hxxps://getwave[.]gg/

Analysis

max time kernel
1799s
max time network
1801s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
28-06-2024 20:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getwave.gg/

Score

8^/10

adware discovery evasion persistence privilege_escalation stealer trojan

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\126.0.2592.68\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 42 IoCs

Processes:

RobloxPlayerInstaller.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_126.0.2592.81.exesetup.exesetup.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateSetup_X86_1.3.187.41.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeBGAUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_126.0.2592.68.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exeMicrosoftEdgeUpdate.exe

pid	process
3400	RobloxPlayerInstaller.exe
1844	MicrosoftEdgeWebview2Setup.exe
444	MicrosoftEdgeUpdate.exe
2348	MicrosoftEdgeUpdate.exe
2672	MicrosoftEdgeUpdate.exe
2920	MicrosoftEdgeUpdateComRegisterShell64.exe
1076	MicrosoftEdgeUpdateComRegisterShell64.exe
3692	MicrosoftEdgeUpdateComRegisterShell64.exe
1776	MicrosoftEdgeUpdate.exe
2392	MicrosoftEdgeUpdate.exe
4616	MicrosoftEdgeUpdate.exe
3356	MicrosoftEdgeUpdate.exe
1652	MicrosoftEdge_X64_126.0.2592.81.exe
4868	setup.exe
3860	setup.exe
4244	MicrosoftEdgeUpdate.exe
3532	RobloxPlayerBeta.exe
5824	MicrosoftEdgeUpdate.exe
2336	MicrosoftEdgeUpdate.exe
5696	MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
4904	MicrosoftEdgeUpdate.exe
5980	MicrosoftEdgeUpdate.exe
724	MicrosoftEdgeUpdate.exe
5396	MicrosoftEdgeUpdate.exe
5440	MicrosoftEdgeUpdateComRegisterShell64.exe
5404	MicrosoftEdgeUpdateComRegisterShell64.exe
3512	MicrosoftEdgeUpdateComRegisterShell64.exe
3916	MicrosoftEdgeUpdate.exe
2856	MicrosoftEdgeUpdate.exe
5320	MicrosoftEdgeUpdate.exe
5744	MicrosoftEdgeUpdate.exe
5980	BGAUpdate.exe
5960	MicrosoftEdgeUpdate.exe
5636	MicrosoftEdgeUpdate.exe
3260	MicrosoftEdge_X64_126.0.2592.68.exe
2768	setup.exe
880	setup.exe
4244	setup.exe
2696	setup.exe
3344	setup.exe
5744	setup.exe
5172	MicrosoftEdgeUpdate.exe

Loads dropped DLL 41 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

pid	process
444	MicrosoftEdgeUpdate.exe
2348	MicrosoftEdgeUpdate.exe
2672	MicrosoftEdgeUpdate.exe
2920	MicrosoftEdgeUpdateComRegisterShell64.exe
2672	MicrosoftEdgeUpdate.exe
1076	MicrosoftEdgeUpdateComRegisterShell64.exe
2672	MicrosoftEdgeUpdate.exe
3692	MicrosoftEdgeUpdateComRegisterShell64.exe
2672	MicrosoftEdgeUpdate.exe
1776	MicrosoftEdgeUpdate.exe
2392	MicrosoftEdgeUpdate.exe
4616	MicrosoftEdgeUpdate.exe
4616	MicrosoftEdgeUpdate.exe
2392	MicrosoftEdgeUpdate.exe
3356	MicrosoftEdgeUpdate.exe
4244	MicrosoftEdgeUpdate.exe
3532	RobloxPlayerBeta.exe
5824	MicrosoftEdgeUpdate.exe
2336	MicrosoftEdgeUpdate.exe
2336	MicrosoftEdgeUpdate.exe
5824	MicrosoftEdgeUpdate.exe
4904	MicrosoftEdgeUpdate.exe
5980	MicrosoftEdgeUpdate.exe
724	MicrosoftEdgeUpdate.exe
5396	MicrosoftEdgeUpdate.exe
5440	MicrosoftEdgeUpdateComRegisterShell64.exe
5396	MicrosoftEdgeUpdate.exe
5404	MicrosoftEdgeUpdateComRegisterShell64.exe
5396	MicrosoftEdgeUpdate.exe
3512	MicrosoftEdgeUpdateComRegisterShell64.exe
5396	MicrosoftEdgeUpdate.exe
3916	MicrosoftEdgeUpdate.exe
2856	MicrosoftEdgeUpdate.exe
5320	MicrosoftEdgeUpdate.exe
5320	MicrosoftEdgeUpdate.exe
2856	MicrosoftEdgeUpdate.exe
5744	MicrosoftEdgeUpdate.exe
5960	MicrosoftEdgeUpdate.exe
5636	MicrosoftEdgeUpdate.exe
5636	MicrosoftEdgeUpdate.exe
5172	MicrosoftEdgeUpdate.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

BGAUpdate.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=1BF837A35F08466C881F55D92FC8A706"	BGAUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

RobloxPlayerInstaller.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerInstaller.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

setup.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe

Checks system information in the registry 2 TTPs 28 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 3 IoCs

Processes:

chrome.exesetup.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk	setup.exe

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes:

RobloxPlayerBeta.exe

pid process

3532 RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 21 IoCs

Processes:

RobloxPlayerBeta.exe

pid	process
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerInstaller.exesetup.exesetup.exeMicrosoftEdgeWebview2Setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerDark\Muted.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\ArrowExpanded.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\TerrainTools\mtrl_water_2022.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\identity_proxy\win10\identity_helper.Sparse.Internal.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\Locales\tt.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\button_control_reverseplay.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\img_eventMarker_min.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\button_control_previous.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\R15Migrator\Icon_Error.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\TerrainEditor\volcano.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\shimmer_lightTheme.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\VisualElements\LogoBeta.png	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\configs\DateTimeLocaleConfigs\en-ca.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\DenkOne-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\SelfView\SelfView_icon_indicator_off.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\AvatarContextMenu_Arrow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\XboxController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\vi.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\shaders\shaders_glsl3.pack	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\Debugger\Step-Out.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\New\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerNew\Unmuted20.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\sq.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\particles\explosion_color.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\Trust Protection Lists\Sigma\Cryptomining	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Locales\ml.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Locales\zh-CN.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\advClosed-hand-anchored.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\Banners\MonsterCat.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\Locales\ca-Es-VALENCIA.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\9SliceEditor\Dragger2Left.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AvatarImporter\button_avatarType_border.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\Locales\pa.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Trust Protection Lists\Sigma\Social	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\identity_proxy\win10\identity_helper.Sparse.Canary.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\EdgeUpdate.dat	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\webview2_integration.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\msedge.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Trust Protection Lists\Sigma\Entities	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\profilemask_36.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\icons\ic-more-catalog.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\concrt140.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\Locales\fi.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\wns_push_client.dll	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\Kalam-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChatV2\common_search.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\DeveloperFramework\StudioTheme\clear_hover.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\RoactStudioWidgets\button_checkbox_square.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_fr.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\identity_proxy\stable.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\ViewSelector\Corner.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AvatarEditorImages\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\PlayStationController\PS5\ButtonOptions.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\identity_proxy\win10\identity_helper.Sparse.Beta.msix	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\fonts\families\HighwayGothic.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioSharedUI\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe

Drops file in Windows directory 27 IoCs

Processes:

setup.exesetup.exesetup.exesetup.exesetup.exesetup.exesetup.exechrome.exesetup.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exeRobloxPlayerInstaller.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

Processes:

setup.exeRobloxPlayerInstaller.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge\WarnOnOpen = "0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\126.0.2592.68\\BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\126.0.2592.68\\BHO"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exesetup.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\ = "Microsoft Edge Update Process Launcher Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82CCB536-D2EE-4F19-9067-40531F08D1D4}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods\ = "27"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\MSEdgeMHT	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\DisplayName = "PDF Preview Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods\ = "41"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\""	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\MSEdgeHTM	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.187.41\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle"	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}"	MicrosoftEdgeUpdateComRegisterShell64.exe

NTFS ADS 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 25347.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 50 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeRobloxPlayerInstaller.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exechrome.exeMicrosoftEdgeUpdate.exechrome.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exesetup.exeMicrosoftEdgeUpdate.exe

pid	process
4064	msedge.exe
4064	msedge.exe
3008	msedge.exe
3008	msedge.exe
4788	identity_helper.exe
4788	identity_helper.exe
1520	msedge.exe
1520	msedge.exe
2640	msedge.exe
2640	msedge.exe
440	msedge.exe
2336	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1724	msedge.exe
1724	msedge.exe
3400	RobloxPlayerInstaller.exe
3400	RobloxPlayerInstaller.exe
444	MicrosoftEdgeUpdate.exe
444	MicrosoftEdgeUpdate.exe
444	MicrosoftEdgeUpdate.exe
444	MicrosoftEdgeUpdate.exe
444	MicrosoftEdgeUpdate.exe
444	MicrosoftEdgeUpdate.exe
3532	RobloxPlayerBeta.exe
3532	RobloxPlayerBeta.exe
3796	chrome.exe
3796	chrome.exe
5824	MicrosoftEdgeUpdate.exe
5824	MicrosoftEdgeUpdate.exe
5824	MicrosoftEdgeUpdate.exe
5824	MicrosoftEdgeUpdate.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
2336	MicrosoftEdgeUpdate.exe
2336	MicrosoftEdgeUpdate.exe
5980	MicrosoftEdgeUpdate.exe
5980	MicrosoftEdgeUpdate.exe
2856	MicrosoftEdgeUpdate.exe
2856	MicrosoftEdgeUpdate.exe
2856	MicrosoftEdgeUpdate.exe
2856	MicrosoftEdgeUpdate.exe
2768	setup.exe
2768	setup.exe
5636	MicrosoftEdgeUpdate.exe
5636	MicrosoftEdgeUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

Processes:

msedge.exechrome.exe

pid	process
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

MicrosoftEdgeUpdate.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	444	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	444	MicrosoftEdgeUpdate.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe
Token: SeShutdownPrivilege	3796	chrome.exe
Token: SeCreatePagefilePrivilege	3796	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

Processes:

msedge.exechrome.exe

pid	process
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe
3796	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

3660 MiniSearchHost.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

RobloxPlayerBeta.exe

pid process

3532 RobloxPlayerBeta.exe

pid	process
3660	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3008 wrote to memory of 460	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 460	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1532	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 4064	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 4064	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 2928	3008	msedge.exe	msedge.exe

System policy modification 1 TTPs 4 IoCs

evasion

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getwave.gg/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8771a3cb8,0x7ff8771a3cc8,0x7ff8771a3cd8
2⤵
PID:460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
2⤵
PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
2⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
2⤵
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
2⤵
PID:1396

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
2⤵
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
2⤵
PID:2684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
2⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5148 /prefetch:8
2⤵
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5136 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
2⤵
PID:4816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
2⤵
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
2⤵
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
2⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
2⤵
PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
2⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
2⤵
PID:2004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
2⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
2⤵
PID:4872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6504 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
2⤵
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
2⤵
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
2⤵
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3584 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
2⤵
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
2⤵
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
2⤵
PID:1172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5720 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
2⤵
PID:2676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7512 /prefetch:8
2⤵
PID:752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1724

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:3400

C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1844

C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
4⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:444

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2348

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2672

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2920

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:1076

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3692

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEVFMDZDRDQtQjI0Mi00NUEyLUI4QjYtMDZBNTk5ODU3MEM1fSIgdXNlcmlkPSJ7NTMzMUYxRDAtOTczQi00QjhELUI4ODMtM0VEMzIzQzgyNTIzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0QjI5NUM3Qi04RDNBLTQ4N0QtQjBFMi1CQjAwNTIwOEQzMkF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYyNTIwMTE0OTciIGluc3RhbGxfdGltZV9tcz0iNzQ0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1776

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{4EE06CD4-B242-45A2-B8B6-06A5998570C5}" /silent
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2392

C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" -app -isInstallerLaunch
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1864,2814820288390139354,4513832129890498604,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3300 /prefetch:8
2⤵
PID:5612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1512

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:4616

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEVFMDZDRDQtQjI0Mi00NUEyLUI4QjYtMDZBNTk5ODU3MEM1fSIgdXNlcmlkPSJ7NTMzMUYxRDAtOTczQi00QjhELUI4ODMtM0VEMzIzQzgyNTIzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswNDI0NEE1Mi1CRUVCLTQ0NkEtOUIxQS0wMzYxRjRBQUFCOEZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEwNiIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTA2IiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjI1NjMxMTM4OSIvPjwvYXBwPjwvcmVxdWVzdD4
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:3356

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BFCB3A9-1D50-4925-9075-422504B18F54}\MicrosoftEdge_X64_126.0.2592.81.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BFCB3A9-1D50-4925-9075-422504B18F54}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
2⤵
- Executes dropped EXE
PID:1652

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BFCB3A9-1D50-4925-9075-422504B18F54}\EDGEMITMP_FCA87.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BFCB3A9-1D50-4925-9075-422504B18F54}\EDGEMITMP_FCA87.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BFCB3A9-1D50-4925-9075-422504B18F54}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
PID:4868

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BFCB3A9-1D50-4925-9075-422504B18F54}\EDGEMITMP_FCA87.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BFCB3A9-1D50-4925-9075-422504B18F54}\EDGEMITMP_FCA87.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8BFCB3A9-1D50-4925-9075-422504B18F54}\EDGEMITMP_FCA87.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7c1e3aa40,0x7ff7c1e3aa4c,0x7ff7c1e3aa58
4⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3860

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEVFMDZDRDQtQjI0Mi00NUEyLUI4QjYtMDZBNTk5ODU3MEM1fSIgdXNlcmlkPSJ7NTMzMUYxRDAtOTczQi00QjhELUI4ODMtM0VEMzIzQzgyNTIzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3MjAzQ0Q0RS1CMTA0LTQ3NEQtQTdBOS02RjdDQkIyRDYyMTh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjYuMC4yNTkyLjgxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MjYxNjQxNDAxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjI2MTc3MTYzOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY3NDA0OTE5MDQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzExMTBiZjYzLWM2Y2UtNDcxNC05NjliLWIzMDI4YjQ0MWM0Nz9QMT0xNzIwMjExNDE4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVFBTVNNMno5UVMwWGlKUDlyVzU1MzRyMnFNMnZBeHQlMmJiWEJ6cWdPciUyZloyeW41cE1PaHBaNExBTllKVGJ1V29aWk1ZQUJGM0FMUVAwZ0YyM1hhQlRQQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MzA4MjE2OCIgdG90YWw9IjE3MzA4MjE2OCIgZG93bmxvYWRfdGltZV9tcz0iNDEwMjYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NzQwNTkxNzk5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjc1NDMwMTc2NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzE5Mjk1MTY5NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjI3MCIgZG93bmxvYWRfdGltZV9tcz0iNDc4NjIiIGRvd25sb2FkZWQ9IjE3MzA4MjE2OCIgdG90YWw9IjE3MzA4MjE2OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDM4NjMiLz48L2FwcD48L3JlcXVlc3Q-
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:4244

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:4824

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:3796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86358cc40,0x7ff86358cc4c,0x7ff86358cc58
2⤵
PID:2904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1800 /prefetch:2
2⤵
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2116 /prefetch:3
2⤵
PID:1108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2172 /prefetch:8
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4476 /prefetch:1
2⤵
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4360 /prefetch:8
2⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4740 /prefetch:8
2⤵
PID:5132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4660,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3580 /prefetch:8
2⤵
PID:5304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4788 /prefetch:8
2⤵
PID:5372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4588,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4920 /prefetch:1
2⤵
PID:5688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4644,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:5788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4364,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4336 /prefetch:1
2⤵
PID:6072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4272,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5000 /prefetch:1
2⤵
PID:5772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4880,i,12629724374944241093,13935398249426808737,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4940 /prefetch:8
2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1148

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5456

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5824

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:2336

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1030F806-F4F5-4ED5-8916-88C411CD6C90}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{1030F806-F4F5-4ED5-8916-88C411CD6C90}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{6A668421-A8F9-458F-8774-B4BD6B531D84}"
2⤵
- Executes dropped EXE
PID:5696

C:\Program Files (x86)\Microsoft\Temp\EUEE41.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUEE41.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{6A668421-A8F9-458F-8774-B4BD6B531D84}"
3⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
PID:5980

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:724

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5396

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5440

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5404

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3512

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkE2Njg0MjEtQThGOS00NThGLTg3NzQtQjRCRDZCNTMxRDg0fSIgdXNlcmlkPSJ7NTMzMUYxRDAtOTczQi00QjhELUI4ODMtM0VEMzIzQzgyNTIzfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7M0I0MzBCNzktQTAyNi00MjU1LTlDRTUtNkMwRkRBNEVCRTdEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODcuNDEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTk2MDY2MTYiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMTQzNTcyNjgxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:3916

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkE2Njg0MjEtQThGOS00NThGLTg3NzQtQjRCRDZCNTMxRDg0fSIgdXNlcmlkPSJ7NTMzMUYxRDAtOTczQi00QjhELUI4ODMtM0VEMzIzQzgyNTIzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyNzg1MDQzNi04OEVCLTQ2NTMtQTUxNS1CNUVGOEM0QjVEQ0F9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4Ny40MSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk3Njk1MTAzNzUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTc2OTUxMDM3NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAxMjkwNDE1MTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy80YWQ5Y2I2ZS04MjQ1LTRlNDctYjI5OC0xZmY0YjA0MjU2ZTE_UDE9MTcyMDIxMTc2OSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1pMEFmR1plWDFWd0cwcjM2UDVic2p4NDRMNWVTZGJhdWxDTW9oWFNubjclMmJ0Tlprajc2Tm0wUlRmZURBdFF5TG5tUTBsJTJmc3BleEVPcExtVkJhaHE1WEElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDEyOTA0MTUxOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNGFkOWNiNmUtODI0NS00ZTQ3LWIyOTgtMWZmNGIwNDI1NmUxP1AxPTE3MjAyMTE3NjkmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9aTBBZkdaZVgxVndHMHIzNlA1YnNqeDQ0TDVlU2RiYXVsQ01vaFhTbm43JTJidE5aa2o3Nk5tMFJUZmVEQXRReUxubVEwbCUyZnNwZXhFT3BMbVZCYWhxNVhBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTYzNDM3NiIgdG90YWw9IjE2MzQzNzYiIGRvd25sb2FkX3RpbWVfbXM9IjMxNjQxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMTI5MTk3Nzk4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMTM0MzU0MTkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2NDA4MDA0MDgyNDk3MTAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNi4wLjI1OTIuODEiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9IntBQ0E4MTUwRS1FMjNCLTRDRjAtQUJFMy1CMTMzOUFENjlGNDh9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:4904

