Analysis
-
max time kernel
1045s -
max time network
1049s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
24-12-2024 08:48
Static task
static1
Behavioral task
behavioral1
Sample
Bootstrapper.exe
Resource
win10ltsc2021-20241211-en
General
-
Target
Bootstrapper.exe
-
Size
800KB
-
MD5
02c70d9d6696950c198db93b7f6a835e
-
SHA1
30231a467a49cc37768eea0f55f4bea1cbfb48e2
-
SHA256
8f2e28588f2303bd8d7a9b0c3ff6a9cb16fa93f8ddc9c5e0666a8c12d6880ee3
-
SHA512
431d9b9918553bff4f4a5bc2a5e7b7015f8ad0e2d390bb4d5264d08983372424156524ef5587b24b67d1226856fc630aaca08edc8113097e0094501b4f08efeb
-
SSDEEP
12288:qhd8cjaLXVh84wEFkW1mocaBj6WtiRPpptHxQ0z:2ycjar84w5W4ocaBj6y2tHDz
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 26 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" setup.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" setup.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} setup.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.112\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" setup.exe -
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe -
A potential corporate email address has been identified in the URL: [email protected]
-
Checks computer location settings 2 TTPs 28 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Wave.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Wave.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation setup.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Wave.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Wave.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Wave.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Wave.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Wave.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bootstrapper.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Bloxstrap.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Wave.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Wave.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation BootstrapperV2.04.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Control Panel\International\Geo\Nation Wave.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 64 IoCs
pid Process 4992 BootstrapperV2.04.exe 4120 Solara.exe 5076 Wave-Setup.exe 6044 Wave.exe 3284 Wave.exe 1688 Wave.exe 5592 Wave.exe 6576 wave-luau.exe 6016 Bloxstrap.exe 6752 RobloxPlayerInstaller.exe 5688 MicrosoftEdgeWebview2Setup.exe 1136 MicrosoftEdgeUpdate.exe 4800 MicrosoftEdgeUpdate.exe 6940 MicrosoftEdgeUpdate.exe 5948 MicrosoftEdgeUpdateComRegisterShell64.exe 4976 MicrosoftEdgeUpdateComRegisterShell64.exe 7136 MicrosoftEdgeUpdateComRegisterShell64.exe 6688 MicrosoftEdgeUpdate.exe 5368 MicrosoftEdgeUpdate.exe 2860 MicrosoftEdgeUpdate.exe 6340 MicrosoftEdgeUpdate.exe 7108 Wave.exe 6848 Wave.exe 3900 Wave.exe 5192 Wave.exe 5788 Wave.exe 5876 wave-luau.exe 5604 MicrosoftEdge_X64_131.0.2903.112.exe 5148 setup.exe 5492 setup.exe 2388 Bloxstrap.exe 6260 MicrosoftEdgeUpdate.exe 1832 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 5048 Bloxstrap.exe 1716 RobloxPlayerBeta.exe 7232 RobloxPlayerBeta.exe 8020 RobloxPlayerBeta.exe 8092 Bloxstrap.exe 9412 RobloxPlayerBeta.exe 11164 Wave.exe 7984 Wave.exe 7968 Wave.exe 1828 Wave.exe 3384 wave-luau.exe 3948 MicrosoftEdgeUpdate.exe 4100 Wave.exe 5436 Wave.exe 3972 Wave.exe 8712 Wave.exe 7608 wave-luau.exe 10636 MicrosoftEdgeUpdate.exe 8368 Wave.exe 8268 Wave.exe 9500 Wave.exe 3996 Wave.exe 8220 wave-luau.exe 8552 MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe 10568 MicrosoftEdgeUpdate.exe 10624 MicrosoftEdgeUpdate.exe 11188 MicrosoftEdgeUpdate.exe 8080 MicrosoftEdgeUpdate.exe 7620 MicrosoftEdgeUpdateComRegisterShell64.exe -
Loads dropped DLL 64 IoCs
pid Process 5076 Wave-Setup.exe 5076 Wave-Setup.exe 5076 Wave-Setup.exe 5076 Wave-Setup.exe 5076 Wave-Setup.exe 5076 Wave-Setup.exe 5076 Wave-Setup.exe 6044 Wave.exe 6044 Wave.exe 3284 Wave.exe 1688 Wave.exe 3284 Wave.exe 3284 Wave.exe 3284 Wave.exe 3284 Wave.exe 5592 Wave.exe 1136 MicrosoftEdgeUpdate.exe 4800 MicrosoftEdgeUpdate.exe 6940 MicrosoftEdgeUpdate.exe 5948 MicrosoftEdgeUpdateComRegisterShell64.exe 6940 MicrosoftEdgeUpdate.exe 4976 MicrosoftEdgeUpdateComRegisterShell64.exe 6940 MicrosoftEdgeUpdate.exe 7136 MicrosoftEdgeUpdateComRegisterShell64.exe 6940 MicrosoftEdgeUpdate.exe 6688 MicrosoftEdgeUpdate.exe 5368 MicrosoftEdgeUpdate.exe 2860 MicrosoftEdgeUpdate.exe 2860 MicrosoftEdgeUpdate.exe 5368 MicrosoftEdgeUpdate.exe 6340 MicrosoftEdgeUpdate.exe 7108 Wave.exe 7108 Wave.exe 6848 Wave.exe 6848 Wave.exe 3900 Wave.exe 5192 Wave.exe 3900 Wave.exe 3900 Wave.exe 3900 Wave.exe 3900 Wave.exe 5788 Wave.exe 6260 MicrosoftEdgeUpdate.exe 1832 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 1716 RobloxPlayerBeta.exe 7232 RobloxPlayerBeta.exe 8020 RobloxPlayerBeta.exe 9412 RobloxPlayerBeta.exe 11164 Wave.exe 11164 Wave.exe 7984 Wave.exe 7968 Wave.exe 7984 Wave.exe 7984 Wave.exe 7984 Wave.exe 7984 Wave.exe 1828 Wave.exe 3948 MicrosoftEdgeUpdate.exe 4100 Wave.exe 4100 Wave.exe 5436 Wave.exe 3972 Wave.exe -
Checks for any installed AV software in registry 1 TTPs 20 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\KasperskyLab reg.exe Key opened \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\KasperskyLab reg.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\KasperskyLab reg.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\KasperskyLab\Session reg.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\KasperskyLab\Session reg.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\KasperskyLab\Session reg.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\KasperskyLab\ reg.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\KasperskyLab\Session reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\KasperskyLab\Session = "Bearer 9baffde4-37d5-4f1e-bf5d-6179b2d04cd2" reg.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\KasperskyLab reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\KasperskyLab\Session = "Bearer 55718aae-0c46-404a-abe2-bbeeb1c259fd" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\KasperskyLab\ reg.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\KasperskyLab reg.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\KasperskyLab\ reg.exe Key opened \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\KasperskyLab reg.exe Key opened \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\KasperskyLab reg.exe Key opened \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\KasperskyLab reg.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\KasperskyLab reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\KasperskyLab\ reg.exe Key value queried \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\KasperskyLab\Session reg.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerInstaller.exe -
Enumerates connected drives 3 TTPs 38 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\F: explorer.exe -
Installs/modifies Browser Helper Object 2 TTPs 8 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" setup.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
flow ioc 548 discord.com 598 discord.com 663 discord.com 703 discord.com 28 pastebin.com 29 pastebin.com 546 discord.com -
Checks system information in the registry 2 TTPs 26 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk setup.exe -
Enumerates processes with tasklist 1 TTPs 1 IoCs
pid Process 2972 tasklist.exe -
Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs
pid Process 1832 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 1716 RobloxPlayerBeta.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
pid Process 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 1832 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 1716 RobloxPlayerBeta.exe 1716 RobloxPlayerBeta.exe 1716 RobloxPlayerBeta.exe 1716 RobloxPlayerBeta.exe 1716 RobloxPlayerBeta.exe 1716 RobloxPlayerBeta.exe 1716 RobloxPlayerBeta.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\Temp\EUBCD9.tmp\msedgeupdateres_hi.dll MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\DeveloperFramework\Table\sort_arrow.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\fonts\NotoSansDevanagariUI-Regular.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioToolbox\EndorsedBadge.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\DefaultController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\XboxController\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\MaterialGenerator\AddImage_48x48.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\btn_newBlue.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VoiceChat\SpeakerLight\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\dual_engine_adapter_x64.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Locales\km.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\LayeredClothingEditor\Icon_Pause.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\fonts\families\LegacyArial.json RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\DesignSystem\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\graphic\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\Temp\EUBCD9.tmp\MicrosoftEdgeUpdateOnDemand.exe MicrosoftEdgeWebview2Setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\api-ms-win-core-processthreads-l1-1-0.dll RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaApp\graphic\noNetworkConnection.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\icons\ic-checkbox-on copy.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\af.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\vi.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\elevation_service.exe setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\fonts\GothamSSm-Bold.otf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\waypoint.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Controls\PlayStationController\PS4\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\Gamepad\[email protected] RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\Locales\sr-Cyrl-BA.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VoiceChat\Misc\MuteAll.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\icons\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\sky\cloudDetail.dds RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\particles\explosion01_smoke_alpha.dds RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\LegacyRbxGui\x.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\PlayerList\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VoiceChat\MicLight\Error.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\1192_13379504690137663_1192.pma setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\vk_swiftshader.dll setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\edge_feedback\mf_trace.wprp setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\RoactStudioWidgets\toggle_off_dark.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioSharedUI\preview_expand.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioToolbox\AssetConfig\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\TerrainTools\mtrl_slate.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Emotes\TenFoot\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerInstaller.exe RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Microsoft\Temp\EU4C6E.tmp\msedgeupdateres_pl.dll MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\sr-Latn-RS.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\MenuBar\icon_minimize.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\fonts\AmaticSC-Regular.ttf RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\Settings\Players\ReportFlagIcon.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\ui\VoiceChat\SpeakerNew\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\Controls\DesignSystem\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\ExtraContent\textures\ui\LuaChat\9-slice\system-message.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\configs\DateTimeLocaleConfigs\en-gb.json RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\Debugger\Breakpoints\[email protected] RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\StudioUIEditor\icon_resize4.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\TerrainTools\mtrl_ground_2022.png RobloxPlayerInstaller.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\textures\TerrainTools\sliderbar_button.png RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.112\Locales\th.pak setup.exe File created C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\content\fonts\LuckiestGuy-Regular.ttf RobloxPlayerInstaller.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\Trust Protection Lists\Mu\Advertising setup.exe -
Drops file in Windows directory 42 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp\msedge_installer.log setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\msedge_installer.log setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\msedge_installer.log setup.exe File opened for modification C:\Windows\SystemTemp Wave.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp Wave.exe File opened for modification C:\Windows\SystemTemp\msedge_installer.log setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp Wave.exe File opened for modification C:\Windows\SystemTemp Wave.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp Wave.exe File created C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe File opened for modification C:\Windows\SystemTemp\msedge_installer.log setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File created C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat setup.exe File opened for modification C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat setup.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File created C:\Users\Admin\Downloads\Wave-Setup.exe:Zone.Identifier firefox.exe File created C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier firefox.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 34 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tasklist.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RobloxPlayerInstaller.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Wave-Setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language find.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeWebview2Setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 6260 MicrosoftEdgeUpdate.exe 10568 MicrosoftEdgeUpdate.exe 7492 MicrosoftEdgeUpdate.exe 2564 MicrosoftEdgeUpdate.exe 9656 MicrosoftEdgeUpdate.exe 6688 MicrosoftEdgeUpdate.exe 6340 MicrosoftEdgeUpdate.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A explorer.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A explorer.exe -
Checks processor information in registry 2 TTPs 35 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString POWERPNT.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz POWERPNT.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 POWERPNT.EXE -
Enumerates system info in registry 2 TTPs 21 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS RobloxPlayerInstaller.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily POWERPNT.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS dwm.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU dwm.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer RobloxPlayerInstaller.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS POWERPNT.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU POWERPNT.EXE -
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
pid Process 1020 ipconfig.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio RobloxPlayerInstaller.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights setup.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Set value (int) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" RobloxPlayerInstaller.exe Set value (str) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.4355\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{DAF6A918-C1D5-11EF-B6D2-C678E542150C} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player RobloxPlayerInstaller.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Set value (int) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main setup.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" setup.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" setup.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0" RobloxPlayerInstaller.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} setup.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy setup.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge setup.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Set value (int) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2941910500" iexplore.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" setup.exe Set value (int) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31151586" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31151586" IEXPLORE.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\131.0.2903.112\\BHO" setup.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Set value (int) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" explorer.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch explorer.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge setup.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA dwm.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdgeUpdate.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED} MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "856" SearchApp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{41E1FADF-C62D-4DF4-A0A2-A3BEB272D8AF}\InprocHandler32 MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (int) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "856" SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\MuiCache StartMenuExperienceHost.exe Set value (data) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0200000004000000030000000100000000000000ffffffff explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (int) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "823" SearchApp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\ = "Microsoft Edge Update Legacy On Demand" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (int) \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "823" SearchApp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\psmachine_64.dll" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\ = "Microsoft Edge Update Broker Class Factory" MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\MuiCache SearchApp.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\Enabled = "1" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" MicrosoftEdgeUpdateComRegisterShell64.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VERSIONINDEPENDENTPROGID MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\MSEdgeHTM setup.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search SearchApp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\MicrosoftEdgeUpdateOnDemand.exe\"" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\MuiCache SearchApp.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe -
NTFS ADS 3 IoCs
description ioc Process File created C:\Users\Admin\Downloads\Wave-Setup.exe:Zone.Identifier firefox.exe File created C:\Users\Admin\AppData\Local\wave-updater\installer.exe\:Zone.Identifier:$DATA Wave-Setup.exe File created C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier firefox.exe -
Suspicious behavior: AddClipboardFormatListener 3 IoCs
pid Process 7572 EXCEL.EXE 10020 POWERPNT.EXE 4116 vlc.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4120 Solara.exe 5076 Wave-Setup.exe 5076 Wave-Setup.exe 2972 tasklist.exe 2972 tasklist.exe 6044 Wave.exe 6044 Wave.exe 6752 RobloxPlayerInstaller.exe 6752 RobloxPlayerInstaller.exe 1136 MicrosoftEdgeUpdate.exe 1136 MicrosoftEdgeUpdate.exe 7108 Wave.exe 7108 Wave.exe 3576 msedge.exe 3576 msedge.exe 444 msedge.exe 444 msedge.exe 3804 msedge.exe 3804 msedge.exe 6848 Wave.exe 6848 Wave.exe 1136 MicrosoftEdgeUpdate.exe 1136 MicrosoftEdgeUpdate.exe 1136 MicrosoftEdgeUpdate.exe 1136 MicrosoftEdgeUpdate.exe 1832 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 9628 msedge.exe 9628 msedge.exe 10016 msedge.exe 10016 msedge.exe 10016 msedge.exe 7752 msedge.exe 7752 msedge.exe 7528 RobloxPlayerBeta.exe 1716 RobloxPlayerBeta.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 7232 RobloxPlayerBeta.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 7232 RobloxPlayerBeta.exe 7232 RobloxPlayerBeta.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 9 IoCs
pid Process 10980 taskmgr.exe 10696 explorer.exe 9212 explorer.exe 11252 explorer.exe 3524 explorer.exe 4116 vlc.exe 10264 explorer.exe 7848 explorer.exe 8684 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 444 msedge.exe 444 msedge.exe 444 msedge.exe 10016 msedge.exe 10016 msedge.exe 10016 msedge.exe 10016 msedge.exe 10016 msedge.exe 8868 msedge.exe 8868 msedge.exe 8868 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 4892 Bootstrapper.exe Token: SeDebugPrivilege 4992 BootstrapperV2.04.exe Token: SeDebugPrivilege 4120 Solara.exe Token: SeDebugPrivilege 1020 firefox.exe Token: SeDebugPrivilege 1020 firefox.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 2972 tasklist.exe Token: SeSecurityPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe Token: SeDebugPrivilege 5076 Wave-Setup.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 444 msedge.exe 444 msedge.exe 6848 Wave.exe 2388 Bloxstrap.exe 2388 Bloxstrap.exe 10016 msedge.exe 5048 Bloxstrap.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe 10980 taskmgr.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 1020 firefox.exe 5068 SearchApp.exe 984 TextInputHost.exe 5780 StartMenuExperienceHost.exe 984 TextInputHost.exe 5776 StartMenuExperienceHost.exe 5528 SearchApp.exe 416 TextInputHost.exe 416 TextInputHost.exe 10864 StartMenuExperienceHost.exe 4128 SearchApp.exe 10696 explorer.exe 736 TextInputHost.exe 736 TextInputHost.exe 10328 StartMenuExperienceHost.exe 6084 TextInputHost.exe 6084 TextInputHost.exe 6392 SearchApp.exe 2836 StartMenuExperienceHost.exe 228 SearchApp.exe 8840 TextInputHost.exe 8840 TextInputHost.exe 8028 StartMenuExperienceHost.exe 6816 SearchApp.exe 9372 TextInputHost.exe 9372 TextInputHost.exe 2492 StartMenuExperienceHost.exe 6704 SearchApp.exe 4568 TextInputHost.exe 4568 TextInputHost.exe 10344 StartMenuExperienceHost.exe 10372 SearchApp.exe 6328 TextInputHost.exe 6328 TextInputHost.exe 8680 StartMenuExperienceHost.exe 5940 SearchApp.exe 10912 TextInputHost.exe 10912 TextInputHost.exe 8088 StartMenuExperienceHost.exe 5916 SearchApp.exe 10152 TextInputHost.exe 10152 TextInputHost.exe 10580 StartMenuExperienceHost.exe 10656 SearchApp.exe 8564 TextInputHost.exe 8564 TextInputHost.exe -
