxOENCOUQtRENCNi00REY1LThBRjItOURCNkQyQ0MwQTYxfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBQUZCMkRENS01NzE1LTRENEItQTc4Mi00RUNBOUQ4QjgwNTd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjYwNDUxOTc4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyNjA2MDgxMTkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk2MjA2OTM1NjEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xN2I3NTIyMy1hMzVlLTQ0NGEtODBkNC1iYjk4OWNjZjJmNzM_UDE9MTczNTA4NDIwMiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1mRUpIbVdUQ3BpN1ZWWkhNanhGZGdFQkpYSDM3aVFxWnhWQSUyZnI4TGNSNXI4M3NiUGpOaSUyZjZ5UmhwRGY4Um9xTWY0MGlMMGk3RElmMWNMRGI4VjBybUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NjIwNjkzNTYxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xN2I3NTIyMy1hMzVlLTQ0NGEtODBkNC1iYjk4OWNjZjJmNzM_UDE9MTczNTA4NDIwMiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1mRUpIbVdUQ3BpN1ZWWkhNanhGZGdFQkpYSDM3aVFxWnhWQSUyZnI4TGNSNXI4M3NiUGpOaSUyZjZ5UmhwRGY4Um9xTWY0MGlMMGk3RElmMWNMRGI4VjBybUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjUzMzI4IiB0b3RhbD0iMTY1MzMyOCIgZG93bmxvYWRfdGltZV9tcz0iMzE4MzIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTYyMDY5MzU2MSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NjI2MDA2NDI4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM3Mjc2OTIwODEwMDUxMjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMS4wLjI5MDMuOTkiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjU1OSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0U2QzMyQkI1LTlENzEtNDYzNi04Mjk3LUZFRUJFNjE3MTVERH0iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5688
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1940 -parentBuildID 20240401114208 -prefsHandle 1856 -prefMapHandle 1844 -prefsLen 28940 -prefMapSize 245077 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d46cd83-81fd-4950-b214-29f9987441c2} 5252 "\\.\pipe\gecko-crash-server-pipe.5252" gpu
    3⤵
    PID:6968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20240401114208 -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 28940 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0071bda-3918-4ac0-8969-c20180a49f6d} 5252 "\\.\pipe\gecko-crash-server-pipe.5252" socket
    3⤵
    - Checks processor information in registry
    PID:7012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3140 -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 3148 -prefsLen 29439 -prefMapSize 245077 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32410bd6-8b6c-4424-916e-f908504a865d} 5252 "\\.\pipe\gecko-crash-server-pipe.5252" tab
    3⤵
    PID:6920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3896 -childID 2 -isForBrowser -prefsHandle 3888 -prefMapHandle 3880 -prefsLen 34672 -prefMapSize 245077 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b3b3b36-cf85-4d56-a1f8-22ca3fdd5dc7} 5252 "\\.\pipe\gecko-crash-server-pipe.5252" tab
    3⤵
    PID:4496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4804 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4680 -prefMapHandle 4812 -prefsLen 34672 -prefMapSize 245077 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e76bc9ac-bab4-4fae-90af-9a58c7a1f9c8} 5252 "\\.\pipe\gecko-crash-server-pipe.5252" utility
    3⤵
    - Checks processor information in registry
    PID:7096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 3 -isForBrowser -prefsHandle 5356 -prefMapHandle 5352 -prefsLen 28073 -prefMapSize 245077 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42ff80fa-e57e-4eba-8a1c-fd6275ed9700} 5252 "\\.\pipe\gecko-crash-server-pipe.5252" tab
    3⤵
    PID:1244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5628 -prefMapHandle 5624 -prefsLen 28073 -prefMapSize 245077 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b416919-9696-4191-96a5-d00265b9ae55} 5252 "\\.\pipe\gecko-crash-server-pipe.5252" tab
    3⤵
    PID:2908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 5 -isForBrowser -prefsHandle 5480 -prefMapHandle 5484 -prefsLen 28073 -prefMapSize 245077 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb946fb2-1d8b-4028-9624-726a3525f699} 5252 "\\.\pipe\gecko-crash-server-pipe.5252" tab
    3⤵
    PID:6328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5972 -childID 6 -isForBrowser -prefsHandle 5780 -prefMapHandle 5532 -prefsLen 28073 -prefMapSize 245077 -jsInitHandle 1352 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1336a49c-e562-4c32-9aad-2bb7b5f94f0f} 5252 "\\.\pipe\gecko-crash-server-pipe.5252" tab
    3⤵
    PID:5860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57f1a6.rbs

Filesize
1.0MB

MD5
23f50e08520f898439c5d980379dc26b

SHA1
0f7472636cde6f93f1a383e10cc0380185f7222d

SHA256
cddaa7708f18cd11760ead0dfad6b4ecbaa22efabd5012ca8c156cb0a84d18bf

SHA512
da3f2ee70c4a0674216fbe37cc23bd1908865592cf8e9e0f160171a6df5b317f5d8f5847f304dc09605381d03fccde9768cab6a4be21781bc77ac19cf7074125

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.99\Installer\setup.exe

Filesize
6.6MB

MD5
f6ef6691c60c40c1b64c857aa7140f65

SHA1
0a18181edb6539ace366e7d804e37ec558c52b79

SHA256
df10339c63d2f24162ffa7d61c797f46a4ec4d91f1f74c3290646a232c7e9c56

SHA512
bf2829c18f109ee181518b7819a23782fdee4f81644a9d062e060ccac7a2df27d2f49cb3c26d63e6c9e2aed6ff166f2af596c0365284ef1dc0a70363ea8fd404

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.39\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe

Filesize
1.6MB

MD5
2516fc0d4a197f047e76f210da921f98

SHA1
2a929920af93024e8541e9f345d623373618b249

SHA256
fd424062ff3983d0edd6c47ab87343a15e52902533e3d5f33f1b0222f940721c

SHA512
1606c82f41ca6cbb58e522e03a917ff252715c3c370756977a9abd713aa12e37167a30f6f5de252d431af7e4809ae1e1850c0f33d4e8fc11bab42b224598edc8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
28fefc59008ef0325682a0611f8dba70

SHA1
f528803c731c11d8d92c5660cb4125c26bb75265

SHA256
55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

SHA512
2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
9db7f66f9dc417ebba021bc45af5d34b

SHA1
6815318b05019f521d65f6046cf340ad88e40971

SHA256
e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

SHA512
943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
b78cba3088ecdc571412955742ea560b

SHA1
bc04cf9014cec5b9f240235b5ff0f29dbdb22926

SHA256
f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

SHA512
04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU7D73.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
a7e1f4f482522a647311735699bec186

SHA1
3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

SHA256
e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

SHA512
22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
7.1MB

MD5
dc0a0de94ad86e22785e385a4fbbfe2f

SHA1
8dcd6f06fba142018f9e5083d79eac31ed2353d7

SHA256
a4e80eba29eec1e534950f605de2bba0a174e9eaf56c82fd6f4d221e93667f92

SHA512
39582cda82f479e5e25fc2021878d071261b71efbb68f827599d4020de61698273a2cde3d1dc323d14205615a509687ad1e04f1e25626c0826c6f297f5a75dce

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
a25dccadba33146353e02470a237bdd5

SHA1
cedcc6e826042a2ddba48866c2a87cb71cec7901

SHA256
1cf15c265367d9c12216aa46c1a52f446763e426ff0b7bc71f35cc35b8efda82

SHA512
b0093e0d1f948ab6d26b5aa3414291a3c937fe76fce69f9aed4f005e63d59facf475003fe4a3425c9adcb5b49e9a95a986e433c3e74fa35043f5f6359e8f0c7f

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
10KB

MD5
1d51e18a7247f47245b0751f16119498

SHA1
78f5d95dd07c0fcee43c6d4feab12d802d194d95

SHA256
1975aa34c1050b8364491394cebf6e668e2337c3107712e3eeca311262c7c46f

SHA512
1eccbe4ddae3d941b36616a202e5bd1b21d8e181810430a1c390513060ae9e3f12cd23f5b66ae0630fd6496b3139e2cc313381b5506465040e5a7a3543444e76

Download Submit
C:\Program Files\nodejs\node_etw_provider.man

Filesize
8KB

MD5
d3bc164e23e694c644e0b1ce3e3f9910

SHA1
1849f8b1326111b5d4d93febc2bafb3856e601bb

SHA256
1185aaa5af804c6bc6925f5202e68bb2254016509847cd382a015907440d86b4

SHA512
91ebff613f4c35c625bb9b450726167fb77b035666ed635acf75ca992c4846d952655a2513b4ecb8ca6f19640d57555f2a4af3538b676c3bd2ea1094c4992854

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\@npmcli\arborist\LICENSE.md

Filesize
818B

MD5
2916d8b51a5cc0a350d64389bc07aef6

SHA1
c9d5ac416c1dd7945651bee712dbed4d158d09e1

SHA256
733dcbf5b1c95dc765b76db969b998ce0cbb26f01be2e55e7bccd6c7af29cb04

SHA512
508c5d1842968c478e6b42b94e04e0b53a342dfaf52d55882fdcfe02c98186e9701983ab5e9726259fba8336282e20126c70d04fc57964027586a40e96c56b74