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2856

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:5320

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzlGN0I1OUQtMzhFMy00MkVFLUIyQTEtQzE1QjdFOTcyMTU1fSIgdXNlcmlkPSJ7NTMzMUYxRDAtOTczQi00QjhELUI4ODMtM0VEMzIzQzgyNTIzfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OUEzM0QwQzUtNzJBRS00QTVBLThCNjItODVFNzkwMTYzNUVCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMDYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjcwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTM1MTk4ODMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1Nzk5MjU3OTg5NDU2ODkiIGZpcnN0X2ZyZV9zZWVuX3RpbWU9IjEzMzY0MDgwMDc2MTc3MDQ0NiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIzMTExODkiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMTQ0NjY2NjMzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:5744

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A7BF8344-58EA-49A8-9DCF-6610F1C29AE9}\BGAUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A7BF8344-58EA-49A8-9DCF-6610F1C29AE9}\BGAUpdate.exe" --edgeupdate-client --system-level
2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:5980

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzlGN0I1OUQtMzhFMy00MkVFLUIyQTEtQzE1QjdFOTcyMTU1fSIgdXNlcmlkPSJ7NTMzMUYxRDAtOTczQi00QjhELUI4ODMtM0VEMzIzQzgyNTIzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0RDU4NkYyNy1CMEYzLTQ4NTYtQkFEQS1BQUE3REY5NDNCQjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9InsxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDB9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIyLjAuMC4zNCIgbGFuZz0iIiBicmFuZD0iRVVGSSIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMTU1OTE2NDg0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMxNTYwNzI4OTkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2MzIwMTAyODAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81ZjE5NTYxMi0zODRhLTQ4ZWEtODQwOC1iNGVkZTlkYzU2YmI_UDE9MTcyMDIxMjEwOCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1CUkdmS1Bqbk1XakJmVkdhQ2FtWmttRVRhZjVlOTl4VUZvREFLSkFjamNjVzJhY0FJTHA1TXRQT0hGMzd3SGVCZmM2a05aa0p4JTJmZjFqeXdDSmN0VnNRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjE1Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2MzIwMTAyODAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzVmMTk1NjEyLTM4NGEtNDhlYS04NDA4LWI0ZWRlOWRjNTZiYj9QMT0xNzIwMjEyMTA4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUJSR2ZLUGpuTVdqQmZWR2FDYW1aa21FVGFmNWU5OXhVRm9EQUtKQWNqY2NXMmFjQUlMcDVNdFBPSEYzN3dIZUJmYzZrTlprSnglMmZmMWp5d0NKY3RWc1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxODA0NDQ0OCIgdG90YWw9IjE4MDQ0NDQ4IiBkb3dubG9hZF90aW1lX21zPSI0MzE4NyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNjMyMTY2NTUyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2MzgyNjA0ODEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzY0MDEzNTM0OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjYwOSIgZG93bmxvYWRfdGltZV9tcz0iNDc2MDkiIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjE4NyIvPjwvYXBwPjwvcmVxdWVzdD4
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:5960

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:5636

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{91234074-2A30-454A-86F5-B9D75415C132}\MicrosoftEdge_X64_126.0.2592.68.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{91234074-2A30-454A-86F5-B9D75415C132}\MicrosoftEdge_X64_126.0.2592.68.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
2⤵
- Executes dropped EXE
PID:3260

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{91234074-2A30-454A-86F5-B9D75415C132}\EDGEMITMP_FA237.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{91234074-2A30-454A-86F5-B9D75415C132}\EDGEMITMP_FA237.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{91234074-2A30-454A-86F5-B9D75415C132}\MicrosoftEdge_X64_126.0.2592.68.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- System policy modification
PID:2768

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{91234074-2A30-454A-86F5-B9D75415C132}\EDGEMITMP_FA237.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{91234074-2A30-454A-86F5-B9D75415C132}\EDGEMITMP_FA237.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{91234074-2A30-454A-86F5-B9D75415C132}\EDGEMITMP_FA237.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.68 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7b15faa40,0x7ff7b15faa4c,0x7ff7b15faa58
4⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:880

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{91234074-2A30-454A-86F5-B9D75415C132}\EDGEMITMP_FA237.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{91234074-2A30-454A-86F5-B9D75415C132}\EDGEMITMP_FA237.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4244

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{91234074-2A30-454A-86F5-B9D75415C132}\EDGEMITMP_FA237.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{91234074-2A30-454A-86F5-B9D75415C132}\EDGEMITMP_FA237.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{91234074-2A30-454A-86F5-B9D75415C132}\EDGEMITMP_FA237.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.68 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7b15faa40,0x7ff7b15faa4c,0x7ff7b15faa58
5⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2696

C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
4⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.68\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.68 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff60a15aa40,0x7ff60a15aa4c,0x7ff60a15aa58
5⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:5744

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDE2QzgwMUItMTE3NC00OEQyLUI4MkQtQ0ExRURENzM4MEZDfSIgdXNlcmlkPSJ7NTMzMUYxRDAtOTczQi00QjhELUI4ODMtM0VEMzIzQzgyNTIzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0NEMwQ0VDQi1CNTJDLTQ2QTItODRGNC0yNTQ2QTkwOTRDODN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtoVmZEak1kRkc2RmdLczBOejZlbXJZQ1NnNlRRdkRQb21vbFJheVFYQks0PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTg3LjQxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9IklzT25JbnRlcnZhbENvbW1hbmRzQWxsb3dlZD0tdGFyZ2V0X2RldjtQcm9kdWN0c1RvUmVnaXN0ZXI9JTdCMUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwJTdEIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjEyIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2Mzg4IiBwaW5nX2ZyZXNobmVzcz0iezAyNENFMzZDLTAwNDAtNENCRS04OEI5LTA5Rjk0MDU2MzE3M30iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIxMjYuMC4yNTkyLjY4IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2NDA4MDA0MDgyNDk3MTAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNzc2ODU0MDkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNzc2ODU0MDkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDMyODI2MDQzMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2FjNmY2MTFiLWVlYjctNGE0Mi1hNmQ0LThjZDcxNDI5NmExMT9QMT0xNzIwMjEyMTcwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUlHM2ZyUWVTV0lPeWhpOUR6Z1BZSlZOSUtNMlk1UFRzY0ZuNklkeWFPNjJkeVdrODVSU1FJc3VBTHE2UHFXOWY1eGNZV0Z5VkFtNkV1WVJFSG8lMmIzWnclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDMyODQxNjU5NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYWM2ZjYxMWItZWViNy00YTQyLWE2ZDQtOGNkNzE0Mjk2YTExP1AxPTE3MjAyMTIxNzAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SUczZnJRZVNXSU95aGk5RHpnUFlKVk5JS00yWTVQVHNjRm42SWR5YU82MmR5V2s4NVJTUUlzdUFMcTZQcVc5ZjV4Y1lXRnlWQW02RXVZUkVIbyUyYjNadyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3Mjk1NzI0MCIgdG90YWw9IjE3Mjk1NzI0MCIgZG93bmxvYWRfdGltZV9tcz0iNTMxNDAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQzMjkzNTQ0MTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQzNDI5NDgyMDEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0Nzc4NTczMDY2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNjI1IiBkb3dubG9hZF90aW1lX21zPSI1NTE3MiIgZG93bmxvYWRlZD0iMTcyOTU3MjQwIiB0b3RhbD0iMTcyOTU3MjQwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0MzU2MyIvPjxwaW5nIGFjdGl2ZT0iMCIgcmQ9IjYzODgiIHBpbmdfZnJlc2huZXNzPSJ7OEY4NDEzNjQtODkzQS00RUM5LTkyQzgtQzQ2OThEQ0EwOUVFfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjYuMC4yNTkyLjgxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgY29ob3J0PSJycmZAMC42NiIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2Mzg4IiBwaW5nX2ZyZXNobmVzcz0iezkwNEUyNjU4LURBOUQtNEVDQS05RTgzLTc5N0Y4MkI0Q0NEMX0iLz48L2FwcD48L3JlcXVlc3Q-
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:5172

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Active Setup

T1547.014

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Component Object Model Hijacking

T1546.015

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Active Setup

T1547.014

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.68\Installer\setup.exe
Filesize
6.5MB

MD5
05e320ae544022adea3f8c441646765d

SHA1
3c6266b8a8c0132a97b2785bcb9ae7546ac02cc9

SHA256
e1618f31f476932871871ebc6e63d57aad643b74ea892d3d305e4125df1e6f10

SHA512
c1cf5c001ddd6b3b3c68b697f8ec9f1cbd48b5881f9fc805d74eb14a13eedcdf71e958ca1b790353a4edc64008558295741cfb785e0a3824a8f3a62bc985d387

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Installer\setup.exe
Filesize
6.5MB

MD5
7c44a5cba89f38d967b1f4e11225da0f

SHA1
44837f2ff9b3ebc7c371ee5f9e0cd5dcaad508dd

SHA256
a10c3e0b2ec1286bfe6b3fe9005a9132fad01be9afc4bdd5adb29f174b8fb706

SHA512
25b4cae7fc6d200dab70e94461b7f2e7899813975cab498fb367a32aa2e187fb7b1330545b60f6340d53fe5e04a1ecfb5d6b8bf004ac26ecaa7a8f6e387dfe99

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe
Filesize
17.2MB

MD5
3f208f4e0dacb8661d7659d2a030f36e

SHA1
07fe69fd12637b63f6ae44e60fdf80e5e3e933ff

SHA256
d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b

SHA512
6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.187.41\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
Filesize
1.6MB

MD5
a9ad77a4111f44c157a1a37bb29fd2b9

SHA1
f1348bcbc950532ac2b48b18acd91533f3ac0be2

SHA256
200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889

SHA512
68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\EdgeUpdate.dat
Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\MicrosoftEdgeComRegisterShellARM64.exe
Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\MicrosoftEdgeUpdate.exe
Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\MicrosoftEdgeUpdateCore.exe
Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\NOTICE.TXT
Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdate.dll
Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_af.dll
Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_am.dll
Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_ar.dll
Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_as.dll
Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_az.dll
Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_bg.dll
Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_bn-IN.dll
Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_bn.dll
Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_bs.dll
Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_ca.dll
Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_cs.dll
Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_cy.dll
Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_da.dll
Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_de.dll
Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_el.dll
Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_en-GB.dll
Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUFC77.tmp\msedgeupdateres_en.dll
Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
Filesize
5.4MB

MD5
4fa63f4ccb9b1fca93ab82e51c6d4750

SHA1
1f26018c15ed5e14140ed44c28cf52a7b892fc86

SHA256
685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb

SHA512
a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
Filesize
14KB

MD5
4408345e085676f94edda79f21536c38

SHA1
df52c73fb02e6a84997c9aa488880a52be91e82d

SHA256
e34e8e00f3de685ba17eacbf3ece68efed246e54e7542241a19bf674aa7fbfb3

SHA512
95206a08ed68d7cd737a05602b73ff19c9cc38ea2d7e2b7e11d13b089abb004a09942e2617c31585f9d7b550a9c0de4f83c89d9c0bc9e8068188396eb3be6f12

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\245c0fa1-2414-4163-ad4e-717811372e73.tmp
Filesize
10KB

MD5
1e974a5d9ad9f0d34061ad4c2de45d88

SHA1
039f61c2357b808b0d81d6823f6a2fee67a97b14

SHA256
5c2e1036aa8374e222de69c01bf7d87010407c128484171e381186a4ada83f41

SHA512
5a6faef722424f83a33ae2816fc535675e49d95f466a19a45c8b145a546d11702ac94e72278d5b31d45a143fb3fd7cb8aa2a5c10c33026dccb94f324eb7d4973

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
e883d02a7424da887816de5ef6802ac6

SHA1
6bd64f66217a03305f3e2cceeeb0216001b9fec2

SHA256
efc1ac408b5e012806cec99166c5a5cd943f2ab3b0bc5af546c7501849327fe5

SHA512
9968c8d862a60611a2ec9f0c378b2f14f60d1359f0d33f34063c1cb191784918077d7016cf344be5749a8c6adae4cb2d0253c9b32005189aafa53e0ed2368b9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
Filesize
28KB

MD5
99da83e40906a4e321de96b34e373a43

SHA1
28a719880c95ee04b4e08ad2d18ca6bc0aac7fde

SHA256
cdfb906c6d2eefc509a27405e64138eed37d3c020bf8374dd50f2cd1c6423095

SHA512
ca4700783587a7eb0070a0bc385399382c69793bb03656f6fa98a9dcd98869b48ac9fb4f253eac4bf5a9abdf2e46a51dde607abee1732a043908431376ec5f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
Filesize
52KB

MD5
20cab8626717f8e4ec3423810d92da22

SHA1
4bb539912e8d36799eb47ad7989aecb66d11bb79

SHA256
05a5e172730ab9e1af2b96c0be0f5f31d784b2799d0e0f2e0743c777bfd09e30

SHA512
0794a859ca063422830a5a16f474bf0110f5a95bdb6e6bc7c57c1ba3ee8a53a5862ed555b79b94b82d4858447dfdaa2b4292486d72a916d64de832489d8b892e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
Filesize
23KB

MD5
64e64ff8585a2fc668831fa62860260b

SHA1
061e535b7185704bf5731af0ea0d51ad68daa171

SHA256
04da82aea6fce95634cb6d9cd550a5b15d64ecc3e9aaf7497bde26f90949d22b

SHA512
884c2528ac46f74f037989775508d1719c5652e31a4c7a57b9278b58a36c2793a405bc5e7fc2d8a6c9b4e918eca19ddd44e434ed4f082101f635cf476f4ff12d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
Filesize
82KB

MD5
408916c7ed500373f4e10c81eb0e8840

SHA1
dbcd1f983a1d90f07cf2b0b74a393a435cda575a

SHA256
31db7eeaaec1786495db56ef6158e05a67522742c3a081e0d4f4f39c1dff74a5

SHA512
72a4e3a58dd4be97755df513c02d9576eefaec1bfbb6f4cd171fe024218d1ec0d1b3c32d087eb8eae1c3e06f39001fe31ca69a7e596f37779cae6e57a224623a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
696B

MD5
1bca260cae2ecccc75a6548a488f3a60

SHA1
7d818cb98ac04248c0af9462218dd1d41a8df85c

SHA256
0497cbd9989f9e320e10c3ee7f10734c1a31aab006ae65859abcfb5550581e80

SHA512
fb848a1907ac5fd47f8ae61dcff5390b2b0618d253845b5a5262ddc5e4074003ce8a394bed781090ee8f928a8bd7590b3b166b8d97db84e84277edd56e92f4ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
864B

MD5
85bfe8a2f3fe79bd85adc1e0755ffbeb

SHA1
3d97bdfeb494753d0c6188e1b756cc11f351764e

SHA256
6652f7337630c3a97cb93d86cf96ce96cfdcc1c631582cc5d57e408c099a5352

SHA512
95abcf3534734ad02c1848052df8e6c8244edab30fc39fbbdbbee74447d7e5696f9f5b38d3645e1c49188737782a45d5bf8d881dfde1cae251b1e942fb5380c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
b9151745dce220c7d4b914a5530ae50b

SHA1
486b1d7634ec230ae532e2c91c388a6ccc9db209

SHA256
ca46df25c7534e99b01553b618aca040ac858871716eaa6dd849d627bbea758f

SHA512
7d2c29b62ea7d81032c13a7001a7b178c096836a5fdbe6b835545028f1736c79cfff867e08a067cd0b4c0b4e0f68ae7e5e2d209d723eee9e618a84b85a1ab7f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
455a8a8106bfbf1a95e789a5913ac35a

SHA1
071dd67e331b02e5f18f82d7e0449a7adf9d2666

SHA256
1ee9b0341668f363d882827a88bd55b3126d0561de03c366fb9bb4fb3a3a17b0

SHA512
54442552fbaaecc7dba9d6dfbd19737928815f6082ab3842e66847304169f5b4c7a3d0a7f1d91663e5de400ba44a442fa5e0183e2624962e2ebba615d457ac56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0cdbd20159b634747803e1394cf7660f

SHA1
f0ec7fd25a5b0e430791cae3aebbbbaed2b0efa7

SHA256
bd83fa0bf510ccaa82e6708d4c782f06d6cf17f454296e7c78b9d6f793a1f60e

SHA512
72a80b8af473b110d15cc07f3a05bf98ffb61ec978f124ae765069c85bb5c9d1e10ba6a9f2eaf108e94cc93c2363d0ed28e4087b351e95d8560fe589572976fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
005a47fa69b03cc508721336291daa58

SHA1
70d3bfcee705ef5a9e42cd6f9aa83c25c5dbbf4d

SHA256
558eaafb53ce4d8e10fe493cf85b0c0f4b52827d13f4c503a6452543e049cffb

SHA512
8d86ff695ed51026248cec8693cbf29a97886ddccfa706ff4cc94cc2589d636d69a3455ca8e16ff2f38e62206f71696f29e41e4a46c9e8fd530779ce9b6d487a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
80052709fedefb5fe4a89a71691e2f34

SHA1
b77c7ae43db6c69af36abbf95ca190c0be7bf702

SHA256
7bf0e70551986a49060dc462918d92828e106b1689897bf5fee87a9c6d772cf6

SHA512
e7f4a239293adb32d4987ba06f7d6731b995396571faf98a1cc81451565ca4d6812dcab1b46a4efaca5a239972a433b0bccffcc2e0e72f39ac177c81d061ba06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
2113fcb01a654ccc752cb3f097385bd1

SHA1
a8aa3fd81798e4fc07d9a3fcf2de823ef0e05a85

SHA256
7bef7f9d94f970445c1e7fac02fdd8571cd509deaac6ba0bab2d0fabbb196de0

SHA512
6b71f188aa33f10a72828dca093264908f284f65b12e32c303de8b2146327544df701070422ab51b4c33678508b6385735768e6f01df9c245498877a0699d7b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
53c1b006acf41bf82a8d0c4f012f51a8

