8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3

Analysis

max time kernel
505s
max time network
978s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-12-2024 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bootstrapper.exe
Size

800KB
MD5

02c70d9d6696950c198db93b7f6a835e
SHA1

30231a467a49cc37768eea0f55f4bea1cbfb48e2
SHA256

8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
SHA512

431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
SSDEEP

12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 16 IoCs

pid	Process
1732	RobloxPlayerInstaller.exe
1936	MicrosoftEdgeWebview2Setup.exe
1980	MicrosoftEdgeUpdate.exe
1480	MicrosoftEdgeUpdate.exe
1076	MicrosoftEdgeUpdate.exe
2448	MicrosoftEdgeUpdateComRegisterShell64.exe
936	MicrosoftEdgeUpdateComRegisterShell64.exe
896	MicrosoftEdgeUpdateComRegisterShell64.exe
1736	MicrosoftEdgeUpdate.exe
2040	MicrosoftEdgeUpdate.exe
380	MicrosoftEdgeUpdate.exe
2352	MicrosoftEdgeUpdate.exe
1344	MicrosoftEdge_X64_109.0.1518.140.exe
2296	setup.exe
3040	MicrosoftEdgeUpdate.exe
3012	RobloxPlayerBeta.exe

Loads dropped DLL 34 IoCs

pid	Process
1732	RobloxPlayerInstaller.exe
1732	RobloxPlayerInstaller.exe
1732	RobloxPlayerInstaller.exe
1936	MicrosoftEdgeWebview2Setup.exe
1980	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe
1076	MicrosoftEdgeUpdate.exe
1076	MicrosoftEdgeUpdate.exe
2448	MicrosoftEdgeUpdateComRegisterShell64.exe
1076	MicrosoftEdgeUpdate.exe
1076	MicrosoftEdgeUpdate.exe
936	MicrosoftEdgeUpdateComRegisterShell64.exe
1076	MicrosoftEdgeUpdate.exe
1076	MicrosoftEdgeUpdate.exe
896	MicrosoftEdgeUpdateComRegisterShell64.exe
1076	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe
380	MicrosoftEdgeUpdate.exe
2040	MicrosoftEdgeUpdate.exe
380	MicrosoftEdgeUpdate.exe
380	MicrosoftEdgeUpdate.exe
1344	MicrosoftEdge_X64_109.0.1518.140.exe
2296	setup.exe
380	MicrosoftEdgeUpdate.exe
1732	RobloxPlayerInstaller.exe
1732	RobloxPlayerInstaller.exe
1732	RobloxPlayerInstaller.exe
3012	RobloxPlayerBeta.exe

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	1.0.0.1

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Checks system information in the registry 2 TTPs 10 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\TerrainTools\mtrl_sand_2022.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\InspectMenu\selection_rounded.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\graphic\Auth\CharacterShadow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\xboxLT.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\ImageSet\AE\img_set_1x_1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2296_1485650986\109.0.1518.140\EdgeWebView.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2296_1485650986\109.0.1518.140\Locales\kn.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\TerrainTools\mtrl_basalt.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Emotes\Large\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\MaterialGenerator\Materials\Metal.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2296_1485650986\109.0.1518.140\Locales\kok.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\AssetImport\btn_dark_resetcam_28x28.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\btn_red.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2296_1485650986\109.0.1518.140\EBWebView\x64\EmbeddedBrowserWebView.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\it.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\PdfPreview\PdfPreviewHandler.dll	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ControlsEmulator\PlayStation4_Dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-instudio-12x12.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\icons\ic-checkbox-on copy.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\az.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\AnimationEditor\btn_manage.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioSharedUI\avatarMask.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2296_1485650986\109.0.1518.140\identity_proxy\stable.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\fonts\AmaticSC-Regular.ttf	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\fr-CA.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioSharedUI\statusWarning.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Settings\Players\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedge_proxy.exe	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\particles\SquareParticle.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2296_1485650986\109.0.1518.140\Trust Protection Lists\Mu\Content	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\avatar\heads\headG.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\AnimationEditor\button_radio_background.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioToolbox\AssetConfig\readyforsale.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\XboxController\DPadDown.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Emotes\Editor\Large\OrangeHighlight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_8.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\identity_proxy\identity_helper.Sparse.Beta.msix	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\DeveloperFramework\Votes\rating_down_red.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_cy.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2296_1485650986\109.0.1518.140\msedge_pwa_launcher.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\VisualElements\SmallLogo.png	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\XboxController\DPadRight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VoiceChat\SpeakerNew\Unmuted0.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Trust Protection Lists\Mu\Advertising	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioToolbox\AssetPreview\Likes_Grey.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\btn_white.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\graphic\shimmer_darkTheme.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\TerrainTools\locked.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\icons\ic-create-group.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\icons\icon-share-game-24x24.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\Locales\te.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\rotationArrow.png	RobloxPlayerInstaller.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1736	MicrosoftEdgeUpdate.exe
2352	MicrosoftEdgeUpdate.exe
3040	MicrosoftEdgeUpdate.exe
2912	MicrosoftEdgeUpdate.exe
3856	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2804	ipconfig.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ba-e5-f9-a4-1c-e1	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{A1840FA4-2F2A-4181-99C5-5E90F32747D5}\WpadDecisionTime = 30ba4fdb5053db01	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{A1840FA4-2F2A-4181-99C5-5E90F32747D5}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{A1840FA4-2F2A-4181-99C5-5E90F32747D5}\WpadDecisionReason = "1"	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{A1840FA4-2F2A-4181-99C5-5E90F32747D5}\WpadDecisionTime = c0d2dcd75053db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{A1840FA4-2F2A-4181-99C5-5E90F32747D5}\WpadDecisionTime = 203ee09f5053db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{A1840FA4-2F2A-4181-99C5-5E90F32747D5}\ba-e5-f9-a4-1c-e1	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ba-e5-f9-a4-1c-e1\WpadDecision = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ba-e5-f9-a4-1c-e1\WpadDecisionTime = 30ba4fdb5053db01	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ba-e5-f9-a4-1c-e1\WpadDetectedUrl	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{A1840FA4-2F2A-4181-99C5-5E90F32747D5}\WpadNetworkName = "Network 3"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b71c150c7c1f40de\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe\AppID = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\ = "Microsoft Edge Update Process Launcher Class"	MicrosoftEdgeUpdate.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
1732	RobloxPlayerInstaller.exe
1980	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1272	WMIC.exe
Token: SeSecurityPrivilege	1272	WMIC.exe
Token: SeTakeOwnershipPrivilege	1272	WMIC.exe
Token: SeLoadDriverPrivilege	1272	WMIC.exe
Token: SeSystemProfilePrivilege	1272	WMIC.exe
Token: SeSystemtimePrivilege	1272	WMIC.exe
Token: SeProfSingleProcessPrivilege	1272	WMIC.exe
Token: SeIncBasePriorityPrivilege	1272	WMIC.exe
Token: SeCreatePagefilePrivilege	1272	WMIC.exe
Token: SeBackupPrivilege	1272	WMIC.exe
Token: SeRestorePrivilege	1272	WMIC.exe
Token: SeShutdownPrivilege	1272	WMIC.exe
Token: SeDebugPrivilege	1272	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1272	WMIC.exe
Token: SeRemoteShutdownPrivilege	1272	WMIC.exe
Token: SeUndockPrivilege	1272	WMIC.exe
Token: SeManageVolumePrivilege	1272	WMIC.exe
Token: 33	1272	WMIC.exe
Token: 34	1272	WMIC.exe
Token: 35	1272	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1272	WMIC.exe
Token: SeSecurityPrivilege	1272	WMIC.exe
Token: SeTakeOwnershipPrivilege	1272	WMIC.exe
Token: SeLoadDriverPrivilege	1272	WMIC.exe
Token: SeSystemProfilePrivilege	1272	WMIC.exe
Token: SeSystemtimePrivilege	1272	WMIC.exe
Token: SeProfSingleProcessPrivilege	1272	WMIC.exe
Token: SeIncBasePriorityPrivilege	1272	WMIC.exe
Token: SeCreatePagefilePrivilege	1272	WMIC.exe
Token: SeBackupPrivilege	1272	WMIC.exe
Token: SeRestorePrivilege	1272	WMIC.exe
Token: SeShutdownPrivilege	1272	WMIC.exe
Token: SeDebugPrivilege	1272	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1272	WMIC.exe
Token: SeRemoteShutdownPrivilege	1272	WMIC.exe
Token: SeUndockPrivilege	1272	WMIC.exe
Token: SeManageVolumePrivilege	1272	WMIC.exe
Token: 33	1272	WMIC.exe
Token: 34	1272	WMIC.exe
Token: 35	1272	WMIC.exe
Token: SeDebugPrivilege	2848	Bootstrapper.exe
Token: 33	2972	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2972	AUDIODG.EXE
Token: 33	2972	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2972	AUDIODG.EXE
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2712	2848	Bootstrapper.exe	31
PID 2848 wrote to memory of 2712	2848	Bootstrapper.exe	31
PID 2848 wrote to memory of 2712	2848	Bootstrapper.exe	31
PID 2712 wrote to memory of 2804	2712	cmd.exe	33
PID 2712 wrote to memory of 2804	2712	cmd.exe	33
PID 2712 wrote to memory of 2804	2712	cmd.exe	33
PID 2848 wrote to memory of 3004	2848	Bootstrapper.exe	34
PID 2848 wrote to memory of 3004	2848	Bootstrapper.exe	34
PID 2848 wrote to memory of 3004	2848	Bootstrapper.exe	34
PID 3004 wrote to memory of 1272	3004	cmd.exe	36
PID 3004 wrote to memory of 1272	3004	cmd.exe	36
PID 3004 wrote to memory of 1272	3004	cmd.exe	36
PID 2848 wrote to memory of 2328	2848	Bootstrapper.exe	38
PID 2848 wrote to memory of 2328	2848	Bootstrapper.exe	38
PID 2848 wrote to memory of 2328	2848	Bootstrapper.exe	38
PID 2284 wrote to memory of 2260	2284	chrome.exe	44
PID 2284 wrote to memory of 2260	2284	chrome.exe	44
PID 2284 wrote to memory of 2260	2284	chrome.exe	44
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2032	2284	chrome.exe	46
PID 2284 wrote to memory of 2548	2284	chrome.exe	47
PID 2284 wrote to memory of 2548	2284	chrome.exe	47
PID 2284 wrote to memory of 2548	2284	chrome.exe	47
PID 2284 wrote to memory of 2124	2284	chrome.exe	48
PID 2284 wrote to memory of 2124	2284	chrome.exe	48
PID 2284 wrote to memory of 2124	2284	chrome.exe	48
PID 2284 wrote to memory of 2124	2284	chrome.exe	48

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Windows\system32\cmd.exe
  "cmd" /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:2804
- C:\Windows\system32\cmd.exe
  "cmd" /c wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic nicconfig where (IPEnabled=TRUE) call SetDNSServerSearchOrder ("1.1.1.1", "1.0.0.1")
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1272
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2848 -s 1128
  2⤵
  PID:2328