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\aggregate-error\license

Filesize
1KB

MD5
5ad87d95c13094fa67f25442ff521efd

SHA1
01f1438a98e1b796e05a74131e6bb9d66c9e8542

SHA256
67292c32894c8ac99db06ffa1cb8e9a5171ef988120723ebe673bf76712260ec

SHA512
7187720ccd335a10c9698f8493d6caa2d404e7b21731009de5f0da51ad5b9604645fbf4bc640aa94513b9eb372aa6a31df2467198989234bc2afbce87f76fbc3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\bin-links\LICENSE

Filesize
754B

MD5
d2cf52aa43e18fdc87562d4c1303f46a

SHA1
58fb4a65fffb438630351e7cafd322579817e5e1

SHA256
45e433413760dc3ae8169be5ed9c2c77adc31ad4d1bc5a28939576df240f29a0

SHA512
54e33d7998b5e9ba76b2c852b4d0493ebb1b1ee3db777c97e6606655325ff66124a0c0857ca4d62de96350dbaee8d20604ec22b0edc17b472086da4babbbcb16

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmhook\LICENSE.md

Filesize
771B

MD5
e9dc66f98e5f7ff720bf603fff36ebc5

SHA1
f2b428eead844c4bf39ca0d0cf61f6b10aeeb93b

SHA256
b49c8d25a8b57fa92b2902d09c4b8a809157ee32fc10d17b7dbb43c4a8038f79

SHA512
8027d65e1556511c884cb80d3c1b846fc9d321f3f83002664ad3805c4dee8e6b0eaf1db81c459153977bdbde9e760b0184ba6572f68d78c37bff617646bcfc3b

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\libnpmorg\LICENSE

Filesize
730B

MD5
072ac9ab0c4667f8f876becedfe10ee0

SHA1
0227492dcdc7fb8de1d14f9d3421c333230cf8fe

SHA256
2ef361317adeda98117f14c5110182c28eae233af1f7050c83d4396961d14013

SHA512
f38fd6506bd9795bb27d31f1ce38b08c9e6f1689c34fca90e9e1d5194fa064d1f34a9c51d15941506ebbbcd6d4193055e9664892521b7e39ebcd61c3b6f25013

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minipass-pipeline\node_modules\minipass\package.json

Filesize
1KB

MD5
d116a360376e31950428ed26eae9ffd4

SHA1
192b8e06fb4e1f97e5c5c7bf62a9bff7704c198b

SHA256
c3052bd85910be313e38ad355528d527b565e70ef15a784db3279649eee2ded5

SHA512
5221c7648f4299234a4637c47d3f1eb5e147014704913bc6fdad91b9b6a6ccc109bced63376b82b046bb5cad708464c76fb452365b76dbf53161914acf8fb11a

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\LICENSE

Filesize
802B

MD5
d7c8fab641cd22d2cd30d2999cc77040

SHA1
d293601583b1454ad5415260e4378217d569538e

SHA256
04400db77d925de5b0264f6db5b44fe6f8b94f9419ad3473caaa8065c525c0be

SHA512
278ff929904be0c19ee5fb836f205e3e5b3e7cec3d26dd42bbf1e7e0ca891bf9c42d2b28fce3741ae92e4a924baf7490c7c6c59284127081015a82e2653e0764

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\minizlib\node_modules\minipass\index.js

Filesize
16KB

MD5
bc0c0eeede037aa152345ab1f9774e92

SHA1
56e0f71900f0ef8294e46757ec14c0c11ed31d4e

SHA256
7a395802fbe01bb3dc8d09586e0864f255874bf897378e546444fbaec29f54c5

SHA512
5f31251825554bf9ed99eda282fa1973fcec4a078796a10757f4fb5592f2783c4ebdd00bdf0d7ed30f82f54a7668446a372039e9d4589db52a75060ca82186b3

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\nopt\LICENSE

Filesize
780B

MD5
b020de8f88eacc104c21d6e6cacc636d

SHA1
20b35e641e3a5ea25f012e13d69fab37e3d68d6b

SHA256
3f24d692d165989cd9a00fe35ca15a2bc6859e3361fa42aa20babd435f2e4706

SHA512
4220617e29dd755ad592295bc074d6bc14d44a1feeed5101129669f3ecf0e34eaa4c7c96bbc83da7352631fa262baab45d4a370dad7dabec52b66f1720c28e38

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\promise-all-reject-late\LICENSE

Filesize
763B

MD5
7428aa9f83c500c4a434f8848ee23851

SHA1
166b3e1c1b7d7cb7b070108876492529f546219f

SHA256
1fccd0ad2e7e0e31ddfadeaf0660d7318947b425324645aa85afd7227cab52d7

SHA512
c7f01de85f0660560206784cdf159b2bdc5f1bc87131f5a8edf384eba47a113005491520b0a25d3cc425985b5def7b189e18ff76d7d562c434dc5d8c82e90cce

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\tar\node_modules\fs-minipass\node_modules\minipass\index.d.ts

Filesize
4KB

MD5
f0bd53316e08991d94586331f9c11d97

SHA1
f5a7a6dc0da46c3e077764cfb3e928c4a75d383e

SHA256
dd3eda3596af30eda88b4c6c2156d3af6e7fa221f39c46e492c5e9fb697e2fef

SHA512
fd6affbaed67d09cf45478f38e92b8ca6c27650a232cbbeaff36e4f7554fb731ae44cf732378641312e98221539e3d8fabe80a7814e4f425026202de44eb5839

Download Submit
C:\Program Files\nodejs\node_modules\npm\node_modules\treeverse\LICENSE

Filesize
771B

MD5
1d7c74bcd1904d125f6aff37749dc069

SHA1
21e6dfe0fffc2f3ec97594aa261929a3ea9cf2ab

SHA256
24b8d53712087b867030d18f2bd6d1a72c78f9fb4dee0ce025374da25e4443b9

SHA512
b5ac03addd29ba82fc05eea8d8d09e0f2fa9814d0dd619c2f7b209a67d95b538c3c2ff70408641ef3704f6a14e710e56f4bf57c2bb3f8957ba164f28ee591778

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
79KB

MD5
d331d43901dc23166217ac61045fa938

SHA1
9ea0a669bfbc96ca1c36f48708a75bb0e3055e7b

SHA256
2023c204580cfe6e4875ae643d3d9e0abdf74723dda26807ad71ff7fdf73f058

SHA512
feb92a33b1e0a34e18a677cfdd555acf0dc4719b9f179dfac770700f94c8efdb76a3b77e07bfb37bdd35ba1493795229aad4f9e51155627a5b33396d33b34ea2

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js documentation.url

Filesize
168B

MD5
db7dbbc86e432573e54dedbcc02cb4a1

SHA1
cff9cfb98cff2d86b35dc680b405e8036bbbda47

SHA256
7cf8a9c96f9016132be81fd89f9573566b7dc70244a28eb59d573c2fdba1def9

SHA512
8f35f2e7dac250c66b209acecab836d3ecf244857b81bacebc214f0956ec108585990f23ff3f741678e371b0bee78dd50029d0af257a3bb6ab3b43df1e39f2ec

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js website.url

Filesize
133B

MD5
35b86e177ab52108bd9fed7425a9e34a

SHA1
76a1f47a10e3ab829f676838147875d75022c70c

SHA256
afaa6c6335bd3db79e46fb9d4d54d893cee9288e6bb4738294806a9751657319

SHA512
3c8047c94b789c8496af3c2502896cef2d348ee31618893b9b71244af667ec291dcb9b840f869eb984624660086db0c848d1846aa601893e6f9955e56da19f62

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
133KB

MD5
c6f770cbb24248537558c1f06f7ff855

SHA1
fdc2aaae292c32a58ea4d9974a31ece26628fdd7

SHA256
d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b

SHA512
cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\activity-stream.discovery_stream.json

Filesize
20KB

MD5
a43dd51d3d90884711785ac907350394

SHA1
3fcf3f9e9a8b86df62abfff372c1455f1d8aaef4

SHA256
b0a2f841471f205194f0ed54472a73caaebb1f0fbe61bf2e63dec775cee668e4

SHA512
8d81f15dd6f4f7cbdb2439192699c071d95c8383e1d2e9367f40f9a643652aa51e164260b048e86d6101c54efc6a72fa8c551ca276f4ff264df508c88154a5f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\doomed\26087

Filesize
14KB

MD5
6becbd4f5c3b0587402d45c7e0e13ba4

SHA1
169feedb9b6efcf1497fa0344a5fcef658e5d71c

SHA256
811ff6ef888823a3755cf39436e84495c0796418dc123ab22d9ce8c416955e71

SHA512
913c8148ee247088364e47c1f73be711079db8900c86b690b3f8ba3634995d79a5265256877f3e67da06b2d5028e2b4ca5bf3cc6372aa2cf78dd57dc77a431cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\03D4013006C0D7FF71D87096E97EE8873AA8D685