SHA1
9cc29ae185465d1596ebc1c24d79158223ca24a5

SHA256
38f288b02d516458f8c61e5c1882ce5f16c6cab22b44875ec0a595cf50f22627

SHA512
8c6440728ccc1b915655b29a47122b40fc0619a51864e914ffe49fec1224f857b4b0c49199d4509732c384a2b88c8d715dceed99b581610e02628455c0d06f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
8500bc680ab661572dcbdf7aee1639b4

SHA1
b5df11c050bf86cd1c131e5f55abca18da99ad17

SHA256
80982aa71163cd82bfdbc79017d977d85d9d240b8f9931c9cc8f111e6749a189

SHA512
a73c032a291e43e7601478ff4c0d2f48560dec45b6d78ce19d43366058be50eea8a415db57e0c92c3b65ef9079f23bab1041838933470d4bae1308afc24ab3fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
316f73648936a6e7e494a85d2ec5f5ee

SHA1
744c914786beadc223a5ef11cb5ac8e31fde2b9f

SHA256
951195c9f740a21114bb7754010650611f21ebcd3bffbfd5e11f48b4bf687362

SHA512
8deafafff015ea43530b590cdf79b200b77e8091bb0135bf4d3871a49a2290f37818ecfe93fb7ca605eed596ac58e0eeaeb4e64ac5a8f0b19ee2a2a97e8e87f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
9e835fabdbd10a8a061740f838b99100

SHA1
ba7e42ef347d3cb2c343d5028365df23cd1d14db

SHA256
1a731b489a81baadc219d6aeaabcd3f7efc1769d0dc3d1f93f61c9763b527145

SHA512
37407f4148ebee249a29864e728c4287a91f5498d900c46a67afee433725b39750fd8a616ea708c54b9fe634cbe0bf6493798738e3409e2a97712611dfaf37ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
660ccb14ca01d3bc816dcfa5557f4bc8

SHA1
bdabfac1dcc7238ac7f3f5769f44be82f9b3e293

SHA256
76fe22202fb6bc2ce7bfe447b4811d7fba4e88efb15d3932d06306e6bdce5a40

SHA512
6f08f9a17229c3f8f684440da6fa1957704ab9c5c093062fbec1ef26b68f11c4f4083e79ecb856cd570ab82d0a90e179bd298643fa84ba061ce344cfd4d94715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
347970e863ad9bcd9dad7c33fe6388ae

SHA1
4faf40c1f3d92894408e16630372b9ae85b97297

SHA256
33a950efa09aaa1e10ae7049797160c8d5e771287bdb20583d5ec444346c4c94

SHA512
e0d5459e0f53006466f24333bc022a199212047ed12f618fc98a217b0e18437b06c4daeca49bd36063f4d88bfa8573122680c9d2f9e9046cfe53cfa90fc018fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
16470fdc82946649cb2f633697d84e16

SHA1
09709eb3461f2c2611edd8ef2ae0883031ba466c

SHA256
0a8ef42bcd5f2d94d27f3ab920ed2fe9df6b4310fb90c9a3fad056b74e3d62d0

SHA512
bc3b8034be259e97ccd24d94c3da51ca1cfba9ebe113b0d2630c2d4fb00be6977123c01a8b61ab9e6bf57aa60f7820f558319c3c64834454632c7b437db5b0cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
871b6786dc6435b22faba2b8b8de9f06

SHA1
f5eba73e0bc52d1c3d0bb43872e08a799300e09c

SHA256
20f87f7c7393223f1f363a066c2cd6a76f6069a0e0aed2996a84ad3814a2d837

SHA512
ac7432eded3f65e4ea654b6cf985e350f82a6c6781f61d840a154f35dad9e4dcf5352b09cc05141d52cdcd38db8b2fb6d1cb440c00b39ea0156f72363ab02d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
3c25abda2d8994333da6de22d0ff9231

SHA1
7b44ea650474f35823b7017eaaeb11b93cfd4089

SHA256
9a693a0de9872cc73217c49142d36290bee2d2b5a054d5237171d1b6312aa911

SHA512
690e0e8bf230304103ce5df3e01144a382431c498e344a05ff08cc1ea9a38b020decd82f68370757e7e072f1930ff0de20eb600a0d93441e6b64231a6bae2980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
c3c3ddca97eaa7e6c15db854fd2cc2b8

SHA1
c0078eff3f5f4755bae4f055fe61bd8680a1edca

SHA256
d30dbfc07de2213b1d7ddb65ad932686533ca4d78c29bacc5e7d80f80bdcca2d

SHA512
efde609179159ef550d1be4e5d58c1db3722a67a03c37fe9eb0f90cf25e3c2645b4a3e93529cee27610b92394f8e094cac3e2131e1ddc8d821871b7e035cb5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
5d267181a4e3639fb5651b285ec9819d

SHA1
97426380d47024d6143687f3f4216bc4bd715223

SHA256
66ffa18c3ded7eff8622148a6aee3fde2ffeae28426b3d53781d65349c0de0c1

SHA512
9ff6ba79a0ff4024be1a0cb7815aa15acb7358b20207d2d149cad7bbc1c06065c0b69f0869c31295f294d0bc3188742606184e1470b0979d4def413c70c7cbbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
e5729dbdd6dd20c47e30c549a14395af

SHA1
a09fdcb1c3c7f5845f788f2a0d03024be590410b

SHA256
2923733b64ffedb158c90efb2889b0c0e9641a561895212c225a6d29adfed605

SHA512
1653943686dbe9d5600872f27300a31568b2bd30f3cb05a2c55046c0bda76e978c13fca49603832e36e35e9b2953c3cb2967c772d16d4253ed7d8a284fda25cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
664aff353fd700d78e02e36d01f3da2e

SHA1
0b64547c6f03a96261eaa5aa00fe0a25ebcdbeef

SHA256
e0522f918e782a4d0d773198e21e68cdbd9201a7ff401b92c6b43b143bc9503a

SHA512
3f9a1cb990738b039e6f4fe789f160cb4266408f95ea2c47da5e64bd58307b8b5335bf98c3169026a31dc57883f8e42ff12d03e22a5af9b9cebea4bfcb63f4a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
cb0d0b612655fa6df73c6888fd1d19ae

SHA1
3993e0504f49ad6e8e5139348e95adb082290e5f

SHA256
9697287533bbca9a9d2bacb9dc7c8d2c7cfa439a8011826bdf37c6a38c701ea2

SHA512
21ca7aaa0f2ffd12f01cd51993cd687eb1b9fdbd2ee860b0e9c3550996cf91ddbddca59f44b80758f98e1304ef1c964d0350067d4af1bd1a7f34bb12107f0658

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
34ee9b68ecf619ecd7b9832a4baa8546

SHA1
143dc0f006bf7b5ac255e4f6ed7890804cce151b

SHA256
d903e2a53754fbf7b2456b70698ec389203b0c363840a50d0a72c98db91ba638

SHA512
81e790a3f6785b7c024eb74953e3101c960ea9c5826377833c9e1d10c939ae4000db3fb5b2ae153e395c1c89a8a213842b457f964a70af5e5444fe6b273762a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
9442101d20c921fc1f359274ddf1fbea

SHA1
b0d2255d82b814c556edccf872e23a6ccda0d488

SHA256
5a44ecbb69c7c9a5cee35ab59d5995149ffb0d6eaa90cd51872e0d70744dfbea

SHA512
e2acaf17a60056c5495496375151adc1a62f16fa469dfd79085744a4837dc87534da0a2a471c85d348ae0dcc347faa0a946eeaf0215105f011601d9ce6466a04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
e8921c5e803ab2b2dc55b9fcc6636ac9

SHA1
50f0bd209ec8a4d18f5c71cc8a8f2697fb75069b

SHA256
47ae055c29869f39d0d9aff8990f994bd806d076e12933305a568c0841e10cef

SHA512
8fdafccf7d8c3c89d9b884218ade89efeb4ff007941a0ae2cb862670a4e3197c93636155f5bdf2c9fc16d86f4598459bf2b7835745e6a431009633d61ad37555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
8f698edd4c21d33f5b092123a7ede346

SHA1
fa9d4cd9bf72df78532f6f4b20bd2016e5a3f0fa

SHA256
a020be5f37ea11a7a96b2b3d0ff89284a228d70e31f71b6d4fe394d15a79191b

SHA512
2064f34157305d523803bdc5698e798de7375c8f0949261553630763808886e4410681173f6dc5379bd0e3b63e7172496922d89fd038ce0f455b894cd102bd86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
aec181ee421986e9e5f1e2bcbea7be7e

SHA1
1b0cdc286e76a17ae36e07036fe487c56da1eaf1

SHA256
d0353fce5f535aa68888fb020c386aa8ba911bb19e1950882ea26388f8280bef

SHA512
f2ce7b39e27b389a3e92f4c63230d8d167bcc618556acd8bdc64f76fc9fc8f0800e8d37e463909c450a8cfa033f03abfb980b5ce69d2b1afa69be60bad8eb96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
9bf07e98d41b526f8b3fd855d205514d

SHA1
156325180787d4037d0c8635892ee63a0d852720

SHA256
9a96613d811b8a7135f0d991d6de801a3b1a917eefdced51b6d1575fac4c8f28

SHA512
c33ff099275802ae560ea83a4b57936d9004ca0d478186653f467015aac68835f59569f52b64f4ba56bf5259936e0b45cd4707337cf063844fc5643a8e6cae42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
d4ac6e7a37e118a49c39cb985eab5e54

SHA1
4fe539187c3268ea253da992b2924424d77ae1a1

SHA256
cb3efdbc2bd05555ab675aa1a168b7a9e7ac4258e611f64a8faa1ae2ddb9c8b5

SHA512
ebd8bd944dd5af822ce6148b0665a5ea9d5e6e6cf626ac290a5d39c04fb10acfd80f80ae3faca4620de764825bbdb2654b3770f5acdf679bb2b3c5f187e83bc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
7c09b13345e89c1b026a636027679e19

SHA1
98af50f139d81987746bef117753091639a1c9f7

SHA256
409e7f8ca384884166fa3de4adfa84b69cda48a328318bbb0324b2ecc321e39a

SHA512
f1516472c5dba5f1cd5dbb9efb45e3734396cced36050f7352b9a2a210936326f87c98634cb4efb768c1974ea2220a784e1bc4692671ce4b60466a8f4a8f79c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
628d180587504a15e5e494d3fc7b54eb

SHA1
941294fd23a4615929bdebb1a2a13d9c6958d7ca

SHA256
f901b194afb1af214d6da6652a82ae29adf1f941c8c3c8b02abb041943c0d7e7

SHA512
6e85ca5b3248f353ee11eb1fa3f89aaf10b1e99080a3dcbd6b4c1ed6b5b39c827b950b08ff4ccd98b04816ea1182064c7a7b3bd955122b7992e1f50fe23829a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
f8012a8b9d5d28c5590fd5daa766d404

SHA1
66fa921ca4f665419ab9e4cd28b691db4495481f

SHA256
1a30d5fac681845456f9944588ce95e7701cc524c12173813dbe65c8a9db960d

SHA512
fedad7c5fff82c68decbed4d5874f42fd43b103a7aa8b58675b4689aba20e2803f812b0a4fcc18f93e4216f0444027d8c4233792157316700d0546633c6ca02e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
ce06cf2a3adcb6e36106d8e3a21e8b9c

SHA1
2b56412e4534b90514a46b7ad820feafc691cbce

SHA256
6cc8cd333ff71f92daa64cd8ab2dac7677d5594f43e33b8e7ed7e5f0645720ae

SHA512
f8626ea843ce2b6c99899eb378808998d53c62a954d51cf06b56178c9de5cf7f9d2883122b428de6abba05bb03bb9d8c76a05f08b583e77a4a9e09aa20606101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
6eea68d2344a586d591a6f6ffcbc1b24

SHA1
88aee90e96dbe313165767ecaa81a8919e52d176

SHA256
664f32b1b20f53fe6dd96078eaa811ac7a4b4c166d3b07b16d4dbe400ba8b56f

SHA512
18dbcbaa53c6e4752ac02006bfa07af7665fc92a20ef1f23ae628bc6141374a9daf2e0e3edb34cd39747cca3ebc2f183ee81c166e33b0c1603bb83d021f0c24a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
968cff21fa5e9dbeb83a8d838a183f4a

SHA1
7214070fd1cb7b1fb2de55dddc8c81207f721bb1

SHA256
b70ebf8ab476bcd8bb1d1b910664a7741c0e45c310a17015593624a7a19b0472

SHA512
8e1e7cc0d05c914bf59dfee938f0552e5d7846712d71dbea4d04a08ef73f85a0b6fde7b2e86d5d15abcf671d5fe92322c2368ad2f5ac9a77a15699fac9046865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
f48f85fb4c83a258b5ac0c6825f1daa6

SHA1
ee95a6ab7905a9303706dd19280867460703c678

SHA256
57ef07a6117b257e5aad6fc1d873e73040bf8dd39808e796e1a8d4dbd2d69987

SHA512
48693c072e7e960e797eca6ce3124e594f5a9594e1dfa7be267632ab4daaad78b112e2737ac72f6159ea2b705661c8394c6d39506bd66c9e0c043553aeb73ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
4eac670d529ca77ad783f90e01b2e2f0

SHA1
c5def57239ec3e4bff9e76c31d1646041889e239

SHA256
d520db3d22b8a75955b3519ce8711066a908997b1f1f22b269b8266ecc7c06da

SHA512
ca4732139b85c56e009090c2cf63e35dc90c0609b04017ac581ef6406adefaa92f948ddaab911e3d9efd779fcd11fae2c3f532cceb1cf93cec700a5921044e54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
e41d8db15d7f045d16e6cc04ebdb961c

SHA1
6948ed0076c93537e7c48bfad02cc507b21f67dd

SHA256
b74a6236f2d70079236a2a31166cc0253803d4c9db54d3f075e02d8cb9ebfcac

SHA512
09fff492b37980aa68737c4bf4a5095882fdef38a8dbb2215a4abb19021d81670a5a56ab4a4b01bdfa668fb5c85d02b8106ee26eefb2aa853bf2adee0b567332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
6de897a663178fcaa1cc407265281e6b

SHA1
ce9e39c2fa62566f14c7fc4ef1500e459719298b

SHA256
c7b467abf446cbcd947c65c0564116f12870527f2b8ee98766cd924aba62283b

SHA512
31b21103835bc73638823481c542383c2118550114ddfd028ca2151fd34602bb4954ba46af986b67a86bcdb50ef636e74551d5f40f7013b9760c78a90546dcd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
e57fed9333cdc738e72c0b5b5128ca2c

SHA1
bd1c8604a9173416be41ef887c8b5fca5a94f214

SHA256
3d0792c284ed5e9f0632818501319dd46702daf3e08933258ac6a82408c08bff

SHA512
e820fabc87659922580e240e1d8462443281bcf8cbbee5880bfbef088041a0b4f7e88558266c381eb91bd952f154019caaac7b5a609f97e46bc951f67a07ee79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
8bca40cb703f009d0a22891281f23642

SHA1
876c46b0abd0caa9898614222a76a498a862cbf8

SHA256
4ad21d24d485c89a2df4866abb3918572b269aeff724e62dfad78d403b134abd

SHA512
26d079ad86ddd93c84dfe870d38010c6195f0d2308273f73d4dae1ddea17f82aa45fffb783437379825976d4898a29c241008eaa1db26159594bbd8005c21655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
c9b82b8cf64fa9d09bfad43a34d4fe14

SHA1
5660e11dff8d246c0dfa06a14a8b251f49f35ea8

SHA256
1c7c19adec7601e95b28cd4d1bf7c9c8ac2aa522b4aff71792947b35a0264daf

SHA512
79e5c032784808b63e62efd561e2f10c5040228daef78b53f440ac1d32040949c7c926f622f6a2547fa9c02459291e977c7ea9f7071dd94b529f05cf1bc57423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
39aea5aa37ef5ec0030a07ce0737ca97

SHA1
92d1e66afc4be5963ee3c4d50f298ffe5ee2443a

SHA256
8aca04d85d43170af9097f4e389954bab8956ed0ef04f3525a766ee3cd1919f9

SHA512
79dca6386b5076eb64ecded6126a1703ed1ea5a65173554076bac7a28159ddcf3e5e4f9ca275c25fd6ebd41108ed8eac077d309b7c8f986de680d0a92dd4ebb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
c2e454e4e41ac92f4df23ac51ae64b50

SHA1
3e5c4ae691abc8ffe073497d1047716d92df306b

SHA256
49d88b9189018781c4a929d672f01e0474621d1f395fa8269ee8ec8b69c7f6a6

SHA512
089eaac5ac145217310797c14f80cd2f41f3211624cfccdfe63c3f2de3728e545058d40d762b3dca97246e3fd24563d4ab49382f1210b3ceb2b0d58ec178af5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
d9893837bb06b18f955cac7bc3019268

SHA1
32cde01ee36657dfa0a47fdd973adf44628ef582

SHA256
55ed96355c4522a2bf49de8a3e258b40153cff7348f25eca8fddf48897a7818f

SHA512
dd68200e748c9dd4b84c9037c72ad744fa334a4d1130c9d478468c6a377a000d765abf590d609e2a48e1cf8cf16295162e3528b24c999cefcbd5e44a1c36f6e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
d2724da508a0560aeba26ae10a23170f

SHA1
7c195ad8fba04d44c4e4c4f2f9de4caac15b3e42

SHA256
7e2ad0eb1dd29a2945c358a9e0d8961bf68a8580ec7b06f59fde803590c26434

SHA512
350aa5d273910bbbb16d4a15e4fe2d44b74c6b54deb68dae126d80224d5be6d2c512c2e4112ef7fd96b576210675d782a953b6089ce2a3af4b3749f76bf18ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
e2adab3c857ad6230f5681d9abbc8087