Suspicious use of UnmapMainImage 7 IoCs
pid Process 1832 RobloxPlayerBeta.exe 8468 RobloxPlayerBeta.exe 7528 RobloxPlayerBeta.exe 1716 RobloxPlayerBeta.exe 7232 RobloxPlayerBeta.exe 8020 RobloxPlayerBeta.exe 9212 RobloxPlayerBeta.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4892 wrote to memory of 1896 4892 Bootstrapper.exe 84 PID 4892 wrote to memory of 1896 4892 Bootstrapper.exe 84 PID 1896 wrote to memory of 1020 1896 cmd.exe 86 PID 1896 wrote to memory of 1020 1896 cmd.exe 86 PID 4892 wrote to memory of 4992 4892 Bootstrapper.exe 95 PID 4892 wrote to memory of 4992 4892 Bootstrapper.exe 95 PID 4992 wrote to memory of 4120 4992 BootstrapperV2.04.exe 96 PID 4992 wrote to memory of 4120 4992 BootstrapperV2.04.exe 96 PID 3588 wrote to memory of 1020 3588 firefox.exe 108 PID 3588 wrote to memory of 1020 3588 firefox.exe 108 PID 3588 wrote to memory of 1020 3588 firefox.exe 108 PID 3588 wrote to memory of 1020 3588 firefox.exe 108 PID 3588 wrote to memory of 1020 3588 firefox.exe 108 PID 3588 wrote to memory of 1020 3588 firefox.exe 108 PID 3588 wrote to memory of 1020 3588 firefox.exe 108 PID 3588 wrote to memory of 1020 3588 firefox.exe 108 PID 3588 wrote to memory of 1020 3588 firefox.exe 108 PID 3588 wrote to memory of 1020 3588 firefox.exe 108 PID 3588 wrote to memory of 1020 3588 firefox.exe 108 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 PID 1020 wrote to memory of 2272 1020 firefox.exe 109 -
System policy modification 1 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" setup.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4892 -
C:\Windows\SYSTEM32\cmd.exe"cmd" /c ipconfig /all2⤵
- Suspicious use of WriteProcessMemory
PID:1896 -
C:\Windows\system32\ipconfig.exeipconfig /all3⤵
- Gathers network information
PID:1020
-
-
-
C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.04.exe"C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.04.exe" --oldBootstrapper "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe" --isUpdate true2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4992 -
C:\ProgramData\Solara\Solara.exe"C:\ProgramData\Solara\Solara.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4120
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:864
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3588 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1020 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1876 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d9c25cd-19ba-45eb-b48d-959e15c2c3c1} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" gpu3⤵PID:2272
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dd33f12-6d3c-44e5-9495-7bd90181c15e} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" socket3⤵PID:4384
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2984 -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2980 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2b6bb82-fafa-4a5d-afd2-97d96669e2c5} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" tab3⤵PID:4172
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4080 -childID 2 -isForBrowser -prefsHandle 4072 -prefMapHandle 4068 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdba8bf7-d3f5-41f6-bd26-1b63fbc80285} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" tab3⤵PID:2952
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4948 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4940 -prefMapHandle 4936 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f951c9e5-13a0-4612-b036-d65a6e4c4c8c} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" utility3⤵
- Checks processor information in registry
PID:1852
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 3 -isForBrowser -prefsHandle 5300 -prefMapHandle 5348 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05525d01-ea29-43f2-a7d2-ef9e688847a9} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" tab3⤵PID:5012
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9506fb4-0413-46fa-9a13-ed4d302abc4d} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" tab3⤵PID:1044
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 5 -isForBrowser -prefsHandle 5688 -prefMapHandle 5692 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {377ceb9e-18b9-4d8f-8150-6ab5a728cbd5} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" tab3⤵PID:1972
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6168 -childID 6 -isForBrowser -prefsHandle 6152 -prefMapHandle 6148 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {108f47ac-5818-4235-ac70-aec94bf7b51b} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" tab3⤵PID:2688
-
-
C:\Users\Admin\Downloads\Wave-Setup.exe"C:\Users\Admin\Downloads\Wave-Setup.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5076 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Wave.exe" /FO csv | "C:\Windows\system32\find.exe" "Wave.exe"4⤵
- System Location Discovery: System Language Discovery
PID:3712 -
C:\Windows\SysWOW64\tasklist.exetasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Wave.exe" /FO csv5⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2972
-
-
C:\Windows\SysWOW64\find.exe"C:\Windows\system32\find.exe" "Wave.exe"5⤵
- System Location Discovery: System Language Discovery
PID:1420
-
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4704 -childID 7 -isForBrowser -prefsHandle 6660 -prefMapHandle 3876 -prefsLen 28140 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32dc2a8e-d1df-437c-b724-73687201bed7} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" tab3⤵PID:6840
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4564 -childID 8 -isForBrowser -prefsHandle 6972 -prefMapHandle 7028 -prefsLen 34715 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23340f5a-12dc-4adb-a787-61ecc6bc73de} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" tab3⤵PID:7164
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7424 -childID 9 -isForBrowser -prefsHandle 7340 -prefMapHandle 7160 -prefsLen 28140 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d901d007-ea59-40ef-a54d-d0d7607ce662} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" tab3⤵PID:4584
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2840 -parentBuildID 20240401114208 -prefsHandle 7684 -prefMapHandle 1440 -prefsLen 34765 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5e83d80-a030-46fe-9df9-e461990ae047} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" rdd3⤵PID:2212
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7732 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 3940 -prefMapHandle 7724 -prefsLen 34765 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2eda1f9-a363-4667-a7ad-061ad7e7a67a} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" utility3⤵
- Checks processor information in registry
PID:856
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8708 -childID 10 -isForBrowser -prefsHandle 8340 -prefMapHandle 8704 -prefsLen 28190 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9617f6e4-92cb-42d2-ab6b-4896fe8e30c7} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" tab3⤵PID:3492
-
-
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:6752 -
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exeMicrosoftEdgeWebview2Setup.exe /silent /install4⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:5688 -
C:\Program Files (x86)\Microsoft\Temp\EUBCD9.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUBCD9.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"5⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1136 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc6⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4800
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver6⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:6940 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5948
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4976
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:7136
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkM5MkVGM0MtNUNDMi00MEEzLUE3RDMtNDAyMzEyMjExMEVBfSIgdXNlcmlkPSJ7NEIyREM2N0EtNDY4OS00MTRGLTlGMkItMzg5QUNBNjgzQzJBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDRTFGQ0FCRi05QkVELTQxODEtOUEyRi0wNzY2NjQzODZGREF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQ3LjM3IiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjgzNTQ2NjA4MSIgaW5zdGFsbF90aW1lX21zPSIzOTIiLz48L2FwcD48L3JlcXVlc3Q-6⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:6688
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{2C92EF3C-5CC2-40A3-A7D3-4023122110EA}" /silent6⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5368
-
-
-
-
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 67524⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:1832
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6828 -childID 11 -isForBrowser -prefsHandle 5176 -prefMapHandle 4976 -prefsLen 28190 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db352c10-b962-47db-a3e1-1a7a8212e4a3} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" tab3⤵PID:9204
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9140 -childID 12 -isForBrowser -prefsHandle 6852 -prefMapHandle 6868 -prefsLen 28190 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50bd5f53-6bc0-45f6-9047-45c52ff8fb3e} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" tab3⤵PID:9184
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4580 -childID 13 -isForBrowser -prefsHandle 9140 -prefMapHandle 5176 -prefsLen 28190 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5827b06b-7316-4ef3-8ebf-311d445b8a0d} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" tab3⤵PID:7436
-
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:6044 -
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,17440359585442675826,18394664300494631768,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1844 /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3284
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --field-trial-handle=2044,i,17440359585442675826,18394664300494631768,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:32⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1688
-
-
C:\Windows\system32\fsutil.exefsutil dirty query C:2⤵PID:1936
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --app-path="C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2824,i,17440359585442675826,18394664300494631768,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2820 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5592
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exeC:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe lsp --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\globalTypes.d.luau --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave.d.luau --docs=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\en-us.json2⤵
- Executes dropped EXE
PID:6576
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session"2⤵PID:6740
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session3⤵
- Checks for any installed AV software in registry
PID:6780
-
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exeC:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe2⤵
- Checks computer location settings
- Executes dropped EXE
PID:6016
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4256,i,17440359585442675826,18394664300494631768,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:7108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/QD6Wy6b2q32⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:444 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x144,0x148,0x40,0x14c,0x7ffd64af46f8,0x7ffd64af4708,0x7ffd64af47183⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,3077465522180008365,244969827804033676,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:23⤵PID:6356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,3077465522180008365,244969827804033676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,3077465522180008365,244969827804033676,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:83⤵PID:6376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3077465522180008365,244969827804033676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:13⤵PID:7136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3077465522180008365,244969827804033676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:13⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,3077465522180008365,244969827804033676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:13⤵PID:5244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,3077465522180008365,244969827804033676,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4572 /prefetch:83⤵PID:5604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,3077465522180008365,244969827804033676,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3172 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:3804
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2860 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkM5MkVGM0MtNUNDMi00MEEzLUE3RDMtNDAyMzEyMjExMEVBfSIgdXNlcmlkPSJ7NEIyREM2N0EtNDY4OS00MTRGLTlGMkItMzg5QUNBNjgzQzJBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDRTkyNEJBNC0xRTlCLTRGMDgtODMzQS1CN0U4OTgzMkFFMTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjgzODY2NTg5MCIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:6340
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3339F0DA-FFD9-44D8-885D-A43854FC8B7F}\MicrosoftEdge_X64_131.0.2903.112.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3339F0DA-FFD9-44D8-885D-A43854FC8B7F}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:5604 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3339F0DA-FFD9-44D8-885D-A43854FC8B7F}\EDGEMITMP_D5D42.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3339F0DA-FFD9-44D8-885D-A43854FC8B7F}\EDGEMITMP_D5D42.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3339F0DA-FFD9-44D8-885D-A43854FC8B7F}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
PID:5148 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3339F0DA-FFD9-44D8-885D-A43854FC8B7F}\EDGEMITMP_D5D42.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3339F0DA-FFD9-44D8-885D-A43854FC8B7F}\EDGEMITMP_D5D42.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3339F0DA-FFD9-44D8-885D-A43854FC8B7F}\EDGEMITMP_D5D42.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff6d96b2918,0x7ff6d96b2924,0x7ff6d96b29304⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:5492
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkM5MkVGM0MtNUNDMi00MEEzLUE3RDMtNDAyMzEyMjExMEVBfSIgdXNlcmlkPSJ7NEIyREM2N0EtNDY4OS00MTRGLTlGMkItMzg5QUNBNjgzQzJBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFNDlFMEUzRC05Q0Y4LTQzNDYtQUU3Ni04NkI1QzY4QjhDRDR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMS4wLjI5MDMuMTEyIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2ODUyOTI2MDUxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjg1Mjk1NTk0NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcwOTMxNDE3MjYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzdkOWNkOTNjLTFkNWUtNDQ5Yi05YWQ3LWYxZThkNmI5MDUwOT9QMT0xNzM1NjM1MTY4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUZjUjRmcXFCTVVWTXNkajBuSjc3Y1pVS003MEVjTUhkQ210VFV1VUFjZzNPNUklMmZNM21CaHN0WnkyVU1iWmtxWHZFbzdCV2ZmU3ZaSU1nSkJoTzlDcFElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzY4NzA5NzYiIHRvdGFsPSIxNzY4NzA5NzYiIGRvd25sb2FkX3RpbWVfbXM9IjE2NTQxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzA5MzI4MTU4MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcxMDg2MDE4MjEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3MTk3ODE2MDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3MjMiIGRvd25sb2FkX3RpbWVfbXM9IjI0MDI3IiBkb3dubG9hZGVkPSIxNzY4NzA5NzYiIHRvdGFsPSIxNzY4NzA5NzYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYxMTE1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:6260
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5948
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1948
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:6848 -
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,11359221838203678252,15443258846540900753,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1796 /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3900
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --field-trial-handle=1952,i,11359221838203678252,15443258846540900753,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1844 /prefetch:32⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5192
-
-
C:\Windows\system32\fsutil.exefsutil dirty query C:2⤵PID:344
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --app-path="C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2972,i,11359221838203678252,15443258846540900753,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2968 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5788
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exeC:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe lsp --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\globalTypes.d.luau --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave.d.luau --docs=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\en-us.json2⤵
- Executes dropped EXE
PID:5876
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session"2⤵PID:6148
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session3⤵
- Checks for any installed AV software in registry
PID:2152
-
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exeC:\Users\Admin\AppData\Local\Programs\Wave\bin\Bloxstrap.exe2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:2388 -
C:\Users\Admin\AppData\Local\Bloxstrap\Roblox\Player\RobloxPlayerBeta.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Roblox\Player\RobloxPlayerBeta.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:8468
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\KasperskyLab" /f"2⤵PID:6020
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD "HKCU\Software\KasperskyLab" /f3⤵
- Checks for any installed AV software in registry
PID:6328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\KasperskyLab" /v Session /t REG_SZ /d "Bearer 9baffde4-37d5-4f1e-bf5d-6179b2d04cd2" /f"2⤵PID:6400
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD "HKCU\Software\KasperskyLab" /v Session /t REG_SZ /d "Bearer 9baffde4-37d5-4f1e-bf5d-6179b2d04cd2" /f3⤵
- Checks for any installed AV software in registry
PID:6116
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\KasperskyLab" /f"2⤵PID:6252
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD "HKCU\Software\KasperskyLab" /f3⤵
- Checks for any installed AV software in registry
PID:2584
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\KasperskyLab" /v Session /t REG_SZ /d "Bearer 55718aae-0c46-404a-abe2-bbeeb1c259fd" /f"2⤵PID:2500
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD "HKCU\Software\KasperskyLab" /v Session /t REG_SZ /d "Bearer 55718aae-0c46-404a-abe2-bbeeb1c259fd" /f3⤵
- Checks for any installed AV software in registry
PID:2592
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/QD6Wy6b2q32⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:10016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd64af46f8,0x7ffd64af4708,0x7ffd64af47183⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:10060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9231170058790868464,2645525274907209059,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:23⤵PID:8820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9231170058790868464,2645525274907209059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:9628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9231170058790868464,2645525274907209059,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:83⤵PID:8724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9231170058790868464,2645525274907209059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:13⤵PID:7600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9231170058790868464,2645525274907209059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:13⤵PID:10232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9231170058790868464,2645525274907209059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:13⤵PID:1188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,9231170058790868464,2645525274907209059,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3624 /prefetch:83⤵PID:7768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,9231170058790868464,2645525274907209059,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4056 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:7752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9231170058790868464,2645525274907209059,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4124 /prefetch:23⤵PID:9620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9231170058790868464,2645525274907209059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:13⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9231170058790868464,2645525274907209059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:13⤵PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9231170058790868464,2645525274907209059,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2572 /prefetch:23⤵PID:8528