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2140

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6849758,0x7fef6849768,0x7fef6849778
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:2
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2160 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2168 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1148 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:2
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3180 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3664 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1616 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3684 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2536 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3908 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4144 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4300 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4308 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3188 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4464 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4292 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1732
- - C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:1936
  - - C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1980
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1480
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1076
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2448
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:936
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:896
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODQwQjZDQjAtQTQ3MS00MUQ2LTk4REItNzk0OUUzOTBCN0E1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5MUMxNjNDMS0yQjEzLTQyQUUtOUU3Mi0wRjdCOTY5NDAxOTR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTU4MDA3MDAwMCIgaW5zdGFsbF90aW1lX21zPSI2OTkiLz48L2FwcD48L3JlcXVlc3Q-
        5⤵
        Executes dropped EXE
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1736
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{840B6CB0-A471-41D6-98DB-7949E390B7A5}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2040
- - C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 1732
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3804 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:NT251XMyGK71WNZ2lHj8nLacQHZ343OZI0wDzYXT-CWXmYTDgXLncZD9x7aWxBbmnofj5X2pjduz6Ka3w9CALU8ATDenhZtvpyMqJjsssqO1GjuevtUJcRiS5SXNv8KsCf9m8rjzcAWpXjqF0xO-DMtifibIc65IyrnhPEcmODO1nRygdSGs4xtY2c955ruLVhuXBEUzh7-bslpozcFRmGT8rnC8G-KtHWhVNRSJigQ+launchtime:1734748326773+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1734748287209003%26placeId%3D2753915549%26isPlayTogetherGame%3Dfalse%26referredByPlayerId%3D0%26joinAttemptId%3Dd355e95e-8be4-452f-99ce-dbdf5db8ab37%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1734748287209003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3784 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3812 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3736 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2368 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3688 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4136 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2708 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3936 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3728 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4608 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3764 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4364 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=3812 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4992 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3664 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=3796 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4956 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5204 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4932 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=3736 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2584
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13ff37688,0x13ff37698,0x13ff376a8
    3⤵
    PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4652 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=4960 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5472 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3520
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13ff37688,0x13ff37698,0x13ff376a8
    3⤵
    PID:3532
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3604
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13ff37688,0x13ff37698,0x13ff376a8
    3⤵
    PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=4916 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=4788 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=780 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5276 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5144 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5200 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=4812 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5144 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=3720 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=1528 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=4444 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=4856 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5412 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=4848 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=5012 --field-trial-handle=1380,i,8109695144859457095,12840391365518236540,131072 /prefetch:1
  2⤵
  PID:3600

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1808

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:380
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODQwQjZDQjAtQTQ3MS00MUQ2LTk4REItNzk0OUUzOTBCN0E1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5NjlGMzc1NC1CNEE3LTQ5RTEtQTk1NS0yOEU0QzI3ODIxMjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIG5leHR2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjMiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU1ODI2MjAwMDAiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:2352
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C1349E7D-8C5A-47E5-9BB7-E7865CF7BE41}\MicrosoftEdge_X64_109.0.1518.140.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C1349E7D-8C5A-47E5-9BB7-E7865CF7BE41}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1344
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C1349E7D-8C5A-47E5-9BB7-E7865CF7BE41}\EDGEMITMP_E78F4.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C1349E7D-8C5A-47E5-9BB7-E7865CF7BE41}\EDGEMITMP_E78F4.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C1349E7D-8C5A-47E5-9BB7-E7865CF7BE41}\MicrosoftEdge_X64_109.0.1518.140.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    PID:2296
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODQwQjZDQjAtQTQ3MS00MUQ2LTk4REItNzk0OUUzOTBCN0E1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBQTg3NzFDQi1FN0I0LTQ5MjItQUM4Ri1DM0U5MTIzOTc3ODd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuMTUxOC4xNDAiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU4OTQwMDAwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1ODk0MDUwMDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjE0MzY2MDAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMGM0MDg0ZjMtMWJlZC00MjQ2LWI4ZWQtMjA2Y2NiZTYwZTNjP1AxPTE3MzUzNTMxOTcmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZjJHdGp1T1RDa3Q5MnkzNGZLTWtrYWxqOXhEbGo2WVZIRkpzTVFpdjhRMjNiQUo3RVUwUGIzemNGJTJiczhpU3BoUlFIUzZRMTIlMmYwNkZQaXdkWGVrUFNnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTQwNjk2MDA4IiB0b3RhbD0iMTQwNjk2MDA4IiBkb3dubG9hZF90aW1lX21zPSIxMzMwMSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYxNDM5MjAwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTU4NTIwMDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NjA5IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MzgwMDMwMDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNjA4NyIgZG93bmxvYWRfdGltZV9tcz0iMjQ5ODEiIGRvd25sb2FkZWQ9IjE0MDY5NjAwOCIgdG90YWw9IjE0MDY5NjAwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMjIxNDgiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:3040

C:\Windows\system32\taskeng.exe
taskeng.exe {774CA9DE-5A7E-462B-9461-ADD4A7E1DF83} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
PID:2412
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
  2⤵
  PID:2668

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
PID:1636
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{491341C1-FF2E-4456-9195-EA70461DB9C6}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{491341C1-FF2E-4456-9195-EA70461DB9C6}\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe" /update /sessionid "{ABC4D405-D459-4BDC-BFB4-A84843EB17D9}"
  2⤵
  PID:3940
- - C:\Program Files (x86)\Microsoft\Temp\EUE61B.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUE61B.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{ABC4D405-D459-4BDC-BFB4-A84843EB17D9}"
    3⤵
    PID:2332
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      PID:1012
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      PID:1460
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        
        PID:2668
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        
        PID:1620
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        
        PID:3124
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUJDNEQ0MDUtRDQ1OS00QkRDLUJGQjQtQTg0ODQzRUIxN0Q5fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7M0MwMkE5RUUtOUU2Qy00RjgwLTgxODUtNEJEQjBGQTQ0MzcyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjIiIGRpc2tfdHlwZT0iMCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjM5IiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY1NTkiIGluc3RhbGxkYXRldGltZT0iMTczNDc0ODM2NCI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTEzMTMzODAwMDAiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3856
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUJDNEQ0MDUtRDQ1OS00QkRDLUJGQjQtQTg0ODQzRUIxN0Q5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4RjYxNDU1RC00OThBLTQ3RTItQUY5Ri0wQzBEMjdFMEQ2MDl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzkiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODk5NDg4MDAwMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4OTk0ODgwMDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMDE2MzU2MDAwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xN2I3NTIyMy1hMzVlLTQ0NGEtODBkNC1iYjk4OWNjZjJmNzM_UDE9MTczNTM1MzUwOSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1oWFh2SWhFODNDNmZQVU91elBPJTJiMFpBR1gwOW8xd0tjNWJiN3ElMmJhZUdSa21zVnVxJTJiUW0zR0JpVDluSTBCOHFpYlVtZDRBeWhLYXJmQWh6cEZUTFphZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2NTMzMjgiIHRvdGFsPSIxNjUzMzI4IiBkb3dubG9hZF90aW1lX21zPSIyMDE2MDEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTEwMTYzNTYwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTEwMjIyODQwMDAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEwOS4wLjE1MTguMTQwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2NTU5Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7Q0M0QjUyRkUtN0ZBOS00QTlFLUEyQzQtRjQ5RkFERkM5QUM0fSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.39\MicrosoftEdgeUpdateSetup_X86_1.3.195.39.exe

Filesize
1.6MB

MD5
2516fc0d4a197f047e76f210da921f98

SHA1
2a929920af93024e8541e9f345d623373618b249

SHA256
fd424062ff3983d0edd6c47ab87343a15e52902533e3d5f33f1b0222f940721c

SHA512
1606c82f41ca6cbb58e522e03a917ff252715c3c370756977a9abd713aa12e37167a30f6f5de252d431af7e4809ae1e1850c0f33d4e8fc11bab42b224598edc8

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2296_1485650986\109.0.1518.140\Installer\msedge_7z.data

Filesize
3KB

MD5
bd70ed26e6e6f3193043ac09c58c6a1c

SHA1
d733a65e17f2851d5116598dd80533efc1656468

SHA256
7a474217d20b9a6fe3c3a46c0d6d5b2d2040fa790663f6da9202ee7cb07bb448

SHA512
3e2ecade6d687b0736d5eafd7527b24095b9c51f0c8ba99398b23da2d8843c49fc8c1fa37190d385b504d8224c8c517d78d44ae32e10e45d54b19477a6970756

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2296_1485650986\109.0.1518.140\Installer\setup.exe

Filesize
3.8MB

MD5
3a92a61a6e01c80ecc7d9499abb901b7

SHA1
d89d05802d937f9c71ced14282b8a19623fca7c8

SHA256
b70b2ed82c7afde8003983992b74f8182f55080b43da3d96dd29e8c0c7e8b47e

SHA512
3867efbd984ddd1eec084c70a42104cbc0057c3bed222af8963051779b612b46bf4cea3311452f6564513d7558d49a1e66a9473ad53f1b2fb4c43a9d7d0fb47d

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
28fefc59008ef0325682a0611f8dba70

SHA1
f528803c731c11d8d92c5660cb4125c26bb75265

SHA256
55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

SHA512
2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
9db7f66f9dc417ebba021bc45af5d34b

SHA1
6815318b05019f521d65f6046cf340ad88e40971

SHA256
e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

SHA512
943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
b78cba3088ecdc571412955742ea560b

SHA1
bc04cf9014cec5b9f240235b5ff0f29dbdb22926

SHA256
f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

SHA512
04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
a7e1f4f482522a647311735699bec186

SHA1
3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

SHA256
e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

SHA512
22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
cbe3454843ce2f36201460e316af1404

SHA1
0883394c28cb60be8276cb690496318fcabea424

SHA256
c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

SHA512
f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
d45f2d476ed78fa3e30f16e11c1c61ea

SHA1
8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

SHA256
acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

SHA512
2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
7c66526dc65de144f3444556c3dba7b8

SHA1
6721a1f45ac779e82eecc9a584bcf4bcee365940

SHA256
e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

SHA512
dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
b534e068001e8729faf212ad3c0da16c

SHA1
999fa33c5ea856d305cc359c18ea8e994a83f7a9

SHA256
445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511

SHA512
e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU93A8.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
64c47a66830992f0bdfd05036a290498

SHA1
88b1b8faa511ee9f4a0e944a0289db48a8680640

SHA256
a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961

SHA512
426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

Download Submit
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Program Files\Google\Chrome\Application\SetupMetrics\85974e81-ffee-4908-a981-482865a137d6.tmp

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
14KB

MD5
596c75f3ea6290e6cfc1a886125d1e75

SHA1
4ff2f4d2197150194105d4b969d3ebf6c905748c

SHA256
235f0d3cf42889d642a2a7bac0ab57347e73bf341dff5f0a4a1fe922a1b1421a

SHA512
77f564b7439d166440342f4ea8efe9ed60d3f84c8061235762f3805392278d63b9a25c8a54fb95b5b103fa2d1791830e1a4193f9cbf8a9710f895b8fc7bd85b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6e1bdd6e4b67eee4c32250144dfa57a

SHA1
2eb57cff66a00ee854098c9ce98689d17f123301

SHA256
e9fc93a0db7ee181c65ef8d8f6d042dfec2dbc07a59a6d88f48b275ab382ed7f

SHA512
ee9f26f07a07af7e6ac0120a95cff3cf0841fa06e7e5ddadd7370ea67da5b71b2b996cec551268b14393266d051506a95d2680b82a5fdf7e9e47ba9d5f4c3ff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b4d1be429128f07cb0283fb727b8827

SHA1
d905e157f9294b36028fbbb85e7d166ac6eb75c8

SHA256
ca240144428b9aa7840dc1d9df30b26fb182717d8ed98ba5a09c783879dee502

SHA512
7c6fbd8112f75a2a99d163549dad73c3c3e2cd00e0a1bb9744db91e516dccf715ef7332a0657d2b6569ec2f029e2dc14bf7435108418a41db654b89ec60d49ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab6b37c3675d13e95ac772cddfef3d56

SHA1
1f2657d042b41843cd7f870a496c7cb82143afec

SHA256
875ea2f5e2572268a35ea8d97d8df95d2d5dfed853500c17a812eee29b43d34e

SHA512
21695e137a533e2a043e75caf1e6183c889d13cb9e16c5b43654c4345ee0085391e0dc544c5910889c010107118fe3b001d0c0f6c7e67713ecabbbd0e5580799

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aca6d072e2cb3e4fd276579518244252

SHA1
4c070f50df7ba52fe0d68b85f3cdf82a3352dbca

SHA256
9dcbdcdca377ab5fce3fbd3fadd9ab437d8a9b162b63718b42f2a530382bd48e

SHA512
212f85b5c2fb5485697f456cc667228190a40a0e9f285f260f2ce10d874e75f4e0c5cd8077bd14d3649e744d93e76b19fccd9785dfb621a9d0c10e0c80956b0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a68ec06a3ef0e7d373c89524c8c69997