SHA1
5c576bf6091f839e9a3f71ece25360cce0f68a14

SHA256
826e4d574e6ef2564008f0a5a5a3db2c75ca09c342b61797cc284b8f33b1ded3

SHA512
dfccaefe592a8ac3df90f3cff5e3ed6abeddd31ca7ec0d1d8151447a9d9bf5191c5be7f3cc8e173d9ca8dadb3743aa9e5f56a8f2d11d2facf7560cc7fec39f20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
aab95070909f83bd9e185f4b6071bfbe

SHA1
957f8230dea75cf2e3a33e15fc23f446caf15ac5

SHA256
7f10055837f959638b85bf67b72ab16af09014da14f4be969a05fdabd00440cd

SHA512
4c82001ac1db6f7dcf684ac05fc7fab141234455ba6c6e74bc48ae964f82e0353d3b20cb27f19f28feb41c573466698e0e5cb5c94aade4667aa468cfe05acfab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
3343aec6c09be54a86a072ddfcaaaf7f

SHA1
059bc5b83768e87caf6d576d63fa7add372cb5e2

SHA256
e7aa7526628ad878cd3b4e8298f8bfda962892abac49f736576981486b17a116

SHA512
da9c77f8959e6ea4f997e5227a6b2f2850ef7079b57e69bbfbf295bff84b55f42b51c6ca252508e4a6b5156397c1550da996e06bda0d1ff0374d42f0835a1e94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
d6fcc136883fa702d5c072f1d43778d2

SHA1
cf9ab841eed80bcbfd0956668606bde7d4b6a26b

SHA256
8bf502df4c2e4baa601da12a45c05c3e35567b76b934978d82f6a26dbb20adc3

SHA512
3c596de41ecddb84a53d1013d396c390b1416019794789cef7c2939547074b1d10698a6530f1dd84311b422b5b74ee904b5c4a1918df9965ac2dc34388a28a69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
d890c2c06f415eaf4cb8a1a5dfdaba23

SHA1
0e10a8f83570669b1307307d761b50a1b5fee197

SHA256
4597e1879df758ced083a3614c15120f57c2e0405260fc2ccd949340ff2e9580

SHA512
0b41603aaf026152db724667b322468265ae253103592eb642e1ed7cc6becf4428f64182df0babb2789386fae527a90b882adeddc617eba3bb04fea0ec04030d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
b7c38ce7c943ffc3c0288ce285580ae2

SHA1
ee9360c1773b13f12ccdd0b0ea8f39116f5bb617

SHA256
34e6a834cd94a5b540046e3beecba8ed59d532bfa8b31e44555b1da786ef1186

SHA512
437f6619a8965c884cf87d7f6015d3787aab86a7ba4b1e336fe743c4f3d50bb226e5161690fdafe9e1436606514bdad2b803b61acb16b5a643a68ac66872debb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
eeb0f3544a3cba4d1bddbca796964868

SHA1
4830477aacfa98a5adf730479af233b00b0e8ec9

SHA256
99cbf36856096d415b3495f1e1874dc89a5c12abe439ec7b2fd9318a9b592127

SHA512
311c570a632fe033f6763271e6adb6efb762404b32116af21a652c28864a50031f2d2e04ec938951311618eb7497bfcb31367679137371da6b83c21bbb084107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
bb38bf1234234ed2c2610149bc51ffa2

SHA1
11debbf5e832e8625decd0622c028f3e4b161c1a

SHA256
b2630b413de1b982573dd15aa63ab2475c824205520751ab97b6470d0151402d

SHA512
2e568439613511e08aeb4aab265dd390c803f1b7d79c2e07d371d87b096a2b94a113b1c62601ba66e6c4203b91895002adb1facf6044abcf8773b69598c15c02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
c38a2c9b6454fc06fc6c097498dc62cd

SHA1
952a9cfa07cfed71ff48767e5aebe14cf9da5a50

SHA256
f4b5720bd0849b637b36a7f6f8712746430f0a333f93b10cdcca8862d0ae964d

SHA512
df58131ef10cda4ed430ebe504c07b6747053e4a0042893a76131da5c3edcc06e157be694cc2f8983f86950a0093eee8313b73f4add5ad0d746699d712e22b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
94fc5068d78872327d21cf0a08d2e01d

SHA1
6e89f20be3b14dd07ef0b94bf3a891ac41c75a8e

SHA256
a5f1a846f489270d8aaf5cc9a4d55c6877cd92cd9fb8ccae310fb69462c60d25

SHA512
ba3ecb53f09ef119c63044fb7e8b0277928d592a9053b60e05a8a4cd613685211e88514227907e17534c41bd90ee340f68788b23c25cb442d948cd6fb3353f32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
3162a00af8a6a56f64ad94e7fcffe513

SHA1
dc31daece183fd38051b027edaa1577c5b237bd8

SHA256
4328e46a29438c1740bb5d81ac664f0442868b37989bf20e83d8dd869a52de0c

SHA512
fe5d3efd6ba1cf69f3e34482e7a86945186b5f84b8b908fe80c437476d40f4fb066d61b03e1d7877c0d9cc10876101b46ff45cc89cc1a2725b685ed43397ead8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
ec162a4f492795825190d759dc9e5850

SHA1
fdecb4633011c32c3ffc559e5c960c51b9fc1631

SHA256
ee3aac57fd212a2fe6d39a61da9eaceb588b49a1997bb09133601e2497aaefa9

SHA512
9d3aab904b4a2c74541966e904bc6daf7f76d0cafcffc8ef591e9f2fc0e6e1bbd05a3c74ad94935b7217a5fe162427e644d141b6da01cbb8be93a4b602fe060f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
017f26aed7109760299ea40ae9b2034f

SHA1
132dde4dbb0de65289a752e56f68928b8f3c889a

SHA256
f482bbe317a426b89cf33bb44f460bb295d57f03c633a958f0f3b920eee621b2

SHA512
54ab17b037713e683c99bf53b812b3885819bff7d640e9745554b080bb91f565e8cbbbaaae2bfd80abd0b13bd862e37a77473b85095b40a0457b6403c70fc400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
23876c4707b6579b5325eb34f38a460e

SHA1
7b1f28e6c5600f2f4aedfc9e0099650af62d0ba4

SHA256
2fe7548865ed749383ed65ee44a39865c16397c92478af91dd04f1093054d204

SHA512
a1cfeb3950701ec5f1f8035203a23bb20f1a98af5a1a623178a84e3f5fb14ca656082621cb502e5736650c67b5c52914aac96c5a9ee45f3c6bbcb748a8079d29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
a24fb47924df5f4d3af549dbc40e212e

SHA1
c1b900d728ca8890283543b2453a605bab96d4a5

SHA256
0e8731f82375eb42c921692735cb5416dc9082ab93f5c09cb8ec8ed1596d064d

SHA512
2be4bd0974c0abba0811db01cd0386d97618ba36298e4fb2da57edfa8f0491f72e65560cdfb4435ea0940e84b0cd835b275f62e7cdd03c44e481d7d02631ce6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
9ec8283aab8008e83f73f32d3f2cfb8d

SHA1
fd6442d9dcc8a6ff581bc29bfe817e06d2b97a75

SHA256
3358fe8aa74d990acce95053424ae75ade7a2aec8a2f64513437535bde066938

SHA512
aea901bd8fac7b6c2548359c96407db6e20e1a4dd7e618d229e761368d917671f1394c9c8e9bb4109d57fa061796044b1cd6615b98c3b87d67d27ffbee6646a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
e406966df46fa46e225a8bdac73a8b04

SHA1
d4324f0974948eebca5d671e04814effbfcdfe8d

SHA256
1b108cffcb03eb2c34209f7d5ceec810f2c45a8dc94d1b8e906e2443e0df2514

SHA512
3c16ecd8effcd5a34f73878f2ae11aee58f26f76ef855fc38a9d1f2f7d08736a502e814f66c3aa274affee9a7878da6157919b06e9591a18ddfbd828d7db2f39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
817776e360f027a6444f9655b28b21d6

SHA1
51e5b6cd47e7305f05877080ffda12a4eee17742

SHA256
709a659c28518212b3d5ac2a0e0d42994ea4f9fadb8d8582c1823e149a528b3d

SHA512
48da36724b8990822b3d17977f7925f8aa05d49bf2b1613feed0e22f3dc0bfd7f1bf11867876d2274d978829a935c712fea66a43778ef964a6c6a42d7b6c74f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
e4a3f57bff40d33fd382c8c2ad9ea2ce

SHA1
93865ed7e0dc3d3ab635ac11d4104fae20bdc345

SHA256
ef3913432db36b552dcc130f89985791350b561fcbe0f8f37de073fcfc88ecda

SHA512
3bcecdbc4b70930248077bd76ab5edeb1b597fed87f4f06a7afca99d583513dd213b26d4898c4fc6ca29fe646063d4992bb4047ec78c189524f76d144116bfd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
960894b27ac83bd0b66ac667b83b5448

SHA1
9a810a1606bdad9ae516d3241f888bec4c1dfecf

SHA256
d2e45a8d0d61103be1e846dd0df6c0f67b03cc0b260996f82db2dda191567767

SHA512
c56513dffe2568ffb96a9eaf3a071dd00de9afce63f438d8195a585016ce00f17f055f899080eb0c878407c1df12461f785af4b0320d3ab1c61c50e4a2cca0d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
9644d3fa21b28e6d855b39f424b7d244

SHA1
85a0967ec6159a6fd8a6a8c8bd994646c009ecac

SHA256
98a31b459aa13310d9cabea445328195004bc588a3745b852177a17b166f6850

SHA512
0f2a6569493d83f768ff6aeb932da7a6e9f36fe9f7ca221ba1f6c595978aa5f012c90a6d6bce4e330c0f59308eca82793d54553389cab9356f6d7328ba0ad860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
f9c1f678beacc2445fdc305af59d791c

SHA1
b3d3827bb296087dc86dcafcd9d7995226602141

SHA256
109c920aa25a8c27e2babdf12c13cd534f0270e6e12af5249bc5451adfb43b74

SHA512
89e591c824882e44bb72022353f86be66d88976d3c644a305834308ebcbdf833ca2ac8901cfd9530729011cc0aa1e2445e3df559575ce658cac1d2f630468c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
6da3ff1019326b4c642dfe81cd4a957e

SHA1
e0cd4066b11bc3b13df4512b81553ae88109a82e

SHA256
3983744c63555d55f755dbc663f59a0dffd5c00277c43231f47c1f0572e803ec

SHA512
d07fe68c2a90fbbbcd244897196bc7d8eb254d67c7377fc7b2962733134edb1eed8fd336862f081fc4a566e9e7df589427828786f30f31c54c5edd31dd3a3fa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
141029da4169f9875afd0e42cf18fc34

SHA1
88bd2953785e85884c3f3d3789381bf163b72223

SHA256
3cfc3a71a55121120748232824f6a6aee0bbd769c79e355d6756e978ade21b77

SHA512
c2540ec436cad21f94ed86119955c3b31ddcde701717b26eebacfc323aa477f8cd4965a02b7786adb7a145a948d07f56721974b77998cc65d82ca418ebaad1ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
63f9c164a8e7d1b7ea7ef99f31c20a51

SHA1
bb57820562cb4e6aeb3cb53cfeece39b40ee5029

SHA256
9f746f5c2567bddfbd8978b3fc6bdb6131ab2f9e393ba0a0a1bd13b34501e8b1

SHA512
9691b8348eb2da5c2bafdb707b767fb6afeb5edfe49b01e18328457c7aff6824e9623bb2a3e5bd50d160b3d45653ec6ec80b75f1a755ccfcb6fdf819459f1232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
95ce4d38e3ced3562ab9e270f4464648

SHA1
07536bbbcd186ff37522a1d5da6576e7a286aefd

SHA256
239e91b798d6d944889ce6fc6b5a1a1925074a344aa5eba307e415a4974fdc22

SHA512
f4959786855cebfefd7e2e4d226451e67c5fb9df052cc252b63cbebfc7fb6b56da6e4e321e72e60c961b985b8bacb743cb4a3803d1687ad500ff33f0848ee4c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
147b41d51157f4b296f12f08fd520853

SHA1
edfd5cf90bc6081b20108b50f28ed2e35f51bec1

SHA256
05bb46218722e40ef80b6e0f841d5e448d00df593a84ffb39c4b83838d0e5acf

SHA512
83c06d7af5f30c8104f9e904c680084ed45ac41be84335a921b63c53fe5df110849615c7e3ba711188cd1a50b4b9eee3b3f7fb5d272c4992338b7509bab1dd1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
169KB

MD5
ac0fed13c275887609bd628fe2261ed7

SHA1
3c87c1d134ec19f24693757cefa5a289a3aab2dd

SHA256
12be50ff59345f3984f8c7155659e50d000558781d59e671841e50b95e4789e7

SHA512
5b07ffec87f160a389c7d492febfe4576589fd1f533185d859c3767b732ed1b31f0fa59ae9d19c22633bad3d704cc0ae087b6638245b21551e4d5d955259380b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
169KB

MD5
d637105dcdf1bca47617f4b86eb23987

SHA1
1f16ab79231b6639652a074f41cf5900df3a21af

SHA256
523116905eb2ce5df51ca4913435475ad238a1b1153a7491cd0b717fdeb978c6

SHA512
f5d0bdd4fa36b365f7b0f1c322eb5c5a8ec9a2a5db8adae348a6eadd3a17813cdbca13e45ed9a728a0e1dcf6d9077bca84d482922c544bb652e450b79cb8409b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\599a77f2-5331-4e82-9fa5-0534919c4456.tmp
Filesize
5KB

MD5
1efcc4a9798fad65996a995440066220

SHA1
ef4ec337f71b441e35531a268daff254c96727f4

SHA256
25dfad23cc4ba10006a422987b859a372936677b3ec6f3d12961f2fad7e9ece7

SHA512
3fccda3e455eae46c4071777206194956b21eaba003384093e9e04f42b2a929d6e1e73bb139363f36517cee8720519c96bbb58252751537aa538867faf438f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
Filesize
98KB

MD5
65e56706c75f6e9a6919adb6a758b8ee

SHA1
10a88a193c4a11bc6ae69e032061fdf62b564173

SHA256
4b9169f4e8dc65736458fb1d2d74ff0254cf5e3d883be7dfd05606eea40092c9

SHA512
2049960c061dfaec124791e5842985662d70ac7fe7996448c7ca6960243f3fa09da77561c0840a32677f55656d3e96a330f6a5fea579c17b3643929588e583e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b
Filesize
147KB

MD5
759ab24cf5846f06c5cdb324ee4887ea

SHA1
41969c5b737bc40bbb54817da755e3aa7d02f3c6

SHA256
7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471

SHA512
3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
Filesize
90KB

MD5
b5bdcb105253ed279d820af8c6d68667

SHA1
b9f3edcd4914f9244e45d47ae402db3e0c8013f0

SHA256
a4211230de9dbfbb07602ff60baa49030950911eac502c55947b63121d10b3db

SHA512
25d178b0a859f51c37a07c87208625909253253248e0448ae3737957149ac70bb4d9ef579a2835a50127440ba6aca5fb5bcd0bdc26b53672efb2181f1b35e56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045
Filesize
106KB

MD5
4a216b7a6c74b2c07c3b724a3f4f1c26

SHA1
a30fe866749ffbd33b0e9dd33d3b4c7171ba0af7

SHA256
5493e64295f6c41dbc38e06d2b9ad30bfb65324f98720488dc35af287e98796c

SHA512
312fddf8d801453021f554507c528604bfef63b1cc8420d825b074997b55909d76cf2d691a2a1d17d1e0565620617719836e11ae34848ad6b9555be9dffd700d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
7e7050940ee3e35585a0a7ef5078c7d8

SHA1
08ad4a4a5fb3ab621070024a04090aacd430fd35

SHA256
e65357d86e488e709aeb061ec2ecc2be0cbf66b204e950e708a750343bb43f90

SHA512
f3e0188f9bc3235b3a84f22d4b8ca05ab547f3b4e5b56cbc80a032a06fadc7bb472cd1dad2357fc67860cdc8446a8c0e199c1eff74a6427d96ec90baae1dcce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
fea5a6cabfcf2e413e68ef8274d06ab1

SHA1
e9f63109ebe62c77861a74e1d37c3c02d304ef07

SHA256
f8802ef38977d973741b4f70e3f14fe9b9e2353f3600570a17115fbed6244a2c

SHA512
e4b6cf6272979a6e22744bf062efc50a706883e95b33e12cb4a9603b7c0013916d698c9d4441b9fc50e14221f34fd9fb4709e2231aa25fccd961392fd2d7cde4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
f0ffc5a834fc0d16df1d76991d04ff6e

SHA1
af4dcca8ea1bae03edfdebfed12cbb45ad24c18e

SHA256
9dc2fdfa0418fdf1382056689dadeb7a4943d1be6d0049747591c091fcfb57b5

SHA512
a82c2e8e9a3da2d81831bb8ebe5b81a41d58d2764bc85f7d9503dea943437a48c9d84a229c56fc534dcea3826c185e352608df0f1210e7108def887d92b3e186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000005.ldb
Filesize
1KB

MD5
e890f7ade6639fa111badd40ff88f7c2

SHA1
27a78ed429813685a69aed4c50b0bcfbc9f91022

SHA256
e4db1d2b6560300a7fc8435052a0364177fdddb9d04ca1e6b872f44e42e4d7c6

SHA512
f75276e20971638fd3dd6a7e7f41bac0f742b9a396df08723d83b813c1baa8001b4f5284c8e85a49dadb97d93cb30c1b777130d150df049c78ce15d074227ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize
750B

MD5
c648b0d11ab682c1d5debb54b63a3745

SHA1
f1afb1776c7922b3b7775c5a0dbead31be4574cf

SHA256
71dee0c11f0244f35fcc614f4a44fc1199a68a93fa59065de44b6074a54fe096

SHA512
f7f0a0d319b9752c6d3a5b3dc7d75d3a72469ca6de5ab4f802d8acf007ff62fb2a954e1a144c96442769a945a1bae020d8be16d09d5b00591b72e798d1cd25f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
Filesize
746B

MD5
a704e7890a7a4d9f3b73fc7a49a93797

SHA1
b6479544e17406f9abb4b7fc59f00d7917cc3fb8

SHA256
32d724db7910869a5352526ea1ca4afb7b3616c0f83d847a7fa397882b4a48de

SHA512
a8f8cbf54ccaac8187824cbc781138d3db1485d5b9291d0d314e3a6d23c8c96571cb1b8928d0445918ec31993b645d507b129bee9546f451e2a726935e8b32cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe58e9af.TMP
Filesize
607B