Filesize
30KB

MD5
1309f4ef93aa3866881c54bb490b9eae

SHA1
b5e81656b1defe6653bb7b69ae84f257644ca43c

SHA256
e9788180f8c53c5609f78e764e7147586c3a331cc010be63d86d7a3c3b278473

SHA512
9d6ae313c876c0ba4b1c7d264253461ab27f90ca31deec3b718a2df94d6d9a07ca5e52c52056c1781cf2c1e704c5e1f1deafbf982f4155a30c21d7b37202e361

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\089C132447FF96861C599A9136B5252955C0B7C7

Filesize
121KB

MD5
5f97f66bb18b82eed8e360078c1bdc52

SHA1
420448ebce7b1aef9043f5fc2f8624e1f6090bc6

SHA256
97b1df04f184fd715a295571725d4bd681d63fe4be0d104708cb45781eb21797

SHA512
3511d471b4a0bce4061d800c14e73ff9e1d2a7c15762892e9129931eeb09eed9fecab9a2185931891ec0d272e2bf25a99e5f2705f8bbcb0630c0b2601f86d0fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\0E7302230EC45B4958B65FF2379D97AA3BA4AE1C

Filesize
224KB

MD5
0ac26685989fe3e589f398dd0be12005

SHA1
b5d419f8603080602b09a75505354cdf7deaff14

SHA256
9430ea02b50c4d46da64b0e49bbebdf1e0fde05b6bc634a1ace477a4eb124de2

SHA512
9a4cdfb893a683dde33d4a3727800e09e07ab48d0437b177126201af5c717464442263d05ac6ea7cf81e8a7c3ab8a8c03b8d8956b5737774731f0de147079342

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\13475CD8B9B0855D9A531FB55254157FE955C2C3

Filesize
2.8MB

MD5
54855b126164ecbcccca84ab593ef513

SHA1
d080de7c3442526fe308f4bf8149d65db741bb79

SHA256
43a978715da3670a550d705c5d5cb7835629323f4076c1c66d3bff556a1003c7

SHA512
c8e0f16ab2c349a2fa568d108e662c1f0cd60a9997468c721d427130976b1b980da4a16222b2c10f9f093c3f652132e76a1c6002bfe26d3f45acb469a71c2e42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\1ACB49231380E9D505C5E15ECE3BD0BEB3659EDC

Filesize
6.1MB

MD5
38c7a44622c86951d067fec1ae921e0e

SHA1
eb7d7cc45065518e2e18461617fc13cb306c886d

SHA256
8b3357d0ab6d4e1b6c553bf007586e539a0ddad68f74fb17797036b22b0e367c

SHA512
1f1cdd986adaaa65369e865714201e7bb68a2cf43ea7b349c544b75fe3994ff519cab5c7fb4849c80a47b467d00ea4e4b820ebf7a2a08f3a756656925aac5924

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\38F103BDE64B6B785972BB4233F1373020E222C9

Filesize
17KB

MD5
d381a5680597d5a1f6baee94bf89cfb8

SHA1
09547665e906e417acaaeea4c63ded3bc108a2d2

SHA256
cf4339a92c1283f65760252b92a8f5cb41f2b577fbba0723eeba6d2d2c0b093f

SHA512
ea652ee9a0d17fc49d138fd36c612bb574155aebc1ddf6d6f1c6744f40b2d44ee024f46295d9b21d737329fc66cf414972c2e6edc7215a9d1b05425b96e2a689

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\454AE11D97141467B780216956863EFB4123B779

Filesize
214KB

MD5
5c2fc62fc7da8560f82204b4a7aceb9a

SHA1
80459ad839f58c990de2246bfc43aff0924e1784

SHA256
05df20b76d3bce3671bd90f7e3850020aec7bce0fe9837c2a91d6ef975f638ba

SHA512
3396af51c924d76586e4ea5700da1fe4e66ce468c99efb0388dae2e9dcd1a4766db1fdca71544bdf64a042338fb5e8e53efcd5b03773afb4d476b25e32d13759

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\4D0653EE848700BE07C5BDAD824659CC5E35BD65

Filesize
44KB

MD5
bb71ea29bec11588423dc3e6a327e9f3

SHA1
84b40ff79a12bdf5e1e72648554d74097d18a252

SHA256
072a0797c5cf17134662c0c82c3b56927fbd0c3832e63187ab1d8f8c23b36adb

SHA512
1779f2d38802c140e6a155b4dd9a36c6648b997f8152609b71a1f799736ce8937f84d76d2ed9962201a9a691872afc8afd5cb9a9d625c036fa1e61c2cbfae4dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\53C689A50C2F54B9AFD015158445543F9407F16B

Filesize
88KB

MD5
070cde863cec23f4b67f3186a944a339

SHA1
a95ba4892f54f2a67e8219ff48e29b42520705bb

SHA256
90e814ba4a4712a764cd0e6fba6c875008e3e8b2ce2da50188aef3e5a64123cc

SHA512
18fe983ab7c27a13d675d2f2d78ca2f08845dba196c5fcac1eac0e5bd0569acf42a8f33199dc5a18a44fc3ce2d4a3b41098135bcc204a9b6ca1c35f2d8e138f1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
547e9405f050e20c811aef2f01c11dd0

SHA1
116098c8ba8ccb89f01be794ca9a635c540acfd8

SHA256
56e8564eead303fe3583dec329bc6bcb4a6dc4a31c785ca28f3d03cd1304e96d

SHA512
6b3c71a68e2c880647818005e3209f16852c79185a298f1f9cc939a806a43273f11b93f8b033f920c68c44bcddb8252d6930f5b30f35f739e621205a4c177ade

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\6090331CB4122BDEBBC57630DACFC19803B15B45

Filesize
2.5MB

MD5
bf9592f06fc5a68faf95f7594eac64a7

SHA1
9889e823f561a7e64ce7f5301f24b83645efc30e

SHA256
1d1be68e047a3a0a620e9090678d9f324d3eef350522c3abd6975676429c0c7a

SHA512
bcb554673f92665686b45f3cc9e9dc3dd5cbb552ba2cf5907aafcd85e7f8a32f0ef86dd1ceb32bee77b2a76f7ff67c8cd10e6f6be351be4e60b1a06a20a919c9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\6A465CDEA22B0EA2338C02F6379A55C1A9936BBD

Filesize
13KB

MD5
fac2116f4a15e52c745cd69367ca4abc

SHA1
9cf510bc1e1aa9e6f75042c13f1f67d516694830

SHA256
219f06cfbd9eba1325dc6c881d3a1d0d24184978d5c77d1783fabed52e37394f

SHA512
0cbed5de81f466aab97dffa490413e95f6884372cd4fd76d74a17cc5e22f76d76642f27dfdd742f7766bf38826d038807877fe9d97cede884e9ac3f705cb95f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\72C248739B89EFC4157402B2435666D83D038ECF

Filesize
114KB

MD5
9d06114359802117a83a46214f25834a

SHA1
891f8a4482aba35e0776f8bbcb6f1daf0dd85062

SHA256
3ea7d026c74aba0e4a855de2038595a4e431af46faafc20d0238fd01ebf3e72e

SHA512
23d9a7ac5883a4349df741fbb3f52ff43dcb99c33ee53b8e9ab7d9a048b3b24041877ec0e9e964cb9a5f8bfee9c278edb6109aacfe6d614cff95e5300b6f75a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\8AEC20289906C16ABE819DC8D23EC3A7929F6E6E

Filesize
56KB

MD5
ca3b67a8b667dea4d3f0fd8938d6074f

SHA1
aacbbfd3fd792e65051f92012abf0a14fef0c477

SHA256
cf8f893d4ce4dfbb01b38f2d949d20a0d07dc1d2316060da90c1a8549377f032

SHA512
ab6a48cddcd4bbcc9c15a5013924e3148cdb459ea319f6463af17fd5b52819d42d066384f1332c98ea3a1a9b99868edbb95b4c36726bb04f9fc1cee842351228

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\8D6D28FA2DE14D007A1117BBF59B652A5CBF4ADE

Filesize
537KB

MD5
2deca406b25cdf0e0d9434688e57f382

SHA1
7556bd8b47165035a3b671e3abecae409e5995e8

SHA256
38554015580572af92e10ab322d64c39276a595fbbf7ba487f36320a6063546e

SHA512
01a623afa38255d05c2f6df66929202394a215c54685124fc38bd03f3ab78745d8c3cf70e80d365711b6043db35e9ac2c42266f6cc74b000549bc45fa078c8e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\8E62FE1C4AC561DFBA4AC7F80730418E5CFDF8B2

Filesize
61KB

MD5
bb9a2245bbc0f466700c8080e50c99a4

SHA1
7b80b21f7c0a8a7410813927bbe463c796aca30b

SHA256
21148ff5b22eb07ecb684993bc2424361aaf8c8c3f6dc5a0cc33070c416f75f3

SHA512
d5beb204492e46e5a9613b125b962dfde135cc05750622dee0bd33f72a14f806267ead309ccd26012704abbfc616d33f03c4e642af693ccafedbfdaae399d115

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\A4960E7862EDE1628816F3D407838A09114B4104