SHA1
af82ef60134e39e6ed32d674e0cceceb5a22c04e

SHA256
4748a6f74fd94d7e94bd2a83958a81771449a71af71632eb1ef459b2e62cf5c0

SHA512
a9584669ba478358f732eae7be54900143d4185ba35dbf01af300d6d98b0474c0d6d09eec22d16f146ef603222a96bce71a86b78906683ec0723d531864bea91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5d06444f484c83d209a7168a9bf09e3

SHA1
e9e193b770a0dec576d5f0ba1a226668cf92c89c

SHA256
5b2cc89d7d12c4f8b906b6425468a880edeb0594a80588ed2334c09eeb0e3eae

SHA512
2039c8a11f1dd9f0d6cd190a4ef2eaa28558c477a2b0123cf0668e43e7b3d567596e952a58d3ffdbc6ac23fbe5027fe60ef17dda4e0308d2c1fff56f896fdfb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
705eda75e4ee3570a69060cd00b53ea0

SHA1
a8ce347a5919904c634945c5805ab2fa8bab93f2

SHA256
182d9c124f0194be72b8e005c34f2843513e09c36b1679e8ecc4820366239d30

SHA512
5f968cd0746d75a5bb24c63e30dec28fd22a2b104e5766e54d744f51a36508b8b1245986c8e44f02f8320c9eaccd1bdd1a1674cbc8323e74e13c3e397f0884fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d1ac3783e7c0d71658ef0abae83d698

SHA1
bff1c112d96b13f25789650156d388eba325412f

SHA256
32e263cdcb9bac12db00cb13587ed8c8c4944c9f800427112c347f81235dcfe5

SHA512
d5857c836384c739c83a52a3039e21c728151d535c7878111f8ac8a95fdf76baf6cf8a823ed209033626947cfb656335f1bdc36585bd85314a598480c1afebaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aeb22f43069e83df7db310b8ab74265a

SHA1
f704e864461f4cab88e25c2a6106ff8eae06e5cc

SHA256
69b101ddf33e66a51d01be0da4b5e1b0ab5d7f2f755cd38970fdddcd2be32223

SHA512
821cb76a78a793d495958f04aaaa3a73d2c921eb87ad6177e7db8f2eabb03eb904b72e334fed918087fc29822ecf7c99d0cfc63740c11236ce93677cd6c4c67f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
023811cc1086b3d2620f0f581cb96de1

SHA1
01d69426635f914101755b04f9a171c5968b40ee

SHA256
90765ace466b74668d9f02bfbbc2061d20d0c909d0b35941b6130d57a05b058e

SHA512
42197f11904dab5e47509611a86dc0a0c913b570a785decd563e6c22498313b35abc7c546476f3a438d4ae23d1172ba8c104281ab857bea38fc00f0e5a305eea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7395a6b73b3591bc340d02276346c708

SHA1
7ffb8dc2e84ef8e3003402d3016ff63dadec439c

SHA256
a1e38faa6d2b344d12642998775cfd99a3bc95afef936385da43ab792fafb3b1

SHA512
77e9510b2ff75122a17103f564e560e3c39e51cffb167e9538e8dd21f96abf354e30f187157eb4f15d3f689f4d9b932b749c2fd93aa01f8f4ca9a2f75f4ce2b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f45ac044692889224e49c90def187c7

SHA1
911c7be8c28219ff26a2dfe8d35933edd24e5098

SHA256
67c477908a9cb13d92a4045088b8e718abd389ea53861ba986bc20aafab42fd4

SHA512
08a093df19cb1e5c8a360747ce0a4b6bcfaf40970175cbcf7107cdcb90881b5ea86cbff17f616823338b05abd46c34c6cfe6266c0fe860f631b62f573d11c097

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a790d23e176ff29355e7ee67d82f37c4

SHA1
8b350298d5084714facd98e91e119373c2f94b3d

SHA256
40e27aee1529f2b462dae6f767c0d5b529878e66691e6d071c3add7b586a2ae6

SHA512
44d8630672b5d219ba4ea8ec8ed635826014827efd5c7c8a6f381af28e72ddd21a5689a5dcc50e91918a0b47e2611993f88bcb9626c6540285d5f4fbfa602825

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
651c5dff75d1fefec8b66c32a4955bba

SHA1
d35f676900b4571a48dd15ced0bec8dec4982833

SHA256
80e497eb7858399eed55f02e410509f8968c2221560256f3e5d041fbd4cab569

SHA512
bf911c7d5462b1ea622ce30519c4365d7ee97c38a1b1e2a4c196d50ffb0e3a12be86a8575a2ca3bc247e9e9997cfa4cbebe304e444d72098d8c51946d0d21da0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b126fd22a033c0ecdbc6c02ead446a5

SHA1
ffde987c6c3e2748191b3ecfa84941c5891c17d2

SHA256
8c1002aa5f8898e737db08ac6c92645be9d18c2dfadf6022ccde7bad55da0250

SHA512
6e28a68bc80ab9bf604e5631f544a911047fbcf759c34c3db7ed8b46c29801ece2a79ddb0b7b05de7c0244113bf8db41ec8af5f882425d855e8e3ca8e902f010

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a16f838372eff082a99e85123d1a246d

SHA1
74b5ce734091e6757a761eb9c552f5db1ad767e5

SHA256
8c319edf39bdd438837b67b9f5865d36b0cd6ca2965a254cf5b951cf3817e869

SHA512
332cf65deed6b670f9d3f16938d36c02a31445488f100efe38e935a9d83c289c6483d6648412aa46efc4d36d9402a2f4152577a006433a1f6199a6d5bbb69cf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9597f6b7f89db1f69c47371cb6fc066

SHA1
484b6907ffbb3ae3e23b7c8da9c173d78f12ff25

SHA256
92529337b52929c8c01c5f2960b5fb0a71a27668f0e10c53ee8bd97771ab7828

SHA512
eb046b2c78229ffa3f1d04c3eeebe299f1f34182183b7b252caee5815f438bfb83d1d9f5c85026083980f8cd8f0f7c2b2e44cb147fcf7f62bbc593f3b840276f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d11edcd2c1bc25ca2d8fcfc220500d05

SHA1
7d7f2ef3b3cf68f03dae1ebc428a67040636d1ad

SHA256
3d22b971b87f1464eea4b4a13dc734a00fce578c9378ae07ac5363c0bea49fea

SHA512
952543419ac1b1797ee83eeb69576b2f5cf9ce8cd9c098d1870670fa36c0ad22d32dab631dd58cf1f0adcdde8138fe007fb92821d7d0382629c6e21975a5b990

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b9aa109a178cc359fe8d06e698e47cd

SHA1
f64ca5a02ddabd7fa181ac00521224f2f06687ff

SHA256
7786bb0befced1e61dac5c4be1dcf8cb70f674c0bbe5ccb6287d8a44ddb64c11

SHA512
a063236b1c1caf57e3866d0a1c010aa500f1ecc0648274d07a9e76e787fab81183c4b43cb9495a8efa18d681a87052c9f8571e4e793c57f804ff619b8235583c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85ce56e56492373a8bea3f3ba97fb6f6

SHA1
431941dba7e6e0b656cd572a834ffa41fc44c9bd

SHA256
d9c73eb99e50c813f6877007e7bd8794f4f03c308dc3a448e1d27f0b93c52e5a

SHA512
5e6c8cb06ff3f86f7d183a7d7ba04fd310037efa2a05852b9ebf283249da07e1d69ade472de1023919421977b4b7d82977196eb6bf5b1b38cc0d13955de8f847

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9df5517bdc132f94f1b4d81b5e393a4

SHA1
ed856e7eb6800c8456aa7d67489896ddb69e9054

SHA256
b1ef3724574e4f560b266de84a9dec579b8a7db832a424b6e2c8081c2ce64e90

SHA512
da559daedb74776631d362ee6ca5db679501e3720a29a8de632e153afe0ba5fa8522ee9b0809beace71ca364424639e5ff30ef52f16384826c158c9288262be4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f70b286b52d286c17e536425055c58c

SHA1
3409f1fb6ead231e759abdebeee75d194a877669

SHA256
461a092cd8d10be1aaef00a1557e0a5db571999a34c96b44d6408a26293e3119

SHA512
719cea63f2d5118c20514a4880d5e261a271cf982c1755bcc663ee1f7e9465443853daa9b578db2e2bc5853ee9bd557fd35b5e87cc50338ef9fee1b3bce685ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
058776a040c4d091f7d4a8e656c77126

SHA1
c47aec3fc29eea29cf6bd3fc8aa321604d10a4ec

SHA256
9785e5e170d401f5fc88e2018283faefe9bd5b174627fefcf61df0576d1d7fd5

SHA512
59fd6715c903dd543c89da363b383473d249846ef0c6b788768a97220f9f7527149204ec09feb18286d314572428d2c77ad4996d399031575d7b6379cd8fa7dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd379f3d996a16fd0567ebe1e948bd67

SHA1
b0a91a9bcc8abd9603c47bdb0815a2c6c96eda84

SHA256
d5a6176799f0354339811bc088704ddf0ca5fb2fecc46492eb89d97d374e8c82

SHA512
defd45902713aa1cae5c123703e0900af27cfc6d203265da1ce87a5a12a20a9442b8f00946bafcc987a448d14e482db54b68329a5cbe8d50c11d796a35ab9e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5ba930d2-2689-4b58-bfe5-8b30ad9c1c20.tmp

Filesize
6KB

MD5
e58fc56e7926548978f8cf0317e584d6

SHA1
6d2be26b009058d175f6eabf00799893054a8ef7

SHA256
6581c091002c7ef449554b9d99d9d124262aeb2032877483709615c27e396b6c

SHA512
77ba8710edafa8c1333882ab2c81593ff0f705d9b2a4a8b6189082460d0f9985e0848080e4203e2d1b371dfb34dc65b053bb0969b611b54fc1bf1c60ce613981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
72KB

MD5
43cb209da0740090172519ed6c1fed84

SHA1
085bd5ef087f7cac77b2b0cfb3353b54abd54dc5

SHA256
3a7f8be6d463bd77dad51cc40b5407ad923dd1a1f678979eb9b95adac8d393da

SHA512
3f522c8b72e42942e7713ae0efa4970de6a2f4b8e990ad59b09b00a2bc4a97a331ca9d8a6ce5e0a840abb86b2162e288d424472dbaad61ea432a6ff772e8c66c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
460KB

MD5
333380648be535c42a7ff728474822b3

SHA1
207af1085d806d5e4b20e40617ac4628c62857cf

SHA256
51075978b60f2a1f653a5d08f79eb8d1a273d18ec764aa4f1be897b160e27dae

SHA512
8d9781acdc6e165e0b4a60de64df5b8c8788644ba180564e01bcd65157591f0e988379050c4e7ee63d2bcad734e62bb12b5397b850e03a7ea41ef71d5d602ecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
262KB

MD5
20866e6ed0e66d37206d7ae30dc78fb3

SHA1
5a12c9ff4ad475c4e68c6a5d33acfef92ad12633

SHA256
4619f7502172f23c0924e1bec8d91e3ad491cf6faac6363cef182de64fb3f6c7

SHA512
e1a9adf78663a1b2aec93748439788b7fde32460e070e6061ba58662ae036ff89f05798ecc07deb8fc8e9bd4a9639b5480d8d99e5bb4d0d47ddf3d7bf9f9fb07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
168KB

MD5
9e1afc4e72709dcf01a88181172b8f23

SHA1
8fd1be6bba55fac875de4242b89abbd97608e0f2

SHA256
08bc17b089ffe19a40c38f0aee93c1d053db3a4584425da9a51201a38cd10cba

SHA512
8a58b7260ef20c770765d4995000c9b6f52604a333c27cf689426058400d1429be4955a98812ac5284af2cc88b82e32edb08d6afdb1f6bf2bcc8b5ee2817d075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
299KB