MD5
f626f00480af101c637f3bd89f8fb8f7

SHA1
c94f68d2f935ef576aa92ae8b48179d1bec53e38

SHA256
868c86dbfc34dbd99c677c232488e9aeb40743ba70b124a7d4ac31f54bdafcf7

SHA512
1e1fef77e203483bbf933c178e6539e21e6ce9cdf5148f68eda467db3bbf89f8880bbf6323b0e1f3b1941587e14c2cc74db7256833762e3101c0886760c8a0b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
9KB

MD5
b2c39c5fadba8e6f95af037817c07714

SHA1
0e09df58b0a87c81d359db32b056e291ce5095fb

SHA256
f83cfc6a8ccfc3c1be4c7639ba5fd8fbe4876851b1b405836856ed6473bca6e0

SHA512
56d9e36a047bf66d5e673004599572f74bac77feadeba04f6bc7b88933f33a01cb2eb22da2ede96a5e4a3986bf54fbae58a4f5f56dad906b09bef47d3add8440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
d43acfc1291ad92d3963d1cbb45e9964

SHA1
20c00fdf964f08ad93f93ddacc079cf61e5f2f01

SHA256
54bd56c7879b8dc3277482bb4ec4f5747a4fb0ee9937c282e67fd75384cbac81

SHA512
3d06184609083347bf94671b31b9dcd86a6b4ef575ebc214cbd52b376b735971d9f9962b3683de75bf55406c1a3bdeaad2363f9b51cd33814d7b06c03cdf0282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
5c9b06e3ac49f60772b7096e9a6f1a7e

SHA1
0ca939fc63e3155c6e75b31626daadaad272673c

SHA256
4be570aeabb2b1db2f9ec63ee060885516f255c15a241ac765cbc40a6fbdf333

SHA512
7cdf67d8dd6d2548f40d6a0559e9abff4dface0f979f458cf4aa913d50d7340ea094739ff7129c51cf05939900c3a909b63663cc51688e174781063213be5043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
51e6804594b170be47a0fcc776b2b1fc

SHA1
88f463d3aa9f65c799eda6196d00f32afe116094

SHA256
8db183e4baea45b917db784131a1e549c2dd6b5e31f4b14c81262dfdaf97b53a

SHA512
05d7b9cebb7e583e85b3aa7d95297ec168894a4671aab04a9248b4a433b7de0fc4fab1ee80f556a807452ec7c0bfda96c7ff69200a54c3673e1d254403d69354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
2e2af513562b5f4e71a80731c9589303

SHA1
a6f794849c367d1c23eb1ad4c748bc448f4c2a8b

SHA256
c6d3ac38f7ab41d4dc3cb8abbed9274b68607388bb075eb6cdf2c80c5ced7019

SHA512
0c327457a46c3032a12fe9f55f6bc146c413b78913e5ce7a58efa7b29a207517c30ad47cbf35729a37a0b862c21c0a06f98f7a834245ae978f44b300ff433ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
6ba6bd4e66d564529c13483893490544

SHA1
f0a0c8454b1177c85ad12ec5639f9ec9c12d720f

SHA256
0611d010b62307aeb82e85d5120c54180fcca900116ac187dc1f507c11d5208c

SHA512
0d82f49e0654cc894fcbf135b9386628f4d078da1fc48f96951f7906d057539ea39f896c3c65b6627d157ee5677affb4285e10dd66807c0e7bbc86a7eceeac67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4ffe736f35e1d93a2549c61e020918e2

SHA1
5f0fa726988968fb5c695351f198a6675571120d

SHA256
ec5ddc0dead09e480b34b28079ddf40a702f80de6ef798c52bb903109ee8379b

SHA512
a3b3f9c85f987b6f24f508163b93489a4875538778e22b92a4be2cc36afab9c549d3de1d3166b3fbcc400e91c26658be3e56ac984b9c6ccf49fae5f939d9f4d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
455244d1f8a7a513a0ee7ee96f2a6376

SHA1
d91279dca0343d13719c5adeef659f33a25d987d

SHA256
dd16d86e4ff4760e481c3636ef8e6eda3012828ec12dacf1f4ebf8b4da33e884

SHA512
5a9dd82764da17c55be200466fd2199e7b1bd872e3a57041b5e1a39d22d371d8a2f02a9737d1454ac2e030395238580779e5e070d2a74198a0edb75ef6d58377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
24cecbe67a85134e1ed49fb628bee2ad

SHA1
d814d23e07f1f5bd2c6c414089aea6638d988479

SHA256
2745e6bbbe234749fc6f8c70ebc4fdd9d4e9d8317b69c787ddf7618f30066124

SHA512
30fe84ca7e5aea578b85133c418f544416b0b4e2782eea194cd1b4d73a5fa4af8b4ff556e155c2164d9536885ffc66ac9fd4b7a14b14ea3fba12c7fc3ee6b33a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
48c392c0f4cd811010caa049a89017a0

SHA1
d0e2da86e6040189748983a452c34ade56003d46

SHA256
8198323e7c1dc1c7826c1602998971778cd4059fc7623897c866beca04c81d5f

SHA512
f9151862bff3babb6a1ab5987f2ba49ea70b4bdda47fbb597b8a3422880339e7876a142590c878e933f9fb11e3ab681fc529b95560eabeadcc5ce6ac7378569e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4fa3973d114d5e9ec3355b6aab8746ba

SHA1
f55affb318d8359fe241a46936e46aad1016112e

SHA256
de7c8e6a7364d995562286b5658aafe2fe92bde9fb81b2113bcf99c804e31783

SHA512
7fe4430bbd717c6b69ea2ddb855fec73b20578ebee91f1adaaddd43ca1c029c34be5c7e06af1136140a96c84cff45fd0aea443004346f59e8783011c35cbe68a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
2536e047954736d9279c42d18780ffb2

SHA1
45f8ac230a945ef127311af17792bb3271ce7667

SHA256
05d4943d71b0a48f277fb39993c2a7a44ffcbab40e3325510d2160a7d086db49

SHA512
a0401944fbba57c19e3eb9a8c799d4f7494b894549d6e8bceb99d1c1502818db005728e7343d84e6775424fac1bd4a64ead9c51f11d31d2c9fb472f3178a6c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
18379804f376b6abbe09137580cd9cf0

SHA1
d5f13b12b553b1fe5e95affb40c579bd97cc76c1

SHA256
6cb0730d6d7d754de029f69484931a9230be4ee573bb07d106775d654a098717

SHA512
5d4cace4a144d6a81d9dabdcf670c55ac34dbe79cb015145bf3d7a421480e8d37fd59ab19bb66a13af6297c4c6184e81b49aa911156e98932d69419c9e6f5309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
613afc4324a5983a1858c77ffaa4f615

SHA1
222688a6500c50bfc1c06c450076d10018ee504b

SHA256
28854f8b2658be9aaa9e77563d45c9c90163db09b28cd31368aa773cebcdb1db

SHA512
16d3a4e886c0f6652d6bcd0b59161e94900ec06745c7ee730aae7bf5553d0ffebc5bb757a770a8b3e385d3f9ecef750a82b3a10fa1acbee9fc1ffc5fc9acb6d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0da7093ce53e0a0beef70305a4fa65a8

SHA1
48827f2aa8c6cd7ffddc46c738548db8dad60912

SHA256
b184d7e6220bd2528db35cdd04b2cb2f78d7413a995348d1d67bb2b46cd073fa

SHA512
3508f8c6db61593d7665df79eac6999423d69b803a0eafd820d08df4a7169b9b70c6563cd93bceea7e6458284e36e0cb49f38eabfeee94df67c9142e289e6286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
74d710114c0835594bdc767e33e3a9ae

SHA1
b003147fb9a37f1d0aa005120b44b92feb54c60c

SHA256
3ca2f0e23d7b3911f62106595197dbc5edb5fd5fb69e4665a8133f6e5d0d9bbd

SHA512
e948bcdfce6090d66eb521addae8b6c055a68de4af020874b9d9ac2b99abab02b131d02f0a7ee24a89158599308f5db7a4c4c95ac71bb8da16b5ba6b13324992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
1405e4f79ffb58d1b1f7cc28a2c9bd39

SHA1
166141f8c3c07e9cbe839198708afc65c794a841

SHA256
3301af4f2c74b3078f8e9dbb4d9d9712d80a40b54a15fbf02de63b9b847801e1

SHA512
d4686cb4f33f69f35d8e07b946631c99f06806ef7885270306236b110e7545e05fe8800046c724ef445017bb0072eeb9b30eb8db84a5cac8478d41773f924c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
86a2f090216fff43e22293dcea5850f5

SHA1
e1f5c3dea347b0e17fe6a63bfcb17d6a4f5e32f9

SHA256
e749994d6b39e04fe3e75e0ff9fa470cacdd520f0f8aab8b5feeaba1f6ef9766

SHA512
12053e47e25e9bfd0856c82d820229ddf32100226ed6f588ec9bcc93f22768d459d53e5fd66bd125ab72db11f026b8080b9db24a4d77f283bd9752ccb1b2a74a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
b6beec951f451ad377aad6c96df259d1

SHA1
93664e4bca891be678ae4998344b1ff09fddc696

SHA256
de69640687c277e60d822eaf2e225c82e010bd0893f235aeb9a29ad49d4d8269

SHA512
e3b775bfc4cf62fa5ce9ab467038bd3a7f55755270585f97aeeff22c8432a0399742bcf6fdbb7e8b5aabb77b0ffe85a22a99af499d07c4ff2858d33759cda122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
7b9e9bb2fdef5e7858eaf4ce4d0a87bf

SHA1
ee8c3a41dbbd4c3d441c26285ef3ba3d733d9259

SHA256
3ed7de37a206a5deef2f2301663a8549ca3ad5453b83bf5fe062696fd9acac09

SHA512
77d3519042e7c79af518df08ab3861e432439b91ab2cd8e8a229d3ecffe79e7bc110e2730d5b0be53631973769b86ab6b8af86017418070942321c15b77d88f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
061d78327e1eccafb16e1d19ca4e4c9e

SHA1
ef1bad515e1479a87d4c884723cf1d1f72aae482

SHA256
8edb13d135f060a33f723cc4e611973f73be878e473d3766fa8ea634838c9afb

SHA512
7a1f64e6ad039bef23a20eea5655972aea3fde4aedb38c26d65b9da1229332a3116926af6cffbf392fb43c7af0775b774a1051e8783832a3710ae6932ba2cb0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
d1f67d85e1d47e0787e89fe0f1de44b3

SHA1
2692ceab52c9f261be8bb9cd88409804d0bfcdbb

SHA256
6e737046ad442d224233a316a11baecc72169fa6bd93e46026447ed4d883d283

SHA512
20b9f84f7424052fdf7237a328c0289b513812a382a6f94480e32c7de3efcfe907ea3fcaeba2edf92e8eb440b644996b9d8a6ccd7527a6067fc654b058710276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
809abc53cb9d1173f9b2733e56a15131

SHA1
2b77a7f9a0bc73f7fd567cb952654f21f6dca990

SHA256
8c19d96c5a878ce89c5fdba7e047886a2e1d6e691b756b4683d82404d8c9c982

SHA512
94c51e8c88d4170a567dff7c7e5cbeedd015986ecbbbaa0ac80264b3b25ef51a5aed270465b64e2b9426ec1e8ad5fcd6aea88143147b28ea75f11a481f0a00ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
709704f62bded6bcff393d9bcaff4064

SHA1
8217e676607a4ea4d45e51eaa117365474855108

SHA256
b5940dca34fa5c02d358d2e531f9f3b53bb83cfa9ace6c90e2ea0f46db439b94

SHA512
9f048a8b2671f51322ab05da543100844973cae020a4111232d4c5803124f1218794773c2d497ffd1b6c6758e22020eaab4c2668f0289cbae13cdd1ace5f8828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
381a997329089ad06b9ed585729175d2

SHA1
a9d13afefcf713448089df6626e8eb58d7752456

SHA256
75ab50c34cfab4ed78b4a436450892e25786b679b4ecaab4eb19dacff0adcd30

SHA512
9b3097d9cecd72987b247aa21d2aed8435ffe3295fddccf894cb892f5c0588198c9bb96a70539005a94e25ac177c9bc5dfc2bb6cd31c64703441741b0bf372ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
e3bd72ef9866a7c5ee49d030acc1beb7

SHA1
14c03bdf337d8acacf9e3bc1c889d82128eb3d6e

SHA256
dc19daf3a56313e4e139ece567a55440b9caf06d608ffbe42deb8a38305b8ffa

SHA512
ebb52fed72cf34de18e46e083929164f519dff7e13d5e940e9b7c75409cc456e2fadafb3ee35babea44c5281dc402c1605dcd11c4c69aebf6afdbbebcda18439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
33d2073faa41f1ab2c1d8d25ae55bf1f

SHA1
27c78b02b022b6c708dce38b5bb4735557b3704e

SHA256
360dc1d259a42b13a27464d813baaa919de1a7c48902be07d5b704404fac9d60

SHA512
ccc0bdd9795495e7a8dc47c408772cbea765554742b01e881c2512cc157800b256531523ed01dbe582c4b8d9d952f1b12cfcc99a1b817591d668f1f1b913e8dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
9a5f8f797bf8b119d8413a9c5674a709

SHA1
1a668e82fcff673d91b23506d48fd7b044fffbb4

SHA256
b1c40e08fcec0461dae8b720a7f34903b450975d81517a41efc493ba1391b259

SHA512
124fbd4575ead0f4706d529c7c74ee59a7074554b78326482f147a571312390ab9e8940efe71eadce7dd13c3f971f30bd882963ab8bc54c4448232e384a0a4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
d48ea514435de29e84a1424a0275bed8

SHA1
b8caef1e684841f4da65e84bc69fbf8114386973

SHA256
4423a0f6c6327c88ee7584d00e94e75922e176e7790a89935c8c7d7635944ff4

SHA512
9a5c094c6a95f599bde4dab769f62a85c810a802b6b8e77024bbb9b5ec1a697426fd9fee4fe0ab1d5944a678bf5a744f3c842fac1720745345d5b575454416c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
c19ec27c097a5c3db234543a7839fdf1

SHA1
06ef1366ee3bc5a2e0304e09e4ac9988e6596627

SHA256
917ccbf198f915aa9b01d31b40dea5b3f8df40d64eda115f474d72a696336915

SHA512
89946743f988dbc18796eb48e9cc2fd8f7294fdc3c8b06e3b776b572f5d22f4bd64608fc9146cbff4714c844ea34834e844fb5594659832030d6f28082da6940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
bacc4bc1c21d82fa25bbc2cea3e421ac

SHA1
fd80d88caea075ff1d5f8fbc719bd7e578b09497

SHA256
ebacac124e248f0effecced27ba861af4a541329d431cabe477db05a2a2d88b5

SHA512
e30305bcd9241389314b81264bb8b11111a89538063d31362869636b7d3ea91f045a746bb893e1d97036ef048d2c91f163e6ff10886ad9c9356da92742efe3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
613895926494b373bd6a7aefb80038bd

SHA1
4751131813747b949da4bd2fccfaab2fd8324805

SHA256
bf4c91989ea6200d0db7147b74e0afac2a0126eeffebd42ba1a8a6ce6c87df53

SHA512
82f2be43ce787750e885da327aa9a63c6a1ae018ca350c0a27aa845ca3cebdd556db72c1d6bef97ed2d812806ba526e81966af3f5c157765ec0438313cee6d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
2bf1e0fa2339725e56a078c4dc12d071

SHA1
7b0928002191ca953ae9cd37516ab5d8907ddc5e

SHA256
06a86d48827bef73fe91ba36c676a65aa5985e0a84aad66f468ed4ae18205e0c

SHA512
ba32a939e6e495229a378e8825c0553a2a0086d6863a6ab9117751c9bd4f332f333f4425b78504865e745d11df421eea9fb0dfe71747fbe775e5f2fc48c56ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
7852c6b05c26ddee38bc3e51a5aefe02

SHA1
5e011dddf9c948752840510a0e01e4918acf12fc

SHA256
f75a67ae5b9367195725705af7dd96e4198d99920423f4091b57e9248b6a9852

SHA512
4cc40f14cb2458342900801a0cd098a7cad6d295dd43c57e4695f9d2aedfc810c8d6ea24813f435cf3df446c60c713d3ebcebfc90112e4ac674aa9f11357d055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
ac66a3ae347b2b5c62dcce7124ccef3d

SHA1
9ada27c4e764778789a377f27332d959ecd26eb6

SHA256
787bbe4ec9eff189e9e6532e1886850a5074470eb2c076b0ff79775249847364

SHA512
8553c4b9db0c3c860e103db01da6f95947f53c604dbc0446a2a9607082b5692e73efdb8644989789a79cc747955527a3b935803a4de799aaf73102470615825c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
5fed11a7fdacc04b23fb481d427c691b

SHA1
2fb1f6fccae3388ef46b3866d6812206aa7421b8

SHA256
ec0b8d87393d53c8231c73dd38577449a425f073f4e16fb4923fdedde373b86a

SHA512
2bb8c2199433c287064d02c03cb135d1d8913e764df81e4f72a6695846b62a65666fed50a7498b0a2f5b47ae51bfe6418ac50b1fa2d5f8a79c8ff1bf655980ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
7fd4b5cc86a39707bc9176e3288b2fbc

SHA1
e3ded997a4d0e593d3d5034f1ddea8cd541d39ca

SHA256
4224c6e50454698859b4f73f37dc091cf48d2536223814e5aaa75a7c74855dce

SHA512
b3f6c8e96ebc709c9005dffc5e658948cb49dbfbdf81baa3319eacb66899ab976d27ed182ace0f380bde0f343636cf1edbc364e66c5344766640ea25dbe9b198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
81fe2cde1ad60f1fdf6e62f58208617c