Filesize
62KB

MD5
effeebd4df0242b2b0903fe19d9d4ab7

SHA1
17512f8139b33701cdd8c0f7ea44d75f57c08e26

SHA256
1e3b0043d73ff9d0018b0eca82bf6f55b29ccd86c9c07c8dd7e063b2c822f6ce

SHA512
f0cf3df4c23084f913510ca1b3be317105977652bbd4b7ece63cecde82d66e9a56202d1eadbf3c6e4995b659456ecafc45f1d1bf7acb592a3a90943fbd3e3cfa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\B1AEB21E06A6724D3D3B780999475F9BE49BD84C

Filesize
22KB

MD5
e584b8b675c1469d683614d78ed88eb4

SHA1
04956dde618f19527f1b424798d4623feea0781c

SHA256
53a1cc73ecf3a9dbb34d19a01ca46e285cbf1ec607fc4eb371a5a0be51d63ca5

SHA512
6d43fe8c928ff07a3756a4ea64f1d247ed00d129ff0f0841813c5f6454bc14b06d82dbee84996aaa9d7a78bd8064db89c3947de8bea89c2a8cebdd90bba2f8da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\C0FB504EB8D5022AF1CCEBDDE5137444D06410FD

Filesize
15KB

MD5
6ae43af8472e5a8e030e57aa624342df

SHA1
494768421abe7d01fb5ba34d49b00c56cc641cd7

SHA256
73bdf228f8bd9e7f871f6f386bd8d596587136e2c827858cd1d4e080c0efdac3

SHA512
e1adbfd87c5fb52e74c950c30111ba735ec5082c45e95b8d6b355f23a97a61de0729ab3d3fe2ae1a33a8650b287777b09003b97a1292c8e1dc90b7e46097ee74

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\E8D59C746E11E1980DB5557573CB5FF195541EC6

Filesize
38KB

MD5
9d9cdcf21cf80f4951c545cb9ef30e55

SHA1
99d3ba3267f187a15a4083f1ba900fd1e504b38a

SHA256
b8a8953090127528e40b11b817f889ae34fadb19ed0511dc6f3a0f605b764d63

SHA512
9d48ad6d4876b3716402ef27d4e92e6e53e3559dcce1340e2080c6f86724732aa39c2ed77606f2552965006a06ef05632237792f7326f46190ee84ddc319a979

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\EA405512C7E176742F83EA728732EB7A8FAB31AF

Filesize
2.2MB

MD5
f8afb28f1eee51f212c86bce51a7cea6

SHA1
362f447b9af77cc4eed9bdccde2ed2f5e2790f64

SHA256
18e409242ace589f58791d0e088619df16746a79f14d0cad1a103a22e24a0639

SHA512
4f01fba0f2ff7c009f1e691ace25e53ab91a5260651de80fa855522115b1d00d62287e8e3a57f4b078cfa1b51cbf9742bc1ec5e8fe500ca67e59ff5f7ee3501d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\EA87465A6B977981215042B94E7AB9FECDDEE708

Filesize
20KB

MD5
ef6f68f09ad45c0123f5b88be7a14de7

SHA1
6dd258765304ece618dbdb8131eb77b9c9057f20

SHA256
912580005600f2490bab6fe2b896c516e63fb61e9c7f8b3c621ec6d90e040452

SHA512
5183ca7184e94fb9620d47d906d5fcf46f7904781a97ff5a54d533786369ef44b965893e58d2e254abc940730431b66cf9dc8da839d6dc2719069d83896803bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\F2A2083FE81DFDB7AE59CFE7692CFB2304CD4926

Filesize
81KB

MD5
7df15c3eaf0fd3e5a75da0c10e58bc97

SHA1
e9c988e85a645c2065e12e4f2a9290caceec60e2

SHA256
d53c3851eb835a7a4a265f4bc1a1b507db7cabb1a6be0dfa610843112a4c9e91

SHA512
2c5975154037ce52e1e8a7efbb7a0b924ab3996c9a77c0c3e6cb88138b81d561d554d8c16b38e5ef936b628b67996d3baafaa7a6646b8e0bc642cc09492f3dd9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\F7A2CF64553C406E2983E92B0D1E4FF16E2C887D

Filesize
44KB

MD5
bc73fb96c65fd4a56958a505b69e83c5

SHA1
2e165802a73988a235716552184f6a152387239f

SHA256
321f8b07cf4535f145d8b3f1db882e15ac53bd841b420b2ca9f61d7f3dc1e373

SHA512
138c31550ee085cd36a5869579369c2505c9b340789ccec7b7f3684cc2786198f50392d0111e356f58bd08764d99852ceaf2247213d18541b3cec743218bf4fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\FF1BB9CC35A17CA1A0FFA605F5CEED13C8F9CFD6

Filesize
76KB

MD5
adb2dc2c8ee48e37f85c28261575b20c

SHA1
c6a6d373251b3c5073cd2835350c7c79e7d45126

SHA256
039ddf17a5e652960dfaf93743e145c6972921434470dddd4b5af6140bfa335e

SHA512
8226d17d47c59dda3aa0aad458248b8fadbc124e0596a4c9fb26597efdef2cd81fab3a179ed60052d78c267fcc4c946e8300a2c2602fb6f72dbef3ddea82a1f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\jumpListCache\up+cx8wHDIOTnGlgrI7AktZKLnjdEhAq+39SYeNWlMc=.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
042df3dd695329e82498bbd06384ee1b

SHA1
86510e959e9559cb718a8246c3a2f316ba35c076

SHA256
1dca7d2aa577a8bce83296f3eac2d036c33c1410815e0bb2968ffdf51b5316a5

SHA512
3a98c9b383f364a0ea7ebb0c1ea05a9a33ffd3250019307315f94043b084ae56ce5c7239e7351c13231ca3baadab852a7cb6d91b695d508ef9eac3182e72e9c9

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\0589302f91aa343fbe0005be96fccbe2

Filesize
7.4MB

MD5
0589302f91aa343fbe0005be96fccbe2

SHA1
e522005b2f17a5e1686ec12c78c59f9ea97bf3a2

SHA256
24a86d06e182f61060442200d2e197a3bf1ae0757ccb60ba65137b66e63fe236

SHA512
63e5f206365b59426f9bd66bbed78ad0e74018f5d9485f69793fa1fbb78beb8baf3f182814c4938a123a6ea993b91f39a3d070e676bf146e622e99a4e2874279

Download Submit
C:\Users\Admin\AppData\Local\Temp\node-v18.16.0-x64.msi

Filesize
30.1MB

MD5
0e4e9aa41d24221b29b19ba96c1a64d0

SHA1
231ade3d5a586c0eb4441c8dbfe9007dc26b2872

SHA256
5bfb6f3ab89e198539408f7e0e8ec0b0bd5efe8898573ec05b381228efb45a5d

SHA512
e6f27aecead72dffecbeaad46ebdf4b1fd3dbcddd1f6076ba183b654e4e32d30f7af1236bf2e04459186e993356fe2041840671be73612c8afed985c2c608913

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
fbc506a898cdf7cce098327ebc431749

SHA1
8cf0f3fa975c267531d5d3d22c9d774b6e8551e8

SHA256
f116a74894953391d4feea340192a55094e27eb6a4098bd046ec2a09a2642acd

SHA512
d879ab20120a68944e90802a080b2d9bb196dc1f2d2109eade02c580ec5b0cbf438c02fedac69e4ce8176e08bee95b65a9ee176dd43b4670348858c70a1e02e3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
ad56fd9ee1c9093f7aaeccdc3c2e0051

SHA1
755f6352f6e4a769bd49a6b27524de8100b14a52

SHA256
16b702622f9c7931bf6bc219e8e25b0190bc048c9490e716573636e59bd5f9cf

SHA512
864c019526c199e6c99a3ef4cb3b0509f08472ed6c41ed9441d3e7b2d5706ce7350d35a7b8d5ea6a5bc35d0b636fe621c96d0fc14e20164d51041173e77d9203

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
f09fb6abeeae3f81f966e73d53e071df

SHA1
308a337a8576639fad814ec43498460e93adcb7b

SHA256
dd592f57251af81876a419ed22b12d50d9b6befe71c96c5ce337d95d528a2f06

SHA512
dc07f2bf6838557eca42efaf30d3501d6d2f34de5919461e48b27f0ac4893d7c3849dc2b6bcfa2c5eaac62046046bd3241ae9388783cf338ef6024346e6dbff9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

Filesize
6KB

MD5
a96526c78281faaac45ed57f6a4dbecc

SHA1
12c30a3e8426fcfe2fb90b5dec72012192368ed4

SHA256
a1663ef4d0701bc634a2e538a8fc10faeff2722de7dac7a7a44c98cd7180c848

SHA512
f743c79e20bbf3df29d12648ff3f52b07376d1defec1ee287537480d6e727479b7883668c849ae7be01195cd25429d6116cc20003a1505de94a7f0e7c06a02c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

Filesize
12KB

MD5
c22fc47959f49bb599e28e18de70b675

SHA1
e78ac9cad188be06c7ec67b98168535d6b85d327

SHA256
373c9eaff276bdeaa8833f94ebc76907830e3668265483c595248be48316e8a0

SHA512
9b6f34c078301665471f49135bd38ef9989b9afdebc3ce8e32b8f9ada5a050073e0f85c9f2cd692f838c655869728368fa7dfaf5941acc4fa0f09c6ad078463e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5ec39e8e96abb403ff63a752751f0bad