MD5
ec2169945256faf3619702730add409c

SHA1
4245f9c6384ad85554952e797f62616e53155e16

SHA256
a5ac49d89cc3bd5c36e1d09a00f4fcf1d4a8f34497144c69672fb66f5d7c2f86

SHA512
6e6ef056d0a8be02d04d89ea2d2fc68e22f6ca0f76f2e1ac930d5777fd5a5aa3b9b9edaf4645fa0416cb0bfcdb654b7be5dc7477f90c1dc20dfe846e3f5419c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
92KB

MD5
8d90806f43872941b53aafae7b6257ba

SHA1
b96d82a48808a027b07ebeeed7d8b1b1541bc7fd

SHA256
2d4901efd03b3da3cf7205a2205576d12e4d75e73d951babe1210b9bc8ae3e16

SHA512
a07c8789733f2fd109962649255854e53f7b62466adbaeb1499e0c00848572f35763f3c68f27dac5b7d27de25ef82a77f2ad7d5a177b11b8d5c352931c8db83d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e7

Filesize
71KB

MD5
977c342caff6e5547cc68bcdb964232a

SHA1
46213f94555328c3ab9340a90d5025f274bc51d6

SHA256
af06cd46e2cc51d29ad66793940bcdeae20a6c83103a64ad7874c52b9f34c73a

SHA512
56c3977236d5fcfafe4921456c4cc0a7ddf0cbc9ec19d1b4d498e132ed57c4f9221d4a0997d62e3b9c3d54c97feb81468a4c65c7aade94e24a98337ccf131b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f3

Filesize
55KB

MD5
da156857d945cef7d286489bf17711f8

SHA1
fbf50dc2b6b8378f26cffa8c8e8b3d35cc16ef1c

SHA256
fb9e1d404f429bb353b14810b4c2fd58e16abc697173038cf3bee490b18fa634

SHA512
fac50fbf85b5c25cdd672f157dfdb5abc4ac9738918702f196aaa309137364c1641a122350c097aa1f5931567eb53bf03849a97111a0b68634a00d83eee4e60f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f4

Filesize
101KB

MD5
64932d6e53710a6e1072ec2be659d84f

SHA1
b4beb7b266a267dedc9dfd8b4e65be5f3de68404

SHA256
e21c2a3b9816ab7db3a20e09b75d5e398f86b0eca991da99c1897f7b7bba6b40

SHA512
a695c5d5684c91c53865671abd6570499dbab661882e2d5d956114d924a41d813ed8e451690f620495332de39f979e3daf6bd78391b71f877354cc6c0b36c514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f5

Filesize
21KB

MD5
0ef066f67de2fa8db5a2e15262d6c72f

SHA1
761ad8e3bc1b105bf950a728bd7366d3545e1bea

SHA256
48de8fc88134e667a8aa4b09182ead8b3c8d6e3e6e408f784653524bd564fe23

SHA512
939a95f552393f300a512ae40f2a82207cdcd2d24494d84bf32032df6d4a67b6c04d219968f67e4bc98aa99cea22e83a31fead3ba20d20c8de803f9f5c65adb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f6

Filesize
86KB

MD5
6cce849b1c9f500e5f510678c70c72fa

SHA1
4d7e3bc8059dba7ba4a0eb41adbb1f635d443260

SHA256
80248552b781641d17d32ee94aa6daa86714f50af4e35467a5efd95ce81c97ae

SHA512
acdee409bbc98cbe11c1f6165cf0cfdab6bbdb91c38e7c9742e8c44dc365e99333807c315061d938c9711b2da1b96f4d6776cffcee14e73769dd564fd2c999e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f7

Filesize
105KB

MD5
0a028cf8e405314f34a80923d4eadd50

SHA1
7d45993c6310dd1f69fb484b04e527f31a684a6e

SHA256
92cd6b3d2f31b99202bd93050f14ccf64746b51909311727ec29c17e99be61df

SHA512
87c24f82d880e6ecbb8388f9dc3006deadbc3d479a8ca00e878e87a65da2d9adb07554fd55be16f13fa9c5face6084f1e55cc605e63411b4505faf15ab2cabac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000112

Filesize
79KB

MD5
e51f388b62281af5b4a9193cce419941

SHA1
364f3d737462b7fd063107fe2c580fdb9781a45a

SHA256
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

SHA512
1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2179cc24d6779918_0

Filesize
271KB

MD5
2730270056461ad58e5989ca8a8b001e

SHA1
d1bca78e553e7c02c2c02a447a86d3c4442ea52a

SHA256
bab2e683b06e2125f6f8b1e401d59dea96873150313f5c527428a571df6a2e0b

SHA512
1a355aab7d05844c4dd39afb203510646c9511bb0a05ea1569ac02d56e1e8c22f0f5b1fecf7f99aecbd45f6c64e479c0d9d96e8c10829146141263701ccf1918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\287b9ab170f72c28_0

Filesize
461KB

MD5
0c2ce816ec527a387116da3b441ab09e

SHA1
3c1ba47739728e29e3d1b93b9767c175be08a2a5

SHA256
aa334ad345ceb279facd1f0865bef2e191eecb51d20c115d393b9d580f08f921

SHA512
a200e5c6d3fa21f5e70688c1a733c1ef7fe99de0ca0973198e80bba8652ecc951cffacbcfa111d698e9e6ac5e1be20402a0ffddf2ed9b4a3b994b86ea9674e4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\37f7f9c6530cb74a_0

Filesize
1.5MB

MD5
25e6e127510df0775397d5d9f9d72086

SHA1
1666afd0fa2e8d5c2ac3b7c9bc9d58a60b9d7289

SHA256
4ea985323e06b6dcbde490e34ea94324a06b919b0729640b4f6fb449f5608456

SHA512
b1c4c639f66c52b087cf2b74bfcc533f5b2077747ce9673dd94d6cb4733ab15e358fc05b95b4ca130bfcf241fc582413364aef7323d65f2d1f414b4788df309b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3d3c3fb446694839_0

Filesize
260B

MD5
d68e80e998b9189056b6297aa7853ab0

SHA1
fe46115919451f030aca6b21b5723da6f43b4e5b

SHA256
8bb81e25868418eb68e7ccc8c3f2c1c42bdf26448b1e5757499d4125b02481b3

SHA512
07da97f03e9eccbe810552ff462bd7010b4ef0b98dec841ad60c29fe20622836e96e8c75866e052bcc78608953da97fdbb5e963b076eef98ac5df6292f8e739f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4d10fe8bb5ce8c61_0

Filesize
280B

MD5
3021fc477489c0a9b790e4f8963753f8

SHA1
936014c69bdef426a0b9ecd8be76065294a21905

SHA256
e26d78a94842f8793b426cc373a0accf3e8ca9dadb5955b5e777f2d66de8f9c8

SHA512
40ef29c9b7290348e723172cf65883e5e9d4f7f09c13d960df66a8cd5230fe1b2d7089058f6c2e98b1e1000d29e7f4c7217632c5ddd9235a7ed5824308c59e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\53062544b35366a8_0

Filesize
352B

MD5
71e58488e406807b9e7fb7837e4a8453

SHA1
50a0e23f2424db785b1f10d8e81d94a6eae2a505

SHA256
edebfbe3effbe87c38158c255dde6ed2cfab698144064b6b7a0cd2daf72bd73b

SHA512
5de72a61c1e7f57f0b6ea1a2c0077c9dc59d98b37dbb60065d6356c3db21ae88dcf496ee4b965fee3d71d35ac29bbba58663fd2026f2a95e9a7721bdd4677b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\543b4c9a1068d258_0

Filesize
3KB

MD5
05dc82fdda894711019c30a7ad2bd8bf

SHA1
9caeed39240396698b54ed62e81ed6ff97f6c124

SHA256
c2376797e14e0230d335d5a3a4b6f3260fca7d43dc2800b5516dde85907bbb86

SHA512
9c3840648ca6b36754363ee680dc6759eee5cd6e00eca922e5139fc58146edeaf676ff121bb8ddd2136553e460b1ed049d5864e9501cbc36adddd2ee4883e8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\81d1284f23b2eec7_0

Filesize
3KB

MD5
6eb1f70ea1bda239b4253b9906179a41

SHA1
2fb6c8a5529a283079cf55708c4e827d912fabb4

SHA256
5d871c8f4f44b10e1af69a4d391ac5720971c608ea0595c3b88445fce10b8c56

SHA512
10fea1ee15c0c47ca33d66708335b92420ab5ff304d289e4c975855d8ed135b18c8047649f821633a5d068d22c58e58ce438ced3a2f823e30aa942724edb1cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a71a71ccb78b1987_0

Filesize
255KB

MD5
11c8e82b8e3d8b04ff883cdbe4425a31

SHA1
e7024e072951b61916fe4fafecc19963f9b36986

SHA256
fb437e29ca416577882a1e23ed0d0fdd6baa1a871ab4f923588fefff306f6069

SHA512
fa8f2430a2f200b9c7ac74b4b75b0944bee3a31db4eb8aac047e4c38a942a9dc0fe466246bfa906dc3056cafd83cbf1d2a8e6d814bc0d4a56d96d9edfdf187c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c3f149b0534fa3b1_0

Filesize
307B

MD5
8bcbf453a42761387f799a806ef99f3e

SHA1
4646c17fefbe18085cb162de8b2eb0b69d80e3b2

SHA256
c0f85dcb2988863f0a07d4b5df9e949a6a201bca4fed21d5caabbe4c3c4c81d2

SHA512
f6c39092009adefc295576c48a19faa915028df35c1336d8e78d31aa58054557aa87bb0137c199e41255cae7f7418eb982d402fa1b4db177002b2684c8761df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c66eb7aabfb0a08b_0

Filesize
20KB

MD5
c5f90395f764087abd8447110b9acfc5

SHA1
448cb21c40b92a7efc10b92375b7b955330e58b6

SHA256
cfaa81566ec81e0c9e3e8348ef855447b451c8950192d89368fcbf71d9332b4d

SHA512
725fbf9640b3d0bff7bf84529f82413e2772e951a7bb4ccaaf0d654f57376428e4aaecdab0f59145186068a7184788853dde28688d8aa03bd10d5c79dd231078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
608fdc1fda3b89c38abe414f7a03d41a

SHA1
4e5529dc7c1681f19ce3292474fb4f48bf1aa552

SHA256
19729483db61099b38f8d38a7969024ded60b9cd639fdac117ece8a3c546f859

SHA512
caaa5c360643d4c699790f6d5a098ea2d650113fc78cd97ac627063a6829390cc5592f28e352a16673435503b80934a6aaac44f2c5a8d33614d47ba4fa4b9575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5a00c734062a2684b32f5f94a3966a00

SHA1
722a6d85c4be41db13b5f2df1895f440fcdf16fa

SHA256
745a8c254cb3f3d2656984659074484bc6e0c03e8851af78b466af76ad942f2e

SHA512
26d34f340f151133fc38f8f75bb53d5110811ac16dd10e3f2ed0a05861a0fc043b99c9f8ebad3a7663e31c27df6538863d39d103fd09e60a527f21b42bb6086e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ce4693d12e6289a038117c2f4a6bd142

SHA1
0e257dbb963bb2eb8c3048970cb37c5015ebb475

SHA256
15a2bf143ad988323fc7645c9b4557a35137828a87f762333c1ee48ae124a288

SHA512
bab320ef0a1fec3cf11ea3c5209d14cfca4a2321f20cebfbf6c6821ad7d5779d7f374345a0dc2b6bf0079d8c0b50cce997eece842919bf641985d676d978f46d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fa91182277ce307f21b6615654de00a3

SHA1
901afe475aa103b412f397fa8b11f30f35465b6a

SHA256
236dfca6a2672e2141b754d32b88551974883cb815beae3a5cedf59e1f869d02

SHA512
29f959b094fc0a2e54b377529947d361ceccf6bf778f47beaac929ad7d20052bc43c9d25fd93168ecd22c67a48f28bcc4530bcb2241f5ea78dde5600ee9de8be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1f3e3bc34d972d03f2d89d4298c52b81