SHA1
b09eaf4a9d844a8bba791b42177f0541e9617633

SHA256
cf5baed21a028f1c2636ba289dba1c2e8d11db8d4dd54e8d926839759889fe3b

SHA512
5c7b524915c9c5d421b00fc6fd8f76484d9563f8d954355e33b0ad9f87a61aea6bebda41d62245847b93016d9e904790880fd019d55593e663aff8831225cbf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
e349452a2ef5486145b51646adb82559

SHA1
1eb34264ef044ed3c14210d59b589d423cf02401

SHA256
ea1519039c84b8c5a97fbf47ef343a75070a4f2d68bf1e78a002a3a96a771d0e

SHA512
386eb881936f843f2a7b5e3d70ce8fb110314d16d63c5112a89e5877660a38110d62f4d3ef112fc8ca7dc19a0c54f705669545dd975c0bca046a0fe59fcb020c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
8d395aac538daddf7f2138aefc6f16d2

SHA1
dc0c17a42dce7e9a31de454c93b32bf24b082977

SHA256
c74d406c381c27e2aa937ecae1428662a80a2b97657a63a738ece4c6ccbcd30d

SHA512
59b80675281a66d4cafa2444d5eda43c3544e5acbe2bd8e03717eeb9021a83aa5a7a9015742fb47fd3cb7165add2c1e053b8249ccb6fe5ad945d8ec1d99929df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
616a994f187e425a12e958bf7bef08ca

SHA1
a68f4aa36ade99a2fffea9a2307089d7868123db

SHA256
264e53d99f9d497029cc7feb573c60cd599ff3017aa05a74a9350f87bd5652d9

SHA512
7e6b8df3d7dd6a137e1f4d154143ef812020403d22a79da19061f585da064c78bc88e777cf2163cab13bc6b066ba8a7b14a9369015a0e54b5a04b7efc41bb8c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
8125cb166052ab2f6a2d94f2c7953a77

SHA1
3c6e6ef6d6499869731330ad8ab11495e2b6929a

SHA256
4c7db5c2422dd9d296d82e8957f897e16342c9d53a44aca549c8a01e6c057234

SHA512
11fe647120565573ecf1ef03a7f6f2619032f1d4a9bb90f15e6fb7d6e5c3d515d9c489d455c3e86e0222349bcef1843190752bdaf35bcd4c17a4146503ce07b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
9fd197d0b2b73683aef12de66ccc5e46

SHA1
e1e65e9728200683b4a973752450799174310c03

SHA256
ab994e334f4d4ed199df66fd5ab04e9190a4665b09ac557ed60702d61c40561d

SHA512
657d43f455e756684c2de1baf15f4884555e5d028e84cc02b7c2ed2193651b95cd2d7e4c4d00bc930a44c3c18caaba0436d84984479922450e297e12a0fb3883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
3e1af8bb79be9a444ce969eaed446fa3

SHA1
5f42009552d4a2b5206b96a7c6ae4de65384caba

SHA256
0d0ab1534a8bf22031ab7b7c2a214b8ff5f32167e1754003aea66cf08cfc9631

SHA512
fed87138d19c0e4b71a18bcde8e55dc6be083a48c2855e12a3a0d83119ed183338d4b4f9439bf2444c50ed8d9743dd2f01d49b3b02aabbb16b5a6db5143d805d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
72684068576dd007d7dbe6f88638245d

SHA1
f1e947af6e046bdec536249b690a87676b96dce4

SHA256
fe708aa1d0bd3a57a40cf6ddfcaac2c5e0084e449f34a6c17294970a3f8785cd

SHA512
fd86f004b16fbf0bb859c97f6f1ebe125892ebf035a46ff66928b714d3cd349ce62e4a422672d40b13ac8913039b8f0567ad043dcfd2cf4179ad45df73a8fb5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
21a44033d163621fc9753ae3ea9bf54c

SHA1
614b72ede14feed749fa7d1e7c6f07aed30aa92b

SHA256
18d66d8017481f3e425f35dbcdfacb4851e8e851c4d51dc4f644efce0ed3c271

SHA512
7a87819f77120c5ac379192f41a1ee6387d53640314e12b26bbd627f4b0ee87dc06a08ebb9cddaf019069ad077084f5b51a9bbf12c7586639f1a8024c6ba3339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
f5191243ca1a73f6b1c8338104423ad0

SHA1
55636278d314764b25a8972ebdf8442dfcb716cf

SHA256
ba8b097dd2983703247c0c6687a245cc2a28d16ecd975f07bbfb4d4235f9b5bc

SHA512
9a67e2e71bd886a8e24b8a734388f1a04937b3a56aa9c0feb752015e03d1283a647df47d9b6de0c18600a65a0500e23906944aa6abdfd8a92bd824b9379bdf1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
bc751733e380a989b24ec1432d687de7

SHA1
a6885bf68bb3d1d4c14e1e7088179773e65e8dff

SHA256
fd75a6cd5a5c3963c3fed502e253c21fbfe61116a318003fad159d1ec44f4449

SHA512
7a05587bd8c41bf3910d82c4a98c8d9247de919de89f89aecb9d61b1a2d15c6e6ae78715f33b4bac7ae7bd862133b5c2dd38bfc3603039be46f6cbc19433e60f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
664bb3582aa94a2a5e4d8495edfa8510

SHA1
f8cb003af5966c7fda28811868c41a91966acbf7

SHA256
3ecd05ccf8659c83ee487bd2c8afbfdaf524a4325c9857d506fafe23a372b43b

SHA512
8d9b2164ca990d0e20363ed5ff15fcba092f9bfe53f3e97851d32c4cb96f33daac906dae301093586eda5d4a3c6dbf0cd8b1d5b14187388815860b4e7663ee0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
9ae25f6aab52b1913ed3277763ab4f28

SHA1
cccbd9a8afd3bf9334ef95bc539bfd16d2e74e62

SHA256
0611adceb3e74aa34010e44ec2111e7d6241c3c3761504d5043a2b7bbacf663c

SHA512
b4b54c822adf945a9e311691b8fa5146d61a27db9ede9e806bc95ab64d54fcaf5488b33e46d8c34bff32d153d3a3bacccc748769cbab374b1dbb1f6bf9b7223f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
6c7ec78d7d36054dd394eaee733f4a59

SHA1
0bd84968e11d5c56e0b37dff15005d399cd47203

SHA256
28ab4134423f83cc737172e14c04b2779f6c270a00429aada5b713decec47b71

SHA512
d2d255b511a1c0ee6f2da5c20e87ca5ed6ee004d14ba987600516bf1c22e9e5cdba509476e96bfff46604a12723399aa8ed155afb6fd917f62132fddea5e79c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
cc2e5f4dac2728676e07f8942b125833

SHA1
193a018ee5a2ab731274afc0ca5d46e0b0174559

SHA256
e839b0177eca29cda506e7ddb1527f960ef98810094a3854b6a2de26f47b7422

SHA512
f40a186b07a7de926a8ecbad8664b162ba8d577f1418707b4ddd6f39f15a81719a3090a178b39c0152559865950ec94d4c5bbfc598872edc8e3cf745c6b60669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
41216f3aca27ac055586ec999ddedc65

SHA1
c3403d6afff385f9154ea36dbe88b3d87fad55c7

SHA256
704a1cbe46e2c967c21ef96c0c007d4c899b099e8bafe777444ab5c67a92529a

SHA512
24553295f78879b7a9d4487faae63e27847fcb232c868c709b147fa5c93af1b9d4c2845cba007eb205299ccf9cec3ed97b4250fee93af27b4a201bfe80128ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
6b281ddb1edd01ae26a044907b10ddec

SHA1
47aa09ef1b83292758f595993ef655e801029880

SHA256
fccb038329f76d806d671995b84c76fc6fbb28f5a57e15dcd2b2721020bb4f32

SHA512
0ca66f87c8694a4941af1df91fabf16d2910a5346472110c984b80669e61afb224d93b825bb199d8a2c5b57a49aee26e38417f64c5d479a94cf1eb04dc7c1358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
ea9c22b030dd37c829bcd8692fd3573e

SHA1
a3a081492dfbf105f64c6652da84cfada690fba0

SHA256
f5f0470eb898345be67ff758d9a130c6383fb17833cd4c53d5b6e4c62012aa0e

SHA512
27545b723c0e0a4d7b1cb092fde168fb00148aa102d2570ba4d33a3bc4c395ba519a35403b587279a4bd347cccc00240a44db04593ca46676b875bec25313960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
7583e8babd7b70a069e42fbaba2f7338

SHA1
3ebcf2e61ef43f6150537a03fa43dcf0a0674d7d

SHA256
5af06856d9e5b13ca438b834a9b0068a08bc05f018254485ba35fc5846db613b

SHA512
0f2198841a15236750481364c42ea1956104b0cb2bf38e51f365c95eb1bdf7d817fe4e86c0ecbc7cfa83713ec29f928795a3c5026cdff8c77b4a539d025c6fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
03c22b82ee83c6667bb4703948e0257b

SHA1
45b41bd709102ae59ffd1d44cfea121d59499d0b

SHA256
a83f52842195e20ff3e879c38c54630ea517a0ea0a56325ea0ddba8563c43ab2

SHA512
3921884fe3ac6c5152a1bf95e3371fb2bd349e5d179c1ab0c7f17b4c448ba06d0424271395cf294a935044cb64eae78b213b3ded62a20971d7fc7a9fc716b4aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
be577e7b1a3ce1a187f51415b88c06f8

SHA1
73b0d3fc8b41b2e67599219d034cdf7520de75c7

SHA256
085c46c749a845a029880385d203c01257308574d442b5e7c73e1a5fd2c4d1c4

SHA512
d33684f0c6eed37a236502f3823ce731e520471253640c2057c3d5729efe2a9f20962611163c5d27cef9ca3f2c207f510e67b23e7c576d41927aeb583601add5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
dbfb39dabe7350b5839c4fe7de560fae

SHA1
9711b4576916e5e085770dd894d4cf68bbc2e9d7

SHA256
1f1ebf685daa4d937fc9a9bbc696a8a3fd3adc9a477c828afc85fb84510b73e6

SHA512
3f53afd23c534e9d2832f0c917190b3985725fa445c6d5110ae10cb5d10766e67eb2942edf08ca06650c46943843e50447ad7c4599c4f517c5e1e62911bf4ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
ff15e4ae36d7e5f678e5ee475861b4f7

SHA1
190e731fa80f71211a06520ea00be247bc6d0343

SHA256
5b0b064396716fa56a900e349298d0ddf8d686e6d7f6257c91fa29a4e6beef3c

SHA512
e0abdc418198bf17120264d362b2e971a5d8da8d7e1c7ca206ff07f5d4dd213a5158b14b560b1b55afdf184be1a0374038eeab5a5ce36666e812fdd5ef991803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
41be86d6ef60933253e15e0f99e9f25b

SHA1
b12affb1178d02a7d24f1b9afcbb27912548245a

SHA256
1bf09f61322dbb466ce6284e9728fc1c9d663a3111956de45d7091f37c5f88da

SHA512
8ee715b8ced71718044c07b508b05d04e3673e7278d88d44c5d8885af8e429a979dcb882cd759383badbed529229a6ed94332d1267779fd9dca72475389ddc73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
0224d1b16f3cb9edb9a314dd0e84318c

SHA1
8e120a328c07881379cedd110321b30b9cb5a39d

SHA256
6ef2a3c7e7bd0f754d4a5740f6967705ac6a6451d40bec444ab84f433c5ef9a4

SHA512
c179728f35a0dbcc6ffd0ceb62654f0f19cd9acd934b493c5e150fde88eeef5b8139e851089c51da94acdb649eac62e89811070c99325a255faac48280f74f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
cb642d976c976d54577d1818ac526609

SHA1
405abc60e61406e2b776951f8a0d986ee2d0f0ec

SHA256
2f6436af9d22b3aae3f131c3e42895f73b2940eee32ca7ff6cad9786b44533cc

SHA512
dc49d49199be5546cc6d40bf364affda26ac6ee5b986d0a4aa4bc100114e4979be773fa785db7d3856a4db3b9fb9fec2762843d58648651ed65558c9f78ef5a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
b19ee6326445ef151c053d8ecab7d5a2

SHA1
b429db7a606d8b4e69b96f831e816dd321aa4949

SHA256
15bcb0367ca229efc153012ec52bc1cc8f9b0c771b265531d155d0196bd24664

SHA512
983599f48df4557bed9591fe50810902506a9fb6e17e553461d3a3a2022d0540b53c56ecdbef9f85ab66e8f963cf8b93d5f6ce2fc1997c8d7c70783704ea9f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
3cc0fc0170be77da1f80ae320bccce1b

SHA1
4a4f6d529a38768f7144510655497027f12e3c43

SHA256
00e6e92e3f58fd6b2891c9e4d88d437daf1b3038bd8fe7e511f53428d0f176a4

SHA512
3edf1a77037eaf82e69242d2d6b8d0394f4f6cf9027e14ad9461203fd64975ec963b67f0ad91fd078a67087c99ae8ad0ee9b58f8d9138efeb1a7df1f43b5ce9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
5a1ed6238fbe2479d0eb2531a3ff1af7

SHA1
ad7525d89d0eccba6e2d746c12ed8f41a430606e

SHA256
e21a3fa56b9f578b3ef4bf767a0e7a271eee0fb964ba8888ab768f28ba3f5554

SHA512
7c4ff200186203e85a9ad09be5fcca0a82a1631f6e65d0f85c68a403cc71d6c2462d68b12778319d0dc72b4b7430ee743e3708306d0f1133ae3401923e20ae85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
a456509de33f6b94bc0bf8ab271d1550

SHA1
58bc83308c97cf11c32d0342b46e7173bd294e92

SHA256
f4a6a63372e9c28bbe2b3901d4403cf12fff62f7dd387abcb5be4451c7a0f247

SHA512
979f2bcab715bee7315910c2db27eca0c0507de0dcabd28cdfe739087b19869f562c1c4ded227417b119b3be85cbf83739a959da060e3404153b397a036e8dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
f8bfa11e2736b852b6aa5275b7e3d465

SHA1
f86b00c07b0843b32e85071b29fa4a3a85b3f83c

SHA256
5fedb4b712df0f71886f936683397087e9e68110ad89b7c15850ecbd85009d28

SHA512
db2f5df8ff105ed71218cfd9ea17030e31bf3c2be4e8a654ed50fd7291eab6a7a4d22215114e2d602b2a97dc1da985db4abcab4b33ed65bb594d3cc5728b9415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
38b895ca039d630e75e45d67a892e311

SHA1
5a6a95cf8cdb590695b511ca106687df0e050628

SHA256
c4d8655fb26383f85f84b0b5644d9603f32c13cd113d93c578ac2380bdd1fdda

SHA512
d11622a771db6e569ca7fbe43ba96546c63e31f410f906671fc5d77c2aa3d3a1f8f0d4d0056afcf63442aa18285352ab4c2c9c14cdf8c2059a90fba942ff24e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
24759e565e3f0179aa2a29ffe9885662

SHA1
5ec12d771b5aae7a3311f8d91b1338bd5172e157

SHA256
af6433fa334504096f07b9354b8dafbd16fd00666664f537e2c3bb1b16985196

SHA512
bca234315410d22e30ed9673ef20d72e7b9873561d2a114ade01dad5fbc7741b78cc791b4522a5d8476a28db2fa232a60c0e488f6c7b3a42b872410967b41121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
22823edbb4a3b907c94ac5c29296f34c

SHA1
75ea7b7436c2f4f373eb9541edc38d33c17fe6fa

SHA256
cf6d291dca951ef35bad11525d1774f1356b52bf53613767e716c522820d7329

SHA512
9b55d552c4d215213c7bb8ee2b472583925181ee7bb5125c83010270ac243ed69c318f497df63023892ec3c1c8a17d3aad7dc8de45775c097327ce2bdd8a8e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
2ad981f539a05815b73d4ee1db58357d

SHA1
670b70cf4cef93d689bdea262b9daaee8f6986b8

SHA256
2f13d3764ceedddf4d7a5e32ea897136d755d57dd8c7ee1351f483db00dce7e7

SHA512
f7e2943e1225de140fdf5291844fb74866eef8f1e18146407ee9f27f1fd776c3830b1bfbf42e1f23ef112459ec50c1d57b9b50e51ff8eceb81c2293099061e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
86c13534c474135aa65279128faff93f

SHA1
d8e9451d65b8d9a18ac417e8c8e9ec2c4a7e69ae

SHA256
b0896955b8daf211d8d2dee767ff0595928f98f5a21a8243491e22d1879d67ce

SHA512
65411b3be4a1251eaf0d7c8ee6a322f1201deab267aa58d5ac75b9cbaec6d69da2fa0855dbcec3e916ec3c33a288d3443d152be1ae3418da54c4ede084dd9a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
73fd743afbeb0aa0db8499e3fc0ea5c5

SHA1
ce88aa80acc57b0c7deff25f7e5ef71ef27b8e90

SHA256
b3f2ec5620a4656bffcb3c9170578d276a7ece6017ade48c419fdc68ada47fe2

SHA512
0198eb90b9a31f20c8043361d1aee82fa76dcd331654cc7baeedbc68554d2deb3a1c1eeddae7ebe491af2e2838fbfe6c85f4180d2a987cd260165b498be94afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
32bcd87ca9e5ea091fa9afe6fcb003cd

SHA1
280d8beb435c96c9f5e60d1ae85cd0c28eb999e9

SHA256
fe68883aae6ea392ac66bbca8cd3b0eb00761ede4c0e350dcb675f1fd93cb539

SHA512
5c248359267d90134bdda3d5cf87922aa95bb4680f7c8bd678d6f9ef00dd1def832592a81447297e15270a140978b593b5de21ead57c56b13f945a44b99f5798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
23acf9e879007063a07cbaffc5b72bdb

SHA1
af0f27383f8e7f3f1a83e5de9cf95d1794f30f14

SHA256
6af29e9549480a24d28589192483c00bb9083490dd6a3821951361a444040df9

SHA512
23f51de76c135a93bbb216d66172e8050c8407424ccb5208a73d791b14b3c048a3f6cababb8ca18352ba0c83926d3b353fbc23e879608a3e51499a38d887da90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
205be509443963c1914c44957f6748a5