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2776
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8160
-
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:7528
-
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:5048 -
C:\Users\Admin\AppData\Local\Bloxstrap\Roblox\Player\RobloxPlayerBeta.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Roblox\Player\RobloxPlayerBeta.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:1716
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:10980 -
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /12⤵
- Checks SCSI registry key(s)
PID:10464 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
PID:4976
-
-
-
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:7232
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5068
-
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of UnmapMainImage
PID:8020
-
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
PID:8092 -
C:\Users\Admin\AppData\Local\Bloxstrap\Roblox\Player\RobloxPlayerBeta.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Roblox\Player\RobloxPlayerBeta.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:9412
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:5780
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:984
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
PID:6400
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:5776
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5528
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:416
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:10696 -
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:11164 -
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,9158809987012676850,7351565899882073587,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1796 /prefetch:23⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7984
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --field-trial-handle=1996,i,9158809987012676850,7351565899882073587,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1992 /prefetch:33⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7968
-
-
C:\Windows\system32\fsutil.exefsutil dirty query C:3⤵PID:7896
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --app-path="C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2820,i,9158809987012676850,7351565899882073587,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2816 /prefetch:13⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/QD6Wy6b2q33⤵PID:9268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffd64af46f8,0x7ffd64af4708,0x7ffd64af47184⤵PID:8796
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session"3⤵PID:9500
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session4⤵
- Checks for any installed AV software in registry
PID:9340
-
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exeC:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe lsp --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\globalTypes.d.luau --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave.d.luau --docs=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\en-us.json3⤵
- Executes dropped EXE
PID:3384
-
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:4100 -
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,6076237127286601849,16208105165195413736,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1956 /prefetch:23⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5436
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --field-trial-handle=2308,i,6076237127286601849,16208105165195413736,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:33⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3972
-
-
C:\Windows\system32\fsutil.exefsutil dirty query C:3⤵PID:10916
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --app-path="C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2888,i,6076237127286601849,16208105165195413736,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2884 /prefetch:13⤵
- Checks computer location settings
- Executes dropped EXE
PID:8712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/QD6Wy6b2q33⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:8868 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd64af46f8,0x7ffd64af4708,0x7ffd64af47184⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,4896839160660545931,14307354824713172140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:24⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,4896839160660545931,14307354824713172140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:34⤵PID:6016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,4896839160660545931,14307354824713172140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:84⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4896839160660545931,14307354824713172140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:14⤵PID:5796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4896839160660545931,14307354824713172140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:14⤵PID:7432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4896839160660545931,14307354824713172140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:14⤵PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2220,4896839160660545931,14307354824713172140,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5360 /prefetch:84⤵PID:2500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2220,4896839160660545931,14307354824713172140,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 /prefetch:84⤵PID:9076
-
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exeC:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe lsp --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\globalTypes.d.luau --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave.d.luau --docs=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\en-us.json3⤵
- Executes dropped EXE
PID:7608
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session"3⤵PID:9312
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session4⤵
- Checks for any installed AV software in registry
PID:6272
-
-
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:10864
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:4128
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5992
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\6ad5dcadc9e4489fb5fc79f744f96b21 /t 10024 /p 100161⤵PID:8348
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
PID:3948
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:736
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
PID:6420
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5844
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:10148
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:10328
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:6084
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:6392
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
PID:9028
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:2836
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:228
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:8840
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
PID:2424
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:8028
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6816
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:9372
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
PID:1840
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:2492
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:6704
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:10636 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F091F3B-4878-4F35-99F8-2B35D174F691}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{3F091F3B-4878-4F35-99F8-2B35D174F691}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe" /update /sessionid "{B0E30678-2BF8-4BA0-945B-C3D02D59B8A3}"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:8552 -
C:\Program Files (x86)\Microsoft\Temp\EU4C6E.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU4C6E.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{B0E30678-2BF8-4BA0-945B-C3D02D59B8A3}"3⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
PID:10624 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:11188
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:8080 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Executes dropped EXE
- Modifies registry class
PID:7620
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Modifies registry class
PID:5316
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Modifies registry class
PID:10260
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjBFMzA2NzgtMkJGOC00QkEwLTk0NUItQzNEMDJENTlCOEEzfSIgdXNlcmlkPSJ7NEIyREM2N0EtNDY4OS00MTRGLTlGMkItMzg5QUNBNjgzQzJBfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QzVFQjU3MkEtQjU2My00NUEzLTg4MzYtQTNBMDlDRTc1MENDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS40MyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTczNTAzMDM2NSI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA0ODU0MjI3NjQiLz48L2FwcD48L3JlcXVlc3Q-4⤵
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:7492
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjBFMzA2NzgtMkJGOC00QkEwLTk0NUItQzNEMDJENTlCOEEzfSIgdXNlcmlkPSJ7NEIyREM2N0EtNDY4OS00MTRGLTlGMkItMzg5QUNBNjgzQzJBfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InswNDg4QjkyRi1ERTg2LTQ2MEMtQkVBNS1BNzM0ODRDMEY5MkZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjQzIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAwOTYyMDQzNzIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAwOTYyOTQzNzIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDY1ODIzMTE4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMjA3ZTgwMzUtOTliZS00NWQyLWIyYWEtMTg1ZjY3MDljNDAzP1AxPTE3MzU2MzU0OTImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9QjZyQlluJTJiS1h4VSUyYm5IWkRRaDBBcCUyYmRUS1JvMDZxc0xrQ2dxS0d4M3h5JTJiOWJkbU0zc2FZUzA5ZTJiM0VwbHlSSURFdVRSbk5pd0N2MURWQ0ZxVVhZdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDY1ODQzMTc2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8yMDdlODAzNS05OWJlLTQ1ZDItYjJhYS0xODVmNjcwOWM0MDM_UDE9MTczNTYzNTQ5MiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1CNnJCWW4lMmJLWHhVJTJibkhaRFFoMEFwJTJiZFRLUm8wNnFzTGtDZ3FLR3gzeHklMmI5YmRtTTNzYVlTMDllMmIzRXBseVJJREV1VFJuTml3Q3YxRFZDRnFVWFl3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTY1NDM0NCIgdG90YWw9IjE2NTQzNDQiIGRvd25sb2FkX3RpbWVfbXM9IjMyMzI4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDY1ODYzMzQzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDcxMDUzNTcwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iMTMiIHJkPSI2NTU0IiBwaW5nX2ZyZXNobmVzcz0iezIwRkREQTQzLUJDNDMtNENFMC04RjZBLTBDMzg4QTUyMzMzQX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzk1MDQyNjY1MzY5NDMwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iMTMiIHI9IjEzIiBhZD0iNjU1NCIgcmQ9IjY1NTQiIHBpbmdfZnJlc2huZXNzPSJ7RTE3NDAzNjgtNjZFMS00OUZELThGOTAtNUQ4NzVENzE3NDdBfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzEuMC4yOTAzLjExMiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2NTY2Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7QzA2NDVFNjUtMUY2OC00QTVBLUIxMEQtOThEOUVFN0VCNDQ2fSIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:10568
-
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:4568
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
PID:10148
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:10344
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:10372
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:6328
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
PID:10340
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:8680
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5940
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:10912
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
PID:9120
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:8088
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5916
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:10152
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
PID:5624
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:10580
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:10656
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:8564
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
PID:8324
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:7596
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:3720
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵PID:10212
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
PID:9212 -
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
PID:8368 -
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,17306484399952142378,10909221577843918643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1772 /prefetch:23⤵
- Executes dropped EXE
PID:8268
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --field-trial-handle=1936,i,17306484399952142378,10909221577843918643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1932 /prefetch:33⤵
- Executes dropped EXE
PID:9500
-
-
C:\Windows\system32\fsutil.exefsutil dirty query C:3⤵PID:8604
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe"C:\Users\Admin\AppData\Local\Programs\Wave\Wave.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Wave" --standard-schemes=app --secure-schemes=app --app-path="C:\Users\Admin\AppData\Local\Programs\Wave\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2832,i,17306484399952142378,10909221577843918643,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2824 /prefetch:13⤵
- Checks computer location settings
- Executes dropped EXE
PID:3996
-
-
C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exeC:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave-luau.exe lsp --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\globalTypes.d.luau --definitions=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\wave.d.luau --docs=C:\Users\Admin\AppData\Local\Programs\Wave\resources\node_modules\language-server\en-us.json3⤵
- Executes dropped EXE
PID:8220
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session"3⤵PID:8228
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session4⤵
- Checks for any installed AV software in registry
PID:7396
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/QD6Wy6b2q33⤵PID:8500
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd64af46f8,0x7ffd64af4708,0x7ffd64af47184⤵PID:7032
-
-
-
-
C:\Windows\System32\fontview.exe"C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\ConvertToBackup.fon2⤵PID:8576
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:6468
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
PID:9664
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵PID:8840
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
PID:11252 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵PID:5224
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"3⤵
- Checks processor information in registry
PID:6908
-
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:10024
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies registry class
PID:5052
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵PID:8724
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
PID:3524 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:7696 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- System Location Discovery: System Language Discovery
PID:8676 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D3F58D26887C2E83975F576E1B393884 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D3F58D26887C2E83975F576E1B393884 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
PID:8256
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2F928AFDE81D01F247A10708A1F86651 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:3880
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=91510348A31CDB115149764EB9AE3AF6 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:3204
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C9123D3AE44659F136A8A94FB928311B --mojo-platform-channel-handle=1984 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:8924
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=689FA64351770BD6B3B5D3ADDFF3F24F --mojo-platform-channel-handle=2000 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:6680
-
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\SendRemove.xlsx"2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
PID:7572
-
-
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\RobloxPlayerBeta.exe"2⤵
- Suspicious use of UnmapMainImage
PID:9212
-
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Users\Admin\Desktop\RegisterEnable.pps" /ou ""2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
PID:10020
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:4116
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵PID:10428
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"3⤵
- Checks processor information in registry
PID:8152
-
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:9968
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
PID:8548
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5184
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:6636
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:9904
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵PID:4992
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
PID:6944
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:9608
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
PID:8652
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵PID:8752
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
PID:6076
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:9724
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:404
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵PID:8376
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
PID:10264
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:6868
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
PID:3872
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca1⤵PID:8584
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
PID:7848 -
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /42⤵
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:8684
-
-
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"2⤵
- Checks computer location settings
PID:2696
-
-
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"2⤵
- Checks computer location settings
PID:6380
-
-
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"2⤵
- Checks computer location settings
PID:3044
-
-
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"2⤵
- Checks computer location settings
PID:3332
-
-
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"2⤵
- Checks computer location settings
PID:6700
-
-
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"2⤵
- Checks computer location settings
PID:6656
-
-
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"2⤵
- Checks computer location settings
PID:6200
-
-
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"2⤵
- Checks computer location settings
PID:3344
-
-
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"2⤵
- Checks computer location settings
PID:5976
-
-
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"2⤵
- Checks computer location settings
PID:8528
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -nohome2⤵
- Modifies Internet Explorer settings
PID:7592 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7592 CREDAT:17410 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
PID:3648
-
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:10624
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
PID:9692
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵PID:4108
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:7228
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc1⤵PID:4956
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:10300
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- System Location Discovery: System Language Discovery
PID:10980
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:10548 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REVDQkNERDMtREM2Mi00OUZDLThERjktNzZBMUNEQTVDNDhDfSIgdXNlcmlkPSJ7NEIyREM2N0EtNDY4OS00MTRGLTlGMkItMzg5QUNBNjgzQzJBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RjU2QjgyNjQtNDIyRi00MDZBLUI3NTEtOTc5QkE0Q0E3RTg3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDsxaWYxVE9RM3FYeXZkL2YwS2F0MG9TNGRoakRFakYwUnZ0eGozbzJQK280PSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTIiIGluc3RhbGxkYXRldGltZT0iMTczMzkzMDE3NiIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzc4NDAyNzcxODUxMDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzOTkzMDM2MTUzIi8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2564
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\MicrosoftEdge_X64_131.0.2903.112.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable2⤵PID:988
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\EDGEMITMP_DAFAD.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\EDGEMITMP_DAFAD.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\MicrosoftEdge_X64_131.0.2903.112.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable3⤵
- Boot or Logon Autostart Execution: Active Setup
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