SHA1
e6dd24424d31b0b0d4ea4decc8948009d7ed7dd9

SHA256
fa2a7ad3afdbfc348cddf57346d25b4254cf7f3ad982f7a0f1d8fcd7b815ce59

SHA512
3fd562d5c0829c4b947a36c6fddd93f5fcf375028c1bb58b42292b07c10401cfae994e3fe7aa447c42e0cafbe5bd8353beffa638cf6b255ebdaba86254eda052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
4ea45b2ea83845d899b200c63b6746d3

SHA1
d42e7a8474d955c10858c0033a1f2d378375615f

SHA256
ca82851b454d6476b541d599b52e1e586dbf5b15c8df8847ab9e41c7e8c6fce6

SHA512
427c452625f78666f433d061091269e436fa12a432c4428314c1f1e3bde83c119bb07bca9bfd8f1704f846982a5b5d0e9c44ddb0b4f73bfb239fc99619c1c1df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
a37d9c380b6af2bd5e15132b2abfba02

SHA1
eefdc6eec7bceb05e0adeb3ea8d01574ccda0421

SHA256
953e09dbe443bb9f8bbd18b8666b357c9c208a26f5d86a536e16cd82c5367913

SHA512
33afe95b3452756797cfef01df17a0917101a15127203e2ce136f58e9455df407785035f86d6b2bbf9b6c0562e676b5964e866706ec6112fe147b4a8d0d137f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
0add0573a7041e4233d76a07c492cd9a

SHA1
49ae9174f6c2b531c9c37ec06a109be563acf7d4

SHA256
90634bc113ecfc4f5b9f707fba92bfaa1c1fb5f93bb1a78728d69508202d144c

SHA512
523e7998811793f71b71a3d2a0206d3c3ab1d2377244acb16bd5dc654aafd276095da9f4f43cd4408b5f8a589e8ecdd1a3ad1e81ae85309cf1bb5041509d79ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RFf7ac5cf.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1a2cd907-7ee7-4cc4-84e1-850b59c7708d.tmp

Filesize
5KB

MD5
853771e59a93d74ea5ca289a54261fd3

SHA1
decb4ce232d1f7701324d6fb360f0b9ff946cec3

SHA256
e742eca1494769432c5ffe1ce18c67c3cba43046c06f493cde6ca4a5951dd13c

SHA512
25d15d4dca504cef8f91b88bb8bf3bceedb31b096e344f3dbb4225bc1b0e09650e5bb7d97b42edb31777ef2efd0463f140973b0f44178515d791621ed102ce5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6391fd5c-d8e1-42fb-b0e2-2a738de2c507.tmp

Filesize
8KB

MD5
947f1430ccd22c5ab9de4221c475e2d4

SHA1
f863a29f84bf7f803a582e03fb142a2bf88aaad0

SHA256
cbd658b137298342cbde47e1ad574ccb2214e47cfc8c7c7bd3d613baf2bdfda4

SHA512
63eecce0b07bfd180322abda385f5702ac5ce7dcff63edaa01d5fd316e261cb52cd5d416a0a1f447827b33b7bc9502c7df258373c39048bfd183eba2b75a75a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
858d7ae404029ad0fc8a8ddb4014ae67

SHA1
7d64883f6c0a43d51b453380387cb7247bdeacd6

SHA256
b20a8e9a0868f78328c501db2748c6929f7740187f5ed50bd9baf93273c55ab4

SHA512
436865b6102b0a959e2ab0aa5bf231625fb5013d942a9124f6523899c13a283324dcc26ec614c9ec20df60efe4cbe2bd5212d66cd1bf8b10ff8544f2dcbaf9b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2567523d23e9389a0974435426b17680

SHA1
07afec53d94393c6f79a4063f07e8cdd4badfceb

SHA256
38df5522860be0a8b4ac4f90386bae007a5ac42504492745b5ca00b4fc66d527

SHA512
489fbef7d4cd66c132858c2cc1b1e242ca0d1907c1835245feb5f94353d39441650dd92636a37f8dea6ee365dabd844ca4c8be62fb4075bad6635aad66f9853a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
d49b2d4aaaba2ec0481bd3ccf992c45c

SHA1
13ee9f8c5990aa62e7d62e5afca61385e9777d4f

SHA256
20ed6a956b3e447a3174111a13b5dccda0a48281f1d60e31dd8d223e37c700f8

SHA512
48f32a5f50741b914b8138b20bdbf48b56e0bec47ab2ff1ef6c0db7c45ad11930b67ac094f0c9e2fcc248f9287f3ee7c0276b5ae07b855f49fcbc0ffa65dc895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b927974ce1db72a81a641a96e6c1acc6

SHA1
c391535ba45cb1a17709f8ac5a6b6298ed9af7e3

SHA256
69c08390daa26b850d864ba7422b1fb4a9f90930dd95a4cdc1a2c9ac6491c866

SHA512
ffcb9b30c02e9bfa936e4a8f0e8c3637857ccf5376d3eadbaf0915619e003c76f178461c5271ac10d7ade5d83405395c3e95ccca0ba96bedb4d91f9990ca0d4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
1525b9d1f6d3834c578becc98e6f211e

SHA1
32f4077bfb097fae1296722e9c71d0d286d64907

SHA256
4dfece03f2a5eb8a320f5b6bc1587c47c1f4895a8e00ad00b801e9d7678a84cd

SHA512
180a9fdd327f4fe0a0cd9110946f1d26d8e0cca3c58b0d719de474bea6bb490b24cb187b2962ceb1d5a9a6936eaba1276a34dac5565a3613c039a6cca3697e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3ed5d7a04c1c41c6019114b2f2b5e482

SHA1
0c051a1239ca0de9893b343a9d797afdccd3c01a

SHA256
a593f94c740e26b47dff4e496b62380f85fe2d78c47025714bc4ed04d6baaa24

SHA512
a4051a822537388c5d5d92200e42627ca533ff09d01ef9a4ee576659e3c2990d40dc8490fd4f64811a34453f3793a518069b8b34d7b3f30458f62f5bdefce0e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7d03850355b7b1a74ef716c05e40a5c8

SHA1
096bd574b19e0a3e9caf2222070dd805afff0463

SHA256
59eb82f9ac2d4ed15011487b14a9baa42e425c0bc1ce65933b20952b1675cfb5

SHA512
0b659e9ea28c86fda3ec7779cb85e2ea5eb768d7150044da096688b38fb6c624cf124cc609042b806e4b232223c60cf6bbf2085db1898aa5943a80aec9bf938c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
207ed00bf86ba0ab9a1c42d83b2baafa

SHA1
3daceb56b435b4ef1fe0c856b0c525d2aacdbde0

SHA256
4412dd6d89cea5aef87ac85ddff5b23eb1c920580cd1d8577dc5a362761e3b48

SHA512
8511cec0242f190033062029cc29331fb0ad62aad667ed9bcfb3b3ec0603a649ccfc4110fe2a582381f02c7a59571ebf3a7f3594e5c70737bb54f56b5c40f97a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6c7416a2d18ed831be886df79687c5ac

SHA1
11074e2a0250678d1d5ee4a4f9498df5a77ba7bd

SHA256
c453bc56a74cd5f626726adbf004ae7fc011af3f0f74554a8514faf7498f9c8a

SHA512
bef983ad02f9c745c1b65ee90adcbe49c00327eb352fbcbf6aa9ab32013e7ea8c2e4434b780977b992853ad09263d4d054588b560775a7d5eeeceea11e5430a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
06379fbbc807aed096d889bb6dc47e23

SHA1
2eab8d8662bc11bc282ee9c11452c6744f5e9e7f

SHA256
a61de90c78b568ecaf3222a4bd2537fd1aa862fee205fa98c49498667bff0086

SHA512
e86a9e7d63d066b5ceee1eac77ef0b558d342b80f01d837c2c798eed20a3277df470bd5667e2a1af791d64725ec7c2a2e23f8cdab51ff74a6ee57e385cac80ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5b33bd984ebfecb82ce070e1effa15b

SHA1
f59636482196129c3d9cf7e17ef400c626121314

SHA256
c6706fb068b2b0fd0900adc40543095736dc23d9fd9e41b8a0b1122882730f5f

SHA512
de1a6158a28d63cd4c89d75cb27f1dcb8d9135b01c19e45d4015f06133e8aed8ab8cb547c7bf80cc6cea2f8459a5b8fa1e8d9c7a0baa78019b9dd80f90436b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e199a7bf1a5f6d7d350670374d05ae40

SHA1
a84e6907c49af0528d481efec7c8522e7d2eb749

SHA256
ddf4610f3c8d5af4d8fefdd3fbb28550e0b7f5df847236bb0f48fee97979f0ca

SHA512
8116b35b407b909f3170b3a6881848c5458dd4319235be16fd2f5a9b119a9b26aa05b2dee9d141e9dd511164cc1d2b4730bf0c04be99dd9ec395cd8af5a90232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
62586e6eef7b0c2621a82cf0cc365499

SHA1
a5cfd81aba71e3050ffae3448bfcc0e536b1eaaa

SHA256
424e194fe921566f5de3614ae6dfe1c469d2ffa0703986ca798471ac7601ff3d

SHA512
d8caa78bba6e83375e1df0575fc82bfb76a3ddd45193c0c6d7de5cd6ec90995f23d083636157d3cf3ecdcf6edc9cb52986e4d02181a6d1a5e2dd5cf27f53e414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
26e1ca571f361f912628fac7ab9dc26c

SHA1
ace37d6feaf87e67c871c1bd0be9eb212978d665

SHA256
68a167efada0f5415afaa4340b19279aa420d2c1d2033ab09c266f26a96f8db7

SHA512
0ac9680776c073c66a74f82dcce4da5d87ad52c39ab9745f315ff43c7e03affc4725a5eff39bae845ec108c0921bcacfa3b8d2ea0f24d99bda03c5fbe1028a37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3df3860763aa9acb392af00223b7a99e

SHA1
051f781e78088c40a3c8bdcbe82f1f39872a29ba

SHA256
4b411a3e80398f624c1137fd60382668f6b0d6f4168150520a54857b2282e6a7

SHA512
1d9e463d158faf34459668c967ff93e46c18df9b967e3e8dabd1cd2961ee08891e90a614f5475f587dd46c51553ef33f288351b7537203af2d252d2aa7d0a612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
174066b78c935c7481ed200262c94e14

SHA1
ab14ed2307841388bb4eb82da3ef09f7bc7b653a

SHA256
56d2729860173444dff50e381d5a66a11a53f5cede652e790bc56a6b110cd070

SHA512
063be953e7c8a39b6ae3ce6ed960cfb7043e6e70a86a8f33dd108a34ac1997df137af2f7c7da7d3e09c33ced0f0289f56784178c3826efe4807c7ab0e08d0cee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b44b105fb97df9a58efc365b2bf5adc7

SHA1
6411d643a08fb9155b9a73618141f4bca530a005

SHA256
4bb1e73ad36669bfaf0211ff7383bb59fec7a3b18380650a591d1d7511dbeb38

SHA512
0b264c6376df1bd3d5b39cb73b2a0f0a202931c629c81133fb57a5b65fa825841af4c75b3a4a56317c4e155e89b0c5ab881781c928a28c0a4612a6a4c0214882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
cdc2ae15036b344bbc76e33549014fef

SHA1
dc8fd2a9a3de1c1496c7292ae97af0fdec1d43b1

SHA256
7bc399c64dae0ca95e90742487573058e11af4397d038847a6dfec1bb41bed5e

SHA512
f437e16076af97c426d676b6a4c6d3e01f49d9be265e5c6527c543568eb235492f0ac817de2ec03fa8e65a66ac5f1043e974868be2751f5b3adfb4c313422bcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8382b6c0069df70ec6c43fc88ce14a95

SHA1
ccb49636c6302dd33baa8f7cda29d84e71c4cc50

SHA256
65608b067de29fd16d700d27ae6a51b09ce972d58d010c359b61fd8c996861ce

SHA512
a3f9f7d983c590805f839bd7a93cc4e1bc6451f143ea61569dabc710f053d459d2e16c128f94bcb1f97e705a83db4d564b4d42573f014f3fca74928ecc5e64e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
56c14442f03641fd329a3c34edfbd537