SHA1
96422215e4e5c99408a9b80bc0e1bd250d74517a

SHA256
9f691b966316e228c6228678c7b132c3c652dedf6bce596323b306ceba1e1e1d

SHA512
8135eab3bccdbaef558bfbf3021140671fcd2e716ee1fdcac3aa00b9551fba59915ad9de0ac746d07a5997e7200e26e961f73e894bf1bb547cd64883f902fff4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c8643096b32937846cced5757d44f566

SHA1
cfcf9f9eaac097a0c4886feaceb16c4b428e0316

SHA256
e792bfde4e78928c3ff2f25ff0130ee218a09de6e0423510f5b4d4548df54b14

SHA512
4f72227f2687fd5254a4ca793b5cddaf5ce3add0dd4851d88b72b60eebb44e94c9a6e87fff635eccd1cbdacacd03057154e9719a5352d6b6ac02a399cd0b68f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
136KB

MD5
bee95ac09a07d553e7a3458a45af14cd

SHA1
34e177346da1a039c01c254d7f509603bd912bed

SHA256
82d8f5b93a9847a1cadd43aa5fe19d4ac03da0788d691178fa828e0f5bf4ea9f

SHA512
b2dfdde734718cea44b0da25d16d8fec371b030d944bc254c2e4fb14d3c7a42eb66f9d7a890057c406240e7373bf097a7afd1e71d48bd49cac319ed69ca9a4a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
61KB

MD5
c43eb1dc457c67a1d05c2fdf4bc6879b

SHA1
604585fc1008393fa6aa25f3beeba5eba3ed19ad

SHA256
7729bbf988000c051e9a009672578ebdedfca4990e60ac334cc3113c63c17785

SHA512
9d15e0efcc3bae1c5e6d3d5f5d5aca9feb04dd9951fbd219c96a6c0694a68639aa206a54ed495f323f38d876ac7833b77fa3a8bc72124b46f0af1d644972ef18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
139KB

MD5
221f530c2820af818f5212462e798b4d

SHA1
b4cabf4882b01a6779dd3102e358864204905051

SHA256
c9b2c06dfb5fef485c81c7a009c910504e9400f2299f67fe8192a4eb9adc3526

SHA512
9aae08349849035f0bfd1ab5f1745c5d04bd4db13797e2c3c7a873153476eddcacf661b337b333cc398b571bbaf8d8244bab5fd8f8386ea81b050283fe83ddb6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
139KB

MD5
33de142a4265a5df49600ce881a6ff99

SHA1
3b6b4860715627e12a0c53b9a9cd2327a565d888

SHA256
f4befc3f0502a3d44bce675cb872d944fbcfa1e14e0c98ebd37872189c81feaf

SHA512
0fc21191d2a605ec6627036755432dd0b7115c148bf746680b41f01d2be6eacfe8e1d8fd12629a48f67211488e5cd517319e8d041b9d01168eb90d317417393e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
140KB

MD5
cac32247aedaa624bfa3300b62073197

SHA1
c5b82bc6ca6f712be9c0333e606c734d47599aa1

SHA256
03e05c74dade63dc5fdc48400caee9163bc0d5e96ddaa14e245b491e9d3c4f80

SHA512
0816313fda5ef2ec34b205d0b038c9dd2d249b8facfef05204abc6f57f017d3ee2b5b7c7a3f6deb86274235c7cd416ce28039429d1dc938ff952a374f1adfcff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
140KB

MD5
b276ce2b232cb400116914efdc1af866

SHA1
f5cc92fc323594d7deab0bf5b112e78a26f2d466

SHA256
8462a38f787f1bb3242fcc64815628dda3cb77930399f72b9dfa9fdb92f4d0b0

SHA512
0172590865a47ef627326fa1cd44cc35f631ea15b558483f65f3606be57d9e435fda72b37b95135c766643cd8559e1894cb2820997358ecad32cef715d9005e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
61KB

MD5
ac4529573217f71e808b348166574551

SHA1
24438c1081fe3f1d3b2c08349d397691d33dc175

SHA256
6bbb7976c6df44ba1a4216343eeb1f7943438869af1e4f69d429a3517c0ebdb0

SHA512
bd91e05538fe523abd91448e94a2d280b48368e098bc5ad8a84dfb9a7562d797147f5de8882d603cd49fc1294bf8bb6897d6d3c38a0b2cd42dd873e2a4c220ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
aae5d265df29ed7dcc93a89a1584f115

SHA1
8d16f23d8d88673f1ba0c668335b92bd7cb90811

SHA256
c2d4ec1c6bf79c626339103023d08a0f85a6c24e801f7a886ded49a1113607b7

SHA512
f07fa8ad9fcf169d49255e4f1104bfc47d7df80582307c8243d3279b5b6f6c0fc924f084848b88ab9ff9422d2ece3a31b7df991768c5dda0576bba4369aa90f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
dcda0569da83367fc548ebcd0e8f47d7

SHA1
d4db48de74b8dbc8d0f35136301563c04af3db6b

SHA256
21def046ab7f66bddcc70c92011a24479c4d9d4e24244f1fead7a74bb882511f

SHA512
0dd882cec23aecafa136973c2123925f5abc3d4db1a591ed537847faf8ef35341a133fd8df1ba070869e9ae47ed2311844830a4c69dd1cbfcc6079a0024a38d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
107KB

MD5
a63100b3000157e4780984582ad18d11

SHA1
43bdc58e4df855c5112a5978a646bb0ceed39932

SHA256
3e628ad4c5d9fb8a6e5bfe1c093a0438900493d401a56ad26634e3bfeb981286

SHA512
3ed16f497addac58fd3861fc29d74f3e6992afe457a599d29590271d97ed1f8768e1aaaecb984608a42797f1e5ad4e1d4490ba04c67ad1b648e7b7d62f9bea8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\events\events

Filesize
4KB

MD5
30b797d5f25fe721dd9517ec6df03e76

SHA1
33bc1e3fdd84ebe2d09e9dfe474f13377ffd58f9

SHA256
9b97c7557f4fe510761d543649c9af9b10534f0ddd42f560314956b9beebaab9

SHA512
8182530930393e8afac3719dc5d4fd946b3ba7d308ddb99622d5b96f1ac4bb0b868a604c6adb4711c1f2f85895664f98927c9dca8cb91463f398cd698e3cc0f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\069a7402-8c64-4f43-af11-488976d2bece

Filesize
718B

MD5
e7635159b54078e67936b68fff0eb2f2

SHA1
e8c55ad9c77849d4d0c819ab7a3522051f1ea8cb

SHA256
cd04f3eebafd46056c654b8be9cf033005ef61fcc7ffa57d9dc4c18f0b9c50b3

SHA512
c92b8c6655bb1db21d0a0a34dcb5f3fb295183ab850eda3af09bde0d4aad280883984dc862d04e15fa1241b96c6830c24d889dfc3d969df091eebd6d8aecae5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\4507a9cd-5104-41b2-8305-2db6873cfbe0

Filesize
5KB

MD5
a7af5aeaa4e647eb034f204ad457d8c4

SHA1
67a57007135c633c39fa5e7d3cd840ce191f478e

SHA256
78998f2df528a66f53f55a1ffa32ecbf18f2260dfbe599b3064ba04dd3919299

SHA512
774a7d4d16ef05940243cea5e4cde9197be038a5c86227738d4098f4b468721daa47615ec579a088cb5230fe9fe8fbcf30c2395d44905a8772d83412053201e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\6a9feee6-be82-4a8e-880e-0106a8a355ad

Filesize
27KB

MD5
77df68f5b38a46ef7a10a9a908277bf3

SHA1
c2b29a8419f826a86029269d48ebff01a378c278

SHA256
87b6f91b52cdbe1e4149930406e7bee91a6e42aa1ee36a90de581b4b3d570404

SHA512
59b6e126347a54233df9292bfeb2c93e910d71b651e5d00a8d954c9742dd72a0627a02caa9b0476e6e3c1b9c1eab2ca3cc2a5a372214c0096e0618c304be1273

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\7b4bad19-db7a-43a0-b037-7f1fa095e5a0

Filesize
3KB

MD5
602ef551b0813b08a9cfa967ce690253

SHA1
38dcabe252f487ab0b5ab006ade489ec441359f4

SHA256
e15136b01922aa72f24f999d10e1b075c93653b181d5486eabf759db8aa12166

SHA512
4e3dd94bd91bd63285bfb43eb462807adc59642970faca6da88510a10b2fedcc6dbd0a4473c5c6fbb07b13638f257063e8c1ca2ca31d063717236d0f8d0cc2f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\a2648ac6-9eae-4fb0-a942-ad7536735eea

Filesize
982B

MD5
ad9e83a1079cde5a15fad82f7a21cd34

SHA1
a7e56028a476123964651a4cfa933f048fae51b9

SHA256
14a5be7416e2eaafd25c4cae8d511eb90dd5311327a780740eeadad9d393a293

SHA512
c204e338b37b21a233c78c0f834db9fc4805f5b335a95224d8ee12d1d86e193041cd152e76b51080cb900b39100c027b90f82c4fa6f7b321a9e033e822cff287