PID:1192 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\EDGEMITMP_DAFAD.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\EDGEMITMP_DAFAD.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\EDGEMITMP_DAFAD.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff72b362918,0x7ff72b362924,0x7ff72b3629304⤵
- Drops file in Windows directory
PID:9796
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\EDGEMITMP_DAFAD.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\EDGEMITMP_DAFAD.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=14⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:7412 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\EDGEMITMP_DAFAD.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\EDGEMITMP_DAFAD.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\EDGEMITMP_DAFAD.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff72b362918,0x7ff72b362924,0x7ff72b3629305⤵
- Drops file in Windows directory
PID:7052
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level4⤵
- Drops file in Windows directory
PID:7852 -
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6bca02918,0x7ff6bca02924,0x7ff6bca029305⤵
- Drops file in Windows directory
PID:8848
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level4⤵
- Drops file in Windows directory
PID:5944 -
C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6bca02918,0x7ff6bca02924,0x7ff6bca029305⤵
- Drops file in Windows directory
PID:4976
-
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REVDQkNERDMtREM2Mi00OUZDLThERjktNzZBMUNEQTVDNDhDfSIgdXNlcmlkPSJ7NEIyREM2N0EtNDY4OS00MTRGLTlGMkItMzg5QUNBNjgzQzJBfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0MDY5Q0NENy1EOTMwLTRDNzgtQkNFOS00RDlCODQwMTdDRTF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xOTUuNDMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iSXNPbkludGVydmFsQ29tbWFuZHNBbGxvd2VkPSU1QiUyMi10YXJnZXRfZGV2JTIwLW1pbl9icm93c2VyX3ZlcnNpb25fY2FuYXJ5X2RldiUyMDEzMy4wLjI5NzAuMCUyMiU1RCIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC4yOCI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjU2NyIgcGluZ19mcmVzaG5lc3M9IntCOTI0RTRERS1DMjA0LTRDMjEtQjJGOC1GQkQ4MjNGRjEyNTl9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTMxLjAuMjkwMy4xMTIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzc5NTA0MzE2NjkwMjg2MCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQwMDc0MzQwMzMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQwMDc0MzQwMzMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQwMzU3ODYzMTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQwNDk0OTU5NjUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0NjAwMjcxNTYyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iOTEyIiBkb3dubG9hZGVkPSIxNzY4NzA5NzYiIHRvdGFsPSIxNzY4NzA5NzYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjU1MDc3Ii8-PHBpbmcgYWN0aXZlPSIwIiByZD0iNjU2NyIgcGluZ19mcmVzaG5lc3M9IntCMDI4NjY4OC0zNDdBLTQ3MzgtQjhCOC05MThFNDFBRTgyMkN9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMS4wLjI5MDMuMTEyIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY1NjYiIGNvaG9ydD0icnJmQDAuMTYiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY1NjciIHBpbmdfZnJlc2huZXNzPSJ7RkM4N0RBQzAtREM5Ri00RUExLTk5MUItQzE4ODFGREE1RjUxfSIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:9656
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
4Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
2Process Discovery
1Query Registry
8Software Discovery
1Security Software Discovery
1System Information Discovery
9System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.43\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe
Filesize1.6MB
MD583f7907f5d4dc316bd1f0f659bb73d52
SHA16fc1ac577f127d231b2a6bf5630e852be5192cf2
SHA256dac76ce6445baeae894875c114c76f95507539cb32a581f152b6f4ed4ff43819
SHA512a57059ef5d66d3c5260c725cae02012cf763268bd060fa6bc3064aedff9275d5d1628ff8138261f474136ab11724e9f951a5fdd3759f91476336903eb3b53224
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\EDGEMITMP_DAFAD.tmp\SETUP.EX_
Filesize2.6MB
MD52ddec22bd2a90587544f7b60d07a87ab
SHA1e98d492b63b876009298c7e90e2460d8ee59c4bf
SHA25671f93ac62911d1e1671cf7f15e0851d4c9b98e4783ec9b0fa0ed5ee12a4d483b
SHA512a11a37c73d54e818fc38b263123351b4418ee3674e1398cab11b79e4d7b895b411dfa02dd26f22a8781786e7e0d6ef44a0f6ba099a2ee3dc9dc224a5d968e678
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E11AE9E1-5F00-4BD8-AAA3-BF5F9606361E}\EDGEMITMP_DAFAD.tmp\setup.exe
Filesize6.6MB
MD5f0dc48bc6e1b1a2b0b15c769d4c01835
SHA166c1ba4912ae18b18e2ae33830a6ba0939bb9ef1
SHA2567ada85f31a3b501eaecd2aa37b8df1f74b470b355279b5db2d1fbc0bb7de4889
SHA512d2ceeaf987446f7463e84a6286dc1c8f50a80466af641f77d174826189ff5a56b048e616ad8d97ddb12a2f68e182af80309be717367224605c06dcf74a84cc0f
-
Filesize
12KB
MD5369bbc37cff290adb8963dc5e518b9b8
SHA1de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA2563d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA5124f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1
-
Filesize
179KB
MD57a160c6016922713345454265807f08d
SHA1e36ee184edd449252eb2dfd3016d5b0d2edad3c6
SHA25635a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9
SHA512c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e
-
Filesize
201KB
MD54dc57ab56e37cd05e81f0d8aaafc5179
SHA1494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA25687c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b
-
Filesize
212KB
MD560dba9b06b56e58f5aea1a4149c743d2
SHA1a7e456acf64dd99ca30259cf45b88cf2515a69b3
SHA2564d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112
SHA512e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7
-
Filesize
257KB
MD5c044dcfa4d518df8fc9d4a161d49cece
SHA191bd4e933b22c010454fd6d3e3b042ab6e8b2149
SHA2569f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2
SHA512f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c
-
Filesize
4KB
MD56dd5bf0743f2366a0bdd37e302783bcd
SHA1e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA25691d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e
-
Filesize
2.0MB
MD5965b3af7886e7bf6584488658c050ca2
SHA172daabdde7cd500c483d0eeecb1bd19708f8e4a5
SHA256d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19
SHA5121c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4
-
Filesize
28KB
MD5567aec2d42d02675eb515bbd852be7db
SHA166079ae8ac619ff34e3ddb5fb0823b1790ba7b37
SHA256a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c
SHA5123a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3
-
Filesize
24KB
MD5f6c1324070b6c4e2a8f8921652bfbdfa
SHA1988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf
SHA256986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717
SHA51263092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100
-
Filesize
26KB
MD5570efe7aa117a1f98c7a682f8112cb6d
SHA1536e7c49e24e9aa068a021a8f258e3e4e69fa64f
SHA256e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01
SHA5125e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8
-
Filesize
28KB
MD5a8d3210e34bf6f63a35590245c16bc1b
SHA1f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693
SHA2563b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766
SHA5126e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a
-
Filesize
29KB
MD57937c407ebe21170daf0975779f1aa49
SHA14c2a40e76209abd2492dfaaf65ef24de72291346
SHA2565ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9
SHA5128670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7
-
Filesize
29KB
MD58375b1b756b2a74a12def575351e6bbd
SHA1802ec096425dc1cab723d4cf2fd1a868315d3727
SHA256a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105
SHA512aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19
-
Filesize
29KB
MD5a94cf5e8b1708a43393263a33e739edd
SHA11068868bdc271a52aaae6f749028ed3170b09cce
SHA2565b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c
SHA512920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7
-
Filesize
29KB
MD57dc58c4e27eaf84ae9984cff2cc16235
SHA13f53499ddc487658932a8c2bcf562ba32afd3bda
SHA256e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98
SHA512bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc
-
Filesize
28KB
MD5e338dccaa43962697db9f67e0265a3fc
SHA14c6c327efc12d21c4299df7b97bf2c45840e0d83
SHA25699b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04
SHA512e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9
-
Filesize
29KB
MD52929e8d496d95739f207b9f59b13f925
SHA17c1c574194d9e31ca91e2a21a5c671e5e95c734c
SHA2562726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df
SHA512ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957
-
Filesize
30KB
MD539551d8d284c108a17dc5f74a7084bb5
SHA16e43fc5cec4b4b0d44f3b45253c5e0b032e8e884
SHA2568dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07
SHA5126fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2
-
Filesize
28KB
MD516c84ad1222284f40968a851f541d6bb
SHA1bc26d50e15ccaed6a5fbe801943117269b3b8e6b
SHA256e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b
SHA512d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e
-
Filesize
28KB
MD534d991980016595b803d212dc356d765
SHA1e3a35df6488c3463c2a7adf89029e1dd8308f816
SHA256252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e
SHA5128a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed
-
Filesize
28KB
MD5d34380d302b16eab40d5b63cfb4ed0fe
SHA11d3047119e353a55dc215666f2b7b69f0ede775b
SHA256fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f
SHA51245ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538
-
Filesize
30KB
MD5aab01f0d7bdc51b190f27ce58701c1da
SHA11a21aabab0875651efd974100a81cda52c462997
SHA256061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c
SHA5125edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e
-
Filesize
30KB
MD5ac275b6e825c3bd87d96b52eac36c0f6
SHA129e537d81f5d997285b62cd2efea088c3284d18f
SHA256223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0
SHA512bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679
-
Filesize
27KB
MD5d749e093f263244d276b6ffcf4ef4b42
SHA169f024c769632cdbb019943552bac5281d4cbe05
SHA256fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e
SHA51248d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9
-
Filesize
27KB
MD54a1e3cf488e998ef4d22ac25ccc520a5
SHA1dc568a6e3c9465474ef0d761581c733b3371b1cd
SHA2569afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011
SHA512ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245
-
Filesize
29KB
MD528fefc59008ef0325682a0611f8dba70
SHA1f528803c731c11d8d92c5660cb4125c26bb75265
SHA25655a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d
SHA5122ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed
-
Filesize
28KB
MD59db7f66f9dc417ebba021bc45af5d34b
SHA16815318b05019f521d65f6046cf340ad88e40971
SHA256e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819
SHA512943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952
-
Filesize
7.1MB
MD5dc0a0de94ad86e22785e385a4fbbfe2f
SHA18dcd6f06fba142018f9e5083d79eac31ed2353d7
SHA256a4e80eba29eec1e534950f605de2bba0a174e9eaf56c82fd6f4d221e93667f92
SHA51239582cda82f479e5e25fc2021878d071261b71efbb68f827599d4020de61698273a2cde3d1dc323d14205615a509687ad1e04f1e25626c0826c6f297f5a75dce
-
C:\Program Files (x86)\Roblox\Versions\version-b71c150c7c1f40de\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
Filesize1.5MB
MD5610b1b60dc8729bad759c92f82ee2804
SHA19992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA5120614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4
-
Filesize
82KB
MD5eebfbf0af7fb868cfeb7cc46903866b5
SHA1f964e89789f5bec89a6bd4652696a2764077e7e3
SHA25638c1c07e4dd9abf8bc64fd4f301a685e8cd9e3e86f8b0752bf38728b1aa1e99c
SHA512713a0dc7683c7e8c39cc09a1fa6ed1f6a5ff47d90b13d31590ddaeb35a4ffb6e783d4574bc3cee11376803463573c77b012f64ba7274db858d4373e09a3c90e3
-
Filesize
695KB
MD5195ffb7167db3219b217c4fd439eedd6
SHA11e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA51256eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
Filesize
133KB
MD5c6f770cbb24248537558c1f06f7ff855
SHA1fdc2aaae292c32a58ea4d9974a31ece26628fdd7
SHA256d1e4a542fa75f6a6fb636b5de6f7616e2827a79556d3d9a4afc3ecb47f0beb2b
SHA512cac56c58bd01341ec3ff102fe04fdb66625baad1d3dd7127907cd8453d2c6e2226ad41033e16ba20413a509fc7c826e4fdc0c0d553175eb6f164c2fc0906614a
-
Filesize
5.2MB
MD5aead90ab96e2853f59be27c4ec1e4853
SHA143cdedde26488d3209e17efff9a51e1f944eb35f
SHA25646cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed
SHA512f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
64KB
MD597045531ef9f2a86e55b5695e8a6cb31
SHA1315f2672e8f5fcf82994a58c1675a141baafc950
SHA256003456d5eeec7db16416890d037b3f6a295340bf19dbd12bc40889d7704f186e
SHA5121ca4e2536c05ca177e326a3cf86d38611085e18fdadfedef3e33d37772e24a81581138993424b0c4d7f0290fb5a3d9ae6d3e80900416869b2934c26f31bb7e5e
-
Filesize
12KB
MD59e44b60eed950faaceb17700c5aa1c93
SHA1ba1d596550357d5e580f0aff5021e766bbe38657
SHA256e4226596a36d23a376ecbb84ccf228815862b7215ebef46889d44bc632003cf7
SHA512304d297cb24184df62a2b3d9beab034102b0f20dacdd55fcf233189c5b6489ba0c55c1be459b9f415e94ea1d919950d329e2d8d40ef7afd636d24e7cec123f0b
-
Filesize
152B
MD5de0e1d3019517b3b005d7731bbb8a355
SHA1ddf1f15c241f72585595cd30de12c4c3ce4e2f97
SHA2564ceef5b8daa774c456edd70e46668746b8fa086bb9515ed5975e6737e40dc3f0
SHA51284f7a069fd6f0713fdb9d35f17839b8755671047be477e49102f5777e8ebeeaa6421d3816727dd37f1241f4653c063fb0823ae7bab1d3001635c5075c2ba464d
-
Filesize
152B
MD5913cd25b0de81960e841c81a7bee8b19
SHA12c4bf2a4de37c06bea3e39898c9a98ee611b5455
SHA256b01953744098bc035aee2a21976607df9352ca42abc3e01d769e2ceee1c9bd5f
SHA512e5a879cdd1f83d6b6ee13117924522c967e2413c29722b5507b632514e28a0defbbcc942e7176f819e05df7bef37ca5133ba5efeb67a91c34b3736eec05ac8af
-
Filesize
152B
MD5b89aeae4ed10ec2b92413876d423c35f
SHA1c4a27a58efa917e5414bcd9d326260c06b6d5449
SHA256b4daa283407ab319bde10597cb676c22ddfbbb4f562e9f69381721bb71e7eeeb
SHA51251343f48305371f2cf47330320c70324230973def377fd0e40b5975a426d629ebe41d34697b2862c015faed2a59c175113cbfeb3ecfa6aabd8722d428c9add3a
-
Filesize
152B
MD57563278860b713d53546892cb0ee67f0
SHA1858eee02608d34bf7af2538cdf2482ac29ed8b85
SHA256e60408c0fc6fa64dd59c088d3512412f0319faa791fcc1d526281a64c9ef19a6
SHA5121657ebfc5a4e5f4cb6c1764301e94b65d076ad5a73a701249a228ebffe326ae9de71d07e343593ddeecc4c81f987f930b0dbf42cae043af617afb3b2fe1811ef
-
Filesize
152B
MD555d8ecd12c45e2ea38822543e775a72b
SHA13ff011cf435aec0d01b0b06936541fdf83cda02e
SHA256b35a5bf1139696f857d50fe465e6fe4ef6166aad8b59e6ab16b8ae02840ba138
SHA5121931562d32155636b24959c7315292ecdad450257c2c6518cebc60b8c77f0dc3b4560f17a1e1767a45155dba8d5b1550e937c9ea2285c3d6d81695413049db58
-
Filesize
152B
MD5470ec38fe29a4bfe85823b7d2c4c1e8e
SHA158e4481fab1600da95936033c55906b4978414a3
SHA2568a3c16d58d312b83e7c0a32308d4925f7699821c008b43f5ca03c43544547f0b
SHA5121cc2e14cecaff177c0d68b8889fe9015f2f1b8df8881e2f31befba1b98a8f8d516ded7c98fee771edf9233d3e222cafb99071568b66caca46e331fc4a9e8d71f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize48B
MD54da654e164d4aef2634afb66b5448b97
SHA18789a050995c856e07088a2848ea7d1d09da7781
SHA25689082d5ef95328a0f1a3b7307ac579e5e335497afdcd66912af5e29aeed04e3a
SHA512da7cd1fcf04d94ee436659354d9e756a6cac74de42803adcf89aff7fda72023a9d32cb62334f26e468d8b39c5f336a58a2f0a32ac32c7cd8d39b6021a756ab61
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5c995e7ec725ecbe8656890b64e23e2be
SHA136703b6f8300a3a6ce769a1196b3d4aa8b1c270a
SHA25622a226cdad7094b70e476177fbfa5f687ab3d9bc0e2f738ff5655094beaa155a
SHA512aaa874766e683a7f93a41c4ce2faa0b9716b0db0d08832a65aebfcf91581b9912e5e570ee030dbf4bb08899cbb62c4c9b292f8003fdc7b04f82ec07be66592ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize648B
MD5fc97c38f44b286a9f2c37421d3ff0b8e
SHA10638ebffb7d6e75fe3aa316d52740b278a5f81b4
SHA256b8f9efe61ea36a4fa0b9bf1fbed8d2ff38369db1a1510d5401b3dbbab2de6a18
SHA5123a4d5c73e4485ca39ac4adffad9d24a2549f0ec4d252bcdefd3b2bf02418eed9aa1f804fc01de6cf7486d0d8f22bafd1381ba39353edfbfb8a2d9f321959d1be
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize624B
MD5efd9987cc77db0d0e4ad1e12b1759120
SHA199ae1e5af72b09ae21cf7e0e5f759d263550414f
SHA25655f4e4d56ac155788989af612473b616762c59b9b1ed279a27be7cb9b5dbf666
SHA5127b4e70d8cee904e98f6220a8b1449c650d5ea884989006fb7e1d140dae9b922e7aa7998594aafc6639c9321d3ae54f3341b549e70e6332b2f09634ee96546aa3
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
613B
MD575f6d2dced4858f64592624e7941515a
SHA1e3cfc6dd2ed43c2b860dc091a78bc1dd4ba2bfb1
SHA25672faeff0beb055f857b7524ee5a487d4f93c3bfc34d8967a4ccb163527a1e8d8
SHA5121badf4b0df527320b00a7fc73f1c713d3224755b0d82fbbdb53ac4284b84837f78421f1e04e3fff6d70f3f1401b5613954eb824f58b1c78e0c4bff64325fe9b1
-
Filesize
6KB
MD52bbef8c794fd390c60a24eb7f821f476
SHA188b6cc2495da2c43b36aa7c77962e4510c5196cb
SHA25617356584ea6da5425fdc2950775238025dc76952b6affcaaec89c2cdaa24ad4e
SHA512de0dabb01e2bb10eeaeeac58ad56e46792bd7c6257a327c054d0e5c424433a78e335031a6542b8123bafb5ba3958b55bf34ab07cf030bc7deb332309a0e5c094
-
Filesize
4KB
MD5b5c40c0c415122113a8951e5e3887b90
SHA127b92de50d46ab38c584295f8b8420adbf3cc8cd
SHA256e40044a89c88eaa9b52bfc8534b84382d299fdfe8d567916d000f50f70a018dc
SHA5124af73b77e7dc4d85c3823ebad198e52801d6669873150b21fb5e67bc494d9e4d00a85325ea6de57169861f49a407887059bd25a8668a2256020a460158697242
-
Filesize
6KB
MD550e3549086a59e0a4091f1b6ba97a31a
SHA1f350d6cf4a2e2311aef8446e97469388752b5c48
SHA25644f64076d88aedd033d5e38f9c87f592d08c108e55968476f01c922e8577212c
SHA5123dbc7f5030772b7a56ca60e33e64c77e9adcf0667cc72b2cf6e043abc173eb6e6340b63ec0c6fee42d2cf349083feb3b6cbf7871a35366f9c44e087ad43bf3a0
-
Filesize
6KB
MD5e2eac245f8cdbfa22e5556c498f351c0
SHA1d40c726edd3ce2272d669c2982040ba4712c673d
SHA256a49ad77994dab85eca6b48179282a264561e00d3344a618d94c8258c910cd69a
SHA5128514013d5feb535ce661f7f17b2dcf40bb12f6dcc46daeba8be7e789cc7371a9cf55a2c928996ea98e1b5ae18434cd1a8572da2595c51be14dac47f79eb69a39
-
Filesize
6KB
MD54bf22bab1f08a5b2755177d841d68604
SHA1b814be98e69f6709160e97b90aced3ba723e99a8
SHA2562350fbb819bf1ac8cef846942f3d1350f0252d6d3dc8b9193840de1b92d2011a
SHA5129e353dd8c1c0dc106083af85c195310b171bf7af804a8679fba5afb8d02013b7c350e51884c34d5d6da81ed02f9a8b4905e31871a41e4fae191cad167bb1558f
-
Filesize
6KB
MD5019519b8037ad5a006cb879fdd0b645f
SHA1f58faff6c17b0caacbea31977baea87f71e3ccb4
SHA256036edd6910ce9436e6228b9ce6558c97c9733f1c1b9f70a89eb40dbe83831ff3
SHA5120c73274b57d434a00ae1409c4a7d6f21a7dffd602d30cc3c07f0ef3a67394427f1262cb2dac82d1a82db9c06ad509bbf1adec37d9779aba298327454b1384d92
-
Filesize
6KB
MD5036c0a1e1f074c28e76486cf4e93496a
SHA12c96ba04050c7b99376cbe252b4720762e9e72e6
SHA25669a12c0a257bbb0aa832cb0cfab83088f43d11a4c69397ea4321ed4798e517c3
SHA512e6139ba6b077b8ed1b06cf04710b10fd396d4a986c5ccf901454e5ac3c496075471da883ece743f9424fa30f777e2eac52f97ad55c381750bbcf849ba7f34197
-
Filesize
24KB
MD5cc420cc45f686797b102b94f6bfda2ee
SHA12b0b5d4848cc346c341cbd51d5fc6ce8a08910e7
SHA25623f845e57c6718a65f93b97ac9c425d7abaad84f75e77e662c4df298305b9a19
SHA5122410ec9ef56e8ad547219c4ffde2d02ab4fe8ea668c51f6519e224805770375427a4db95eab5e5f062ebdf36323c5bf03d1633508776fa553da2e8c408846092
-
Filesize
24KB
MD50f4e257350e5b98bbb2c1940a9a7b76e
SHA1755a95e2e45e0af9db6af242e6027e8bca68c393
SHA256a1c58891de165e61a71474e5ce62a4d9052fe66ec30b151ae1f1bb9ab926a38b
SHA512b2e9f3d3c41e2988d0b0c43de8acef8a46e26c6a451f1de8281eec5936e1062de663bceb816406f91c5a30cd7dffb8d2aeb3efcd8c4e7e0c617d875b19b4c81a
-
Filesize
370B
MD5955e3774031ab7d7d662065c3345296a
SHA1bc881b3bca5751ed5b183e873fabd99b757b859e
SHA256031c693f2a9140865923e8fb5041157d9f4bec5e09b90de6e3975a37087c5aaf
SHA5124ca7df4f8db3a4246967d31958ca456c69a1847f2fb7a4433d032ae470e57751982d08e09ca04a5eeb4adc534a1a8fadb247b1f7427d06eabaab9a71601e5b6c
-
Filesize
370B
MD5cccf7f25c086ae7cbb7e9e1dca3c08db
SHA1fa0b006e57fdc5c403b4a0349dec1de27dea2971
SHA256ebee195edd9227039c36914697b4bd75e5d1632f4a6384e1394db66fc1b678ba
SHA512bc7f553a4a8b0d20ef6db6f3db943f331216a52672127265ea7152107c43108590e722ec275c9888013e4b5ab4708617c7cd8ca66a2d93e9cc309882fe03c3ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bf7ab932-727e-41b6-ae96-5a31b2766223.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
17KB
MD5fc97b88a7ce0b008366cd0260b0321dc
SHA14eae02aecb04fa15f0bb62036151fa016e64f7a9
SHA2566388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e
SHA512889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175
-
Filesize
8KB
MD5cd968685941fb432bd3074dbcffa5f56
SHA12ecf72dff334ecb54595af6996f5f674dc5f2c8e
SHA25666ec9eefd1dedac92ef454b3ea1185c8492dd4637aeaf65bcf12be29515cbdb2
SHA51215e561e2a274d2ab074b870d7e4637d265b80b4ab36c567f4a94bd5d894be1440c51ca9725ee28cddb4d977362d2008d9dcf617c4a576b514c070b396f119d64
-
Filesize
10KB
MD527ad6cc88401c0fdb14baf6fb12fa8e5
SHA1e7d5c1def9dd67267b5c39117881290dcce8d490
SHA25680e7780c5ba57c807e92ca1261fbc3bbc855b257682027ec60244c7591bfe190
SHA51289c9f678f751eaf5ed89c74a0174ff7184e8fb605430d02294167a776074c5202317e693b5902b0c17bdb2f54bf508f0adfd0fc845a5bf3a91f63201f2b641e3
-
Filesize
10KB
MD5a4da5eac3af3614648241e63a9b5d8be
SHA13982fb05a8b082216d5bba36be5c47e173959fbe
SHA256bfd7e896fe5e8d0f2a0e8d23bb2c3b8ee181d8321f7e786ee3d5984e61906178
SHA512e2c2fbcf56bd21751a21d256ad220fc06a8a2f05a36b8a6b4c7f5e8530668b85798aa3d4644469f4c8b2db8a8a7446f5914a9b697d547f43e2af9c6b11b870b7
-
Filesize
10KB
MD50472aca2df0f93d4c37f915101532619
SHA17df9d2aacbadc4585a2558e631635600050d415e
SHA25653167117f23e160914bee89a5a728546ffbcd3bf090bb505282e6bece0eb3aa0
SHA51240211371850780b8929aa61416514bc353f2c841e1d006521a1d1161b53e00dcbb9782d8de3473faa438eea4b962d968e7e851a2f4cb00aaeed29a013e72684f
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\activity-stream.discovery_stream.json
Filesize24KB
MD5fd977d9df3ffcc1e2380bb0f15173611
SHA10e576bb4430f964d49eef1b872d70aa9988018c2
SHA25695b941d7e67f0c62957a82c94d92593cd5df58d9b15ade64dd6c5a393d791a37
SHA5127b8ed594572b4f8b528f2af3ef2dfbe1ebf67ddda83c4ecc86ce2b586b87a291d297dbcdfb1845bbeecbe6ba4010f9e6652f1756bb99b79ff0dc96f1cb6c43a9
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\050DB43D78BBC79DCD9ADCBAE96500FE04597F1B
Filesize84KB
MD5f971e24db7474697ccc997d9c8697689
SHA13cfb7e81496c4f1e3b3595cc261eb9018618d479
SHA2562d7f480205a063293de387481b26e0898fddcaa3b003f6ab881a25fe45c09ff8