SHA1
4a8fb6dd028a9f87466e8bbf9312b84a2a156ef6

SHA256
f9c5e59e9630584b739aed83b1e55a1c32d5ba163695a80429c2b5d954ff52f8

SHA512
a28d79db658ee969f3f92791cc21ca06e33d03c41edac680b2b702b96f2c1bfe18cba9a07ffe0ad24486af042f198105d5f5780359f6ae05dd1e858bffb38f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
77e0a84b0c186674df2fb4cfd5b2b32b

SHA1
d10ca16ff4ac56b5aab0d0f0828c6f5eee0d9ac0

SHA256
a814310850de4dc640f5571c6f54b5167c9269ba4e6c848af16c6ff3110a6c6c

SHA512
ffa1a5fcc20ed810a29fcd11981b510c07bbbe923e0779347a3a8a6d81b17fb5533002df3306842a327092bf30dba141ebda6dcd6be859fd1e7c0ab6245100e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
48343f005a909cfb50ab64dc164f24d9

SHA1
7d0b8616b7775d12502dffdd1f6bbd8077f17cef

SHA256
54c553dae92b5ee8b9ac02f382ffd826567dde3bbebc61a7c17567243bf35835

SHA512
2467d0fd73e5d3ad6b91258e3bf04121b50d5988c22b1bce1468f672e7871add2674988ca37c38fa7979a727e9c7178a27f8dcc33430e30b765b7dfb2b91297d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
c61547340b69a10db2570474fd504005

SHA1
a2ee2a2555d6c2696490239de1b835933fd77015

SHA256
cd57c33765443a1a76b964473db62ff5106a2c081e76f9184c3f3c56692fe245

SHA512
324e605440a3f95a92b57cc8788d02db2d277c3984e6e5979d476c205996e3537b02a5eec1a89314297abce09f02f25e513e25e1e7709bd695212ee538864861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
8243d0430534013a377fb4e6fb75aaee

SHA1
3911e61f3e927c5642d5f68e260a90bbd130cd22

SHA256
fd235a0c0da8b035023ae695efe3a1f78b4d1da55ea612712cbfe88b20d72d32

SHA512
98b913750e9a1af77aee83b9f8794fcd9d9b8fd0cbe3bc893a667c1cf5cb058f55329e089632ee66a228845300deee46d372b63069fa95fe6ed79d2e797f1f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
4f832862b9dc7c0f0f7279c539fc8a26

SHA1
90d2e173e5545683568c1f7ff2fce3e75c6371a1

SHA256
4e81d0597cc8ef49b37da3397702741ce23a601a361da6d10acb78cfc5eabc5d

SHA512
7cdd531dd0c5056eb8a56136ed4672a61f44963e0691789fc4cb921dd3c80fba4af6a0ce06c6f2bfcb2ea2aa34c701e840f26e62ea01ed3a75e3a9b7c51bafd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
605f5a6d3e35b356e9b97f65060c2a26

SHA1
885ce7baddb7d8afef9bb62b002aa6fd4984ef27

SHA256
ab2e6a0371b083b31f9bb7446ab87d083b8fe9d8e7704e4fae37dd61d15fa06f

SHA512
215c7c1a692645acec24979fc496f88d32d5afaf5212119e7d508c71c62656113fc293c25e7a4b1a80473b1f91fb5aea91b8cc7370bc375f5392d8ceeb75367e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
ebe0220653d71153a0bb04b64d521395

SHA1
f80533ad7848a2b7b5064dd6b12f85ab66f6090f

SHA256
1fc8cb8304bc7ea743cf7907c6984a89eeca8b69d69dee5ec18614314728fdb4

SHA512
ceda69cf11f6ad6a65f0b04de2605f012c3b1cfb1c307c5417c2c463b753e82b23fc3f22552397d06bc5df01a450afff180fce21ffa833541de0604f9445d28a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
671a3f8d48af7699078ddb93a1095a54

SHA1
6f1c17bdb9a6f5bf11f47ddc99903d685f8c1075

SHA256
97e38729cb5ae7289c4392d85990c4956fa4d633121016c0d488f3643dbb76f0

SHA512
ad2010454328bdadb2f5019364189d1e147758736345af57dc203e8780aeea409f2a0676150c62ea708b06c4939920769654667916daa826797d392514d7c9bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
fd4f3a9c9fac397af693fcb7a68742bb

SHA1
294db83b6c20f273d648745fbe57eeaacab9d64d

SHA256
ef283b63320e494a7ac56c0fb49f855a7ba53669aebc11782af58a75b2ea9ff0

SHA512
1b715b184f951795049d0ef1846d5758860de87d36f66bf9067f72473a377eae203c1662e498b50c3d2f294d92f260f9fe1a29d99780c768ae4456ce2bdfbc0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
d156395807323e3510291e2ecae3b1cf

SHA1
362451b63baf42aebc7ce87f16821fde44cb6d23

SHA256
053c8887010c039cefeeb5a56c11a19128243880e6955bbfd185631b386c8182

SHA512
908a07baf6093afefb135e42b2bc9cab7b14659101f5d11a8fdf1bd4dbd181891b9f925eadc676e8342acbac61966d98b9b67d60add93b4df3b589625e4a4eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
44f195fb86172a8ab6abc5285d9e7647

SHA1
670654381ebfe431e20882f0906db3fb5063d11b

SHA256
07bfcc8d429ee6bb98334063307fab7de0a3f71409eb593638890fadb417a7e3

SHA512
9eb5de11c72c855c43eff9751700ecb1e7531bebad2f0368c538bb5b3a43aa411a87d252f751591637e2fbb231b2c8915ce5581a3de1bc4c49b2e16009d0184d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
0fcda0bcd1519722bed8d6cd7e4a5e83

SHA1
1845b412c0d130c8fb105b1db64f8f0f719b79cf

SHA256
683224dd88535e889a3f5af3673b97c4f6d6e26f11660b396dbd07fb981ef6cc

SHA512
fd06bb361650e3d9525c41eb6860e1e6d306603ddcb8b591f63051b12725ab685e241e459185c8403738cbc5ff28e43dad1b764c06c8a5b4724dc116f2540c6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
eab6f265ce3cf92021c9fee929b65a8b

SHA1
e832729be92726f996e049d48e6e72dad0d89509

SHA256
ddd94e689a16279c45a2830366ebc48e56ad6d0ff1b1756576371201ce637469

SHA512
6cc217c9862d619b53e683f481dd09f75a6d32884068a43f932dcf0dac1c06b61fcf440a6cee5128a1be5e3b0269fd62c62d3866cfb743ebc75dabe0ef5fa59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
199042f295886174ebf96d157a1ef6b5

SHA1
5a1d2effce2df875513a2b2eca6011774c4982b6

SHA256
b0743d3332c0d9d4f17859c2cceac91417ecda0e7ddf9299f595f67da67b9561

SHA512
d5841ca81b0b43199305d1b847409b500eca46ae3518129a1eb95006eb02874b0583112595fa64b152288f7c7df1466291ea4d74f41d3fa68175d98094ad17be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
8f9ec2f537e76b9a672ae763f5ef6355

SHA1
340d1f60d09d0b74dfd86b0b982daf58a3130650

SHA256
27a9ebd6ef607c25655c08f9ddd254ad5131498edd15fe2a9997ce752a3e1308

SHA512
4fd39b69303b8a2e3270f090322111fc28957e5d1918f6ed531b4b5ef9fb3a06f337d1c822fd3b13561e8a9414fc5de6ee09eeee627964f15da9831df1f43c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
a34b2e2c8e643bcb23ee4fd163e1c342

SHA1
01986eb76c328a3c5e54b2db650677d02f374a00

SHA256
1ce39b830eb6a508cec01c1388a9adfc0dead9441736c4a34dc964a9f7ff88ef

SHA512
2491b39ba8c0a4ba699fea4b58674000410d0f2ffa9d11489b67d614aeb92ad8c237cfd510052c9991f9f763a69b5bd30bb112c174e5232ca015e16b58386ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
e11b1b83e06f7d13fa9870dc3e58262b

SHA1
e7bd7f3009894f38af03eaa155fa640589a7105e

SHA256
af21cc1406b303547a5ccdc3094634d54e9d6b5948345c421492e3e1f87fb497

SHA512
fb74d2ec843218523bbea1ae0386aef015ff6bb9886c6918ecdf7498845fa081a686a79dd510e05772b82e39914458a426fe0c86b31f0cee41cf68f0c6a85296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
edfeeddd5bf9c3dd6b6e575efe24b68e

SHA1
d20f65c2687d66da16a2d9f09cc8db8631bf22e3

SHA256
f8ceaa1140627115c6c1c9be52bc7c9f3d8a8c36230c1cb29025085a69d660e3

SHA512
e094ebcf03f167bd66f176f3ff56f32a4577e8fe674c53f95d5781ea3394aac46e2c6fefa7d17973f2833b151bd86617656c253ccd8d6c23037612d5516ff25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
e0e0e77045e3658e8b581f8c18016087

SHA1
30e23117c853e6a583429fa1fe697c0bf940ba1a

SHA256
51b5ed6fa1864f00e9c442272848311e5ce350b92c7969ff4a2e2771214a4d01

SHA512
08956e538a565b92328d1c1ce63bea8e3166606aa0cb503920e583daa1f2ffe475ded8a7d163ea10f8a09cca1ae7f2f4893ba638bb24dcfc7ac1bfb573a250bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
d9e21a6424b131dfbf99dec482004ac8

SHA1
1740975791fbf1c582a01a61287aa73c112143a6

SHA256
766715c5f42f893b3bb4e4e736c9017c891d66e1839c298b3345e6b8b714bbb7

SHA512
3c1459db8fa6c3adc74b1cd87d1b3af39879defae146b455b891c3ab739bd427a845411c78e659f63a35c13cacecec261a173c75c14e1ec46c54966691e3b75b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
578c11314c93896ec6295326f7741609

SHA1
f058a8f41e637a4c71b411e8196986b7c29369a8

SHA256
a4a7913a4cef6c234d2995a231e8f727703225fa4231d5baaeefc26dd99c24a8

SHA512
3c92cf0377fff5ac73cb07e093e38475fd4d74d45fe462150705acc6c721c67007364fe763843013d37ef7a45de835a18fc4040f9468818c276cb5d39355cbb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
94ce90e5b70250ff2605175db50b5a9c

SHA1
e76f89bb723ed9b1be29e130d5fa45e14f54f59d

SHA256
83b5d8e3599bfcb378d60aa16b570e5539883d4180d9864b3a111aa38b664368

SHA512
adce759f3eb4385827056a206977646a8f9ee3ab474dab380840685f78d32b0002a97db4ba06e230d21a3914429df2adef587e5c02f9cdd5c091ee9a664e8da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
91e94fbf2e9b67e0c85db8c09ba1419c

SHA1
0bf79f8440f0e12ac860a3eee407de4e50d39298

SHA256
b593dfb38a1d647557aed7a50f7b6e67a58dabae9c30c62f6854cbe99643eb3a

SHA512
b4e81c00134c536469e5da1bd9af15f3b65f16c297e227e9d78f379feac1e52ca8e60d8d8972b78e18976b64c57c91c785d14bbde2c1f0520f540108a3763b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
8574f4f0ca1328896e0a9fe8c53372f6

SHA1
3fb707768b7d76e3307cd01a526f6166ebd17974

SHA256
eae1e80a839cec187792ec697e89054f4bf3ce8ee84a4db1e4bf374e572c5b0d

SHA512
7f0249e54892ceac8b1a2250928f82300e63deff86512f45661545598d068d5521aeab7cda09d9d06f2ca643afc40cf6dc0a8a51396f540e99d5da7497e193de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
974dde673d6f804a0310f524b8b485a9

SHA1
7d0d3a713d4195584e3c17f4efbe5f6bdab792bf

SHA256
9123d173c4328a1d6c769f3c716fa92875b3396a62077591ae73ead8ad9629b0

SHA512
3d8bbf0a7aa1bc7efb725d683d80a779679de9fae2965c95789a9c289f55b72efa2576ed61f06a7f546c9dd723b01730ac25553a0a8ce35167a05a09f7fa3e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
4c2560b212771ead979d95a3721879e5

SHA1
935d6344da59a77567e224a4ecb2273214082960

SHA256
f21ac9a36cb31e2455ecef4419320cedff62e4263fff666c8dfc1048b1c0b18f

SHA512
024d744d895e399e9e134f196029793f53aa8fd9bc6cf7982d03caf477a7b0b8a855c2b71758488566130578e4be3f8ee889c7dd813581b5015885772489cc08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
87f5fab47addcbe3fe21224b22204e24

SHA1
c50398157c316aa98db92dd9c07e79f8211bf50f

SHA256
329760df418e0e92e299612ad3634da0917efae6c7bf0d1069d99b9c61a96ac7

SHA512
88fa6449ac177949acc8b9a7e03d517c0bae946ff27c38ad2de7e9d87aa0fb57a3e324d5ac41036eb2e6be171e713c955ac53823647cde16a9c31bc427042aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
2b798b96d58b9c1ff65d4cea0041215c

SHA1
de09d65cb67e6a1b7ae0278348271e4952b580e9

SHA256
4e4aeab1b2ee58df153c117f6c2bdd1bd892be98e5db243b0c5ce80bd03234f4

SHA512
280df237825837b888a146ab30b022a9f9a8c39339209d78b64769ef4fcd66a44d18b92f4d491309ba2a2bace04811a5f1d10762d23d2920b31517464ef2a001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
df3cda8afd05872b2a97e2761ae00485

SHA1
6e473ef8a5cbf99a94ebb5d38ee8a5a47cf3567e

SHA256
504c5a4e7bea20dbf38a9050d65a90632274a9cc96a04058e95ba77e5c69a23c

SHA512
c3d8daddc5d59905775cec74c587ea8e48498811476724087a187bdfa3410eb24a4897a3085088ec3da4e2c7937e3db4c275aa1f7041513e161c4190291c81ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
95842591ed2a909cf967bde3c071710c

SHA1
fa312f2e450986d2e1031a9a3a0c11a41563f641

SHA256
13e9ba4bbf3c7b38cddb1a4299ae6f633d2017304b57c03786ffe550d87218b3

SHA512
4717a675ab7fca3d48ea3add60deff17b3eedffba85c21ddd2d8bac8f9ce6deea9dba130ff21863d67d45441ff7f9eca8e6f7e188573f89c322bed8ad3e11f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
bbd9ab3382d40693bfe3f5bcead3935f

SHA1
c9557eabd266887850869c523d1e0206f49b0c31

SHA256
a08272cbb88ee852d211ff0d6f77b190a6a00fd74d37611dbd968612f09c05e9

SHA512
a0d4dd5510f9deca72d76f9b2bd2a30d977c15038401ccd0edceea240fb964ff0a414d0b651afee5ccc84021e46dd7ff6c099374ccb7a3bab0e5eafe4a5236db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
2e7e7500275787c80b8be60270fefe92

SHA1
90be38c32740e6fb9a2d1c661081e162f6371f0d

SHA256
6fcedc4021140e6f0883ebae6d7c1ca2008b9b3638c374e6678f41778a87f664

SHA512
a30eb69098e2eaec8f2ceb8e40c6fe204bdd521f89d78e3bdc2d9f54ca00197b6b865faa9a3ded86cff830c8efbe495327c6e41a51d624ef7fb9c20880aebe58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
4a384d481399a96cb1ac40b68be33e61

SHA1
4ff1e455be924be3bec608e0501ec296017b0b1e

SHA256
e394981db9153c89f0c92c7d57a37561454b4b4b3d579bdf9785304bdb5354b7

SHA512
40c82f95defec5955aa35e381e7c827e6831ccba0eedfcedb1929f0031ff61241386d892dc096ff2e74ed37f032d2dc1db39055fb31aab4fa7bc4e66796c435a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
225a34bef2034e523a069439243e5c76

SHA1
d3eb417e9300bccebaeea1b88ff7512f4a832b68

SHA256
7144d390656b2e9ae908cd8a55a2b5a81d0920d8b34b39edf0a83968bc99dc39

SHA512
ae6cf482282367ca08bebddf77ad8652c7027bbbc0d90e8586752412c608da5c503d8f69cfdf2b939a3f2c70f1fc252b7c6708cca29cb4fafe66b6e1f8c81084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
d004aee7850f548af0cc08f063f2891f

SHA1
a641c3a1df9e8d1bbe49bc73fcd6c8b0e409c4cc

SHA256
a9b06bf790ff69d92ddcdebf37bd9d09f9ab6188b9ac7c928917825c277428b4

SHA512
db4af9f823dd0843d04c8e4d7dbca5619e09759e388de62b2a11fee952f9f0cad90f9004e7f048cc65ea6436f676ce3fe76dd5432d68e0aac6f093202d6391fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
2ed441f8cc34fc4eb38166bb0d1868b9

SHA1
caa80c9030fb27d341e3206053a4b24daf126393

SHA256
cc7e985c28444d9963d655f493a3ff0296c06f3feca08d5b34154a92fbe3afec

SHA512
dd1ee3ebca62de7e165a1ebc420fd4499ce8616d3279c4d995414640dbdf56a840387b3ea62bb35710f15f23f1f3f814239977cefc9e201e70a916286ea70525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
f9b6b862a6107f6ed9b27607e40bf3ca

SHA1
2dda5a88fc4c122ddb409e025e196afe54c6f11f

SHA256
cf83cd633f6867df3afa343e59336903ab0323d607f8dc969fff34108a6a359e

SHA512
e25042d583feee9628a8e6bea0c73900e9b8250c54ce0c66998550636ae7cf0198dce7a056722e748c7322a8fe8b3c94c98bea3ccdacc7e94f3f80dc90603a2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
1d416558f56e4ea921f585d8918c424c

SHA1
87f3e96eeda2b1625043dff64dbd0a4476dba295

SHA256
821cf24a2e9833d1b989262ae4c961bf4049ab110e92cf48c342588dac34ee44

SHA512
925256ad5f6836403dc181506855114089f471ac41bb67a6f9b54add2fa6e28f5867add4350f89fd07cbeed2b1d61fb35c269a93955aacf9f7c4b472d47c16d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
899d6636b5a870ed13a9b5ad7e121b23