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\bdeb5dc1-d5c0-49f3-b3a0-29d69580dd6b

Filesize
43KB

MD5
6b846d6b496971c266b044435a7020b2

SHA1
bc1a52efefaa3523ae218809cdaad5e846aac7b0

SHA256
0862741b3edcf76149f18de72abde364d2e3d47be1765844b8a780ef94011f3e

SHA512
aee8939b3c4d9a2d1e3680b065491cb8ce1750a2f1e474907d66a9a5a8f086e776cce56e5d043ac184181a58cff4991bea178405ec78b478b57edf28eac6028b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\cbe58360-48d0-4ffd-8728-bca98f507ba8

Filesize
847B

MD5
9e9769b8497101da2b433ecceb65d43d

SHA1
e46536392be83eda0767bb27850713c3c91c3906

SHA256
169e5329314485b3a953da0b68d4715fec2d4fc02b26cca9ef5ddb6b959937b6

SHA512
adece2d4c64cf245ca230c54663d279d5e3d12db5aef709b23067cfe276afc51783dcffe1b95caefa1ce8f14b0a6ac365cbaeffe79ff7b5dafcf6530de4a502b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\d1d91af4-b703-4c58-9b33-306b6e2adf47

Filesize
2KB

MD5
a2011f2f3c77091f7d27e49c6eb398ea

SHA1
0067f354cc14ef64b32b70d0488fc955da9214c0

SHA256
872326bac01ab858dd6d5d117c98339c9cdfb6aa9cdfb6c636810825c44929e8

SHA512
f7d39b6294b3d45f41e41594acc38f35908890e4b91d198fcbbb0ea5610ecbdb0efa1e27f37d323cf4a8e04d205aa60a44c2974279f1e3dd56c7cbf5b0a37eea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\d87fd5a6-edaa-46ee-b6df-e7eccbc90e94

Filesize
671B

MD5
76b0c26c2eed86c73208fc2bc8141ece

SHA1
13f0aabbf1f10b1934e282eaa0f1e3a5e05a4f83

SHA256
e838e5c4a7756283d3b78be2ef8b84cc713de7d22a12cfa473e72b94b335dd15

SHA512
63f465200fa85039801b4cf3b8f9783b279c4da4f06e35e0dbad9d2d3f504cab05fa238dd87ee50c49d42834816114225011ac876b393045e4dcd5403c5967b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\places.sqlite

Filesize
5.0MB

MD5
1c25e3b34acef1554c932e64e93325b6

SHA1
f9310f2692bbab6e739f43c623b388dc21fe7fdc

SHA256
a8808698998a0e4409a23bb08b36688a481e52a291219bd476954265c7ed5c08

SHA512
bf0d447d4651b35a75f126a15482b1b0d49142d2ef2ad096507b751c7318582f412911181f535149db9de615da7d47a612a089a916b8f3e2ccab9101d5513173

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js

Filesize
12KB

MD5
2b58b36fcb05c9419392f1db9cea7160

SHA1
e48a85e66376b16d7d505741bf7f6ede13b1b74e

SHA256
6b3ed5e55cf622da4c26a64c6c79b2bfcfae05baa59c6df5d37fc7c0190ba023

SHA512
792967efdbe7432b2c2f076ca0d62e735fe889c16622b10f750e4bbc570574ed2038b4082e84787ec87a9c211466249ea44ba16902bd664a59a895ff9aa79545

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js

Filesize
12KB

MD5
b16812fa23ec830292be26491e44131c

SHA1
8284a488d2a2be232b24ebf9fdb082b50f5ec708

SHA256
93bd514b6b437eedf295464808e7e71b26f342680943ec9a085ffbc886de9471

SHA512
e60424cc4cce90b50b5de8a38494f0bbda7a20094defb48ef871da029b8a1f49c9c395f95c17339d2d4ff20ab4a23b966f40cc83f6ab9847d28da34248ee98e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
10KB

MD5
3bffa727a8892a9cb82a56bcf758dcc3

SHA1
2080253f126ac0d3155dba4e381fe9f24d51242d

SHA256
c6a70fd113506ca5bfa212fc16932a0de6f3a2924d5f02e5376a6426c40437c3

SHA512
24e60e983462c34341012613659d3d38aeb1c2976addd2a79111f28ab6e5611d28f6e4f4416dc3e7bf328033387963d03f658627e4ef1f3999b1b436668ad1dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
11KB

MD5
24bb76f24b2e3df1a7acdd78400bbcff

SHA1
e7e1049bd207d68e347060ed6fdd3149452251b9

SHA256
9481e44b6514b544de9e97e653a33168d3c1cb5fa6ad587392f04f0d1568129d

SHA512
1b69f9e67e12db505533f023883c74ef04544e04eda8bed649f857531adc7208acc68748c283bc2cbc5dfcfac74bc40a0d16522591b31d37b308a2919288e24f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
11KB

MD5
148abe1af9289e5ae6ab0da0d25708b0

SHA1
5be0bce23640e21678fec08e2a5a115d71f6f505

SHA256
eff51f4449b4b7dc8a934bbffc3f30aed87222e69f41bd0f3e3ff46f367b412f

SHA512
5b621eb130dfca51af9c054c5bf578fef3f0c529fac6a1d05833c042ceacf789b24ad0327cf7688f141c5f1c0160be8a5864bbe7bc51b0012e9ab5e16600e63f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
10KB

MD5
25db6413f0d4126ab397ffb16d31f50a

SHA1
5be9d6b8b34b69b9c3eac75c30970e2d6c6e7203

SHA256
584653909e39e794dabc6b0cca54f211dbb1a50afb98c0705dc39af5ea0eb05d

SHA512
f99a15380b064fd750eb49592a964bda430eed8176621711a275376c4c34c1fddba784decfdc93bf0590796e7f950c7bc5d17e204dacbce139113b8aa0f35e36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
48364af30ed620c7548aee6f8b4421fb

SHA1
89ebe445104ea6098783c166365e8fe2743cd285

SHA256
364fb7b668df547ee925c0fe8a4825eaddf652d91828ab6b5333fdc946eb2381

SHA512
f31b5433ed0ec02567d97b878e42fc0505bd2dbfa807619156bef3b855a2ed633be5edc4599cb110c683e839a22dbb057cf333de583f9b31361b87e7ea9aa295

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
729225fe3c8a3c4ff789e4e432b4c3cd

SHA1
5e9ffb3d40fa7d146ebaada9281d7fbf47dfcfdd

SHA256
b2cff7e532841305aba36e5f6eedeba7f809714c43d80c42aa92e254f0233eb1

SHA512
70c3f86c61d9e7aa160d0dba47b91bc4375e15d38b8370af3ead92dd32ef08077072d1dd0397d592ac0e280f01ed14dfc3bc7a21b0c3432d05804330d4863a84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
11KB

MD5
24f606a5a8cf52d97ba5236414a84d3a

SHA1
ab06e38bfa08bac46b9e289d233ac4e21d0ac13c

SHA256
fed701501c168218bb2b4b31bddeb2547a5ddf3d3e712254d7fb07140389d1ac

SHA512
e76f3e53a881ae16f008b2c4df2cf7577a619b52f3b25b7dc3a714b7acd337d7ee2695e126b9ee8a8a5ac48092b9629f993a2cd395144fb0d5382e069645a466

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
fcbca47fe4ef15f0cb59345a0e522d6d

SHA1
b8b8d87007078b6ab3c828679531e92aca7ec6b2

SHA256
784cea92b2f50bde3a5bf1734f90a4c6df9213a4235ad91c44431ebdc59db7ea

SHA512
edf3e768df909bdaecd1502cab2cbba0827aba7852fe669ecc89abc0143c6f9c4321160364143815598ada4343aab5a629b08fc91d5c188053c1f30ca5d5971c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
23KB

MD5
bb0af5e68ca820a6085f0f6429138248

SHA1
b6dc1aa31b73158db929443328d7f2c24249215d

SHA256
c02a59ce5bd2231f1ba9bf3c60743e398a69fc603613fad31c72cbcc6c1f2d21

SHA512
0a5ab9738d3a22e55d2e47d380488814104b9f76fa3973d28730c2fec24f7bc602b052b215e5caa7de6d7465d0b9a017699c236502f3cdf6688a854f3071f5e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
aa636b049ce490085cda5983a5bd15c3

SHA1
05bed7d672410a65b94321ceb308b620bb8c3ea4

SHA256
36d496271d35a9fd0fa6b1bf8bad9db9bd9f09612764ededa0d1ae060b17753f

SHA512
4c5ebbc547a6c3e455475590797e388f2442697120ebc8fced290d4b459380e9d295bcc437c068ea4248533bbe2761d4ad807c59c847d3b14423a119907be9c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
23KB

MD5
990003421edcfb9e112bdfe208526005

SHA1
c272f45341d7b396d39b032adfe4574dee437ac3

SHA256
bfef9ed256728ced364e6526820b568cc97b8f52cf1fec15142b222b0cff8928

SHA512
3e376c2b39fabe34fcf6fa90e1245f5342b90864e07aba42820fb0fc06a4dcc65b64f97cb840c512f3b99a266f9a4d9a43a4ab6def9388288eaed68cea9e1884