SHA5125f049b564243cd5007f699dd021aa27f814c1b3f36d26c0929f7b7910f3be831891ddade52f9969399758d1730e94610cd4374c2697a8b8beb496a4803467c1c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\05EB7F6F7BD0BA633716511CCCAD442933622565
Filesize65KB
MD59220f0c5791b81f71f65ca6620c604a7
SHA14aa68862ed823fb49935b110e1b9c7b6b799f712
SHA256602cc4e0ec82e8e95ee9d69674538c67bff73562d2172a9f0eec4cc8cad11980
SHA512548d1cdff674697dea1a791f929f2cbbc6c73ea011e37f308961e2d2602cadfdaccb35c15aaba4cce4c7322206a3640b6d852a2af177a718350da801702f2a0f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\07FA863FA14461482E37ACC5215560354870582A
Filesize89KB
MD5ae99f536c9c85ba7a79b83ebd29bf0d3
SHA1a76d5f6947f96ef7b8ec0e05fd45de32779fa4a5
SHA2568d77ad3f26ae408df5d21c7e50d3172089747eabcb7059cb9474f14fb7d6f5bd
SHA5126477ab1b3c0278d60e6f0a75023f4c7c0b502aed49791f34a637c6612bddf56ffcccdf93978c32847f549871fe7f014de84cf7d43689fc75b36964a47dff8261
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\0ECF01AEAD0348AFED57EFC7796B2819675514E3
Filesize14KB
MD50b6a1bbe77927f5a27361b4c082812c2
SHA1c2c5488fdc0ddfbc2a85653e5c2c4af9d6e37491
SHA25654250746e1598dadb980045d0986f10b76dcdaa112a7dc9739eb926f9a36d745
SHA512613e5cf666a46129cfa13065aa2cf37e046998bac7453ff03af841b9e8d0c781e7bdbcf8d19e9e40a090858a3a6f77e8b66e6f341f1bbc258a4ab20b2fc65671
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\13862C88BF5B40550F04B0F3032487F672AA4474
Filesize15KB
MD5da40851c23516855cd343603fa365f69
SHA1786577b42525d52e14d176bd9b3ad08f6914b1f7
SHA2564f3d63ad0c816b769b7146543f64c7673e90e361e35d6fa058af1afe702b9d91
SHA5126fe573a855dde6ecbf3d43ea785e873cf3b128cbef039aa54866abacf0ca2a1601a1751dd21a8e2c96b8cf13e67c579d26cdae9ab9559fc772189c0c0cbc66af
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\1AB33D663B69F4F748A08F27D06DE9DC07B327E9
Filesize53KB
MD50f6290dce13c0520e7c0ea19dd350190
SHA1c5a2ca7bcb168fdf867dbc4c6ac21fd6c0a790c3
SHA256074cc98bb9608caf9366f8e2902869b1ada5626cd30f7bed312736602b74de74
SHA512d25868eaa14f8f7ae484595a4c9a47e6d5c44155d7da7b4ed1d3fe35826a04d366bdc0e412bb8c71f4175147a85aace5f4cc05888e090eee6c17348e3d9af4bc
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\2D8B1A13BF4DE864309FD52B7BF93789A675C733
Filesize47KB
MD5339808761d8202e6900221faf9e6983a
SHA13d6ff1efc7c68c27e647c126d7c35f4086ec5a29
SHA2564bfeb5347cafad7351deae097f5af6a6bc9964373d3dd0aa95473fd68828e0db
SHA51238f9500bd37503163621a4091e4cc50bea2442a6688f0013a6df5db900c0e7d50c7fa4c03c55bfa4f38d686d62630992171d7d423fbf17832171ffc4112e4ef7
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\302A32E69CEED85C55AD308749CCDF1E10DC8844
Filesize23KB
MD59850c451054c81dc3616421dab0d8e58
SHA18a0c82cd911c9053af47e8219ff2c4d80022a1e2
SHA256ae559fd24d7dd60af956eb8e153f21432c0444c7124767ad45f4995e9257b1a9
SHA51238096d19dc38632c8894a759a6b94042da7d3e9e6b34ffb68556d1b5a46e48e04fccab0fe14d3814b29384e69b8bb9c874ac90ee518b261ad7d773c6e29ca1ce
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\30A7621428234DD9730607D150063D506F0252FC
Filesize24KB
MD5e469b384ba6075d664d06f1ee2ea9d82
SHA1970b77f99b96179bf8d6807fe2ba474b8dac2ef8
SHA256dfb6ab888cda375a534514ca01869f147ff2f907e1952418d907132599df8077
SHA512349a6f64ef22a04e86972e671b1a900d614d83cb030d7e9b7bd2467979ae4571053fb8995390c5fbf84ea838e27faee151dd3e673d13aeac6206405b1fa028ee
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\357EE03C3DE8F75A63C2014036B2431C1AC8CDB1
Filesize20KB
MD5b53efbb0caaf3bd154de3a82ee055b5e
SHA157f4e11f50aead3665fb00f26bfd3b65736e0831
SHA2568670668fa7697fb4d285ef225600aeaccb94121e0aec7477901b614389f59f43
SHA512911ac8ccf664a16c0c3b32668c7982e682e1a4de9ce0e1418b98dae5c15831143bd8c079cfd31f208f6e16bc44a4cbd3cb85768b6ea161797c2bc3da1ed3d580
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\36BCFA23A4D04A528CE70EF12214E3995E132134
Filesize415KB
MD5eece2a60c5b234bcc4e6db85168473b3
SHA14a0c6ce9b899c7c2f60ae79cdc36ead243cdadff
SHA25611e80bcc97b604f799022123d5bb8c22a47f62f7f387c573b280f309c997caea
SHA5124e8d98eb8758efba684930de16f447379babd731cac8704ca21b326058217d83694866e64bedbe42448dffe0a1977ee45301db8017529c2a9fb10236e77d23fb
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\37AAE6F2172EBB8F25AAB227C7FE49403DC4BEA7
Filesize16KB
MD57d7ef5f0298caa38df40c07a0521b639
SHA16a5092542ecbc75e1747f7c78ee38403e4aeb358
SHA256299b0d54c55a967d941c8645b92c2a2563c49f8b82765f97dbfd6b0276038eec
SHA512f13434443147a4ee1f0916dd006adbd2ea78ff46db9397265c9872f210fd721fad5dbee4446660e2144b0e9800b338068bd916d052234a1d1a86ecdc83355caa
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\3880E07D7216EA6B15D621AA35EA5FA1D0B4B5A0
Filesize17KB
MD5a7e569d03be37b3ad76c801d73563c6d
SHA1e17e073ae908f7f5bf2d09f3048826a549e64c16
SHA256fa7494accb38975ab7e64c7b0306f551d167e190706ce00834f713c3a099f84f
SHA512af9774c91214e46b0e41e81bf7329208f4f95edbf183ced8a6370a643fb24c9864b6bb1a67be5176e05f939d001bbab4d14c8a7d9bc3bae427a102f3f2ba1784
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\3955CD93FFC8BA5F29E3D5DA6400592EB90053B7
Filesize86KB
MD5820fc095163f57ce4502ca2d9c10c582
SHA1b3cc06092de7dd9feb82602669f4331f03d72363
SHA25637189715b946d62f71c21da0c57d88a8139425a96c9031c3d6fdcf99255d056a
SHA512a5af01faea080b9dda017336465063b9b3c5bf66aec08c6b10b46385e8b64ebd24b5b85a0ba4a85b4817a69bc5077ae61cba9f8d0fa788b7fcf1e938f9c49f2b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\39EB933FDFE5C8A38735BD7C1EC6BA665B645063
Filesize37KB
MD5b8b9713da86d715a803422f5fd991ba4
SHA113904784e807ee326e5ca02c84f32a96616f3d17
SHA2563bf10099e9d0696fe074e72035091b540b02d7a3e79dbc1359aa97d9da34a20e
SHA512c044368c6b12b7c8120c217c37c0847fce954a7b802652d9a89c174f81a4083d1a5c459c56902c2a496c3aa7a81b090dc0a07d7be8adc5ade18e2f10a8471f13
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\3B9C0557257282CD5F41471F9C2DA8856005FB8A
Filesize78KB
MD5b37d60a82d14ebc886e3c77d00812caf
SHA17515c3c81b2539d7cbae506b5f19b2ade92c10a1
SHA256c7a979c44fe251a417e01d16b770c25da44d236aefa43c07d6c4fae1e3e25b4b
SHA512faaf727eb1f617e887a9205895f8be7b8c2671c43bef201a7d5bbb37522c413c211518d1d6c5088d983c531eb28ad2b58a1d77dbed3e0c56a6ae1f2f49822f53
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\3CD97724EBF47B50AE59221DC942CCA5EE96ED82
Filesize29KB
MD5be4b96b8859b3b3b290ad0cac1d27184
SHA1f2b2aab06579cc276b58e73c36091ffbeff9641e
SHA256259536d04bc03b6baf27ae76ed1935121747e527670dd8866ec2e19d58e09cf4
SHA5123ebd588c2f14dd0acbd2d11543d3c90bbdfc7915a930b991dbd1f9c0a1ccdc34a6ade97e8c6a55bb754fa6a39e9d1d1ac49ac4eae71d0cb8351710deac8e7797
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\4484CE09D9F44C30AA3AF50881128FA4108633A7
Filesize83KB
MD5db78e7798aa2fb097175f794f7875807
SHA117e174adb2b1c96876ea05a04cade4864ce2eb91
SHA256d9ddf998c893774497fcba3af14da8b3a1ab332f4d5493cd38e5215da72a718f
SHA512bbd9c87bbe02a3906bdb78c00666a31affccbf578fb2bfb1e90d8e24929193eb610935e58e7a394a1a0df978b8169ed361409f988d521e90a38e9a7d98ca3fbb
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\4C11E373FD9A73A5E61FCB5291518B290C3C15DF
Filesize640KB
MD579f172a19687ed7c5374ab2c06ef66ad
SHA151396a5b587cebdac12cf27458be65da519bc625
SHA2565844c54f4a35ce1fe4cc67ff695d5a2ce615dc412a656a6544888287dabbdf8e
SHA5125667cc558dd0570ab92dbc8fe7b2a99c6f2656186b059da0ce531ae6bbf3ced987c82ca94ab706a2a11ca643cb9dfb2b7bdd5c3d3c022e12965854bf4097040c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\4E33C2090819C3120498C4900B491A4CC55EBCEE
Filesize112KB
MD5e2b73eddc839cdb7a208fed24aa37e6d
SHA1eeaf91be60342439cd074cbf7ba6496a1d58014b
SHA2560aeb16ade3478a15d8559de913a073385fdabb725ecdfc6a90651f72929f724c
SHA5128d043002e585cc8b0b36cebca5d6faa2aa48ac1fc9b5f5803a147285b0f106b7be8f99cb38a67b1a70e18e6b7032d8e041004c9f1298b837031c5d8b4df3d9a6
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\4E3562C55341939E493011A1EC297C2A4CAF51DB
Filesize72KB
MD51e44383a931f15b7ea344834818758f7
SHA12755e46c69cbe420126dbf4965b87a951d54c8ff
SHA256e3dbbd6949ec3a0e3d55a51d48bd61307bc765da70fb6b8fa7940e5561de0bc5
SHA512d04d03e632ecf857a95b2c43781052983a1da13cacb23ebf27ea867d4b4b614530a8c0036d4a46db49fd14f9262f9c6d652600405c2836bf7176d77bae6be6bb
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\4F0A302E303A8A3BF5615AF7B227BE05EFCC1BF4
Filesize39KB
MD5cadbd9b8fbac4db8dbd58a80a1e6c8d8
SHA1709a58fa7a5878ca8d9ac5026fe75e102df1cdc2
SHA25613e7b91db4a17d9d900b69fe57667e36a1206f0043dc753ec3b6a54eb0da89e7
SHA512b279a25c03876f69707db7fff790f4d1bc3756a5caadff0df60e4e697290d5621386aa3e3c6ebe0199732af3237cb24fa2a7dede45344131aca175d4fd47af89
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\55E5E6FB4DA0D621CA2B27FEAF7A867987DF935E
Filesize13KB
MD57c3618ce77844358f12cb662aad0a016
SHA10cad42ba4dcf25bb8b53a2fbce9eda6314c3df05
SHA256bbfd48ad4cfe34535a9ca62a67546498b0a2be48395bed633b69f16c4ea019da
SHA512c8ae4ebaa9c38c6985f18c8d43721a5de1c5b0d013f12520b4742d2c7ab95f6ed1be1b70747d5f4c3b91e17e190441a08388101b7d948011fecd5837aed262e4
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\5B8829C5E5B3D533E7F6414135D79F8D397ED118
Filesize1.6MB
MD584dad2558a2c98f08ee0627edc0fd2bd
SHA18db1cc847fd4f97a0d865b50a78a2254d7d0048d
SHA256713243864df547930eed997ba34553681428c268509149b70b667027a67a13b5
SHA5122e11972865c2d5ba4a23a74355a63615ced0ca4719352468d283ce59c4ba50cba150b8e58942293a3052c189fb64678c702e9e9dd82ae84fdf2f235baa7911f5
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\691680DE655A62653643DE337423E895A6C63C79
Filesize1.5MB
MD50a573550264a22f321582d677bc2ff1c
SHA13d4a007285aedd37396d5a6ca96c120d1181e1f4
SHA256a2cfaf40cc34a1e5fda38b50c995b52007b8882fe85fe21fd2ee8cd06754da95
SHA51288270c31dfbdee7b316fbdfb5f414a90593e790b0f0f15c74a4a57ea5e2d686a721ad643ea127e5cd1cc9126b76c0a0527f26970868f14446da36d95441f5dca
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize14KB
MD52f2b53de12842343f8484f16a637896e
SHA10873480d0ec24b9652420677fc84802120776b5e
SHA256547beae90715effe3a7e7d2aafd22548a49657189280487a13998c795362cdde
SHA5120743e62222e689d7db5400c543fab631b394026d7d7a8228f8d71cda3bf079999dc77622080da4b65aec8fc21adfeeb7cd096feab3ae25c95cbd579c9a25f5fd
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\739025F062E977A263D0043D9E01EE529DEBBEB9
Filesize495KB
MD592fe02a36e64aafacf08ce8e771dc0a6
SHA1387f7e4a220369b37ce7e910c35831c5b43cb8ce
SHA256b4468f77f6ec8bca91f70ee0fc52a415884753cadf2f5c227e04771aa44fd7d2
SHA51244d392c1a42cb7769c190af59162f0fee7ebf2e63b9e4460db9861d4f075fd2e96275439eb7520cba500213bcb18c1b431da5bddbc3aa64cc4ae9f4eb3eab885
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\770E0283785D02965FE88959E3694DB0DF013438
Filesize50KB
MD5d68f0db0ab8f8c5a2ef724844c854900
SHA107cffd8231e095330895e30d17066690bc5cb557
SHA25643e294c569e77c34af6af8381a4477b86042f42808f25d76f220dfd213c4c297
SHA512be47c2414d4e355260c54f04350366b9531d2522909bf7f16797d31f6fbab98dca8cee2b2d2f686fd55c4bb63ca8ea7da9c735732ecfc53a816b7c02bffeeb8d
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\7D2EC7327A9ADA22C9789720F397B4A592649EFE
Filesize18KB
MD57cacc6ff9b7268b2973e5ba60b1ebe1a
SHA170bdea06f8356f9202906d9021835181fc6728c2
SHA256f270313e1c7039dde2d5aee561a6c048a868409255b1e48a98d56b2131951b40
SHA51271f741256f622b893c041bc4106e284470747c89dfd9d846ae2d7e1284dbe1cfe109095fae651b9c85e4323f1120bcb99c0c47fed5ca1026433f75293a61e013
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\84F99EC9F9E4B4B1C83521EC2894B96A072F342E
Filesize58KB
MD5be197295b775a3fd60728480f897ed7f
SHA10de73aba3c3fff89aaeb23f12e51cc97d56c992a
SHA256beee3a06391b92cae3540eb82adbfe89b03c9625e471bcb88ccbc52c3305a2b9
SHA512f5dc1155d6f58e393329b755713912cdcef1a89815a6a929a5e1c725c6ceca51ce6ef34db2963e309569081c667a53fa66f43288d78b18c48b6fc18ecf105a4d
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\903E00CC0EDD76D57ACCBDEC95CE0B3E8C2B9C11
Filesize17KB
MD5e0999acb9af610aeb8f0b36f5bcc4d86
SHA19e7fc7b3278c79db28d216d7598b5d0a8071ecf6
SHA256d85a1a35b1b9ffb68eb260d6f75bf812c84b4f22ed498c090c257a2fe00fb942
SHA5129093fbed2b8b9deb9bfb2ee9c69c3be84fe6061577a1d3473e19efa02cb6f0e0c4e702c0d09169fd2e00c0945914ec9def7dca5b1a3ec7163ff14f6c92661212
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\9111D6B1D65E3DC8DF87F8D14FC15CD1A4FBFFCA
Filesize347KB
MD58d634d60fd9c325082c65e956ef4fe82
SHA1a85dcb0fabb392e0ae82091f83a48d12c0ac3a47
SHA256a97c8c7c1badca45d3623a55a7a344f57a46742170a8b9801c3ebfd8cdc9c08e
SHA5120ab2dfbf2206cdadaf41805ac7e3537386fbed6b8b77054e520078d55d41b167d66c478b8719e495f221d347d8fcacaca152f91a816bc7367d1d9c13bb5bd101
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\96A0D2F1C4ECD10450EA183542E05ADB3BBB4257
Filesize129KB
MD5b09d8d8ff175379a527078c0c69f2208
SHA17fe09be71a54d15da129cc5a75f3abd1aeafac99
SHA256c13a261aae98794143ec5cd869c83a586573d17769bd4606b30e21dfe9fa9a46
SHA5129d2a3f5c407caa37a7a8fb0872b1ef5cfff6c88949dd33bbe7986e3e0569c361a92777b2992e3498d7880b05569b8ce4b42b264f9dd24e1e4877d88e7d3bb7bc
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\971E1369139A2D741CB4AEEC3C5501EFC6E55795
Filesize442KB
MD5772a4a9a891791ede6c57f1eb5850427
SHA1d43fc8a0680b908c6c8cdb0d17f64558d29dd0c2
SHA256db6dc77cc66c9d60caeac90fc7f9b29cb5c5cff57cc88ec34542c4df3c369442
SHA51223cf90d843a18fe7a02fe318ea6cf2e33dd2509e5ef163e48afb3fb94e3b41e754a59f0735635699f7a465743e4a9f9a578035cfb51d3be6aa614fe10d404eaa
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\A010627ADB95654204C32312D1B03C7B74BDB7AB
Filesize28KB
MD51d2f6f27283b3f93faf5c0bb2f6ee3e3
SHA156962f0edcb2a6ccb9e7271de5911fc2267a5900
SHA256ed98e1c2a2d1804166d33763ed443a397273bce0c11f6d8e54dc4c86b82ae850
SHA512657e5f91441889b635a9683d4ef3452bf4c46b0de37af006d67991597302f582aabbccdd4e1c444b9f82e43fcb85e21323d9d75fae11ef759a5b9a80d258e0a3
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\A62A7F331E73DC9D0055FBDA55172020F8FA618B
Filesize60KB
MD5e01826c0c932fdf9a4e8c9af830b7363
SHA12091ec201d84de1d82b9ad3cc87fe921db3a1baf
SHA25651b3af0ce608afe1f2e96f5e7c7e4d921f173d3536c2a75641daad647b2b445e
SHA5120d4c153f875a24a066317804b533739188b05732bc2bcfb16027ac3adace3c617e100c5a8cb68b5ad90758689b417c8606f2c0bbab6a5bb912769a1a8fb96739
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\AC5B4849CAB26A6FF5E0D69715FFD2D5203EA01F
Filesize791KB
MD574d679ec0ca09778718bc51171fcaf61
SHA1b47548aba3e4d33c4cf9fa82968c806a2fb8a685
SHA25664af344a15c9131b67a8fdc41fbe005d04c18865756eddb95935f060b30a34ba
SHA51237145e3a39f1bd6943ea7495078035fa0492d73eb0835aac80365824b5a0d6f654c7c5a4b3f50c662ce95bc23a54687dad75b5363c360a5c82d89efc5fd93ea3
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\B2321E3F9DF86CA98AFA3C0508B0DB4289FBCFC6
Filesize250KB
MD5dd8e5689eb7d3d710b12761632192d03
SHA1ad9817c6e639ef7f21e0b3b196adb7dc09e753a4
SHA2565db997575340d77e512367ba36a30cfb351ac95159dda1eaeea86a7f682fadbb
SHA512683afd6bdf2f63d615d91665e42e626eaab158a9b9fdd8ae8109ac14a5a4b2fac0092a95c5fa7d1adfdf4675a17622268bc6b711eb588b40cb6323eed9a03035
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\B5D9B00549A67C5E8FDA11F8BBFCECEDD00925E6
Filesize13KB
MD5bb0b40fbf5627ea197d00184b7586462
SHA11955f222ea8842df1443e04324e737efe01cb827
SHA25636197a153b287b834730c26f02e533482670aee123586f284c49ca5b66c3729f
SHA512634ac4cff9ba15e9a86338e21f99af5989c4da9ce6286d7ddf223fc76f2d60fbbcea5f39b9bbbc70c5cba572df27d0175d11966a3f3f52b528617f42e78cc649
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\B5E51AEE4BC78EE9823FFC0853A64EE04342B97E
Filesize19KB
MD55e46a4545e4ef7d1d5da0a095083d04d
SHA12f01d344302f0f07fff9a771b12d0bfabf15aa05
SHA2564686f9ff5f362eed6e8c7e03a33930ecd05491afd903cdb9f445a6ab844b0b38
SHA5124437a9e7eb3c060e3894b569d8da799687eb8d1e9742b312564b623a29659f31494453484c6127570f1ffcbbf3f4ee5fbe8ccf2bf29adebfae622a93dff5b4ea
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\BD78485C28EFDBA59DF992B8A5CDC34D177325C3
Filesize16KB
MD5c67d83567b2dd2a1137b996331b5eaba
SHA11ba69dfb77298f5d85ba62c8c35c957e526dc8a3
SHA25630ae2734147d53ac9b35aa61b2e43373249873d7d7474e26a530fd25894fb811
SHA512453b2349020a574b01ecdab8230019a22b3df60439b316c18e82aea6bb2c258c3cbbed6cac22e63e80efd3649691bec1c743c9b108b881fcf3607f37385e9144
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\BE2D3D60C4D6C94AEDAA7868122CCB76EF5AA608
Filesize328KB
MD59be71211eb8fbf6de887ee3cbcf2ea65
SHA1622349c01cdd59dabd2657c4950cc26975f55131
SHA256d445ce3d0040cd84cb69740f6fe6ad9d1e2d02e53872ee015996963ea1f22b87
SHA5124f81c4fdb6580b8267128c4a39961a2e334a581e8d0c4e5dd6ad333e62f90eead45ec3a901716b6b358457cb25112d931a2bc2c9a4b0fd58d53ee0d73f5115ec
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\C20E036239CAF315DF30D2CDAAC4F746820BB89D
Filesize1.2MB
MD579b30bc0db13bed788dff1bc93534d3b
SHA1665d807fedd4e23f78ed1eae6235a17fdcd229f2
SHA256ce08c9360f741ba409fa717e09ecea30aa38795c4355de3d1c98385e11943d0b
SHA512b5df35f14d7cd4af572a60f534a43cf0df6b4123f4c1351fe9f2189c594fecae38b8ae047551fdd2db0c1f095f94264a72df72155e7d4400bfcf94e5f5ba0f6f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\C68D52241DF17C05E063A681668CB14188760D95
Filesize325KB
MD5f0e55fe0ab5bc640507df781b159576b
SHA1fd57e4320575366363be8cbaf277314a8de77225
SHA256d1214e25b9998cf396d583e2cdd4e71a7324aecf66d38e86a9aa49cefcacdae6
SHA5120eed1b707e9f0ab8f83bde3b0e63ab48f5fb01d8ef7d169231dd80f19c7588bf0a164a98cd07699d156667c6afd584c56af0b49d76c051cc0619ac23255201c6
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\CFBD8C231D7FFCB5CCA354F8BB793277A96DA560
Filesize51KB
MD59abfbd112de845e19f476026dc229953
SHA1e3665ca6b4a0a823d8ab3edeb34092790a4b880d
SHA25625161db13907e320e157d1d9f96b6367b0df6c84a5b133898126508700fed7af
SHA512505d46306b25565bb02173e34e77a67bcf8b281f335336d76bed00e8c6dc5e7d98eb8b47ca130b4c0d125e19474d7c123d91d802c277d236feffbf261caf43b2
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\DA784CCDD74E697C1B9356166222C06487BCEA54
Filesize110KB
MD50129b8bfa60e2afdd622240b84177bbc
SHA10cba6d34dba0c32fcfb8e12e43f06292d2e7fe8f
SHA256f30369e1cc5a419539fc82491ddd404a387b179a622d09982ea46661ff9b1446
SHA51202e71eda6eabb4b0ea90670192fa208532f6480dca2b08ad1533c5cf4d4134c6486f5bd668f1c7a4f6afcd7128a859c100562462bb2c9e5ac8c6fd7d1b5aea2f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\DEF8C361FE7732B0C29D37DCB4A5C8D59DB177C6
Filesize14KB
MD5311271c2bc9992a243b5a7a51d13f8fc
SHA1b3528000a41e158c51b6d58e92781dc974cfe2a4
SHA25696f942e6539be1348bc28728aec8ab0f54f6a8c3117c1982ae5fb907b7df3a57
SHA5123a796bcc936397f4e0a2dab1795250f1e2ead3ebe78efe30748c3f1b4f365facd8ecfa0943da9baade18e510189694487ef515a80efa2feb078f56e4f96af89f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\EE6A237FE39E617B88D90FA572EE13DF5538B21B
Filesize13KB
MD58378fb40d889ada0495bc7dbc7719cec
SHA1d272b80f2e5350c6755ea6a04f3b558102d19e9e
SHA25654a8c6dbbb64abd8b1aa06011dde73571ec0c0b27887db3008fd41e004eedb6c
SHA5124bf9d3dd9fc83c90b630b025ca250b3f5cfa9ed51ea8b59c731992dba79cda5bdb13077a1d8a310be07c1af472e9909481d46d4005a612bb7a2127150c391cfa
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\F27E0CDCD1C7E6F6CED7F2BE71ED722173C6CCAB
Filesize54KB
MD5ae690603a6f30ddc231f4d9d8979a5af
SHA17dc2bc6c675697bb4602ef9b0f802c61c4a780db
SHA256fe888da9ac9436038d65c5b3fb3d8be49c9f1650cf431e7d3573132ac46a674d
SHA512e020c967318f3115f6d1dd49ac4ec14ba52918edc465d5cc02eb9c823d9d34ad93d6b391e9f6238a0de4b307f38dab938e644c04a605a2c59e6790924e493176
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\F3CAA836DF9244F44521C9C538B2099C9F5A9015
Filesize97KB
MD50b425ae3a35edf812dc4e1786f0419c9
SHA145a6ad95441340389a460a3a0560b3c4d7210353
SHA256001aa406ed856102afc01071d020864d656f29cd4add21613833ded2f63ed483
SHA51211029592beec3f92480cef041b6becd96a16fa769964db6d0cdd529c10b485e302a9d6942aeee1cc3cb42362ada9c7c3c690918fc02d29ce04cb74fd9dea2e94
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\F430A59B10E951FD3D750F57D5D290E363216E7D
Filesize40KB
MD5847f84c6b0bccf79f25f40ae017eea8c
SHA1852c078ee1f6a8491860303cc8ca5a80b4b0e15c
SHA256900a7b248788e7c270bf68d82da9618a2e9b3326fbb9ff54f66159322df53cd7
SHA512549241c2bbdcd286a2a2117880e093d31c2785eac10d6c14d1482770f1ecf9f810d44f9adccd16ed802f0eaa2c1867a0c9916612ec3f5b4a5c692ad91a929ce5
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\F56347BF2186A4A0B010C3EBAFF9B6EB6C40C8CD
Filesize26KB
MD548f4b07079a790dbefc80b45b6d06d11
SHA1dfa5c9c328da4c6e918b35bd506344c11790c2ed
SHA256211953e77199310873c88a9e6d2d5634c13c9ed7528e633ebcf7b491ee2a6bb5
SHA5126c767a86fcb47b9883aa0cc4f16b0953d851b9093120ba5aa201c820503813eb7d3774c1be05b5ee66e4f7c429b08d8faa48e9fee12eecc852d94401d157f9f3
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\F92E7D1CFA8C9E7BA6B8B6333715A43C4D60C42C
Filesize109KB
MD514511f11d7981db7015d227986426c07
SHA1038627f72016590288645ed822257461e1abbfc1
SHA256ae738eafbbecee95074025da7923d9bec53a55bf6ac9c2587762d454f121efb1
SHA512e68ae7e6c37d8e154f493fc5b06c5cc99624c0fbb5886f3e421c05f68cf90dca6a6b0a66126f264a991d75f5d896248b212e3dcbb2749525d227cca84d790cba
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\cache2\entries\FF7BDC95D9D2E2DCFB31F46479BA0372533C2FB0
Filesize1.7MB
MD514a92d4fbb2f17590484fd7543cfe184
SHA1cf9f7b8d683048b3e8975191e5640817af0da610
SHA2563951335772a85144806a385de228661b741473beca462ca3cd04bbce66857573
SHA5129b1b2dd59a5618cc92ec52e1ee0a748dc1f0d18fce6fdfd6915b860373e10acec091b1291a12d58a5f66ad2a478f31dc83afd4d152188f609576740d318c3730
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SE2RMYWN\microsoft.windows[1].xml
Filesize1KB
MD546858d4f86154d3382e70fe725e51db7
SHA1b02a6b61984c7940ddb6c6bfaf166f043bfe886c
SHA256a74d843f1e56dbe9810335c1ce8afc8d6909b4717096053ed76c368d465678b4
SHA512fae01b2dff2bff435e53889aa59fc65144a27ca020c4e671bec58bd01748b8c9de8cd57a6a744f1f812419bcb300a13dc930a90f9e93d3245fc632a43a3b5730
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ebec4f39-bcee-44a8-817e-bf89f023551d}\0.0.filtertrie.intermediate.txt
Filesize31KB
MD5548bddac5aadf31e1e1537b595ea34ae
SHA18017aeef402157d588ddf1d651b125a470d39234
SHA256ec9db4dec3490704232e6ba0ac2f4dcf38c83dd6e149a6548c3f399dd884d22e
SHA5120170f0402d0df79f4aff0f2869925dcf35c98ba40724f8d2b3c66a37310058d76f6c155af48af68978e5bba0d801e533fd5e18ba48f98e6b02ecad74f3519b01