SHA1
a13b5d9940d6dad2d3e9079c0c2fc3cea0f2c56b

SHA256
1c1546d07a105918f887db9917a5b24ca07ba67ca3f9a9e72df50fbcbbbccae0

SHA512
febadc9f14624438a8508dfae3393d8d41f81086d6762195bea27ee26986a1ba56bf8906e014b175af6a146b3c768904c83c9b9509c66adbabaef998506db427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
ad69e8701ccd118b60bbcc5c9a0642f9

SHA1
e06298f538c735abed99b0744d02ebe21fb7e6a2

SHA256
362d679db3b07c80ee2334308f6a81cafa97cb737a1f64a4054063f3fcea288c

SHA512
5cd80ff48fae44ba3052ca10813818d4b37257f5fcd9fed8f942ff2cdba7dabfb099cc5153404f078c18e732b250ded822c6df5fc066b52006490c2f36975e89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
08eba3953e72e5e4d40044f311efc818

SHA1
7985a9ea251093de9153ebd24db1fd837fa229ec

SHA256
533254e6ac93629d1138688d5a0f5c76f8109c2abea3b3072b5a32d6d09a3cfb

SHA512
ee07734cd807685a557ec23e68ce3793dea90ebf212a94d88352e539e62b616b6bcb186ef3cb9fbdcb1155d45df587a25fc9cd911b512846efd008e29e887fee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6807256c6d7700c2ed7cf01eaf5443c6

SHA1
ab6ae5e76b94aafcea4803de2c1109c5a7d22f1b

SHA256
6710c969080834c1f1f5c11eafabe3bd9696adf805b719e2861e56b9349aba06

SHA512
1b73656d54a3dc041c814f58fe5b40a822991a7796af6e624a22db7f0c8b59b39ace9b17be4a1eed2b533b4a8efea5d38d9b88ec78d15dd1924c0f2fafa209b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
52ec4dd1fbc71ee83d3868cb3e2803b8

SHA1
2d1ee6b88dce8d056561924a692e485f851a5711

SHA256
ed3002ce2c989b65510f7fcbd5323130821b73021fb7f751faa219cc041ff1ab

SHA512
7ed1b7270a0fac09adaf585c9efcf17e4a52410fcd8f674eda9dec44ecc5a796a3afd4e19c56b7fc2b1c71d05099cc7f1bce22132c39c40e5bab739e34da603a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
48849fe5a51ea8d4d972e517e9c0a66c

SHA1
f7b39023347f3bbe5c7be4b366223ca0f511b46e

SHA256
d98e9b5dfff653123431cc941b28a4dbf4cd6ba7d0ed2361d182cc08f1b199de

SHA512
0e23b988f9769812d610b39b2a1a8493fabf256b8d106add80e098b84d1b9d25be13850b3baa2fdcd8c8439af4f2e46602f4d84f9a96e3fd825a09eb0a2d428c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
9981474f5abaf14a14db8adbcbad50d6

SHA1
6b2a8026e9433bb88c1df6664beff45c89c43bb1

SHA256
7ad1487f5d874288b22c6543cedd13d6645a4ec5bff1faf98d6f1051b9df2975

SHA512
35bc0f398c12fde1ecdbb85ddf97c5a8d12864a7f72d2f6e493b09bc952b1aaf25f962f64966f6dde6201d46d76c5f6a0c012c07a10644851b144faf53eee000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e8f61691f9e4121d91aed1ec070bfb33

SHA1
af4d3d42e77c0d3a8d5b3bf15027bdd976206bec

SHA256
3aaba0db313cc82de6f5880857ae3e23ec610ec90cef9b6d5cd27f75efcfce94

SHA512
174c984887c70690facb984dfa588f4f767f1e6005cc9d62dd83f877889005c3d3b0c040c78b41fc7e96390ad0e627875b07a393a7ffa7814dd23becbf047b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
98c469c24c0e6680fe220f56a65311f0

SHA1
e84c37c4e8bec36d1e316805a72d9f2927ad8095

SHA256
2826f515161e7ed6f1297066bc8696ae20b18395f37cedfc7833979fd6e0206a

SHA512
73d3ab95179f23c385c7880ffa917e2aa14f86125a744d73b769d5701840da683d07f716c01c61467bb2641c3a6332ad31a12866dbdbc322e23b3848ddf1ef2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2a08242feffdcfb9e5c5be0119b2fabc

SHA1
59abe239e2ddfe39a58462fc13316d5fbc135db0

SHA256
6988b7fde52e4788ca181d4f4a75d165486e6dc9152408e11a8cdc458e1d26c2

SHA512
f8cad63fea6e3ae6271647e3a13fe06cd32fdbb8ba049c41eec8bce3012b205a1c1b21d17c84f6d47fa4adcfb3a8005d95c24503db51d153f9ed6b729682dff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
22d922fc4819b086c960166e3e5d3faf

SHA1
597041f8a59fb1d45ca5d4d4b5734b156680e055

SHA256
0bde854f8ce46f7f20c1ae2a5680d165560c52746036e875b6b1b93db945f6a7

SHA512
019e0116f7ab1847f1534fbe1ba89751b772ad35fd3d555a81f9f4ee115dbc4637a1a1b48828d417b7955a349cb45f1e3452b289bd44f0b60462953fd1bd23e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
cb3f157de69c2aeb929e2399dc4fe38b

SHA1
52d00d64bcb4851fc496ab3ca5435c1c1c2b4372

SHA256
b2a1d8297fa4956c3f2e4d3b56750cfa675d6ee688d10fc27efcb95a62a01c8d

SHA512
d6846fdf23c3b66a1d4498ff85a5725a2f217533fa4a70f97bf5b4494c682b79688192fe10d8c1a03f27e0fbdf8a38cbebb87f8f42c1109cf16368d7fd8a7b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f6ad3875822e266b2739f685ea4db185

SHA1
2b38bdb7751fa9c52ae578e76e44807a4e6b04e8

SHA256
9353f4569b4a58f3bc1531e83943f846df4a7ee47389d30dceb852ed175eac76

SHA512
5ba598d676a54651f17870dfb4e0ec1d10d5d087dc4e561428fc546f7f347df41380a04c07702506244c62e6180cda7d72a60a4998f2476e661603fef017aa6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
dba163055f4ce076ba3b5a02aac3757d

SHA1
69e192d2deead5993d44e37d9cc86471b1eba3f4

SHA256
fa22f2ccc92a76e5bb6e423b3d0f8a39861353a1e20970646f6fe14ec4b195df

SHA512
edd19929807ebf1ee9c022c8c43fc3493588fda7a27daf7340bca883e1f0e24b854b3aa5894188888ca8e378436999328c554b3ab05333707c308debdee07a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c84d5925e08e6abdf6bf5b4d4eba2d93

SHA1
bf2e791430abec2e7a5caf299209c28ccf1187a1

SHA256
79351be845615b91181cbdab5ffa9b8706dfb08236075bd9135bf3c76d42c7b1

SHA512
065cde99fcbba92604ca54be9b523ddbe25c2c0de991d3b43de88dfac5e09b2fead354cb895cca811be2aa7a1df1b1c0a4aed43180dcd000213938f788cbdc27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8e270b21fc6b0a3a529adc54a98a8f22

SHA1
da5cd54e2264c86279400ecbf3d3500c2dbeeef8

SHA256
b044544991b9d503e8d97c5256cffbdc8cf4d3d641be2c5fc8292b2131447c3e

SHA512
55dee97a5c9bee88ac3947014ed1ec5add98a69552067ddf6e55eb040d1a219487942b75c43095db54f5b8496c715f262bb81dac64735539ef0bc0186017cb39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fe19598f46c975605c205fb1025d89bf

SHA1
082eb062238d69a60ace41d71b94870b7742e19e

SHA256
500578ceb56b764310db42df93c5f06588386023e29cc127c5b9852e1a7f1b7d

SHA512
7ecd679443d6563cf362723b7c210b6e62ff9c9789646bb35d6f4920ceb2b746d4c19f2ddd1ab705e0349276946d567a98ca6ffa7fb9d1e38754ad7a9b4dbae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
08876af9d93c6194fc06a99b836e4ec1

SHA1
b2f116a5f307370baf8ea5df8663e8ae4e0c641e

SHA256
8fb44ce5fad010c948d2632a7c0755da4e48ac7c48f1221e6e78d077155a2f5f

SHA512
ed65ead3a844661b04dae2d512052e581899d1aec2f99e77849aa9a40ef97f7847b0f9c1e6d8872a21cd11402a4f134319c831c258dff4cf8dad521842ca8b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
92de88ffa581cf71e8fe8dca48b4e4d5

SHA1
66c0c7e0ad0221f45d8e7e656e290389d9433d79

SHA256
5fe6c7b25603a5780678c1e63f02b37a416172ce7854d1bf40b76b094909962c

SHA512
ec4d0a5d27bf11775dc66a2e23ae1d54c3a2eb3cc687298724716362043b453f100177e458030e48ebb13854d573b770b6f58e2f6e72e24f5e1bcfa86d5a7b21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
baa9af27dfaeed31cc56bea9fc771ab2

SHA1
31877d8ac443650ec4c5df7f584855e4d1ef24f2

SHA256
705e22b9f0ac0b31bd19f3b7adfff9962a85dcefa0e2f737bd52887472a4ed2f

SHA512
7557c36f702d78b99911ad7ed41f0cbe6ec86038199bc83e43a00cc107dbf48ec7b7797a64a676882bcdb8b518e098d1628862ef7a5eb278481d6fb5a37ba856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c760bec35e9092c8cd518ea74b110b11

SHA1
a8c65d0d8bb490d9a4abb7630afeb7d726f23e37

SHA256
389d86aa9087d7d911ba00df1fbc50975aed73001a2def48393daf44140e813c

SHA512
31c0c51890c8281b61272573dd8205918b0a5149c281906b6d450de785c23af8d155143ed82c60b60ca14c05ba7cdbbb8a47b211e5c78174855bd36b0a9252dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
de6cfd4930b34dde63faadbbdd1d63a6

SHA1
6389aecce4906fd8d4f6fd0edcba140cf9f2a0fb

SHA256
43947edaeecadcf6fcd97205f47608f3b8f4a0d818bf1ee39866cd3e6b498672

SHA512
265d4ca77b85f7faa2c8ca1f1ddfe0e43c47e2cc443c9cc0455b9258c8218fb4df23273b634d302e0c097d6795b97210ea9fd9aa3cce40b61b5b7204e5362a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1a603c3fd81f5d41aacda86b782c5e66

SHA1
9c4696093b8ef403c4dee09d03b1f7e521ce2663

SHA256
33062881b7423831046f56a1fa5e3105e7a0513f430d2a31bf1414f9cfa4f4c2

SHA512
a85aaf8c04e60303b99fc19c25fc961251fe9deef8cf41c284193dabb3f3fccad998c3636b1e84a9e7007d44220b1b4eb1ded9ca63301c44f4f4aca2eaad33ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
03b36d4ab37f9f22bdbf77576aae0353

SHA1
072afe5ba1731402f4bfa6a87aed14a0ba65a70a

SHA256
25f6baef6bbf5da50f27f53f5fe5ab099078411299d441f00e96df5729017bd6

SHA512
4c15a0f2f85a96d6fa745dd13707664bd4835e76a24f395c912eca887dda2ddcc40399f85187b252411e0aae812f202fbf0b8ae16bf95be82dfc9331d70f3f9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
20c1ade60a9ec3fecc90a6260177e870

SHA1
310ae35ce141ab5feb5c5c922ef5664901c60b44

SHA256
96eeadd515db2b138590452dd088a2403953da64ca4268f6f8ba6aa0dc354c2e

SHA512
93d3c90b776f16accada05519932cc844935588856596694828e394044e5a1d3a7a87b9d214410a2668da35dc5d16cf790ab4e7391c173c5e185acd2592d561e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5c526f83be24a326caf27897cd310cb2