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
773b798aa5f22259701971610e59dc90

SHA1
60377f688739ae1a2df9a5d9f6851a65050bdeaf

SHA256
e0c972009169c2688b76e7ac2d1d491038ca5cfccff542d25d59d6b5c460669d

SHA512
fb542ab264d7646a4beb92d29f0f0e584aef9e65189f08ac0e226a609d9a4b99bf3882276150770d41bd0f0a321d043a0cccf8d18bb74a917a5ca4ecc55ded83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
27KB

MD5
8c65269f15eb06b0d528ae697b2ede12

SHA1
af9cce8e66bb8891a29fd8b66ed733dee48037a2

SHA256
b790ccd8a87c843138fe49f26e35c13f40dcaafe684e7cce25ffb429de924682

SHA512
704385892d1dbba695f5586b6ac507b57a97e3af050243d8fb1ad962a37a10bc24503050fad078cddfce22dabd8f230f1dea244ea812adcd72c32fe67ee53694

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
23KB

MD5
b8123d34f2e6821b359fae9d7dc0f30c

SHA1
91d1589a44e0d5e61d3fa3cf89245155437f6dd4

SHA256
bfdca2e0c6688e3ff2b1e35b3a472483e6ff3a0837b94033c0cbfc4a6a170cd6

SHA512
7f5ab2c457ca0d6dd840c94eff265aa64c266fe0b3d01ee8575a5715cabd3b0544973678a67ef5436412ddcc82d50b1cbadc329e65faefd7adaaa53a0ea6ee6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
587c8c7012fce48d51d5432f70f19271

SHA1
e24fc5e9a9c7f30752786ed008ced642351e32d3

SHA256
519077c9463b19f5580313b7f8b94d106ad21fdbe270d12fcb31dcdac19b2cc4

SHA512
d2ce083963bee8f137cb8038e56c75d1eb16d682b6829325bf3537c1e2bc9cddde8aef3f7c1cfeff478c00fdac3989e603b3b4982df3b87eed7e96bf2692f746

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
31KB

MD5
ff0fd4e728bfd633d65266ae93b7bf63

SHA1
725dc7ea5f6182a3cc9f3cde37ee058db6022596

SHA256
67381134388b0c5264822f030322a280b518d6530314e45f01b99c85bc153a99

SHA512
9230980e2192191c2abaf258d42e63c7251d6cefa4fd71413dac333f8f578f8d7f2e52b47d9796a3a7a18d0a0f8c7c80897c74ba11b0eb933e89aaaa4e85c6ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
24KB

MD5
9f76c2bca913f87720d2060db2f06f55

SHA1
9e29dfa1ea8f6ba9e14ae54a8dd4322678fc9693

SHA256
a2ff572393d366a61750e6304f7ad1cf2546acddb3eb6b25d18603781475b436

SHA512
ba21506b303d3877c0725adccb4b20af228144ffaa50624e240bb7b6bf1ed9dfbc7f666ccbd750776ae60b11dc1c5e4bba1821c694a6961d1d40d227158fb479

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
31KB

MD5
4a12b51cc80d5d70b74a3eb3d3f9118e

SHA1
c499cbdc27967c279a6da7bace904b2d967094aa

SHA256
4e94a06e9e4a88ac40c861008da12c261785caaeadf9bf0b58e4289d77edaba9

SHA512
fc2b92305b7c6b57ab8e0b0fbe97e7b7bbd22684f1ba4307e8fb93d626de9a540d2499a72a974dbeb707a44c088017fb3b03fad93680815834994d4523991268

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
29KB

MD5
f32edef83037045d80de7b040ca11a2b

SHA1
c358190ba6a2fd8246292934340feb5578aa80ff

SHA256
74e7ec07e4430727e18fa2ea14cb091f34640557a448ead18e9420f90319178b

SHA512
c387b8a767d49e1785dffdf1660e544479c65f00f144f47e87cbd9cfe0381895bd5ca98fe2488b1b47853b43204b85a3026222bb095871ef009dd76081a870cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
34KB

MD5
0a0c95e2e38634f78363fcaeb79c820c

SHA1
20d1d1a1885249b707733dc153a5875829c0a662

SHA256
45ac673a75b107effa0b32c95c478a55a27de7c3745684035d610238368b41a2

SHA512
f42ea8a48dd3cd8155a3d00e462773f2977683fea7aa45caa35d64d1e7e495220a34b3d18ee0d6fd9c309a5aa6a58398aab6af7d47038d3a039e9b14ff91e668

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
31KB

MD5
427150b45531343f81de26970da64532

SHA1
8ff278d542f6b8aecb95eb6334b56fde5539181d

SHA256
3157c88f91b072750dbef987f78bb49dfd3c2d48d7b2d039c4540b768b304112

SHA512
273503a4019b31a848164cf1cf57580bc41e356a4d96e16b52e49430d9065fed7d63ddc9bc8297efb794906a621b4970023791361f9aecc904497f7f57baa89c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
34KB

MD5
b820435bd2ce2d950b803e522f39321d

SHA1
5098612d2cc1a990581730fb3cac74279c77df16

SHA256
b2c6f41d9f4848e8ddb9d62f9d5760e0e77fb8883eb29629d875adc19a468279

SHA512
d0defa7e5f48b392061fa89e8eb58b2a5b8a7ee2c2980659565662722ea0067c27f243183e03098ffc43d906409880d1767274e358da4b5868cc6d5113c01b47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
32KB

MD5
71ad5a5710469c5da660628a778a5eb6

SHA1
93731838acbee2e591cfc56cf8acfb7d3853efcd

SHA256
a9c8ce047810ca32d45f9fa95e3553e89a660e3842ddaae1c0fc01ec6adbb086

SHA512
d3f1e05d4441d8cacaeb63b1981e5250c435a4b8416aef8d33aedee3bffaae41df8e94d58cfe27df3f6b82263e4ba95b57db947b2278df7f591a01b136ed9c72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
34KB

MD5
09bc67a048af9152fdcca2a5c79c7df1

SHA1
2241575f382b420c1fc5ab2d8f6411878a945ae6

SHA256
9f86f61d98061049ac48323a103d2cc1aaaf4a780e8f15ea36ead9e6845ea0d8

SHA512
58ea5a7c25c808a55964bf084eafd9fa93577836b2a3b52239e4499adb26510d2004bb13b92c67eefb7955ef514ace25be03c52255f89f21d3a10d2db168043d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\default\https+++www.reddit.com\cache\morgue\119\{dce7645d-d797-4fec-8bd0-5b04f87f2077}.final

Filesize
2KB

MD5
d106e9d73e807ce0916ac3fa51d1461b

SHA1
a1138b90f539ebe70efe33fa35f96f237fc2c059

SHA256
1ddaf57a54e90c2f53b0f3479651a124f56d1ea3ade097cd0bfa0157de62f942

SHA512
28a0a450cb47d9dbdc743a5ff5e472ace7ffcdac7644d155378e9a848563b58061110f7fd1e2006c4baf1229efc138f6f3ddda847f1191557765529a8e3517ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\default\https+++www.reddit.com\idb\2728594770keeryovtasl-.sqlite

Filesize
48KB

MD5
9924a9c5ee58b51e652c06537d5dc29d

SHA1
fc7105d76f823655d2692e49dd5487d861ef7f23

SHA256
907b5a93dea42c85bf2f7754265db7ba4107744776e5b306bb7666beca82662f

SHA512
c7c2b3a79e33f1fba0299d8ccb91a3087aed2ae63abd57c63e6d372231226d8a46368c7880eeff6d2e47837373805317f925ae18e1f0ef81285d70b40f153073

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
1726eabccbb40bb062002ab7d3dd21bc

SHA1
33474adfa14a18ab71c61e0c458720aac1f9504b

SHA256
78f0fccee34083643e00ea5d44acfcf922e356bd6446330109eca684d523ad22

SHA512
abd16cfa4a48e72e4b05c3650b23a4c3f51344c283d43a7add4761eff2e76d4b1bb62c9a2a9d6afdc39456711cf222a777578016da843141f8e5815f1296329a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\xulstore.json

Filesize
141B

MD5
d7a9c29a5421078a9135ccf1cade552a

SHA1
e1b43108778d359d8d9287cf59225617e1769463

SHA256
bade20948c677d1d458e39a4cf6d8c4d8237263d55e63370d6272fa3243ffe28

SHA512
49553b13fa1cc8d257f2ca9056742e6e11fbdce21633edeb5af6f863294f97ccf3cabe851d94bcedba03e2716311a48dcf8064eb1500f8a7c400b049bf48296f

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.XUU8TJuL.exe.part

Filesize
7.2MB

MD5
a1c0810b143c7d1197657b43f600ba6b

SHA1
b4aa66f5cdd4efc83d0478022d4454084d4bab1d

SHA256
30f233f41ec825806609fb60d87c8cb92a512b10f7e91cdbb4bf32cee18217ae

SHA512
8f45702da43526c04b957f571450a2b53f122b840fa6118a446972bc824c8ee7acd6e197177b54236ce7f428fb73a7cbe4ed18d643c625c9f156463d51ee038a