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ebec4f39-bcee-44a8-817e-bf89f023551d}\0.1.filtertrie.intermediate.txt
Filesize5B
MD534bd1dfb9f72cf4f86e6df6da0a9e49a
SHA15f96d66f33c81c0b10df2128d3860e3cb7e89563
SHA2568e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c
SHA512e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ebec4f39-bcee-44a8-817e-bf89f023551d}\0.2.filtertrie.intermediate.txt
Filesize5B
MD5c204e9faaf8565ad333828beff2d786e
SHA17d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1
SHA256d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f
SHA512e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ebec4f39-bcee-44a8-817e-bf89f023551d}\Apps.ft
Filesize41KB
MD5239204cb60ed3089e673e103ed1aeb2b
SHA16b5ec2a79ee939a64a4fb4eb971df2f2e0213599
SHA256158968b0d2623639f4aed89e3abc783553c1b77875d22534d754ad069b1b5183
SHA5124ee68824492d75d5030b32566223c8bd627dbc171aad3b4abe8e761212adf11d981d01fae4e68c1396ae8bf6e166fb2dcf5b71c5dfaa2b9782c9d06e6f6fcc5b
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ebec4f39-bcee-44a8-817e-bf89f023551d}\Apps.index
Filesize1.0MB
MD5c43fb5471f3c140e1fc69387b2d7d3dd
SHA17a2fc17b94a229473804accef8dc0059ce7ee3e7
SHA2564bdfef9cbc04146267021fa7173a9b10ac83587767432e58ed293598e3f5295d
SHA5120710cb2c099f0b09254f547031dfdeaf6c2373cfe1faa80433fc75c4547cdc339ccf89cf9aae31da143ff931ec3fb0f3257bb2a049b14c7f9c0e459318118a21
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133795042482342635.txt
Filesize89KB
MD53e8599c8a83fe12ed5498cd3b36933aa
SHA1b505e91d464cf29b6177d6bc7741832c02e7ea22
SHA256e72ff5d60c7cdedfaaa39e8f61e2d976fea31748ef5452d3260f9f8875290f7a
SHA512f172009bb000508ff5829892f71128f166315b4e24ac2691b05f5b8ef1ea0b5da490b4d65b832ff0002029cf3147e53c48dffbd8818737936e2f253e50d88b91
-
Filesize
11.0MB
MD5104981cb101bd19e37763cebd753928d
SHA1df7f64cb7ea7045f5d19060af8686f8c66432b37
SHA2560ee218fde47582841e22fb4f2c866ec8bdcbeb00f8d636876677b2ecfde50792
SHA5123b3e8dfa2fee7a3c083d8fb370b68ff89c209d36a3e09bf677559e67c3afba275955dbf85b89d483b26151fe91e5ba6ce0907ef786464ac4a8a16f1d3f490c2f
-
Filesize
2.8MB
MD5be4da425d9b7593e358ffbfca29f9c70
SHA1dc98530aad9728d779866ae957a738c52b13a565
SHA256c5277ddb6e51181d2b8bad59acf5f2badf5613b1e73384a84b793f720aa76c0d
SHA51235790944f5855038f8357c0f6d11ea81b260632e590c26f9342e8beb1a8dfd2e3eb9efa11f8378f8542cad45e7675af3d29cf27424accf35aaa6aeb34487155b
-
Filesize
1KB
MD54d42118d35941e0f664dddbd83f633c5
SHA12b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA2565154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA5123ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
-
Filesize
9.0MB
MD5ae174699b663bd90d8d06c68c6952477
SHA18c76eda61d320779909adc541593b8e26b24815a
SHA256c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18
SHA5123fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158
-
Filesize
148KB
MD5cb4f128469cd84711ed1c9c02212c7a8
SHA18ae60303be80b74163d5c4132de4a465a1eafc52
SHA2567dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3
SHA5120f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277
-
Filesize
223KB
MD5e9c1423fe5d139a4c88ba8b107573536
SHA146d3efe892044761f19844c4c4b8f9576f9ca43e
SHA2562408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa
SHA512abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4
-
Filesize
4.7MB
MD5a7b7470c347f84365ffe1b2072b4f95c
SHA157a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA51283391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d
-
Filesize
2.6MB
MD59691e33909895bfb5bb0355b6f439c81
SHA17fca2dfcb9aca4ed92c644e8f7ceb98f87116a52
SHA256223448ec1715cb4b1a2abbf1427547956f3ce583092177c287542e6d226319c7
SHA5129ead46836900c054d8740a1e2f569bc321cc53cf3c47e3fa927f4cca54809bcf173bdea239fbdeecd694277e8869565e476fd272df393b924bb62a845e897533
-
Filesize
10.0MB
MD5ffd67c1e24cb35dc109a24024b1ba7ec
SHA199f545bc396878c7a53e98a79017d9531af7c1f5
SHA2569ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92
SHA512e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79
-
Filesize
470KB
MD509d3bc8a5c6104d78566cd6e51c5a6a8
SHA1d1db4f83bad27dc0caf75f77d510f2eb62dd84c4
SHA2561307025ed98ecfd00770c2d5c74c8a5e498c4e457397f17c3cbd176ca8a62a85
SHA512198072fff54bd6ae5ac21bd891c23da9d657a4525dd5944719eda6f7062775ae66d9cb15d29105d2477378ae605351e4b840c9934106bf80f936a596e7a1eddd
-
Filesize
7.7MB
MD502374701c3dc3b26088763fd3cc11bc9
SHA184e582496c53ce139d9efd219b762ad38a50d011
SHA2568e68245d98bb740f393472938612979a56391f127d1af7683253e9e749e7af41
SHA51209693492447b037e8ce16095fb3d63d806604d18c3340bf57fecc0e0ae3c877bdcd83320e633b0fb898a4c20616bfb4558ccd8d93a10d235dd90c3be8020a8a2
-
Filesize
494KB
MD5e48860fe82ef022ffab38cbc4c96dffc
SHA1a832fa66bfddabf3ae7f219cf379f66d2903162a
SHA256e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13
SHA512e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1
-
Filesize
800KB
MD5d6e8c344b2b40a9c671304f6f252d51b
SHA1c59ddcaad921b6d2d3f70b7ab07026c35e5d1e08
SHA2564e15946e86a578eeff41feda808bb291d81e240fbdfc96cbe2efe692ad35eef5
SHA512018ce2bf4beb4ce066703b2ac7413c6517759be68f889f27990de5d6694e9f84b4027f9861901ea4b15abdd1bb570e5a16651c935713feafc4d16cd57be0b911
-
Filesize
874KB
MD5f6ca56d15814dd5afd5e7ff985257880
SHA1ef236d7027cb50a188c1e771527e6628702311ea
SHA2565cc02570e5f61cbca791309985df3a29584e41583b3344f1d9fb6b04ce423e6f
SHA51246c0436c110d6f1a8f3ebe962226c51af525228262cd56744e4d89aeb05d1eda614801a294bbfd2e08598e355750d7a2d200b3e7b594da03dd26ece4cdd31e3d
-
Filesize
913KB
MD5e6608ecc589e87a6f78f9ce553ec2609
SHA19fdb2ff6291549df773ba243b3a92b984b15bdf6
SHA25697ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768
SHA51225450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2
-
Filesize
1.1MB
MD557eab375114893a5ed0de36a516e8252
SHA116f23ab3eb62bc7a2525a7a5d86139fa88670b89
SHA2561aba82aee8c985e5e370e7cf2b35c9ec20cbe5174db5fcb54ec7d19ec5d79587
SHA512895bc282484ed028f5f023cbbb6e2755091f036e540c531b6ff639cf9e0ae5da02801dc81d7910eb141edd5c255d8b088d1abb531b152fbb161d6c2bf9615f4f
-
Filesize
556KB
MD57474c8e0c3285b97f1f12792964b6824
SHA18b9381be0754fc3df2f4f13f8575bd4abab90e9d
SHA256b3d5dfae25427596b1f14a8e13d6bcb58532c82554229c2367779ff5c42b28bb
SHA5124ad524fd530bfc72d72edf04ba4890e06ca0a20cc1d5c2c3d95cda746b1d884a62ec2d4463ad7be9cd01c7529b41bef65f9e669c62719808a83d3c70f9475d43
-
Filesize
572KB
MD5582fde87aac61961e4f7955f16d31769
SHA13a8eb832317dd7e07efaaeeb5885c32b9d381622
SHA2567d7b701ce510b2e4a18e957e500086db590aad8bf5acd37f82263a676f0b556c
SHA512adb04ccce5471d80182f7ca73bf1a2e4ce63a4980d455837fb378bf679a0022d4ee6f9fbe148d6932fad83f458c76ac229229542092e0cb9b271c8d44639b11b
-
Filesize
518KB
MD55f8f09aa98ec3a4c8122d64c5bc6610e
SHA108a6dfaa3a11d8c994da90460e78ce0a4fcfb644
SHA2563430c0f1946901dfa24190ca3989f72171ec564bc7c523853e6a1f531b61b5ee
SHA5129c643eb6415cad6aca0584d62211aed5ed21a0f8d71ac4f692bd420a4a190a9781add7c874d0f56bb5c1c0f65d543d932d0f50caf127e8d014c05d015ae61ca3
-
Filesize
553KB
MD5d1a513308f9de55b6c7bbeef7c4fe90b
SHA1a4a5e99fe73d5f9df2e508c3c8e9b73dea03a76d
SHA256662496eff49febbe49f0a03cf2c51acaa743cb2237de3c41014556e16f3d8e2b
SHA5129756e16255976569584a3a5e2a17421a31bc8f9b158c0ad3d30f6fe624ecd0e77c255571e46554c03c54d58b06d3f7b0fc77d347548f435547eb1ed9173b30be
-
Filesize
1001KB
MD534c6150acccd20c7f260b269bce06930
SHA1277b6d2387f600c84263847d6fb2342fd4746cfb
SHA256162e51bc7d682e223e498f4ff8c81f019d136d857bd25a1c982d4a1084a8c840
SHA51258308b1f4f92f1eb26af8516351194b96defa8b40f26cca2776aeb9e804e585fdb9918bd2acb9c6318b63c3768c29893574bd0a4fc18fa9dee96b9112732ff94
-
Filesize
450KB
MD556bdf77ab3487e28d354a8b0f9ba8d2e
SHA1b10ee918320a50a417b1ee6a28cd4b05a5f77238
SHA2567df934906a61c0ae7a952f9ed058f4a06cd3989663a7d9f50afc3c9f830135bb
SHA5128d74c79ba3a554d69f26fb8c20210c9a339d85c0e9a9af445901e8a5c7ea544ea6ec713f9dd2db7b8bb5cb0afb0fb385236d4668a73af37dc9ef8d2f73c57fcc
-
Filesize
454KB
MD55c52a86b21633b55b383c20f16859b2f
SHA1126585e68cb17f241351004e21c1d30e65de1cf6
SHA25641123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078
SHA5122a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a
-
Filesize
547KB
MD515d1e262602e54d76de8bac02dada000
SHA154e93995675bcebc595befaed6b73c9ff5e6e735
SHA256ec922f8ca16b7e7642fc73369ba7b75ec950cafb1dcadc6c88426c034382d483
SHA512a232eb97021f17fde322697db2c00423cd70e9741772912c5f7a41849b35dcf3e2fe84001ff0a7902b2b54305d1f805f53988e421e192be0d5abd157bf8b5f1f
-
Filesize
547KB
MD5f90d43351ffdc63bcef25bf634c1fd35
SHA1f80df8034cb64df1ef62e586891275a74868ab6c
SHA2560385e6776de5a0d8a3b30b7bad44308ac4cb04e2bcebd573d3c7938b68036573
SHA5127bfa70a5de14652063d261c28ffd3df89ea5e38877cc7977ab27f7280c48084a4ab1e5bdad0c2f624a7434a5d975feb9d8d221c010e24963d3c42921f5a36e65
-
Filesize
497KB
MD53cad945e9ae6e31cfe66c89365e5d353
SHA143758cb523d60d936b9a417123f337b8e123481c
SHA256ba4ec85d2306a1f1f178a017fef4d340b77b33e10bbee07bd359a8e0ff8ea461
SHA512ac07e7f72b670a2e8b7a46a672fefedc58d9384d4773a6f220c231c619c1134613ff68c0ccb0dc9e03eb5f47dea7ac57de318af5f3f242d6be7ae43071e2d947
-
Filesize
813KB
MD57851efacda8438c041c9a511f4097de2
SHA164cba381a17ef0ffae2dff5135d57fd1f9300ab1
SHA256f1a7351bf0d8cad475d2761b9edf970c3098836e38aa98106a5e04a41002b7c8
SHA512d94fb1d04630cc292296ad6033c6beed1a00dcd4c11eaca04a7eacb50c238269b21e4d2a4002836f4d41e0f6d951624beefc95beaae23530eccded4569ff1869
-
Filesize
508KB
MD56d7aaddb1365b3efee94d4c510a3002e
SHA12a970204894c5ac163c980ec0fac2dbd1711e5b5
SHA25611b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274
SHA512f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f
-
Filesize
573KB
MD5c744b92c8feff1c026034f214da59aca
SHA195780d3374841efdbc0d8a46cddc46bb860a26e0
SHA256d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745
SHA512eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43
-
Filesize
591KB
MD579d945ef9b8ebc7d39fd03d05d9b2f27
SHA16fbcb748515f97056689d4a747e4df3a830fe049
SHA2561f6cc56e04bcbd6b6ecbe500bcb0a5702551ec80d79e624642d0c7d9758d4424
SHA512f1a26715ad9399052b664c71fb60b6eb6f965fa80d6d8d6c47e0b96ad0d4a4d2028c3e19dad49e008bbc29edc24e656777ce073da008d3f4dfdee4c8f2212a07
-
Filesize
1.1MB
MD5e884bbc8ded4f5f059211fbbb85ed351
SHA18f4ecb45ca73902791ff5e56e0b272252c08508e
SHA256087e99953eef9b5fd736e3dbd98d702fdb01dc614593a4c575cb619159688118
SHA51250837daec40a2624097cf36dfd7beebba4db748fd9cc470bf71b526e612c1aa6c88ead7511ba751e370f6f5d28ad9d6338dcb3581d7e3d53e2672741915b952f
-
Filesize
713KB
MD5ad6af80367f0b5d408bbe2c7b32ade48
SHA19dd4e4e5a63e50e9d3715667b8149edd8d07a52c
SHA25620b1c80f8b2bd5130a1fb372814fb9c9ceac15305da3da0cb29923960a94a934
SHA51295df5ce7f7885d0e72b2d89e1794a3796a1ab407fb27174219db22c668f74a8c3ba1f680cbf990be533c35ca0b2136b1917c0cb92d4556e3ff2ef3447c55efbf
-
Filesize
1.2MB
MD566ab509000cac52c805d6871ca6c1f25
SHA1e3d3e7bacbcfaa7538ca89d9d26218eca06c01f1
SHA2569c6d8d93278a6e375405142df9829adefbcc8ae9797a4f589591b9784b2b71c8
SHA512356642a19f044c6e192f658ca2bf8764431129cdf7c9891b5b5bf4e99f6b990a1428c1e483487b619865e7f2d31cb5c9bbb3b49ed25fa81c4374de3e8e65519b
-
Filesize
551KB
MD51973723b9c45b9d971c97229e7a441cb
SHA12bfa4922bf2084486681af45cd7f7dedf95b2d66
SHA256afed35643df24709c8c5cc9b8158b3d9a2266fbfeed132e98ff254ced4086c5f
SHA5126a1f35435b01ab187cd93b376b76444dff575284632fbf37bf8b08e6cfe7783f985d0fad2425df3d3c332aad2278971412455a748e83c2d6fabd0f6afc3dc292
-
Filesize
595KB
MD52515bb367f56f282657b3dd3b9ffcbc3
SHA18cc350e359f1cfefdf0ce3b016109dd483d45a8e
SHA256b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a
SHA512779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72
-
Filesize
490KB
MD591bad2312491410c7f0393be512b895f
SHA16e4e9cc985c5b96eaaad91787f8bb7f72cddb604
SHA256a21f9474a19fe2d7f26c59f5ba8d6e72801a8a057b7dbcb8b3f96471043d9059
SHA5125c0e1cd1741e78fff90f3ec2be02bd47bfc669e50ad0cdde975238a74cb4081536faf80d0a28dc9fea6efda6548dcca4e569c54b903f5c2773c17f72000a99e7
-
Filesize
539KB
MD5591113bc491e5c388ee3876de4aab3a1
SHA1a63c2a18eb92fd03445bd237a5755d557e1cb593
SHA25633652aae78a486dc3ce4e5affd1b7f72e1248f6f9f3e62188afe3b5d73bd148e
SHA51266f1e79c9bf179f19942352258181858268a991b42d4a79747ca580df3fa219c2be71ab6597cec4ba7bd4c691a5e1328aa03a565b3eef442c6e2216f0d82653c
-
Filesize
659KB
MD5412bef3ec11f53c2aa6511ca139b1f35
SHA18b42655c2b62edc13c61a4625f55c961cefd1c49
SHA256c5692ca739c31569ae2431fd58f1028e6c8c01af278b76656ee0bb65b79e9985
SHA51285760c2a0dd4404a2d41f0d957c9cf8962d6b80389df838cd2d85b6a31a54f4e50c5f19ee73d2ee66e3e61a8809aeb5b493e7170aceeef9bda53e135ae02bc42
-
Filesize
1.3MB
MD5a11d186b8eec7362a280abec3859107f
SHA1966065cc6f69c3a222751d2191a0efeb6049cbdd
SHA256a6ecf1dfe4d99f6ba0926c696b5b23b77d234fa8fd03da9825b074ecc640d508
SHA512099e73977453a5dca329b1d8a8cbc612dd2739bb3db034b7509af35877ede6ee12450875302ff3f9351fc7096b60be1b2d8ccbec89ace3145eb264f25946d46c
-
Filesize
557KB
MD5965ac0d213ccdfd83ac4970de23a8f11
SHA18326841ab80c40a7ca8b13589a3f5ff54fc15827
SHA2563fa72d61a997c36f9c093f769f4bba60b290d1fbcb71d5544f85e8e1efe51d07
SHA5125eaf14ce5c493bb4704716add07428edc6569f2dcb721679e140916c0e426cfa8e8ce27a2c38c48ae6e60461a678525e48e42c2938ce40e488b59d3f97a2f9cf
-
Filesize
597KB
MD520906aec4a21bcbb8bc8bab067075ba6
SHA1369da9c1567d4376852cebdb87cd9213dc4bd321
SHA256a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58
SHA5128d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe
-
Filesize
596KB
MD5a999e734f9addcf07c080f9861c3c170
SHA1522bb12a0cd4e5232570001684aed84f421abcd0
SHA25633fdf706f6d3f06b485c5115a7c73a571296dac41c582fc9d0dbb371d86e8653
SHA512ecb92c4ddf7b252a3216059e63b387c6847f6eccde532c300b74e6b04ab56da0208c2ecbd00ab1d5e48acced909db74b1aabf88e34d0d5928b89320f45200dc8
-
Filesize
1.3MB
MD539d4a5ed8cf7c8e0df946220fbfc0f68
SHA170794849b41d00f2b895f1211a6baaae3fa7d261
SHA25687384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6
SHA512ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e
-
Filesize
1.1MB
MD5649e76b6666096a2258b942745ff9fe1
SHA182edf8ca68dff0caa36b17901c1e12a17172fa51
SHA256039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4
SHA51292f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce
-
Filesize
514KB
MD59fb7c18f376b46b254ef9a960e08655f
SHA131cb060fc606d011151f1b5464e2a469372113a2
SHA2562f0c83b5b3bff8f624d78e0670a31c509e7f1d5330f72aaede471b2e97c956e2
SHA51223ea07d917bc0cb9a2f530f985c4c1930d31eb6e8271804709126b8b0f5266dc51636f679944d2e3d8dd7b603564defe85c1088a33a922e9fe15c2073b509a8f
-
Filesize
499KB
MD5de04250ff403e9af66a1351598d2a64d
SHA14b7a5a2bf48d988f95aac6e85b11a8c2b2fd007e
SHA256887a0278971d6ba61e2f24c62029a3087a46c4962c4357412c28ede12ed6da15
SHA51271527c025205bbcd63351283b7b123d8807c05bc68f2f7555f10386e330e052d031b9986ae2c1f0398bd174e67962657e0b8d4a57a07d167c233390a4e6c5556
-
Filesize
516KB
MD5d59fed8986eee2b9d406ad52d88cbcf5
SHA1f7e409e17723e21174361bc81e54bcef269f40f7
SHA256619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e
SHA512234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597
-
Filesize
574KB
MD58d4db26e2ee5181afdfdd513053f3c17
SHA10da427a085927a5c02d2a67c424ea99cbf5e6b02
SHA256f2a7dcb69a433c2a898866c555b82c26e3515c089f500e7748b9b11ec3047786
SHA512bf441f501d746f1fd996c21e5e2cde643b9031bf58bac31474e68a72ea6993447f8bfad3284351bffc94d6a088e183e0b24d109398d65dac0edee8826076ee21
-
Filesize
540KB
MD5b4183914f46fd63a7bd32d715b8629f5
SHA1d0295b556e55a74e357f932473f9dd2bb1cd2f51
SHA2565ff219be32f9178fee40e8966ac5deff2be1f2ff259a66cb9cdce81c2e90a7e8
SHA5123bcd37cc49a827c03fb5b3a97a5eeb863ebb6f071fb2af697ebfc4f57dda676227533cc6a2fdb00505cb2395aae685dae087970ce13af113260d856b845a985a
-
Filesize
543KB
MD503138b2e4fb822b03713f6c4f0fc67cf
SHA18f6f6585743676177eaff5a582d18691e3386bbc
SHA25602ea290fac25b414a1d4ed78cdc159cf6c73fe5350824c2f36f032e426a23364
SHA512b000f1b8fc952849d1ada21aab665cbb97989fc28e892a75077ae9a24c4ef1d15b7d5cf1c5aca89d27d40a01c64f343a08f790049249fcfed43a1a430b4fef9b
-
Filesize
562KB
MD5cfd7cb2444248216e12193689ba56c10
SHA10a9d65fdbc68688bf1624a8c98fd42673961e0d2
SHA256655c175903a791d0ff56264a487c53f7bd09ed037cf04cfa6e79eb8be5b677e9
SHA5127ab384dfe93c4de0d82d3a581d0c4b988f823f49848cedf081067e052be2d43c42389899588839dbc7cb35ba70617648bd0c7c199900e78c487f3dd77e64b4fd
-
Filesize
924KB
MD546fb61aa9515e97293969683fc330764
SHA15bcc41716976eefb65870ba2a2b230238f7e53d3
SHA2564babe5f20caafca33867ee263aa9dd55ed271704a062e4372fdd133eb359a558
SHA512c3acfc1c902c651e5fc0501a7a77358cbb99daa020597f7f6be9fc81ee53509dcb0d63c6bbc5ae308c88d95dace7099f024d698b6f364dc7db4ae2a7660e5b31
-
Filesize
580KB
MD55d41e75bf42cb12d7674986f4e5dcba4
SHA17c3375226997e3f69e3c9a3a5ed762ec40d24973
SHA25689f984a67cea3997c704005fbfbacd3f6f5652248626945c2ab1c3bcf24e6623
SHA512a2b91c888ea3dc2e618bf8faf7ac9f0fe562ff16c85d03afac0778ed671b1868a665b892aeb2d588e7f5bf32a7eba57b75e2e15f2c51fc9264e0db2f95d804d0
-
Filesize
556KB
MD56c71fa576a41711dcb351abf92a65ea4
SHA1a0281f6b9dc363628e7d6045f7dc2904149c9dad
SHA256458b15bf249c1e6fe9843725c42443274ef6e09dcb15f5288c916c0561aefc47
SHA512258e49b51ee65bf508d05a5b3286a8937d3a876a876635b59b97752c5171e89458b9d23d9d7178153aa16b6fc908cc011a8e855c6d3a0152c919b40349cdf4fc
-
Filesize
859KB
MD5eb8ec452c7079ef7dc24bc7975513ed9
SHA14787250292b8f2040c7ec0b265f60edcfd1ffcd6
SHA2564cea4c83b5e887463dadbf470a9953b8175149f31fd07b83406a6fc59acfde41
SHA5123ab2eafd3f09627efed8263cc2d59d5780b6a856a6d1299be511bbb5c1350fa05f98b0e77c53c3707ada17e7e44b8801b191802e2cf5129548e279703983a8ba
-
Filesize
501KB
MD5819b5e4f2b7734ea4677f6d579d72f84
SHA1aff3048d8e35fabf68a756513b67efedba59f85b
SHA256105460cb717104d82f99cf8c5e2c51ff252211a605bd1c98bf75981f100d619e
SHA5123e1ff5d934c7e0656dd16265be697420c31b191f88a5140c3598b4fe37a6bd3031f50d45ac7e961acaf0886934951a48230f7b10a53d85e015d6d5e1602c3eff
-
Filesize
529KB
MD5be2bc09130635406f560b95e789f9a81
SHA1f189cd6eb6c844e2d96ffaeda66fe4d5f1453130
SHA256f0fccf2e3ad332846736d816e254028569f5f84918573872442987a8bc9bba58
SHA512f651ea959066a5966f35493788b9833597dff653f649a5bc8b09a8ed748bcf086bd0586a36e1f4ecddd361d04774253e21d67801760d0988f3e17f0c6e1121cd
-
Filesize
1.3MB
MD552ee28471f2f9d01ef3f57233496554b
SHA1abd7dd9989fac90636626a41f007eb6aa5ec7a2e
SHA2561cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242
SHA512af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691
-
Filesize
1.2MB
MD53a71904057869c23d1bc108f1e8d0d31
SHA16fb6e60c80bc332a2bb66d02a1e3db69961a9c41
SHA2568264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e
SHA5127248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022
-
Filesize
1.0MB
MD5879a881174501e22c3de65b9f80bc19b
SHA1a2e020d5ed1be7dee50a495a2f8581e751cbf735
SHA256647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d
SHA512b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3
-
Filesize
539KB
MD5414b557adfe76e3564d43cb93f513c5a
SHA1f775095f7c55e834a777c7f25fdfb81f1e63ca08
SHA256f58ed19be62706fb4fd797a6bfd3af5c6ad4b39aef994a577cd28968fcac0291
SHA5128b1be522ef23888d46c13888a18229f4c9cb6e1c6e6730cca79d9b13d71eb86ecd3d0c172ade6f70ff63a7fb5242e4de7d9742b93376669d13c77de0cb622f94
-
Filesize
923KB
MD5241fc33569b22647e7d2c4189a8ee7bf
SHA1f56a73cc81b1e96560b74ee5e73d7af792720ada
SHA25613e40208e2c9f4f4b83dcf422610dc82314a8f99ba50acdbd286c508f92eb232
SHA512ad16f84482f0c7c3d3c3fb98caa3dbd0048138f361aa6eba2b6338ff6e25da4c3ab39450354f2a86a53d655cad99e92fab2c030b5771d7e6a25190617f1a9385
-
Filesize
808KB
MD5fb978b7d211112a0774ce09ca54ca96f
SHA1fb0c69801230437dcd20e3803db81ee60fc042b0
SHA25660310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a
SHA512abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44
-
Filesize
639KB
MD5565abf3f9b296fcff95fa5b169a7d598
SHA124de1221b2adec13b5bcc23c4a54b8e987e9f12e
SHA256fb9463d5655e73fa69cace9800d95f8cd077ee9284fef3bfe162d2bfe220c257
SHA51253bfe0c1c289ecdf48114048e15807c3143dbbe357736753cb845a31a6a3fccd0dbae652294508706076ca4b30e5da00e53bc6aad11b06fffbf2621997e7de36
-
Filesize
460KB
MD53fe312d9859b299c3a332373172c33f8
SHA1ce6a99d79dcfc363bcf68bdb1ddd4e6862236020
SHA256f0c0ba53c954325b3bbefb333ba23f7fb40a7a4e506043e9f7886089f611943b
SHA512488a6043381834c9d69a906edd9e3273da01b618e9f3351a89082e6a4727f9f882e435eca3d590cb30336cab289fc71b109322d43804ddde5fa038a63a0b84f7
-
Filesize
455KB
MD5e302e1102f3f5a21860f38f41b3c30f8
SHA178b5d1c451cf674a7641dfcc815f966fc920cf57
SHA256d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b
SHA5121f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4
-
Filesize
5.3MB
MD53a87e8d6dc2d7dab0c3c37fe4a74308d
SHA15ddd587a6541e034203f24ee329796dfa316656f
SHA25661216fee0360053988d5be52ab626c89173c86da1cf0b5a697bc32944282fe14
SHA5127ba1bc093f25cec2539fb462084cb1fc32b17841f79be95679c90f4c735772d1dbe652471e52f4be254b10e650d31e3460ebebc82d89efa6a9ef801e5d98ea6b
-
Filesize
95B
MD54dd45d9de32f1a1a9aaae5d05314e29c
SHA180e458fe95becbdbdc82b1c06c92ae4f3781f497
SHA256f2063da30e10724592fa8e42767f066c34520c4fc8302b6647a1d2a0a039d71f
SHA512f5b0ade03d39d867ba3d7db972f999b92696beab9c20d1eb0440d3a0aaf66fc6459f0d6100f3ee8d9dbaacb5d6d78b8d3e0f8abcef8dd76f05719b7f896a7c40
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\@next\swc-win32-x64-msvc\package.json
Filesize430B
MD5704b387859cdf10e134ba4c181773747
SHA1626f9cd6f668b8f310a4c11f331b96cb4289e44b
SHA256f6b59292c52960efe68cc3813a78bc505d80cae11d632006770059380173cd53
SHA5125416f7ac6d243bd04f32d5a776b596b94db1858cbf904357d8eb4733a22ddc94bcfbc116437e86799ccf402493212117f65289308f4ae16f3d39083693f9ae66
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\.prettierrc.json
Filesize26B
MD5e502800d651a7ef3ff58d918c68aa81a
SHA1c3b456549821510c5729648bfd93886491df1db8
SHA25637055c98043228133ffcc5cad7bba5ef6c8f24698a551cae547b90f51d22e519
SHA5129892bb44616c6c2761027562371e5c72a355ce1b519072ce5733ea1d4971ffb8c9b3e83f935a18120e0702aae644d07274ad4b09214459fc13679a8ed6051e7c
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\LICENSE
Filesize1KB
MD59b54883148dfd5ff6b9f1a23f9470a30
SHA1f062e421fa2d8f722e9ccb2b0b4be9502a7386ad
SHA2560fa6b5d2902f7ac42db390dfd2cb3b4ce82ed45cb5ad5dea41c11d1d67e0934d
SHA512d2af503c12f0fda687293452af39f98f5c3987eb8a57cf12c47da5aed67c761349e5186c15371a96f5d490c140e8dd0d5e8bd6a6164139dde0562d6ee46db90b