SHA1
fa6d1833927b6c77fee4e5dd5a71f50dfa39f680

SHA256
b10db0aa04b7ca9869dfc6670b72b72dd8c518b84ac9c14bc6340063b8e4f928

SHA512
0d4bd21899b62f5cd5d3781be3df7098e86f9fbc125121f3bf5635df99ecc6566ff69be9fa4c02ceafbecaea59648d019d06d7e9aa816c014986164fab4176d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
57c692b1f2a71cbf7b00011a5c3b88a9

SHA1
1216e6b8809e5359e8eba18cea75b7c9a4e6525d

SHA256
e28a46c35db3ff8d31d8e90d0459c5192a91008fe21b54632cc1e28511cdb579

SHA512
975cc92621bcca3230157607e552a8ff6dd89e5d56e84cd42a009b5ef722d146458c47f6ec7f1183a4a4316481eb0bc0aa50d8f55efa3951c304b36dc35cb284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e80a9e4a077eadbea58c09d025daf98e

SHA1
8f50811037ff6310d8783aafc8537921c0750dd8

SHA256
345edf7e2ec5b1d72fda02a280b01f76ece7cebc9406cf043637faf218723c70

SHA512
e2396499659238dfee566e4abd453595360ed3bff2f0a8aacc32ae077d22b54ab4857185a2c1ce5c10fd18dad8ba11cede7db339da793055bcff0b543e96c0b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7a5eb573dd8a6f563267738b15c28284

SHA1
4d1025bc02a6f096affddb1f4aeaf264b7dedd7b

SHA256
7caf97ac2730fa7a48542fb5c769d287a95c90779cb1828c0056f588d2b2509e

SHA512
bc27263199c864171b9a5cd0e4cbe863a5defdebb8256ba9bb9846786f5a0c303ca3e54221a128ac09adfef1bdc734948d3075414bf496bf606aacef9239e92d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bc2064dd-3c28-43e7-815a-d93ad38862b8.tmp

Filesize
4KB

MD5
8170328344ebeda6b093345ca5c8e792

SHA1
ad7aea64e2376f4d1eb6d6268dbbe913628103f6

SHA256
d677a1cf4e5681d737247d57c9c92ef0b2b071c0c2842f9162c50564ece24f3a

SHA512
050a161bc053ddbaeb972858db7038f47915ee5784c60eb99cef46eb18986f83c491f8cdf3a479dcfaeadc40e3c8e1e27b2a3f8f5eedd31e7f38bbd71cade1f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
27ff53a100070cc2241f981d149cced4

SHA1
39c4db6e59937b459af177ed1520f85ab3703a5b

SHA256
b85fcbe4222131f2b447547ffecd10651ee9d5ca6b6e6a388a9982ca4bb9b04b

SHA512
af5cea6891653fce374753ff74e2fe8f3e7107f3aeaf09211aace23c8c5b6fc4739cb5417297f70d1edc9337a2f0be750aab25ce1df133aabd98a5987ecebab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b098313c7249f670d471a8011dfd49d6

SHA1
1cc083a7d2aadd8ba8e17bbd1d2416a8c1ea8c9c

SHA256
4bb27e3494533a8e37b3c56dcac1dff57bf2383892f1e3fdac6740059d537c39

SHA512
78d85b918b2270d394cafb94b940d5f9bb9b42fdd811eac8227df70a1fe03308345dc3e0c82ea8abfff10f795280cbb17db4d6fd3a5ea7578118cd84d4245a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3b55e3b0696f902260d98d5e1d202984

SHA1
f5c9c585935b4b4cda6eaeb671f96208af2cc7b1

SHA256
34365104f0e58b05b45b800b435ff37233d87890352b462123a08bc0be7d3c0f

SHA512
a65f25a10d6790a9a9cace08407fd97be21ef8a1292eb37d4e082a55ee02f200981332ab3d68e9397fd5023774fa94c14dce6f7eb1a76ffe9fcc2b0fb3f14cfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c858ea2a91e9ec2af5aa901c9c841470

SHA1
76150ef3d795a262ce4f6d692d75c65ec795bd76

SHA256
f38b9b4b75c4aaa11df188f9aa850566e30d7575fa0137521ec3a575c2ffbbe1

SHA512
6eff4f0ac21ff2da6c6e61213ce0857801d79c8a7977560c7cd93818ab10b1c456b697d084d9ea23838bcf267bc3c6ff8d6fff2ce022322e34ad0b04444cf573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
42d2e8b5f4ce0a177efeb89e193ebbc5

SHA1
746b18e615bd47f2f43d836a4f4bdeb19722214d

SHA256
78b3bc41ee06a01f59aa1b8bb8bfee9efa860d0bc22c32a7e0ed514cb9c773a2

SHA512
79dfebb31af534f6175a3c3a8146b2a3384849d959a931cd363671e2d5b9cd40218c37f2f669eb058953f1887ce76ee45e3f3ea16fc3c66f00f31174f5f56aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8a79cf2f15190ecd3ad837970b68c0b6

SHA1
de073802971d66b902672a5ae5579e9f3a989991

SHA256
c9cfc20703c1afa8cc6882579c70eb66d44d4a51bf5a8e81d91c767a319b21b1

SHA512
fdd015cd60dc89a71d95516f193347d3e1f760c3392ea9f10f7a38a7620b4ef5328e851ab5c151c7a85a0a0015e50932a77c0017251204c58dc69b9d7be40b47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1de399a422ab58c98db06d3e6f7c4e61

SHA1
c013c7415cbb054b5b0cfbfdb5a8d56fdf012ac2

SHA256
8afb49cf4558f281c234ea29aaab98bb5f029961c43cfaf7dea9e6eab150467f

SHA512
b982db0bb5a24fd3049f49688d0b32e66932955fbe178a3070d180744967dbdef3fb8028e613a0ecb07633c1196918f3de9b6aaa280ace07d28faa9a7dc14e80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
060620e4d612c424df7d13352f23a3a0

SHA1
489a46d738cedf6a9eb1a337ebb7e1f6d1816d6c

SHA256
3d30327c58f8e2d8bbf74a7c3394b458637d54fab5416e19d7e8b1163807c3d1

SHA512
944da9c829e7d6e790dbd80bddf3ab56d57a0d9e6c8645e053e31de51e33befa734ef587c6bebf1b084f34fbe55efa3781ce426ef542111d22cf1b0c03d0850a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bdebb4a544c0b1bae420006ca3bbf20d

SHA1
78543d695063ea8c103c3fab0e523801529abe5e

SHA256
db10044c0c8b6c21abf61e0b003c30e715397e266f00fa83ab11c0c8e73b7bce

SHA512
474564555c91b1aad64c7fa4be3f57e7a10edbd30037db8c42e05f253982d1414fd1cebabd311102ddf2c3a0e503ddba3eb44e6456229fb5ff0afafea82ccace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7b0b5012963a12a4fcb016b85653be2c

SHA1
64d375a9809397bd561cdba476154dc460574c1c

SHA256
e422af10e9bc6e04802536d1b224e810e43a93ecda44d559163b500de99f2125

SHA512
fbd8c74b4276d6f79a485167e9966e6a764e013016c6a72aafef1d23dd0891af3bd511a6a0edd718ebb2b1231eabe040e6783f1710eff0609118991554e9471b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ac9e409c6bf303348626dea80e12fba3

SHA1
be7ebf211b21ccde430e94414c0d44d00aeb7076

SHA256
983cfc2dd46f1fbaf3af94a36e435084287a2373b8e8306b39852ad57e98971a

SHA512
6ece72091018eb251d0032ffc2125ec2e2d235dc85d648bb72c158b17dffdf70394d72115a132aab0f7c3ecb4661e49a390a74a73543f31b0cdee185dd59b383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
adc18cd1efef0c1fd0944144300bc973

SHA1
f83c9bb36bdde1618913e737e3b978c8da729a9a

SHA256
e93f819698d3a5fff26ca4269ae905fb9a649e336f252465545fb59d42d33e1b

SHA512
edf939978602d3867757bc571318ba5a7e68468fc4b1df100fd755e3e0f681a99947c94b77b27d131bb2af7f786365b0dda235a7eb7c3667fbc2452462c27d32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d711271b21eb4af2088d99b729830ecb

SHA1
3b802aca31605a83f4a38044833ce0c093a183c5

SHA256
2b8170cfdae7eae9a2ec7a800e2e7a1a36dd44c4be45220cf274f0008fd3aba0

SHA512
27ecbd8830227d0b1313fe34c1df4018ba44ed05914ab7f6243869bf427ad3f9c03a6e5a88ae2095dde80a4f85e6049c206e1ac79e8acfafc57c28fa4250d379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a15944ddce914bb29d0697b366c86063

SHA1
d6cefdf3b80dae49d66c40f7be3eb56b81d6564c

SHA256
31e73a8ef580a63b63e3b222f65cd3588fae789d4304e1e827debf17675265d6

SHA512
a0d39b1a2b51cfdd8414f08fb8e6fb51c7eb2c7453df330acb045c03b6368bbf8afdc44a50b5f4945eaad6c0de2a14e756cc24e71349bc64f8c8c825b0ad3a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
23705068e3bf45648f7a597fa59aecfe

SHA1
caaf8a0859adb20a2a9a6e847aef934d32caa6dd

SHA256
fc609b9068b9eb8ec3266c3a3ed95e1c3e55f53686419bc2321db29406dba376

SHA512
2a87ac86b6e581502ff7f99105b8bde639336afe6a63693111cf1930277a45f656d8892613bc8c45565e5723cd155ef98fd12c57123686e6698c51f3b61dce28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a03f478c-67fc-4f50-85d9-2090a7e1f1bc.tmp

Filesize
8KB

MD5
1dc3e63efda9c8d1e2cc2cc2d06c8953

SHA1
0358d7a606595ea9b6faceb78c0d02ae75551878

SHA256
fcb4374ac59e579dba409d94d16e39fd42e3710f902295d67f8614646a03886c

SHA512
310c3d3ae2e9a2fa82a96ce6f54380465f25a73bd7e085bbd9a39046cfb88630869ed1fe7aec8fd180f271af3b505fad10a479351d563f12131733a1f3c87a86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c45fc33d-100c-42bd-b12e-beb13d0e1119.tmp

Filesize
7KB

MD5
3ef5f21c6128cafbe2ffc35d51c135b5

SHA1
a15466ca420182c709997164a9dd8dbf36c39af2

SHA256
73b4e0836d1c6ec3315d1c27aed3328fa1d5aaa0872b01b0e312b33460883a06

SHA512
cfca0b56eef6580c657da079637c9bc09a510983929d4cbd255ef3eb26efa8a1ce4044d4027f8efb945b7873349fda9578b6e27ddd78791e84384f11f58c0ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f7f5c066-2cf2-4789-b03d-e3769598334a.tmp

Filesize
7KB

MD5
1a82d6a2db8d87e5214fd7ef88bd214d

SHA1
95d30dfa47bb7d64168235443c18e139ebe67a6d

SHA256
2e1c6f4049d118d5231b418b3c8181e467a032aa2fd5bff5a8867c8d2b65fdd9

SHA512
e42c18b5dab7403e6e05699189d5c7717f84c9d81b39e15e3d088ee9acd2831a55b1dedc4da96f56e6fd9abb16344773a42855ec52fe5fcfeb032d4011de4c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
ea606b3e859ae6309358225af1fde156

SHA1
42fb311a451e35d1d92fab552f469624794ac439

SHA256
f7f5fd2d03032e5922399d65b00568e0342dc913b6b890a76e9666c5915170a6

SHA512
3f50ccff3644c3285b957ed9986865ec952421e42963c79bceffa05923c740200ae116a1b972bfe87bda5269906a6f3f6f9e71b9c5a5e977d1a58bbb2981f27e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
bdf1c91c405197fed9c43fd171a9b40e