Download Submit
C:\Windows\Installer\MSI5DB.tmp

Filesize
297KB

MD5
7a86ce1a899262dd3c1df656bff3fb2c

SHA1
33dcbe66c0dc0a16bab852ed0a6ef71c2d9e0541

SHA256
b8f2d0909d7c2934285a8be010d37c0609c7854a36562cbfcbce547f4f4c7b0c

SHA512
421e8195c47381de4b3125ab6719eec9be7acd2c97ce9247f4b70a309d32377917c9686b245864e914448fe53df2694d5ee5f327838d029989ba7acafda302ec

Download Submit
C:\Windows\Installer\MSIF4B0.tmp

Filesize
122KB

MD5
9fe9b0ecaea0324ad99036a91db03ebb

SHA1
144068c64ec06fc08eadfcca0a014a44b95bb908

SHA256
e2cce64916e405976a1d0c522b44527d12b1cba19de25da62121cf5f41d184c9

SHA512
906641a73d69a841218ae90b83714a05af3537eec8ad1d761f58ac365cf005bdd74ad88f71c4437aaa126ac74fa46bcad424d17c746ab197eec2caa1bd838176

Download Submit
C:\Windows\Installer\MSIF52F.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
memory/2072-3211-0x00007FFEEDD40000-0x00007FFEEE801000-memory.dmp

Filesize
10.8MB

Download
memory/2072-2790-0x00000226B75E0000-0x00000226B75F2000-memory.dmp

Filesize
72KB

Download
memory/2072-0-0x00007FFEEDD43000-0x00007FFEEDD45000-memory.dmp

Filesize
8KB

Download
memory/2072-4-0x00000226B5460000-0x00000226B5482000-memory.dmp

Filesize
136KB

Download
memory/2072-2786-0x00000226B57E0000-0x00000226B57EA000-memory.dmp

Filesize
40KB

Download
memory/2072-1-0x000002269AF10000-0x000002269AFDE000-memory.dmp

Filesize
824KB

Download
memory/2072-380-0x00007FFEEDD40000-0x00007FFEEE801000-memory.dmp

Filesize
10.8MB

Download
memory/2072-2-0x00007FFEEDD40000-0x00007FFEEE801000-memory.dmp

Filesize
10.8MB

Download
memory/4524-4499-0x0000000000A50000-0x0000000000A85000-memory.dmp

Filesize
212KB

Download
memory/4524-5354-0x0000000000A50000-0x0000000000A85000-memory.dmp

Filesize
212KB

Download
memory/4524-5176-0x00000000734D0000-0x00000000736E0000-memory.dmp

Filesize
2.1MB

Download
memory/4524-4500-0x00000000734D0000-0x00000000736E0000-memory.dmp

Filesize
2.1MB

Download
memory/5488-3214-0x0000022B25740000-0x0000022B257F2000-memory.dmp

Filesize
712KB

Download
memory/5488-3212-0x0000022B25680000-0x0000022B2573A000-memory.dmp

Filesize
744KB

Download
memory/5488-3207-0x0000022B0A680000-0x0000022B0A6A4000-memory.dmp

Filesize
144KB

Download
memory/5488-3210-0x0000022B25910000-0x0000022B25E4C000-memory.dmp

Filesize
5.2MB

Download
memory/7164-5391-0x00007FFF0A0E0000-0x00007FFF0A110000-memory.dmp

Filesize
192KB

Download
memory/7164-5395-0x00007FFF0BB10000-0x00007FFF0BB20000-memory.dmp

Filesize
64KB

Download
memory/7164-5367-0x00007FFF0C430000-0x00007FFF0C440000-memory.dmp

Filesize
64KB

Download
memory/7164-5366-0x00007FFF0C430000-0x00007FFF0C440000-memory.dmp

Filesize
64KB

Download
memory/7164-5371-0x00007FFF0C590000-0x00007FFF0C5C0000-memory.dmp

Filesize
192KB

Download
memory/7164-5376-0x00007FFF0AD70000-0x00007FFF0AD80000-memory.dmp

Filesize
64KB

Download
memory/7164-5377-0x00007FFF0AD70000-0x00007FFF0AD80000-memory.dmp

Filesize
64KB

Download
memory/7164-5378-0x00007FFF0AE00000-0x00007FFF0AE10000-memory.dmp

Filesize
64KB

Download
memory/7164-5379-0x00007FFF0AE00000-0x00007FFF0AE10000-memory.dmp

Filesize
64KB

Download
memory/7164-5380-0x00007FFF0AE20000-0x00007FFF0AE30000-memory.dmp

Filesize
64KB

Download
memory/7164-5381-0x00007FFF0AE20000-0x00007FFF0AE30000-memory.dmp

Filesize
64KB

Download
memory/7164-5385-0x00007FFF09E60000-0x00007FFF09E70000-memory.dmp

Filesize
64KB

Download
memory/7164-5386-0x00007FFF09E60000-0x00007FFF09E70000-memory.dmp

Filesize
64KB

Download
memory/7164-5387-0x00007FFF09F70000-0x00007FFF09F80000-memory.dmp

Filesize
64KB

Download
memory/7164-5388-0x00007FFF09F70000-0x00007FFF09F80000-memory.dmp

Filesize
64KB

Download
memory/7164-5389-0x00007FFF0A0E0000-0x00007FFF0A110000-memory.dmp

Filesize
192KB

Download
memory/7164-5390-0x00007FFF0A0E0000-0x00007FFF0A110000-memory.dmp

Filesize
192KB

Download
memory/7164-5369-0x00007FFF0C540000-0x00007FFF0C550000-memory.dmp

Filesize
64KB

Download
memory/7164-5392-0x00007FFF0A0E0000-0x00007FFF0A110000-memory.dmp

Filesize
192KB

Download
memory/7164-5393-0x00007FFF0A0E0000-0x00007FFF0A110000-memory.dmp

Filesize
192KB

Download
memory/7164-5394-0x00007FFF0BB10000-0x00007FFF0BB20000-memory.dmp

Filesize
64KB

Download
memory/7164-5368-0x00007FFF0C540000-0x00007FFF0C550000-memory.dmp

Filesize
64KB

Download
memory/7164-5396-0x00007FFF0BBC0000-0x00007FFF0BBCE000-memory.dmp

Filesize
56KB

Download
memory/7164-5397-0x00007FFF0BBC0000-0x00007FFF0BBCE000-memory.dmp

Filesize
56KB

Download
memory/7164-5398-0x00007FFF0BBC0000-0x00007FFF0BBCE000-memory.dmp

Filesize
56KB

Download
memory/7164-5399-0x00007FFF0BBC0000-0x00007FFF0BBCE000-memory.dmp

Filesize
56KB

Download
memory/7164-5400-0x00007FFF0BBC0000-0x00007FFF0BBCE000-memory.dmp

Filesize
56KB

Download
memory/7164-5402-0x00007FFF0BE90000-0x00007FFF0BEA0000-memory.dmp

Filesize
64KB

Download
memory/7164-5403-0x00007FFF0BEB0000-0x00007FFF0BEBB000-memory.dmp

Filesize
44KB

Download
memory/7164-5404-0x00007FFF0BEB0000-0x00007FFF0BEBB000-memory.dmp

Filesize
44KB

Download
memory/7164-5405-0x00007FFF0BEB0000-0x00007FFF0BEBB000-memory.dmp

Filesize
44KB

Download
memory/7164-5401-0x00007FFF0BE90000-0x00007FFF0BEA0000-memory.dmp

Filesize
64KB

Download
memory/7164-5406-0x00007FFF0BEB0000-0x00007FFF0BEBB000-memory.dmp

Filesize
44KB

Download
memory/7164-5407-0x00007FFF0BEB0000-0x00007FFF0BEBB000-memory.dmp

Filesize
44KB

Download
memory/7164-5408-0x00007FFF09CD0000-0x00007FFF09CE0000-memory.dmp

Filesize
64KB

Download
memory/7164-5382-0x00007FFF0AE20000-0x00007FFF0AE30000-memory.dmp

Filesize
64KB

Download
memory/7164-5370-0x00007FFF0C590000-0x00007FFF0C5C0000-memory.dmp

Filesize
192KB

Download
memory/7164-5372-0x00007FFF0C590000-0x00007FFF0C5C0000-memory.dmp

Filesize
192KB

Download
memory/7164-5383-0x00007FFF0AE20000-0x00007FFF0AE30000-memory.dmp

Filesize
64KB

Download
memory/7164-5384-0x00007FFF0AE20000-0x00007FFF0AE30000-memory.dmp

Filesize
64KB

Download
memory/7164-5374-0x00007FFF0C590000-0x00007FFF0C5C0000-memory.dmp

Filesize
192KB

Download
memory/7164-5375-0x00007FFF0C620000-0x00007FFF0C625000-memory.dmp

Filesize
20KB

Download
memory/7164-5373-0x00007FFF0C590000-0x00007FFF0C5C0000-memory.dmp

Filesize
192KB

Download