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\nodemon.js
Filesize436B
MD530894042a167528293c057f833e7b6f2
SHA1ec993fedf1f1a22c77b985c72d8b0074811ea680
SHA2569bb0e59dfd1cc00fc40bed0ccf10d88414d915d79875b9dee5c1d5009f4e89cf
SHA5122b544b29e44e0471a9da5474209bc15cb81a44a38448a74a7a67f4ed3ca7d1926cef4b2b13d3269fb785a468d00f1cfc042d2a7d6b4d563725da65028e2df15f
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\bin\windows-kill.exe
Filesize78KB
MD5de5ecb14c8a2212beb309284b5a62aae
SHA1cf89d1cbd52f3183590b33bd6be591f95a6f5291
SHA256d35c0d3af8f66984b1ead5cb56744049c1d71ef0791383250ad1086c0e21f865
SHA512fea8a49538f5fd4cb8c262c1619f9f8e906edeef7d3c791bd3b85f032a0499aa5f18b4370a00e1f4dab9698e1958b042cab467103598f1bdaa583eb1fb918c07
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\authors.txt
Filesize236B
MD5b5c019895f49ad741cd49e6291aad090
SHA103567a03c8346dd89516e2e03957bb674af91408
SHA256e1e0dfdaaed1f025c106731aff67d664b849635cc6cd3b9b08674db8dbcbc5e7
SHA512ff13c9416d29d9a3fe636e14fd63e5424129a6e72366c06b1bae3c5a06f60cbbf3520d868c492d472450e35e547881be93955b29eed63e66979592da576f8bef
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\config.txt
Filesize1KB
MD573ea33e660552d101eca031a0baf6be3
SHA13d3384db49a197a8a616a274598bc18a25ade114
SHA256032c4ca3b1814a39579d7a0a00154a3772d89aece9884d135fdef782f36e27c1
SHA512c7b9a4bf4de7d13bb45b4db857511cb411a7927ee4db759af263905e01cfda8d95477d2e2d6ad6c51c9f301710e20ef64b54a4d15082f5054680da9cfbca1146
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\help.txt
Filesize1KB
MD50034cf996f84911ff0646b717ae47ee4
SHA15aeef8ef12d8023fe208c0492174a960e57c643e
SHA256d98c56a3cb9643b399fa04c422da35204dc91cd869c47019e9783fb4f7289adc
SHA512b1f174300ee58e16676ee8ccfae4e48794ed5412d89e0cc0d8a134ec055dfbdb596d0ab43ab376f46adbf76cf970210455bf46ed666839d69357d0ded8c057af
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\logo.txt
Filesize799B
MD5f55be3331bb0e69fc47994610da41ada
SHA1d8415b399bd3853ef658a5f2057812404598b5c2
SHA256cb0c73fe1bc7676104d6a92ca91250cd562b7f37a564edc260de01a3fc636b6d
SHA512505d427c6d0add618e0c54f8079e4303fee73e0ccd9c4edfa67b44660ce5d5deab4fac09601002f73cfd00f445640a69ce9fe9a39b8a0f3039b200f5bff058e7
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\options.txt
Filesize1KB
MD5016f8e569786ff8f5f6c321a735e2323
SHA1b7a7a46bf03f4564d6e47fa55a4fc6b9be1e39fc
SHA2563c8ec4fa239f82b2b9f427925ac2f75af2af9147eaecc706b1990540b95ae94b
SHA5126b8372648371ea46ac98dc49ec93cb2efb9cc81f75e8ee7a5e1f0a01b7bf209ca92e07649c22630722370b1f254e956ea7ffe4be68d0f9ef419766f90dc80fe7
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\topics.txt
Filesize325B
MD557a5e0be8307585fffdbe867f0d047da
SHA10185976215d973431c6810571b21d6804bf64632
SHA2565f8f41620ccdc1d7298df4ab786abc7edcf049fa7e06fc69bb26b38cbd453643
SHA5124c05c95f21225be793051bf799255f6e021145e17ca384697877aa9dad66303d8bdb6e47751433eaf17b22dc766758cb799034a34e1e7851a8328a95b6784273
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\usage.txt
Filesize88B
MD51448d12c8524497e0abecc6089aa5a99
SHA1183f63e7726b128a36e247e6bb506ced31272e49
SHA256844e2d826c59dbd72ad383fe8a23b24373d83e9b184b437f7f04c42487cd5759
SHA512e14e41721ee4bba6deeedcc5786a113042cd595024eb411ea7d874f282547c5943dbdf1eb7674d752ebbac16ac4e1c98149b957ed5cf3623e85a561a42354e45
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\doc\cli\whoami.txt
Filesize1KB
MD55a53b8ff8c3670ff035f6490a24a0789
SHA1e079a16d67475a83eea085058af0cd704da97393
SHA2564e7d19dfe1603ca93a0421b1abd4b19cfa5324ef458ff549809c5e66a2efc596
SHA512e906ef44ff0273e4df3397ba719c173c87a9919b7f9d2580e2c3354fba22f69b0c0a020eb049d276934dbc66f497b279d15c135fa0e12e04acd39802fc5dfefe
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\jsconfig.json
Filesize142B
MD521cfa078a36c66a3d1f4f2caf729fd56
SHA18849b6bf237cf4464a4628f0c2e163e866dead8f
SHA25687cd1d700216892ba7d388d04f42e373e1abda0b5d407c54a60e67b5dde48ab2
SHA51292f7960fe79d8e5813372d7a7833bf883c3dce6eddb083302314a2d9ff52d800178f8ddcbf071c169267b346dfbc5d59b1dc0f95a70671bd63453e56e18846d7
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\index.js
Filesize1KB
MD505d07534c94e2d589bcc02e96e1b9503
SHA13c3712ecff74a1099c4d65e4eefd9cf2e38f1119
SHA2565c5b008f28d9aa1d6f8c30a30de037b95b50141a20ad0f029d0d79bcd75caa4d
SHA5127c7526f2b4e685cc7e20689ebe5abf7630b738d2d15ab7b5e94765e0e6f221492e9e029f715f5b3ac156d3d11ffd907e070d2d7f968b5f5fb401aa9c7ec84ea5
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\cli\parse.js
Filesize5KB
MD563db540f7184a372ac611fc3d7f21136
SHA10b3a8e70600a6705297a532849b7470c34f8c19e
SHA25693b9bbbc19e6f0456185d7c9e9ce11e994f41c01e46067959c5168bd345b0313
SHA5121f56bbc4856fbefd21f6de0738712157b91f1388a71a957c37444b617ee161885822b21fcf4e7efe14d5af54b9706d8181acbb286dbd7525c91a56b53dc391be
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\command.js
Filesize1KB
MD590c1aa9f031e818373c2f2f7ed6b9dbe
SHA1b6476cdfa45ab967436ba9bb32aac1d65e531a9f
SHA25650f10478098f06b77a58b351a93bb8fe7a7572bfbfb3e6f0bf668460865da3a7
SHA5124ee766da766530bb372d8e04b058edd6b28ca5d77f603b175336e9b5e8f5c677e77e0ea4afc07a642c07c48e0c209716dbd9cef4f6ab97864a9ea51af2b49bbc
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\defaults.js
Filesize979B
MD52e6f9c975170db8136c9ca5c5ecf2a0c
SHA1404a2c64977cae3407aa138c23a2f841546f713d
SHA2562b577f3fd8e3d03d64c1ee07ef13db89df04d0a9cf7b69ebf2c17041f7251104
SHA51215bfa9fad522ddc043383704cac725c8cc2b4565708b891e9e03d889237cd528ee4d347e54a983c801550856c2d1ac1269dcc127edfa6d63bf3d2aa0a19eb358
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\exec.js
Filesize6KB
MD5efcab0a70d5e71fb513734cf92f2a201
SHA1aa55660d5d6a38e2ea632d4de0640ad2b1b7fc5a
SHA256fcd713c63326ff75fc44afdcbd2bf63991c3c76169a26a2646defab46ce24155
SHA512260a468807d297c2fe85ce8341ae10be64a7833a8249f2932c6a93e6ade07438ca4bd26222326a1b0e3203ba0c80a6a6fb78e90015b667feda8f68538e1011ad
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\index.js
Filesize2KB
MD5ac3af2f96d2e824bc37e36e30cb35cad
SHA1d04e50eb9464ee715a940819ac7af1b612884bb4
SHA256be155df5dbc29c88c67c936f2840d2bb3abd09981fdb6db6480d54beeb27e9fe
SHA512060bc19e10d8b9cd959869866b4ac5e0739edd72ca1e61a230a5f3c735feda6fb75ae7a8ea13349013082bedbcd40e30219ca09ccfaad43571059a765bcaee8c
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\config\load.js
Filesize6KB
MD53379b8830f56cd13355114f157e57857
SHA1cec1a9f2c8ca7f666cb4efc2f3eb99317ea59602
SHA2567329c732d39f8e884c0ec197e1133c536545bf4137417e6d664bbec962990e29
SHA5120690be21833aa598da0d7d20312ee8a2e2ecaf164981c94c3bb12036cea40a206e1b25e839209db78419d6262ae87e29a5c94f583ddd9b45e05bc5a107842d22
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\help\index.js
Filesize733B
MD5e47db45cd167c663151a07e6a3396427
SHA1f3002a966b346ef937a47576d754787e4bddabff
SHA2561c1678d18dc75f67bbfae8c92836543af6990bce6b1cf1ad3acfb52285dac393
SHA5123f8e10d09fcb527e1c1753d50c9bcef2b8fb70586f34e600c0d60ed27a295f077f380e1df2fdadc78b0d468a54f32a5351fb5c4cb638e3012c96358094d31dea
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\index.js
Filesize38B
MD55250f6ffce08844c0f9f139fd707243c
SHA1b5646886daa1c00461042d1a35c1a83675f8c8ed
SHA25695111d84575ab36b697d760e130d722daea3d322cf56612f2ae67c7b3e8cef19
SHA51249dc989edab7b4ce7477bbc5c678e1b1f4aca0f77e0ad6323d3c251164ed28b59f4d18d5b0280d53108b93e133eb2dab5469093ecbb2f1fe2bb32b758f59e729
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\index.js
Filesize82B
MD5532b43e5038c9f6a6d65d40ca44375f0
SHA1c7fa3f4fbab77df0eee87d08d428cc06d18faf76
SHA256cc16aeb163da6cc7746bf5ced2d11f1436e458c7ee803241e9a9fa1d107450fd
SHA512809479d0b075c9bcb3eef6670cdd652a6caf39ec7f93f1d7dde0eee8a792d518238cfa9f78a2ec1a11ebbfeb00d2a117d25b198718af668c7f356bc3f93ebc1c
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\match.js
Filesize6KB
MD565475ff22153cb7e1cdcd5322341c398
SHA1c026de2f4276472496755344bea58e11e6b38748
SHA256d09e469209e55541c8c67fa7ab25b7d4e051ce26d36f737c6264d4ade4b26d63
SHA5128010e71be183c4b1a02ced648f083be4c8e4be9ac474e1405d91d9925887b00fed0aa07d15b994846417a48ebf768c5402f5d0b004cf9107cb44149bac3da655
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\run.js
Filesize16KB
MD547603d83844b08ba9fc39ac940d78f50
SHA14b8dfa2ec30dbd1146a9908b10c858ecbd73521a
SHA256d93e994fddfcf6c7683976452a3d877a51e68f56ce2a49b821240c93cca86d13
SHA51252f33cfc03dda936f4641f1ef8b3f14659247053a701b8990f0713742fb90016ba5d51d1e1f44fde84dd883c92166e77e908d586c527858bd3c0a416b9c9d256
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\signals.js
Filesize488B
MD50b71010f098a8cbf8ea47a83a699693a
SHA1456a713c6a78b49bbf6d613ff9cfc4bc9f01f589
SHA2565c16e2e5f7101eea3f13c19da7c7a9e6fa02f7d1098b170e71f07d14f915e394
SHA51295a382907ac465d95db0cc41055038e839ed9164d4010003c08e6ba4456c19b50158c908b8d287eea09a153e38fdcc7f9a8c0052f35eb069243628e0968750fb
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\monitor\watch.js
Filesize6KB
MD5a0bccf8a21d0c4332643a758c666f725
SHA11aa6968e927afd86a3f056126f31d2eb6420573f
SHA256efb0a3f37d9a6279614b29fdbca3f29c1a6d47f2d26067be1c86bb56fbaefcf1
SHA512bf4dc9c5b4f3b0a01ca161feee0ed13e6f1db24b0a64bbf01b325d0a2788380516da7da7654ee983818f3e0684983302242fe790bbb384dcc126ac4c394c41b8
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\nodemon.js
Filesize8KB
MD5392a1c2f9f7dec3e4f64bb738f21785d
SHA102d0364639bbc6483d727e5e24e6c6b39c8f0ae2
SHA2563bb0b111682da4977e265b0bc746cd57191e294e0c25bf667f129771897dace4
SHA51248b0517f41013b024dd5a674b88a9e53590113f664482b0420236babb9ecbf0428c40c9f708b204bcb1f2d59789ef6383641eb8efcc7a7ac506d4345c78358d6
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\add.js
Filesize2KB
MD54739ea852e85157f1ab60544ea5ce663
SHA1d83c88f7f8bd7ec5d1b36f86009ac7eba9ca1bbb
SHA2563cc60361f99b1080c66fce4d6ea0390a38c2a49e821e7f21dc43ed2fafa31277
SHA512780001095f33fe4a18fa06c3311f3505949dfa762da5f1c0c6665b5501190b6e6c45eb69633c99e02b8b59d01813abfce2baa611509f2a0e65364ccf71965bc6
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\index.js
Filesize1KB
MD50691f1f2acabdb82da7d67e05479ca5a
SHA1dcff01be935756a732591d61fab8e64e530ddeee
SHA2563e64a2a35a97e41ff8c073299f07c3754d99b0a6e7d42faef7dc02d61d67757f
SHA51285ac8207410deba52d3b58fcf30e468ee46b1073544b61376b4b015e588a52973fefa192a027bfe8019b6cfedefc3c4c1cb4fb0ee88e7c2ef88da1c7ed0f9eb0
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\rules\parse.js
Filesize804B
MD5078e15305c8688746d2e6933d291babf
SHA180f0b4201c45af197cae63c9d93a88525cd5c5d3
SHA2569259995d8e1ca1737ff36cf4f97c80e55d812726ec4ead43b6c0829ce9679df9
SHA51283ea7a6d31845542cf03f4b27be92087e417ba5f995ec740824440ddf92932d3623576b7a1022ade20deeff2f1741d617e32dfeda52efb5fb85e9be28de27df6
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\spawn.js
Filesize1KB
MD5ad2e1e41a1aaf8c0d0b622a27bc6bf9e
SHA1139625411959345da513904bcb7d73d7c312b63d
SHA2567804d7450f305b9142af45967be5c96f52be8350dba2a403f4bf79d5e092bc60
SHA512e43ecd8af261ad4cbed89f549c18c18df9cfae6338c0719c1e5c06361c6cee4598d080ee32dfda56cc742e23fad5db56a842ef8511d9d5e2c28b7f7eb4eac091
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\bus.js
Filesize946B
MD5e469c4cef4116cf230f86394586c5775
SHA18849ab04de5836797a3839989d4325906bea9dff
SHA2568ebae78d8d75951b714acaa3e1a3d7f15b382a92b90c8040423e9866d97f1ad9
SHA512923ecfd5103fc6e266e53dbb1d35e11f4058893177fa00cc392a628524dcdbe616c90015a24e15b987f971c5eabe0e53a3b107878bc41bc73aacf1e370d660f2
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\clone.js
Filesize829B
MD59ef3c7b72b1d63f5e3a7975ff67bdfeb
SHA1a406bd661839b5efeff4929af9fcfa991e51be12
SHA2565062a7c87599935fec99e505f3f463c3e0872455da73f8c8054ce0788c513ba2
SHA512eca4c0784695d43435573725f659409ec33a3acd3a5695665935439cca28122a6d8fdc1eaeb8ac6fbdb921893ad4226467777e8c35e3b9b0b672b2196f4e12d6
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\colour.js
Filesize690B
MD5a85f32c2180651cc03bb1f293271bfc4
SHA10d04f9086ace00f08c628c1af25c728eab897d66
SHA256a4969a552701982cd415005d5ce162f955cf26c205229d2f4c75ed4a75bceceb
SHA512b32f6f7c1bd75a3a23aa5f170e5356cbe1ba7eb031f6eced706aeff8c15d8b37fc771c29a82580a48a95c65334d8e41b0ddb551409164a43bff29def7277c89b
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\index.js
Filesize2KB
MD52f2a9c006f17f892a78a9381932918c6
SHA180905883f8b96a2265d60202f61de419e8c6d3e9
SHA256c69735d5a8d259dbc87614ae268de4f6581fcadcf6f931dd20b36bc09c0a502c
SHA512702966aebbf2a8f98a89da8640a3e0f610fdbd063a19bd4c7ce2097dff7ca1d49a2c8040885ca3b31f85662e6a8b86769ea9224e8f64a03bcd0bdcfb71873b35
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\log.js
Filesize1KB
MD5fa4ca8a08fd35bba58f2af0f046320e7
SHA15f672b1e8d504a468b7946514e854425fe938d29
SHA256dabbcccb1bf0089d96ce9592a575cb64139926d6b899091c1dbd37632e9269c4
SHA51270cdae1e1983fc7bed3bee24f50196ec281752e7567d5c4d5aa2859172141422f3eb6a7ffe9165c408d5e3354d7c139fd90382c73f7ac0de16a5840221dee399
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\utils\merge.js
Filesize1KB
MD5b5932e306173a01da5d3f814bedcf4b8
SHA1d3ffa9ab328864682cbf2f5e9c5e5f6437d92541
SHA256c4598a00e91b93b7964bb874e8ceed6d614436335a7fd81aff7f504499e210dd
SHA512cf565fea7c0b2453b8276fc25b5e0b546b0ef79eebdea4022aedcfdeb7866687c925d95cb4d56de413d53db51d03168b8302383ca9f8b04c3b5e501fd3be0fab
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\lib\version.js
Filesize2KB
MD57232bc938db18583ac3447bebc844430
SHA155051c267076fa3bd3764864ee77d4c41c4b3233
SHA2565071083e2e09969b2741a46cdedbbfcb2608fa35c1d1237e3bcf134749fb5ecd
SHA5129167690b0ad72c815c3d8c7227ba8d3574acbab95236de0ddea28c73f6a2899dd700ef9083b06d2badad19c21659a93ab101ecc439a42292d2540ed8c2ff3c5e
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\nodemon\package.json
Filesize1KB
MD5d973ee4a6969bc5e14e93d99d4680c16
SHA122ad20391ccb50fb6343931a1312751b2f7e049f
SHA256f0051785c8178f10c2b5ebe86edd6949eb9db7b293d9abbb51a857f7e62500aa
SHA5122f8c64f04b3fe023d296899b16f6596f42cd69c1b8230c5bee561c18af6bbf44697966b45b50d718eff75cbffab37054a6de7b57bebc16b2d85a5a0e307dfa9d
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\LICENSE
Filesize1KB
MD5216384c4c084ff996a55be20cbd26ef3
SHA10510d5fdf8e7bf002b8396958f2240222dbb2a5a
SHA256fe0982bd7d38ee4cb08b2f111067bdeedb9732a6621c761bcf7dd01aa6211c5a
SHA512eed68402c44f099b181ebbf43ff7efd1dcf6791f7f35f6d386d66202bae0da6e7f0108fe9c3d62af0f69989d92286fd0c307d2192db0113b9fc857746dd01abe
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js
Filesize247B
MD5927d799c0c996a865d11a78f04198211
SHA1f5898b61159f1f56ebd3cd439b498a177d413c0a
SHA2567f69b31efa09c6e7d442d6229e82e65f38faeafeda1fbed7c5e54324aff062e6
SHA51297e1061700f32af28dbc946e2f3be0358234689f9d3482b37429dc28697516916cf1ff6c7891a29b835cdd775705f432ff7f437bb67ba87d7ae81d62453407b2
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\LICENSE
Filesize573B
MD57cb552557240a921e34ad313a224d17d
SHA192ad1627269adefd696ac5a67131e4af575a2cfb
SHA2567d355d1a2324c2073059ffe7ea4d96852c873e718bcc197374440dc3efc3f7ba
SHA512b4bf90a3cd77805fc149a4112f822ee47b4f13404ee92455ecab9dd12d796ffe81d664bf21042ae3ad6419abf6a9de6df231328be6bd8ca2426e3432d456921e
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv.h
Filesize4KB
MD5349864c2d1fbc9c7788cdf95c541ff52
SHA1fa968f5bd6560675c26078de4e7d52b454c778f7
SHA2567340eea1def3c1d832a6f40c5022725f1704a783f7f992b71d5f3ba2dcaeb34c
SHA5125e1910c23dc08e79199fc80ab8e0c7b300e2e1bd2678d0d9171a73d8f328adbd32021146e5e43485f64f25fcc6bd8413ce1ce3846afd7fcf49ffe3a04d0efbf6
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv_inl.h
Filesize10KB
MD5a5a0f8294daad33a66bf30c329157a2d
SHA102b5d7fab93d942033fe9ae2620d1a2363914469
SHA2564955fbf455cc29d63f5dc777d3aa5172d6e1e6df221a33808a913bdebf5a1277
SHA512f583116ada3f281c208a98d053fe6b580187d6922e2ceae69917770a46f56c16444267172db2cb0bdef3b8012088706ba1a2203631f9ff79d2814714b25fa78b
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\index.js
Filesize514B
MD5e5053e64fdc67009804a42cc8baebf90
SHA18814ef33fe018ed0a1817e77c7ed7ddb16076137
SHA2565e591255fa35fb3650502e648ff51d6d7c7e57ada312bd33058da03cc412efb3
SHA51260f941a6814dc3efea6a65c6dced552d4248273e1ce57222b428f813e0ab655d13546a0951ad3c0b22adffc7fc40542d7667ce70d315052308ea0fa1195526f5
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\package.json
Filesize947B
MD52ac7232223dd7c39ae2e82220d9a767d
SHA1cacf598ea739460d281587549421ce95546b3048
SHA2560f49b6c0282be08a5dba3e98024401a921167974a516b630ce9f9a9f2301df08
SHA512249f93debdc2f2aabc8a1d977f2c1a9a54cbc0e3580e4dae06a1193ff83c801518a7cfb7919f98c3b943eea7c7b99d85c8148292b0b96b3bce4788277b956b56
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node
Filesize198KB
MD58a50b5876633dd9bb73612fea622a521
SHA127fb94a39849fe6ba1ce7b983c0d9e4ca4e62ae8
SHA256053c3100121939dfa1fb936718c6088e4490e72faa3c713310b556ea90155278
SHA512958d901f7c72773a2f9439842f422048a8cfa941ef943f5f9e61c5e9d48b4d9ebbbaf72acb2a07138ae66f925b46dd98717656a58719902d417a14ba1e5aacaf
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node
Filesize251KB
MD50b3ffb5b756beae28d8d9da67c288283
SHA17c2a0be0a5ab1b936c4752254927f5ed066abe5a
SHA256462e527de86494f96ed0d42a80c261e46bb57352e86d6175607186c1dcdfc7b0
SHA512a1568e7d02bd34992236c587cd77404e4cc9c25011a075dc0cbe52b59ae254eea65cc31ee7fdf26898386e370a752df8bbb2ce70592244d6f24b10d39f9f7854
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\skip.js
Filesize117B
MD592a4c6dc39d38ac078ec80977508feac
SHA1edc8d81988e99c77105abb1455ea224fde97d212
SHA256c12583530edc83dcc7cacef4a428eaefa84c10bfe4b62c0c9707de015e338859
SHA5123833af1f274d3bb89776a8dc6b9ff015f5d219ebec47f5e98bf88670e523517ad8a493b0959dd41dd6e658c230335338325e8c2befea61f2f22f8e83822ccab2
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\showver.h
Filesize116B
MD56f621ba192a6fe2228ef9965757f0bc9
SHA1e3625cddde946f5ea21e4c00be95cad214da4016
SHA2562b561b980e0a01191a6c7cc1cf94c8d5c061f9f299ea256f1e7ca17250ae08bb
SHA512ab90bc30f2c23a3032334d30294aa02007e0db180c82c6c8f0d84781203be7c342134cc17bb2ac0c7bd89c1e5902c852afb2d09b0c7d4dba27f5101577491f4f
-
Filesize
105KB
MD5792b92c8ad13c46f27c7ced0810694df
SHA1d8d449b92de20a57df722df46435ba4553ecc802
SHA2569b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA5126c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\node_modules\language-server\en-us.json
Filesize5.5MB
MD5de2ac61fe7207c1b2f304b05fae4e39f
SHA172a4623fde7103eebcff4a55ccb8eb6acf6bbee8
SHA256c8dd69f4f8f07ebe1c73a433bbf08f67e3bef3047c35251a243c3ac78f500647
SHA5124d0be337f5d6f760fef3f79d14ef6835045e12e7eef5cf906a5f73841b01bd59d3171c31f63de34e5b44f791d5912f940fa391d96685532e0baeb7613526f8a8
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\node_modules\language-server\globalTypes.d.luau
Filesize434KB
MD56fb690ee838bebdf6591733bdaf632e5
SHA1658ccef6ada0551d661d78706266ff6ad2797858
SHA256ae99b7b676e4becb10e6a9b77229e99bdd60e5a91d2e6bbb141c85721962313f
SHA5127218ebc8c64a7bbec231989ac7d2221be63f29302f6f16bfc0bd67ed5e9c5ddfcb50ae781f6ef73a3d891a70ca73ecc62bbbe6c5a4a218225b24c0d19c7737ff
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\node_modules\language-server\wave-luau.exe
Filesize3.4MB
MD512fd29fcaf6f6518b8bf9e976928fa38
SHA11f9352e217518eaceefdd041e3f085ffbb93acb0
SHA256d38d6297b4653f30397b7f45964ed99a70c8ab73d60063f68d3380c309e626a4
SHA512b0c5bfb87639585564915f284ecff5af7e6664097ea3d9df6908c08ce09f9f6c31912225620bb7f7cf818efd6a7146280ce37e10ca7fb55bd381b95bb8a2189b
-
C:\Users\Admin\AppData\Local\Temp\nslC6D6.tmp\7z-out\resources\node_modules\language-server\wave.d.luau
Filesize11KB
MD57e477f85c45cfca5731e0e45ca63f8d5
SHA135390d8d2c0dd00e3c60dd6fd7f1727e36874566
SHA256e58e8b24642a8693b1b1ebad703a7efab1cece9a1b12dcf353c4b4432f23062d
SHA512dd3d9b149dffd31ba4e94b9c84ed0fda1fb67f1f7d633900688cc9e4e40c26f55048c1730f205e5c22b5030362683f0abce86033816f1e089c3b67cc3853ca70
-
Filesize
302KB
MD562b9e00c46ed829e06d0c2494aa994af
SHA1988882632b95bb78d80db60e4787c576e48338e4
SHA25622a46de643045805a3e588f9a18ebaa377f9fba3dee46b2d60f3ae300a09cc4e
SHA51203b7c57782923ca3a011fcb85f74e865bb7ff9976c89152758770be3bd3d40684ebd216fe34f0d0050936b536c8bab5eafcaa35fc26e893d30a108e36687876f
-
Filesize
646KB
MD5a62fbbb671bf975ed46b42d9cf437bcd
SHA1408b595b1dc6658533e0db1d35f509ab9ee70525
SHA256a8bd22478c4f85afa836c89d3a7f52c606b17872fbbefce268b499bedede10ae
SHA51287c934670df70afcced0ea5c73449a17ad27d5b6a25cedad9eb61634aaff8a42b713f578e861c2efbc77593793bba240a1495822b69c99a8ecaef64b07b6a62c
-
Filesize
5.2MB
MD5337b0322f328251f01bd0fda8948217f
SHA16e59fb5df7773c8668e8f18755e62b532a9071c3
SHA25611f24457eb9af084eb845780f3fdc1989605766c2749fce6fb003dd988d5ff65
SHA5123540b2f5df1f20b5cbb6e61caa005fe7da5d1cfbe58f639ae0c40f6a4e7a9d8786f3db4691dfee9a001a2a87ac7b0bf39b7f308c14f809874a89f86b18ff8fbc
-
Filesize
106B
MD58642dd3a87e2de6e991fae08458e302b
SHA19c06735c31cec00600fd763a92f8112d085bd12a
SHA25632d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f
-
Filesize
938KB
MD56db4abe9370ef778e93cfc6bd6dbd292
SHA10d7bd9d21524780b6f8904a82c3ce09ae5d03f97
SHA25652bf439424759a84cdcb6d379ed88582a6d6ba58127c44adf1b8379f0e88e5ec
SHA5121ec07916d82d78243d9a144db3e947c95ca92fce1350708484c45fca2f953bb76728889b8d9a02c041849bcf005f998804d7066a90359fa180d94c237d014317
-
Filesize
9KB
MD517309e33b596ba3a5693b4d3e85cf8d7
SHA17d361836cf53df42021c7f2b148aec9458818c01
SHA256996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA5121abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
-
Filesize
100KB
MD5c6a6e03f77c313b267498515488c5740
SHA13d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA5129870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
Filesize
12KB
MD50d7ad4f45dc6f5aa87f606d0331c6901
SHA148df0911f0484cbe2a8cdd5362140b63c41ee457
SHA2563eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
Filesize
3KB
MD51cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA10b9519763be6625bd5abce175dcc59c96d100d4c
SHA2569be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA5127acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
-
Filesize
6KB
MD5ec0504e6b8a11d5aad43b296beeb84b2
SHA191b5ce085130c8c7194d66b2439ec9e1c206497c