SHA1
88e407acf2925dd2529764431e9d666f6ceff8cf

SHA256
036acb86f0a6153593d9609c54a4aafa31f21e7cc42e00b9a5c0138251abfc0f

SHA512
18dd830e95065283a5df36629866d51120fb07439a746e7cc49710826aba7fdd76275fefa703840899ef80608c1e12080a8fa83f5a89cb198e89080808b70592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
ae2b35089cd7b9850c612c48f72adec9

SHA1
051c90706ac1c37a59fd4290632e0b3dff9dee61

SHA256
c18cb02c70ffa756e5311d5fc2d95525327d6773a0487bd0d841836114cdb74c

SHA512
6a37e20f5950bdc31e708a278b25236fdb9bd8fd7e594b2d48d70080ce8da68ea330ee07736bf11351d6ddc7abca3f2b9c995dbeb43018e81f19ed3056015eaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
136275ad984da209c4d042eaf11551b3

SHA1
38f02646f2ab05a8e3f2b5a0d30fe13a8f1907e5

SHA256
67e84968ddabb74ec8eb11116736435916ca7776bd5b64ae724b6d086830ddf1

SHA512
1b18cc26daecefc2d0792cf5b3ddafa51315763367046f1e6dd24d092453f541be55fb15441ad08c15c0f05068c3e1341488d16a83b027180a8ad110d9ff3580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
db96f0fc1b2366d3a00d099b6c33f4ed

SHA1
62372a0053be57a3d2ef624f6aab0a660950237a

SHA256
b3035b3a0ae36b0f3ff2edcfa731cfdb4afd1ae1cf1812433d404f4ad3a023a0

SHA512
bf12ae68725fd32f62accfa19836bf0b8ad580f2a9cf1adb89b6a0316a951b469b5cda1cf237208abebaeacb03aa9d208251e109cfbd2cb98f059f68aefb1bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
44c225a0284e98123c5abd13f59434ef

SHA1
258b25f4b5274fc408e54cd85b1f9657fe58dcf5

SHA256
0c1d72099e4a94f4aab6dbe6fb865bf395b42600bb2d200ac7f854c0f5016159

SHA512
156f07e48cae5d62c5f0dfbe64ae5db3bf93331bf8e613d7ab1ddb29e1622e6cf69f7c15215b7add90ec56ba9b5f0bc5e13ae53c94c7cef6d80ac9557034d955

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
4f526f32c2ea3e6cda4c16ac3a47dc19

SHA1
de7473c7440689d0487636400243e0787d05b28b

SHA256
37b22efffec45aa7ab368439405df1138b30f4caf4c16a92c9ebcf47e464ebef

SHA512
b7c5f2fd02acc07139a126d505493abeb2cd7c15adb7014fbee6634277539a01740a16c9f157a9c27fac472f1c054d17b4eb45edb8ec49734077c62432a289f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
b6e260fc8d078d57bf3d29358c26da7a

SHA1
355fe0f61f87ee95d0b692180124e5cc5233fd3d

SHA256
8d8a43ec89ef040c3e7f7f72b60c01c65194cb7f280bb163bc071dd51b4cfd1f

SHA512
e46079d21c905968596a2f105c37344ba580f475b4947a31d620cf672da86ad3c8d33cb59166992129bbfca5f769b8d83b6da3658c3859e4e8dede3944b3d1ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
5391c28142d55eeed71e08632be5adc8

SHA1
cca83014341f18b38656f2182030a992a2a11c92

SHA256
166d9fbb5591c6a1f0cdc495f2d912cbff7bd9866a787f90856c8f8532bc6696

SHA512
7c552a5da979848a08245977cb55683220926717b614d69f21fe53b766ddd33ff272d53ccd03d2d4f81f268fb80438a39d63429f9b4f889d82b3e6c24424a016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
cce507558237c51697beafd31fdb2033

SHA1
941533afae71f7d5fceedc5913ef2b0ba875b0ef

SHA256
74435dd9f165ac5e6cdf7bdb37840007164ffa9a41d5294e1097f9043d9a60f7

SHA512
6da5f829ccce9519e089cf8b61808fa032edd452058dea976818b5e197cf55dd0c936d2c3f49167134e6b16bdd893fe570bfa31d85fc27246e4c65b7bb9d6315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
67ca00954b81d1c8229d905f9f10aed7

SHA1
fee1819f6f60396413563b8dc89bcf463a13bb77

SHA256
f56f1a6d77769366b36587a339a17b9021d51d82d60aaab20a7593f85d050c09

SHA512
91dfd2822d31f267adc6aabca71d2e4284b572bdc657d41a729f7d8f396263dce0436efba6054039e0e09ef5855617a1a0d145c3544646892a90b8c709409474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
d0d7b9e91123d1e6e369cf6fbc953004

SHA1
b09ae037ecb0f73f39a1b19b849c127cf3ff6b00

SHA256
aab9a5cf81f12737c88fb463d730843d77a539a9fbd1c4c9573cad9aa58e1923

SHA512
1d554a4c32312ec713ba612418c03c9f0198c82a694c9e936a030bc177f02aa675d19bc913591b678ee54f36ec207f9477a7cc6359215bf109dfd4bab7ee91eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
d2541e600c9ae35865a2c1cfdd4dda77

SHA1
74811c0d3bb29dd9a45cdef0e7e49574476c9242

SHA256
746f7cf8c3fdbdecfb965afa93be2b3a55188797d4408a93ef0f6169d2efa90c

SHA512
6214a80a7d093b19197a364c574d69076dc505c71084e8ec3e0beb4740b1ed7ef848e2f0038c47aa2a9fb9c1a97399cc94de32123f502d4d19f204b98d5a873e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
77KB

MD5
9be0f4ca2154c3a5f31033d57ea5aa60

SHA1
8af477c1c425fa6c9ca094478b36265d8245d6cb

SHA256
0ba7320b764000a8e9375755402c467dc0cf328296f6ef7557800fbb7288ac95

SHA512
ede62d07438bc19831483b41bd3f57317c83845bdb410224b6457f9f9392e2ac89dcfa7cb6d15625b720cdc384e8db84ca2b3a5a512c47d9da4f5d869b220e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
e695a27c8ac4aed769407b1350de8538

SHA1
6721b1d3bf3f0eb189d54a9acd270d1040d7b6c6

SHA256
955bd30f58557304fba754b1d3ea0e528f34ccfa4fe53fe6559739aff58bcf68

SHA512
58f5f31691148f9f25daa5c80c6abcc64149139ab8ecdbf6e548522899cbcc6143ca710ac8a0794a4f452d99172002d9ebc0c7fc356b0ed669f38c5da33b877d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
548885bd2f35ab8e1aadb8eea9507112

SHA1
ef497300eeacb986a6f43bafb62f4a650dd76c3a

SHA256
cf4d29f4e031ca31b3964ea3b1c8b13b43ca8f921a4df6b467ed772637fbad13

SHA512
9c76a6b97cb7b2b109551331e3f7b9789f564fdaf0af90b0c0df7544d9c2b20ce359a1fa548422733ee2b9fe660bb3683ab24b9a07cf3bea2f48265a27161322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
a10ffaf0720baaf2d4c4af4271cf00d3

SHA1
11a6a302f362baeeb2f74ba9031ee97be7eab4fe

SHA256
fc827b52f984d7b070e0df017338cdbf15cd33fc91082dbf251ac74ed244db5a

SHA512
00696d2036b25c7249c0a16696f00888cec87bddf3a03b948d45a9319e4e31e076c4f01ae65321e48c216224a9260abec1d4b48e362e8b280ac8e4b3187aec67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b4e58029-5073-4e03-b5b0-0ea083e6f14a.tmp

Filesize
344KB

MD5
83f442045867c15150a5abd4a3f7a4cf

SHA1
41e8c68f1a95be96aea00d9c0ec2696476710bf3

SHA256
5b243e464b08ff43183a1ac0b5c8cf3760ca4729556dc7a135c4f08f6468565d

SHA512
f6cacb331b3f77fa63a767453743e596c4337f29301deaa0406ba672d75bc502012e235545c290c8c43c580f646be2a27f5d508f32aec1535befda70845ed5d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5331.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5344.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms~RFf835fad.TMP

Filesize
7KB

MD5
e3f6289fe59bb6f694ec305b1d73e28e

SHA1
029aad065b0296c4b9fa5ee5198824567b2a3baa

SHA256
07d232a7ed7d40361cb855da6719ad0de6a22a94b963626a72df7a4f882d40f5

SHA512
1f30050a73f25ea4d593b6cc014e4049e5f6d618a7b5e68df2916d20d4e17e3babdfa19aa84661fdc5f9971c79cb59bfc8d92a149e9ac045557723e335dc1828

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
7.2MB

MD5
a1c0810b143c7d1197657b43f600ba6b

SHA1
b4aa66f5cdd4efc83d0478022d4454084d4bab1d

SHA256
30f233f41ec825806609fb60d87c8cb92a512b10f7e91cdbb4bf32cee18217ae

SHA512
8f45702da43526c04b957f571450a2b53f122b840fa6118a446972bc824c8ee7acd6e197177b54236ce7f428fb73a7cbe4ed18d643c625c9f156463d51ee038a

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d3fcc5d5ea2480e7c4180519834bf7a2

SHA1
3c9c7c43cbfb331271e556be3f8a54f31b5cc7fd

SHA256
303bf3490ee7aaf402660a00dcada5dcbaecc1c07b8d7fc09de472c018560722

SHA512
a191b3a6f648cc341f580a302f14fb46d5ee622da0c6149a8ff5fe37b25670719c3150aeb44f88b9d286cef6b75e14ce963df72864b7d94aea43250cf2206569

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
5935d1d9c56a9ee6d7d789d08db2ce85

SHA1
c20f0b490748ae2d44ff0dcd5339febc612edb75

SHA256
90c1ba345b761707866df5b0d6fbf132fd51f12dc561e1ada64f695a4788def7

SHA512
5a5601a0971820c2f84946506a5f752ad243f1a47b5fbdf30d00023c5101f7124c80585a8423d3d435ddcdf40b6e97a8075f07bc4b150bed0e4a2441c92b61ba

Download Submit
\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
7.1MB

MD5
dc0a0de94ad86e22785e385a4fbbfe2f

SHA1
8dcd6f06fba142018f9e5083d79eac31ed2353d7

SHA256
a4e80eba29eec1e534950f605de2bba0a174e9eaf56c82fd6f4d221e93667f92

SHA512
39582cda82f479e5e25fc2021878d071261b71efbb68f827599d4020de61698273a2cde3d1dc323d14205615a509687ad1e04f1e25626c0826c6f297f5a75dce

Download Submit
\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
memory/380-2866-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/380-3241-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/380-3466-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/380-2698-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/380-3530-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/380-2774-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/380-2790-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/380-2786-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/380-2173-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/1736-2171-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/1736-2696-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/1980-2169-0x0000000000D70000-0x0000000000DA5000-memory.dmp

Filesize
212KB

Download
memory/1980-2170-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/1980-3240-0x0000000000D70000-0x0000000000DA5000-memory.dmp

Filesize
212KB

Download
memory/1980-2695-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/2040-2773-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/2040-2785-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/2040-2697-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/2040-2172-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/2332-7115-0x0000000001170000-0x00000000011A5000-memory.dmp

Filesize
212KB

Download
memory/2332-6675-0x0000000001170000-0x00000000011A5000-memory.dmp

Filesize
212KB

Download
memory/2352-2699-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/2352-2174-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/2848-0-0x000007FEF5793000-0x000007FEF5794000-memory.dmp

Filesize
4KB

Download
memory/2848-3-0x000007FEF5793000-0x000007FEF5794000-memory.dmp

Filesize
4KB

Download
memory/2848-2-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

Filesize
9.9MB

Download
memory/2848-1-0x0000000001040000-0x000000000110E000-memory.dmp

Filesize
824KB

Download
memory/2848-4-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

Filesize
9.9MB

Download
memory/3040-3757-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/3040-3531-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download
memory/3040-3467-0x0000000074040000-0x0000000074250000-memory.dmp

Filesize
2.1MB

Download