SHA2565d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA5123f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
-
Filesize
424KB
MD580e44ce4895304c6a3a831310fbf8cd0
SHA136bd49ae21c460be5753a904b4501f1abca53508
SHA256b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
270B
MD5627fd4a4b90e45ff0a64c8a2f30dc25d
SHA124fa108ff176252c8ad016a0533c9f5d780147d0
SHA256ce7639b91f7ae5ab3981e6ae48c88a11227580f2be0977a35f739e644da386c3
SHA512eed9069e2871bd2578cc1324f5dd17dcada694269149d9899126640829fd4775d6861362ec9541a35ac476d0f886ff679527b4fa4c240c2a636b264afa6a2f88
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize19KB
MD5c3f8d3d0b1efeb1a679bb27d98f8475c
SHA1b3ded810ff07ab6cd1d17d2cb1c67bed7a7e5d0a
SHA256250a565089376d38815ad563540ff4a2fa3c2a9ca88b8612e419826fdde77b4b
SHA512805614ecf4d8bbc71f8977c46ebfb33968faceaafc5e00b662123b54a89c13bc099b82d4648365f6c87ae1831168ac6c99b6de3840e112cbe5aea40cc5b31413
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize19KB
MD57f90e0111aa75ba3d8dc93dc2582eb83
SHA1653d229554b315986ae8c4ece0d65a139a587bcd
SHA2563d2bcaed1021580fc40fe72769dfb9e31b87f4d03f3ceadf5136381c6bf678ac
SHA512af5b6c50875759b7b9ef83c1f6fbaddd26160605b8320b02a3130df4637d3b0786ba63df2a07f7f3cee2855db1c536812e891f57fd50dd6ab25e02d7c13f849e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize19KB
MD5e5f03abd97eeee66d084f478397fdabf
SHA1746fce4b0d7ee604dfd83dd2a701039c1a850e86
SHA256e0b9ea9db06cf9c05a2d53bcf90d0f4557387c2ebfce88351604ba6e60a822d4
SHA512c416e4849e4e7d0aa66572eaaa2799db431e1212ac1d3849015601bc5e8650abc46fe5490f51acc6e8dd2d5a26940a9f6f40a353880124fabea8f40218d6b77c
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize19KB
MD5416db89023482113bc3d6994e5520da2
SHA19f89ada6820ee8bb22bbc7f106b1feb51e55a112
SHA25687a4a7426719a6919a5f13025ca411f2d24eea2d3f94d49cce486792e0581981
SHA512c9a100962c9e6a43441bfcecc2dbfeb14872bcb33035d54f759db19845f250e4a62a3ac281bdde3b6cc5cb5cf19f9253de4c36cc7cda04623b5f12d3f9af94b7
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize18KB
MD5d15d949ef1e688e0df5eaa1ddf8cf78f
SHA12b7e303df64a6ee3c3fbfd82a1c023bb63a9d554
SHA256664c3696e852441dbadd47c2ec422adc47caaf3b0c89fa826b59fbd6cec05d2e
SHA5121a3b6e65c9545aea1937845ea130d8f6f44be195b0e9ccd04c655593ece91c819defcb28c13fd9413c40a8c7e07b57970b1bfdbc4bc5c15d5615d1ac0f4635a5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\AlternateServices.bin
Filesize8KB
MD5ae12ec2961c7ee592d0747322d6f4209
SHA123a2a82a5291c166d7df1cf74d20d5f225b64194
SHA25664bd5a480811afac5d1e042fb63a70578bd412fca728c7ef01a748faa910423d
SHA512000318c17ca2c35f93a823d03db5934dda6e677b1653c170dfb3e83b97f72e1c42e97e3db50b48909a1ca27f720fb66eaf1a9aa78074441af5672e5f2ce60f42
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\SiteSecurityServiceState.bin
Filesize5KB
MD51877f416c41a92b0d87b5e8a3bbbd20d
SHA101233212231687693bfcb687b3b356e30295fadf
SHA2566b9fcc187432e5218527dfa0ade1191dfddf7049ab96162b4278612b06a25b3a
SHA512c1791029ca1ee717209a6246d51916ddbd873d54ac1c4467f0e0bb49a296925c65ad3d9636eeff343e453d0211e2ce1b480dc9722127c6456d6861a8a78c6484
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\db\data.safe.tmp
Filesize3KB
MD52def4f68617326a852cd97a35ac3427a
SHA12bcfa4e530134270e5901f3f29584a44fc6eff56
SHA256c0e2c08a693f9794560c339a07db6175f7de55874e0c178175b581470e74e49c
SHA512846b2ee926cc34283de045dfd5e6f48fcd5d6ee3a7bd67ef1240708fa21d24984c73b1017331d7b21b3d55b20f72c7f5ba933f01febda3c3b31b38f340f60471
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD53c5644efa6c1f8dc157f0597744aafd6
SHA1df83dbcf65beaba73b8e40b2cbbfbb606ef3e324
SHA2568a09ddfef83e6d8778ee1d4632751361eb45575dcc449d465462d0294897dc76
SHA512f69e037ca49edd02daf8b84c721985c14d59f1cb988964151132e5a8fa549c03cf2cefbc0c399558aaab66e0d20dcdc76128e07a9f1748379e8d5ca0dca92743
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5c2e6922cabe39f463a9b923cd2c41d19
SHA19c860a3f145348fdb2eb6c237fa01c60da323820
SHA256760420cadf80452a25397dea9b7f05855e6020e7209d01affa8ffe60aec4fb04
SHA512b1ea77e903632a465fb49cf8811861475b728040f58165a53e759779638ebfdfb66db2b7419e9eb117c2c95adad78ab8fd416a368508596cfbaf836b15079db0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\db\data.safe.tmp
Filesize50KB
MD5460a4d96d18cdba3dce7b8cd55b9aeea
SHA13cfc868a761ffc049b4af038e526fffb54167fb6
SHA256444ee55799dd9ff00a45cb35d8028ad1e6f8350551bce76ddc8e029f96c396bf
SHA512ae927192de8bc32b84c75b70a0ed8004e065196df20d12d1c5eee526efbf12ce2742f622c35c1601423085c12d9679318e41f8a92938e5ffcb5ddb4c2ce7ceae
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\db\data.safe.tmp
Filesize50KB
MD5bbc0fba048c970102c8e3976f5de0b3b
SHA1a4a0318fa6e288aa41e6fc027e8a552096dc1c4f
SHA256ca841133355bdd3c8d56ad01e02fc9c1019186334f447354a077fd3a1cca3611
SHA51268507f5e6329c21e8b48e20b881a60a9ea1998ab16340335d0f03ba127367b63c950ebf0a9b8a1ba25416c86b83b92c4f9c1c5cd0f34d92c349c655004a602fb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\db\data.safe.tmp
Filesize50KB
MD5110aa0b952ef5a7949b782d7eac218a9
SHA12c0b609834c516aa8d807bd1c4dbc22cb2cad6f2
SHA25682bed0906822768f7b14e08e92c92d0f8bca55b22097c1de27a7cf8d392e8e4c
SHA51287cd302ff333639da61944d5ece931cf8d7836f135c0a9171c7cd02f0305c73c0c8c80068bdee141bb89402f48f6cf14b9b1d0441face5d919213ee9fe1bfe28
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\db\data.safe.tmp
Filesize50KB
MD51497a85b4fd9c7ce08220b3196db41bf
SHA16999c9f9db0e7bb367167f2ae2d48ac0f6253ebc
SHA25658d93380221855b10e16612a972bda0863b14d5d8ad5b0828437089c8aabe3c4
SHA5125c0301cbf6d22b07cb7b76e91deecc15163870d6c81f706cfced52f6ebb219c3d0ed5f60484792ea0c3ce2c1c839fc48b421ebb65e4ba0c0078af5ac8a2737a0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\pending_pings\465c103d-707b-4cf4-980f-0154475a8900
Filesize671B
MD5f04f1ecb981a8abb7985a06908edaafe
SHA1495a24fc92306abb4c8b42e0b8922b99471e2e8f
SHA256a38cc1ac54a4ee45ea2360445c326a30964d03166365d3fcfeeb37e670ab67ca
SHA512bafbb365a1cc3f20532d7ae1cbba34dca8b7a9bca9e895e5c2fd1f686b664af24f7774db4a753e83b82dc79a127619a191ec2c228a20dcc0d4e76035c7841139
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\pending_pings\5a63cdbd-7195-4add-b71e-c8754955049c
Filesize26KB
MD54f7731f5d03b3b15962f41e783e7d802
SHA1aa3a3e70e5828c08ffebef152cd827f754a18b93
SHA2569ccb10d0bbf8a9ad3b68a00307b89f42393ec21aaea82570c4f202f54e8cc54b
SHA512d8042d5410f5880de7d306fd9af5eb47cb978c2abff3d7b8c79f4b31d496b6ba4fb32879aab253d3219ddb8747da5cc3f736e7e7be5af3f87c11e3728e83cc59
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\pending_pings\90819fc5-704b-463a-93bc-aa51955d0592
Filesize982B
MD54511b7a6dbe77ddc12e41be9b40f306e
SHA149c244b26e0ee0bcc8948430a2e159674227bb27
SHA25611e211dd8e5d21fe7ce6c9d6db1f76098e92ba8a1882fb8e7e45a4f63e5810d8
SHA512f778ac00cf4fac3175bb59f874ae8b8c3d5ad99d4bfd0c4e2bd6add4d365aad49442a694fd5c1677d379043e41b85ce21e00b969945ac2546dd1df8405cd9173
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\pending_pings\9ce94353-4d94-4982-bc73-41259df2eceb
Filesize2KB
MD55a841c8420a17cfed7e92a054976f434
SHA123c12ad83d07e6a315edda179b583f79a4aedd8a
SHA25690f88f33d36b176aa90bb0ca1750bd5fd99c809e1dfd5ed4b6decd3e357e4299
SHA51249f7b3c8bca944cd49ce17e460a6c780f347a919c7ae6862e5ce698db942bcf179fda818567a9754283dd1b908f508011d936747f375e626fd1f7e0871d8eba1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\pending_pings\babdcdc7-733b-4728-84f1-87312f559c72
Filesize846B
MD59065af6298d9ace330de4ade09981cf4
SHA172d52e081526a835ec767f159b55a0f3e47c2658
SHA2566c86d1097a60516fc980a3e3d4e8258dec81e5aeecf65e9709fbeb3fd9255d8e
SHA512897c4752f7b889e153ae317d7e483a0cf864ed2535cf9aaa090cdc7de2b270520a85f63544ce990d0a2c407784b88fcc89914e1f47663aaf165038a8a1c0ff0b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
12KB
MD52baa379c2478af719a6f66694d880100
SHA1e70c62a186ed5e35b0d08098cfcaa87e0b970609
SHA2564d95f85d0eeb2e67de123f4dbb9a7f0f2b669390748f3d4177e13b6dd4f42dcc
SHA5123a1b2c249b9c41765296bed57273cac4ba33e6e0161efe9b185199d02d557f9eab57da002022d6027a59b4c4c9fa4faf62b946ae9e4d3111d38d2073b3e759b6
-
Filesize
10KB
MD54442d004d5220d6e341a90f6f476074f
SHA11281faecf2e9a5ef0df9e5f98f7b38aa59598b94
SHA256c8c898ab11ea64cacaac4f075863d6453b821706c58e19e93fefd6fe3c7be997
SHA512695ba2b0a86137f35dbd5b9d7cc6e7571d0ba541ddee6d9fbfb70b43193aef81c12e654e8298a27f5bd091870b18966ebe4991b62d92710aed5587b400a051e6
-
Filesize
11KB
MD5e84ac1cbf966fe6087670d8202946ac3
SHA134c19171d1ad2eb063cc60e63ef9b786d4bb87e7
SHA256e1d5c87b870741b3d8d22784c1352aec534918c6fd1d0580e9f3769b0c43abbb
SHA512de645338816d77d655c3178d112541f52fd3900a68b3bb27862c241e7e586b7f135d0bc02e14d8cdeb5e2d32eab3ca7b0b2696251b7fe46ca8ed945ef8cee096
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD5507280d3a47f0c81ee7cf5d36c93fc5e
SHA1f9ecc6a9b322aecc2c53eb317a2099e58d3d66c1
SHA256e8f0ae42f4e8ecf07906ddb97614ea65a1529b6f77348a9872f016692f0757fc
SHA5129cb9c8b6ed9193e3c717e0b3e30914f6ef139ce3756b3623043148a50101755de23dc3966aa38cc9619d23875249e176974fafa2f8c94f20408597afd7a2cc28
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD5e175b7927a083992d103a103657e2879
SHA12ed38789f46d7ba6b28a5c494e8c7c6bf0e48719
SHA2566686a48c6978816b7c3ecc87800e5b9988007e3f6dc3c2a91a088179008bccb0
SHA5120d211251c08522ed031cf14696edf880a39d4e698ec5d7ad8474bb716af8d8ef0e440ee26065c17759ea2864d979f16ad6e91c51417f1b81b22feb8ddcf3cd0e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4
Filesize9KB
MD5364695e67237418f96b05b24207ff223
SHA1df59c058d458131cec783fb299bd9f916b9e0b2b
SHA25610b95392b89dead9959af817da7a779face954a13341630ae0e5cf760e42afbf
SHA5122b6eac6dfd6e9d92d8f9f37ee56942ee4817292693c4698d5345c435a0389eeacd94a06754172b12e78568e2c336fd1590bba2747b7e736a13bba6d89af0f4d9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4
Filesize12KB
MD5afe1d006866b79596131990fb37ba6ae
SHA137281998d30096c26d2c0411939a5a5b4d75dbdc
SHA2565a03454d74a23fed07764959a59497c0f9d7ff1dd83ce066d2abd342b06ceaec
SHA512f39acedb0bf0d7e9d87347c6ccfee81441e397d35e2a7dd1aa8c86e32bfe3346cb701dc506dc1f151d6a2c59f7c25aafed020d241827c62b72f9f7804275ee0d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4
Filesize16KB
MD5b2106fb38c5f007cd31ab53595764ed0
SHA16dbb0a045153c02fd363a76bfa74cdef5d8e5e4a
SHA2565d4e96aaeb0d19ddf0b4c5efb8ef59da31b1d55fa634f030bfe451527c433a1f
SHA512d1b4e61086c7a996debff535b3f66332621ca518c10512edfb8268898c19e8499311fc947d83be31fe87dfacba26505a0c4bfb40fbe2c14ffaa5e3ea4b79a1b4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4
Filesize17KB
MD507904e4dabd392c156a53c126bb048b1
SHA1ac3bec08b77306deb385f2509f9d9452b2e41ec1
SHA25688145d83b5bd7ec910de6ee016ea735e574304342fe6f30e81e273ae2d015bc0
SHA512d0407f4bc77495b565325721727c09882baa8a0af3d39db0a89288a61c99bd90066f97fc84968d4ef17f9c2f64e855839da053d9c85963d82c8eabc29a2c05c6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4
Filesize17KB
MD5da2ad65551aa61d15408b150f0f3bbfe
SHA1d6827bce9a527d0c3ed2c9b1afe4292b7b09f874
SHA25668b48052463c6121d11b91c0ec1cbd7c8db30a801ba161683488754e7ff8e8e0
SHA51204b52eba801f97adf163309a6be3ede1d660fb7e36ba9912860e0c23b020f9eee177ce8156c6425ae28ec31f8a9868c2ce57006eb22ec50fa7223a9efc8c90ca
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD5548b3eedc63e4578917963e0447ede5d
SHA1e93b02eec152006543d8bc509203c7a2ed6ba01d
SHA2561ebf6597805ac3bc6a190383eaf40c820333fa97ce5772f9da19ec1330d23e50
SHA512fa6255f9d8e3c4793b69c99763a058ffe4bc232da2936cc7b293bcc71284922a4e5afcd0094fb2c481b2d2f25ed2031f9365c484d58c00e07d262d9be281325e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD57b0218f341436e4e1221cec001b21555
SHA18ee7dce74e99af4089f50f44b585e1a70fff9957
SHA25695e2dfe7ebd0fdfdaa9685f8ead00bde22c6b3a3c8e4302da378bdd162a90149
SHA512b0dae4b474ecd354ffea0910f3a6e9482d63199f3f5001674e6c38ddd52252a3ebf32e15ae4782203670ba0f63406fcbf1173ec5ebdc99029d0619faa90a026e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4
Filesize14KB
MD57b3fb2d21cb9b3ad29e9b548244a6e22
SHA10337bdabf7e58993aef193e8257c53253b69ed41
SHA256c266dbdcde125b07c0b2dae7d7b1f8fd0833a00a361ef13978b54046427ee8e6
SHA512209ec2dc96329025e2d43c6ac44dbcc00e8adfe02d90e35c6da383d630ae42482a9c6f587b98b1ba0045c0e21b71629b90f3be0ce7508b53b2b0a53a7719538e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4
Filesize16KB
MD5cda3af23d24cd34456718f797e62af80
SHA1f0e7093e208f697a99a7208bd864345b95178307
SHA2566cfe2d11e3577396a0836a4fbefc2e7eaa7089db254a53bb1bbf1497c1112ed9
SHA512046d2400c8bc610eb8c99c750d049ce260910b200125d45e76351d2807edf50890c39047058d93f04dd4d6e1586ec9c2b4b0ec9e6366b7a4cd531b06d597efe2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4
Filesize17KB
MD5d29a1b4939562f22e70f1ee13004985c
SHA18584a5b1e44de3e175deecf6830e1e4157918d52
SHA2560247a6e2a5c20a43d2fd9fd1e025ffa32459c569a67bded8ac30a60601934b43
SHA5120300cc0e456f0b907ee12b51ad91a8a96e74295d4cf3baedc1bdc6947f8639f4e07c1c5913493228c6957482450b8a1c2cef13d4b41e66b5f0e429dffe496d02
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite
Filesize48KB
MD5414e35c702d3fcefb0cc36119b5db323
SHA18719657b4e89543be963ce2a4e08ed93168aeb17
SHA256cbb4d7301bbd6d8034eea9515e342c27d6711a4cb2a640129b255ba3c6b8cf06
SHA5122f19d3894a3d6a287e71fab35e36b59dc1fec2f7aa5c54ba2ff36e2c62e73138545878c65e3443eac5a9a9bf604bcfc9fbb483957da2cca1b7e7ee83404907e6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\storage\default\https+++www.roblox.com\ls\usage
Filesize12B
MD5f01d832f194f865a49587880989b130f
SHA16d3125b119f92b9cada240149ceee319359c2b49
SHA256d0b93c7b0176d5a42fef7df5e941cbd36c0e09603ef96632226d7f80548fd340
SHA512c5e25dbfa3dc239117e912a0cfd6c49e59333443aef918c6a4960e02e8ef98cb5c523dec1c21e222b06d4dbe1225433d00a929f33e1210ab5eaf15376177d280
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\storage\default\https+++www.roblox.com\ls\usage
Filesize12B
MD54ce67ddd80bfebe157a04d2d4d44dfec
SHA1e0ddbcac08a2e3dc6261b9243dcb65c67e85ba36
SHA25640a0e5efda38c0d61a8e693dbb7860ca8520b6571097b025f1fa9217d75fb0f1
SHA512cc258f3b541b75387b3ddda48366ff0fd467d4f85721659bc5c2d7eb241400de896b738ad4e15491697737cd89748907a3154ab177b131d5100b3c644c41451e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\storage\default\https+++www.roblox.com\ls\usage
Filesize12B
MD540ad4f308622dd1c927519006121618c
SHA1aa837cada3c00a64371edf7d1a910a273e672f0f
SHA256b4acd9d0958f7b4aa05db869a837af16d849d8a67b43f61165113f5d6b4b2a49
SHA512ab5e78eb8eb5e59aada9aae5d4bf82ad81bbf33569207bccbb1b6d27cd23c5332185042031aefd2f25a34e749c71657d563271f6f574e00382fd405554e526a2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\storage\default\https+++www.roblox.com\ls\usage
Filesize12B
MD50ee4ece835ca6f109c86b3fff3dc3541
SHA19e0dda0f4adb1fb1198f890cac790bee2554b6e3
SHA25696c9160a7fa51d1ec54523ed3e8f359ea1350e84fb74e30188cdc733e777f8ea
SHA5123df5d60661b2884bbce92062af64cc59780e4ea485bc9d083426a017429a74b68737f6bb2beb56f531a04f196ba4fb1824bf64599696562e4976e51869d7e930
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\storage\default\https+++www.roblox.com\ls\usage
Filesize12B
MD587dd8938d276c7d63a7dc457a94dba78
SHA1366b4d2a3ab801d26e8a1bc5278d52849cefe254
SHA256326a7530959f022e70ff7420a7fdcbfc5300bd61441e61f2fb1c6798fbbc0329
SHA5123cd474ee9bca0fc0cad299db41447877a88176c5c7ce67dddeea76acc9213e507bf0cce051592f59c0764556905131ed182de6e933bfa00483d90ab0a29aa692
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\storage\default\https+++www.roblox.com\ls\usage
Filesize12B
MD5049751d061f330621648e997978ed0f3
SHA139d4e08f171d355c6a2c26e8cae5505c6efc2c70
SHA256942ed6989df87271d9cefb2a0149e76f52d69740b3bfb9bd0c18cc6ad3b3a117
SHA5125cd26bead514eb55873f97d4199ab56e45af29526b8d2b1cef97e7800dbd4197100b237f4bfa5cbedf34da526cba0b631224586c9d27b269bcdc166f62d0e786
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\storage\default\https+++www.roblox.com\ls\usage
Filesize12B
MD540368aec528c26008566f17f175084c9
SHA1759788cdb1cff3771c98897369be5d96edb53ace
SHA256ee3a88df541096a37cf445fab8ff35242b8417059e27d10b797d9b136ed2c67a
SHA5123a55685ba268d7bba31ea14aac51fdef6cf31eb9392ec9a983e36023cfcef9f0a6a5509053e6002f7488555d402513f780c44d034e97e1f4d033ed06822b0e00
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\storage\default\https+++www.roblox.com\ls\usage
Filesize12B
MD54c039d95107089b1c9150ab8bb454757
SHA114bc633b44072467d0c42d305a405750a43579ff
SHA25612e14601db8eb47cb62bc023e2003eb61c0bd05bb0e5eb7cff58630f69ad1265
SHA512cdbf0ed1f169885f62c342a255e5dc077a3f82784efa1bc96cf00561956eafa6b2d79daaec122b1b8fe57986adb2f09e74cf054540d0cfcb0887feff5562caa2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\storage\default\https+++www.roblox.com\ls\usage
Filesize12B
MD523b3ac50d55d17e0b3af546d406217ce
SHA1208408a4c97da3ae3df1ee481f3cebed890477f3
SHA256864ad9e785567a78787c4cc00930cbd5486583ddd0f7beb5561ce253aea3c1d1
SHA5126b064784a9dd641786786e38726cda5ffefbc7261362b11ff67b1a0833fc5819b6c54fff1340f0df0f9998fc0aefcf77adb34c56144cef872a37002212bdc74c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize624KB
MD5c66f8608b78ca3683cb1e080ef4a0e4d
SHA124e1872d2eaafb72208831c379c364bd173ef8d1
SHA2565424c90af2e07228d9df1760b440de3877c9b96b37c3528e132f9b2735f565bc
SHA5122283fd381b93203ce96172889a28652160c5be733a269c2dc57e288b93b4252d324d7035448c7cb735a20de36a9e33a9f2eff043b51f66ffef247afd83cc8443
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
4.0MB
MD5d6088b2edf56743e3ccc3fe1cf8041fd
SHA1ea9d5b358c0f906c62ebcdf5090713b7e054bc92
SHA256e4bca035cc1baf5cb156cc19a4592581a3fd1274088b5fc5de122d5aa28ab24b
SHA512f1118c158074b9b4816a1b8cce99ef3f54c5c08ef37ca1ef3375f7bb03566d6041d82e86ea47937054d13f7869621861c9e6bbaaed17b740296b6495582c6d69
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5ee10b42d8e5806141002744ddd8e28d4
SHA16390d0a9702915bc97046ac0de8bbdb114e1c31f
SHA25608cd6a3e0e1b1c27992406f39d8663144110cdedba92fe318a5eede2492f3397
SHA512bef218441713a84ec5210e0fd8581b82e050c3ae2e948091f91c0d8316e8c97325e5b2b63db73cd2f83310dc6943eeba69a583612ad6e55ed9217d9326a037c5
-
Filesize
44KB
MD59759e87fdbd4899ddeaf0223b7a57f63
SHA15a835011119822d0b7f1012158d314c2088859be
SHA256b4e6ddd595798c65b31a675bd95962390eb96a3ae37abdc69536c7377efac614
SHA51245aa0cd9361a40bc69e56e5f421fa5de7d47b3955070ea98e19a5496c5a765808e666c41862207e0a7adf7b1d80ec59959450f49c95eaea9fc609d429998f7e9
-
Filesize
264KB
MD597a0ad0be7730bb0ce308ee6056cdefe
SHA117121a670db511d56dd9b0cb4fdd9b1587716d37
SHA25685deefca92dc8d6d1691745615645f3fc52f42039a2b7562e84c9c0555ddf9af
SHA512d72e99ba313d569e384d1af1af8a71be4a3ac9c1fceb5e68e2fe73fb32f06166493bab76c807f0da2d7a87179024465a797ebffb343304308afbe7ec4877445b
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
466B
MD551c8e7610c7be9a7020e669a7ec6f34e
SHA1ad664b56479e26f887c712840c5333dcb7560ca1
SHA256e302477951a3e9733f97f9152fc41a7b431977c4e75d24abc7929181b819901b
SHA512c52d0194b15653b930a78933ef99e821c6314d73a98aa7325d9b20f77057042bfe55b4c8575c89f1a18325aa0ad0a28d419f581e73b7e2210c516d8ee07c32cb
-
Filesize
466B
MD534ab4d0858ca0005a723ef40f14022f4
SHA1410f87a37383cf0178590958b0453b5abea06ff4
SHA2560dfaee4e487957bb32b7effe98a11bd86cfb60e043d6eecf8cb7251b04975e92
SHA51252ddc60c554c16679315fcad7f107fed5a21ac83c771f8804c592ac8ec3206cdc24dd4574387a23bcf37ff682856548ad66fac41ba48e4ed3269d6b1281175b1
-
Filesize
466B
MD599f93e950e036fee896c06ea03d468ed
SHA156ffeea1d416e21585c9937d0c303e65b1cdb506
SHA25617b103347abf4b91d76d22ec4f9ba4aaf0c0da779ed1451aa9b21a6c41f92aa1
SHA512c6b9660a914302057e42777441515f52b035a9224798ea45b53b38a434e2e1ac7f583c3db60a918a849a4dbb85afe3168554cfd861ee677da50de53c12b238ed
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
356B
MD5efcb2694f8d97cd5d029ef14e96cdca9
SHA1e23f168c699e69683fd720b11a0282ee6c69a6ca
SHA256c2254986eb838601bdd7f2b0fc4e28577f769ac38a555cdea38c1e078339edf8
SHA512ac58e9be9d2b7774e52d614add078c4505861dfd274a01df55e1d556d7a8c491962d92593594f24e5e011cd6c75f544e11bb533eecb2e613cf43e0c4b2772d0d
-
Filesize
356B
MD5969ce927e86ff72868f2161305fd6c39
SHA1f88a8e8ecde8ff8b45ef7ea0cef05bddc989eff8
SHA256869283da8f7e68391e17a0cff44a7b520654f85d132ee040ee129a11b50206a4
SHA512b0ff357d6d98dfdd23d1973339918b5d2ab15a0dc617e2d4b9f102cec4c6a0cb3a1d7faa1f0c159fb64a3d5ddffd8da037e1b9331f3ffe68f0fda4e8b6acef78
-
Filesize
356B
MD54f1b7f4f6eb8e4c78eee1d17532dd8c1
SHA198a396e134d1a05472c879175e9cad3d7fb1b203
SHA2561266599d084420be36ae79724b4fe4dc69d833faf0f2c47fed5f80c9a5dbcc7f
SHA5126a30973d96fe60483cc49731b6337298d67c447b9684036062473ec30ee7145752932220da03a7642d08f29c89d4eb56ed20e3f45aa37e3add21ecbb2d399885
-
Filesize
188B
MD5ed9383006db3b73bfd872499f76b3311
SHA1e697dcf9d675a49d28947ca4d8135cc270075d5a
SHA2569f485061633cc452b17282d7214c1e859841bd5b9d18bb36f2deaff5f58ab04b
SHA512b09bd2ee942c38b5f9ed1512ba58d9f7623cd4eccb95c3768f370124adb275caaaece6635b9187604e2f81ef310f1c3ca76b9485a4a3854b58f274571c7f8936
-
Filesize
57B
MD558127c59cb9e1da127904c341d15372b
SHA162445484661d8036ce9788baeaba31d204e9a5fc
SHA256be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA5128d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a
-
Filesize
86B
MD5d11dedf80b85d8d9be3fec6bb292f64b
SHA1aab8783454819cd66ddf7871e887abdba138aef3
SHA2568029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA5126b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
7.2MB
MD5a1c0810b143c7d1197657b43f600ba6b
SHA1b4aa66f5cdd4efc83d0478022d4454084d4bab1d
SHA25630f233f41ec825806609fb60d87c8cb92a512b10f7e91cdbb4bf32cee18217ae
SHA5128f45702da43526c04b957f571450a2b53f122b840fa6118a446972bc824c8ee7acd6e197177b54236ce7f428fb73a7cbe4ed18d643c625c9f156463d51ee038a
-
Filesize
2KB
MD528d50a4ac01afa580d253da87ea6e0dd
SHA12f20c812afbb26b6b20bde44a537356650a95bc4
SHA256ed38cdda2f0ad41fd79eb9c887ff1d3e8407ee3456d2e2ceac07e66b5bc2967c
SHA51298196e407ec2ad2a64b8583e9ef4e11e72cd4b6c83c5eb510caa48864d1345a3d713b366f1ce3b1fce31c0d982593233cc273c1970e31cb2ea86e27f56b9fffb
-
Filesize
280B
MD55c01fcb726a58e956f73ffd6de7af589
SHA138bbd6c30ada0a9516ef33e2b4933096ea12eca9
SHA2566c8025a462637df1fc92930174a18057ece6fc3b782fb5830dcb98bc4a7139b4
SHA512c33ec9c1b1755f966727fab2e517d1af072aae7afaa70a365365d470dc3079703e466fe77e160fc7b8737ae312bd2cdd5195ac38b1cd68257ce28087dd68a382