SHA1
7ac8b8a14a628f88ea6f20bb46b8daae6deaa900

SHA256
f157340221354a2a56cebb1ec12be36aad7bbe2f972ef0eef45c99e412be2008

SHA512
2e1a47f1dd3252283beaded2b241e9dc5875a640ef18449590ded145b5d7d7982b57dae52935010542d2f62f3d596711b7de5a64e029b5754ba2219698024149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
aeae7dc96f94b81515a6f56a2efbd130

SHA1
88fa145483de845c9ddcb0facec4dc9748a00b2d

SHA256
127dc347b76d1052f8b590aa06094b33a48b3c0f4a00ccea36ca0198e16dc1dc

SHA512
a3c71bc5500206c89f1d08db1151d03d7c6b1fdcfb1f04cfce38f1761df73cb04ece1d6b6e84db101ce2c577ad2bfd33c5147456f016940af9b5938a7957eb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
75f81d7f00f0f59af94156e90fc2463c

SHA1
be3c3793169038711a03550e6ed44b9c8bf2f026

SHA256
556f335b81d2bf550ce54f2bae95a4ba370594f87d32b1ee505756aabecf37a1

SHA512
d07e8de8428692ed2aaa2342b48b76ed42bab3abe5003b0e22022bd80157b2049e83107ccac367327d48c642527c5d6176048d49cb68effba9ecf35047eee1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
0669910becb80959be8775506bd5e555

SHA1
53de059b8502b10a29f49eaf52c42a2ca5973383

SHA256
9c4d138f646599df44f5a4fda480383bc672285be2f2d89da90db1b0987e356c

SHA512
898ab37809d3bf82de0b11098305bdea0dcfbc04584fc601c2d20e1573fcb5c509a54d60322215fbab5045a8f2c4e96b0956e2882dd64d24f1b3307516ffb4cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
e2cd58325ae6da8f6116b6facbb10c32

SHA1
326c7c3daec57244baabc066e7df980cf87f0215

SHA256
dd513c69df4c5854768117449421ac08c24720d2447b7704ea924057faea2f3f

SHA512
673ced00a553a2327035bb90107d13f80d643428088a2cbaaa01e5782e7ebbaa0fda55fd0a5a1ed1f80687b05ee2f30c159743a6743c58c53478c86399c39ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
566cc7471a7c57e96240284cb69858ff

SHA1
347233f91c36faad11486afa04484222363afdc5

SHA256
b0ab76bb095152f169218608c85858199364bb3b7cc29c1e967b37fc6111f0ee

SHA512
a18ad920dc4fe02b8e7969bf3669e5022b8a60a2616922e25b2330da01b80a379493f5898b570abf918b8acda30fe00ff6ef783eb498ae0776f63eb42665e99c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
4b6ab1816aa5e3db28775ab1fae728eb

SHA1
c43b9b49f3e1e51b9d29906a7f882d03aa6d2f5f

SHA256
62557467a86bdeac3f6d3214b573c14375cdb7ffd592a4a1f0204b181b9daa4a

SHA512
61ebdfa8260a9778bd3c9ea79d09e435a29cfc76dfc9ac797ac18662d4ee6e22855bd917b68f08e56f498d0823fef421d8b951e0014413018466dd66d55aa8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
512bf11c96bd9987fe5eb2eaf6f93266

SHA1
a76534f81400888c0195f5212431062549d0eb8e

SHA256
ecaa7b4ee5783b0998c0dc7006fab494bdb514046cc666a2835581675d9fa8b9

SHA512
9179209bc5f23d02002213124e2536e9a5aed999259d95a63e0dc042e54bdfad4d236545724a3b2138cd1b8e4a073ac747d79653bcb52c248f472ed8829f0df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
dd23d54914cdbcdf25655c2dfe0782b1

SHA1
0dd66406ceff3a92eda44e7e5578707b5ffd0372

SHA256
593e5d1c0f0d4726430f84970d4d9e190f2a92719523740fc7789b190d6489b7

SHA512
2f5b1c33b97aabfaa656bf46dde3fde3df434c951c4a2ed828c88e89eebc16c2906d4531dd135701846a1b8d84f07587946a0c0ce453ebffe48cf16762ee351a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
1b6c1f9d8f7035fff1cdc6143c7b64fa

SHA1
638cf9e0be1cd82428a025475e12580abd187dca

SHA256
fceeaa804aa7784ca2c3bd028d1a25db785545a2fffe91f574d2f4fd577267ee

SHA512
12a52acda7e259da113b44d2b51608713413c79b08de7695c12b6d329e4e9393f77fcdc33bba9b7727b4c4858669d724fe00b7098c0c8241430048e254caf11c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
9bf702676d892b70771cdf038038a542

SHA1
4b7d8f0acbce98aeeac43059297ca66f8e2b1672

SHA256
e8950697214231d02c2463c7cb28db948dafb0e8b2764a3a75fe469f89252121

SHA512
ab01141819e9371f7d2e8e10acb8dd3b49d7bea5b1fc5812553f4dfb726c94870c444853128c2b80fd35cc7df7a6a5eff6b6f56b9e906466ed52ce5e1ef7bb36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
3f589f75ea2f0a601470b766f3f66d75

SHA1
e794df331ffd6a92673aa0648fab49e07c805a27

SHA256
6ff5b1432b9a97bb5078867af01d21702986c5e2c99156a0900a8054adbe260a

SHA512
fa518e364781b4f2dd183aee4c37a9d577f882c751f3bbbc925045174b032a7d8a2527eaadac7f9f59336ae62f1ae1e4b6992a12c62f325a8939a14e72fa74e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
fd9a20a2debbd8dc451e05d9178e42ce

SHA1
634bbfdf21656d9e2057478525749d995ca617bd

SHA256
a58f1b3a03ee57a16f2b3242dd144a508aca7ae21adf0a429194c6d5ec719963

SHA512
77343e599a8089e8892a27c34b9b79bfa3adfc1894336e0c20c26dbfd017be1f49ac37688266888acec95d0bb0f0c497140fc0f1dfa9bbb6e3d13fd9429191de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
440d36c2a6cb6b136cc934f439940cd2

SHA1
7abec5bda5d9fe0f1828ce20f38e828c3f7c1625

SHA256
dac343b8c414194b4fbbb69ea64793996ac01a3b952fee275d6a68318b2636cf

SHA512
b0bc83e79dfa486508f663c0ce04bbfb101a9d43fe08eddf6cb83ab685f3ed34c56b90c83cd32854bd73a56439dacd97f832875e0ec74617286937d826ef6d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
d65e035af5966f290ebfe626501a3fd6

SHA1
ed46b377159e09039dcfb24701f0463ab5764944

SHA256
b68dc0d12fda43068206f48cf8030baa20dcfdfdc36b1e65a607833c8f68b2d6

SHA512
6d842589d0f8ca31498be21ca8ffb57cb2c9eee18585c10b9565d31496db561b5bb0880eea8eb5d123c5e1e07b466d494f4a568b8483dd0e6b6813a7ac8a2d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
78a8ca62ce8f80c69cb652b6e77225e4

SHA1
b0891ed25a819545d0dbff01f2cbdbc2b824cae4

SHA256
b072eeff4f32e92e29fcc93d3dc811bbd23558ee33811ec6e7dd1f5b5179b9c6

SHA512
9a06fb517359c6f9da0a8f3f54364679744aa58b51bf47050e78ab95d06d8ba23efb28d8976e84d6538e8e948bbc09448b143be4d910d5802fc438c746091f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
4a130b3a7295ca623eb5b3b1055ca48d

SHA1
3723c253a49d0d4dd2df54e5caffc99f03db66e3

SHA256
e708596fb3bfb4e0bee8f7525043272a089525a96b0dfe7e4f4c765cccc28e67

SHA512
fc91d6241c6ea4645c394ade7abbf3df3f08c669cfdb0de1859e131a8dd9089df9099256c70c88035b3335d02e552518a01b32a7c5962baa5f9ed311464372f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
0c604a6c5c58cafca70ff5bc034e5154

SHA1
ef78bef0dc5864525d9f4d561ea46d36db143109

SHA256
5589b192360261dd9ef70446dd7ce3747ac67a3ffdebf62304290f76aa4d0484

SHA512
d4965a08af291f935421513d3b7b5dc763bb93297488c0bfac9d917cb678243e44f0fe4381188459b721188253b4a678bfcea19123c85b37e2822ca08fa42c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
fcc83f65d290976ee244841733f7eebc

SHA1
b0a36d3c531f2ff8c1b0ed303e28bc3d88ff75ac

SHA256
72c687ddff130955be2062280ec63f76a74acc741defd26a5e2860a6bd553a19

SHA512
bd61a038fa2da3f9042cd5516ae85f68ab094024b3252f642843fb92aaf14303b305d7f9e394c6c83d8d9be950bccfa96eba46595ef2345ddd230173ff98263b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
7da7338a59044319eba0f74e7d76fe4d

SHA1
8569f4c76a507e3bc1d4f30321418585c1851c8a

SHA256
117c5a2f10c2bb1788c5f4690b5e02f8b98b2957e989248ed9ef94f12557e5cc

SHA512
417d736988ace925cf01c6c5fc25a234b8860a5b7e4e771b715c243032b85fcb15bb9142e6a78d2e347989ab80dec93800ef03360a24a33788695fed9de2a253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
e017baaaf2b03c763b0eed7c999d7a06

SHA1
7e9631bf29f595e9aec967ee0606372e5d076c29

SHA256
597b3ddf7252d8e330bfe1170ef7cf60d7ca5b4153bf6884f97482bb14bb2ea0

SHA512
35e7bba8eeb887a9eb1f0a1adf89f03721e11c67515fbae18ec528e91f46f9dab77f0ef3230645a4d7c8382b4b44e66a682486458bcd4218e96d3c9c09aaec71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
da1cf84486176a377085c6bc20b63512

SHA1
a7178a8abae513304138b1488b43ed30953ceb10

SHA256
99df8b7b415bc86fb62d6aa9c459916f314fa15546d1895bbc1a78509bd29714

SHA512
577f518e792ead38d9963537e5ff8adf31fb98e7cba6e5483261913052437602f0fe7c40502208a899c9c7632fa7f4d93d9313a68257a25c718d6d3e1a44e846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
956246bf927999b9c47e888d965caa5e

SHA1
3a620c231c2d6500b00e606d0b1be8aec3ddbc4b

SHA256
052ec5749d69664d5294eda72dc81b5c1ed27192ebf7944f109fd2f5608ef314

SHA512
e20b962f3c786b8f9192427f58deaa7ed46307ef2a33f761afc1b19c7d6ad7c26ab20cc641b2f810b2c7d21a51b51b9a0d885b958071d9e7c747eddd48881ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
0b759eec05df2684a8601784697eb76f

SHA1
bbe992f59e24459c73c550194eee1e4235429f73

SHA256
28e04df8f844055290fd0759812c7a5b0013f3ff537ca3573aa5f8e508780c0f

SHA512
985b147935cc7088222c783dc90e10a6b493f0824505cf0bb43ca7fa96321167681c8d4d59191b9817a1f9f78dd2e82e7e1fd9faa7402f4b571c668575fdfaea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
07eacf948c8eb23dd85fab26e40a3f99

SHA1
62b4bb1a63a2d28128c001d6f11d230d8b1ec83d

SHA256
6269c881b4a19de05d192a99e03328a95b7c598117db322fc63cd8da84ece213

SHA512
981f2a87a60491ecfc62925dd0d89c5b872bc3475ae2483ff936371a8e66b5696f1982183863c48d3340ccb02ac6aebc0569e07d16f1ca7476b2285fdfbd4c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
430bd471157797e142809e2d3e19c48d

SHA1
a547b1079dab724dbe0edcd05af8212e24bb33f1

SHA256
60fe6a4aba5c76790fd2af18494bc20ae89eafa6457c3106e6075ef7e403eb65

SHA512
d8f74def9b18b9fdd2eef89e07f4a31da7a9353408ea919f09b29ac2cd02729f11741a5435e31f7180c1b223068f03876b81eb1da560397196af1cdce848d422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
3cd9323cf1b42a65fd2b568e5ebc48f3

SHA1
e4df8bd0470b3a35173bbe6f41e171d9739adabf

SHA256
85ae549508e05ea772331ee8fbcda5e951238b0d9cac062612c338af31e7dbdc

SHA512
4601a55b6c8b8db77acd28f86c46b6a9657a9c3dd7277b2a6c40d693863b42b4bede69309370c4d3498cbf5eeee228e45e3766fd2c61b7f80e3f425d11ed5a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
b017eff04637e9cb539190d15df851e2

SHA1
3d82292a969b5be2b13ad05b42062b40e4bb5ffd

SHA256
3c713776058daa0084480154e96cc95f325951790d3a35fff8571a2e03d850da

SHA512
b5c6f83b426edb7e08447cf2f51a7bbe06c56694291481e50c425f7ffb7b912a8a235fe76fd9269c8455960be4389b4e496acc4ec2ae1473a834dd5f9f0a3a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
2806a5ce0724682b7048809c08fdd272

SHA1
b8fcd68f2ff78d245f24a68ad1b6b498ab852d73

SHA256
9d0ce6045492faae5a6b93c809ebcf4b39d36cf9d58ae6ad1f82e35e7fbedf4d

SHA512
443ebcd79e59715bd2850ed4c7aa98ce39d2b2aa600a6a096bfbb636b51845da19f733cb7ab084a76256f346fd479e18e0d5b44925585a7121bd35774f06e01e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
d7e12dc9e68b9400fbd78297325c7670

SHA1
d0aaf3d5527a10e0a23f5124f3051c51b131ca64

SHA256
6eb2397861d0492f0b954eaa0e18ab451c5f045c1bdfd17cceabf8f850579800

SHA512
05cba39321898f9c128d6027576c87a856d2eda827334100b7b1eeeaf9d2c31845ae9c47003c30fabdee82126cfd694f915a3508a689cf5c3e16c7ce0739eda7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
fa8a077e4ba4d956ae62af2c2f760515

SHA1
66a048e8aa73bc060b6fb647c526d5fce547311a

SHA256
a77754ce367833a58b2a079b880566726f05210c3b97d54ae774df446d564e7a

SHA512
34b2e09c9dcbc7ed7514ba570d75e258e3e80394195d4d36483430f9a755efdc87237968b99d4d89d8dfd2e047f32365bd373d9bbf821e0ffd18b0b59e8ea123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
ee0310f195234c0c302de09fa1774c6b

SHA1
e89efd638daa62994ef9a95b04cfdabdc851777b

SHA256
7af924a9a82a1a5a031be917a89ef2deb6443d4bcf1551defd6462e1943ee28c

SHA512
b960915eec70aa30eb91567da3174c4ebbc3695a186596479fc7636b9bae5c6ca46a7ae12e982afb8c0be51acdc15eb5bd01b00283d401ae1e19cba0ee239677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
300654b8be00052571599d41c739f5f0

SHA1
bfd4546473bd158d744bd89e8e6636e0d34d87b4

SHA256
3c4bf9561afbfe4d6e9a08dec847ca28df073c37765a6012517574a6d61fafd1

SHA512
92212e864764004fb810859183c49ffdd83a7f37acd4bfb771a236f77e0d6283d244f6f8406cb6cacebe5df73e630d0adcd74eaba8282a9d7558948c91f7b2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
fab276dcc825a606242f1f4d0320db4e

SHA1
b2196df8aefaebf2c165ab83051e0aa692d5e25f

SHA256
4cd22c2328e8d385ebae98121491d2169924bb4ee8e69cffe6e799de5fdf484f

SHA512
306949f66f77e9768204fc5e32b9abf8245a71659e62d885d544b46faf207fc92721a591c3bf68a61eaef41c3246c8ba1ed35e0723939650ac09729758d38d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
a6eccf56e6da2b2d565376044e9e8cfe

SHA1
b2884733d73c979edae728116c01db638992acf4

SHA256
cc0f9dde205161163128c69bf2dcb56655818bf5d876e56af95f7ba63532a6bc

SHA512
69427f02a4c5e61ff78a841bb648bbc96a225697efaa9d26e10b121f553e87da9432b673c3eb44f24f3dfd55ab4ba62cc87275f0714c86ed0cbb32543cefc558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
a7ccb3bc4777f4d3c5070da2e344ffe5

SHA1
bd17012c7bb8323b53a00173f8dd0795eb9fa18c

SHA256
f334867deb935fd77466d881af211c92b0a83c3d8fab8252edc8eb8a1680e78d

SHA512
9d49e31dce1bc08cb588229110faca5de4e894f71a897ef5c2221420278494ea2b5eb41828c161b2eec1ff66a7f192d243f8d06dbd2adb6162a5bf42487ec4ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
418e43d9bf8e4e2d232bae342963edc5

SHA1
4f1d9930c99a49b75fbc0dadb8f1d9e7778758c5

SHA256
e6d1fb2ec9757fdc415c8ec00140fc99209b6a6994fd5e972d5cdcb01539f355

SHA512
f5ac93a9eb0e731c0e4b8bf41f302c9417678517b311f6612ea72c0c3d554f7f3ac12d7e43444bcfea5291dee44fe72a38bf0b87422bedf8f8d40be88dae32e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
776e5dc1f5e29febb28692c5f8822b37

SHA1
665e76478e56dae41cdc9449767407f24d1dc124

SHA256
0e62466a09ed360c3db1077522c5112d134df045a5e44a5cf1f3d7b75a60005a

SHA512
f309389895ff15df1f745914f3a965f0532e0ddcb4704f98a4c8383d54a8cb56e80e5f56387c206f7731eaad5ddcbf49482a9d19416e227b11e927a3a96928b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
c214f0ec18c5df6bdae54a05e0d70b00

SHA1
993cfe5c163472c62f946f1f7c8bde85d9743fb9

SHA256
f240ed6ec9de6408bd1da6691256bdf6d91c01304d9defc900d7496fa63aba2a

SHA512
bd744a6e68fa52ab1855d2e4e20eb8c9a4563e0296b561f3edfa52f4ee15273b4ecc70793d0e2cf07526671ac2af164e2b143a5abb8a73aec9e5689f790e2759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
1e772d2dd7e514774d623f1744104bb7

SHA1
07044fa2168a76887b8b02496a3abd144c8e6349

SHA256
3b081a94111d326d60f612d9bd7245b286597ce67ab7c31a24946d4344349799

SHA512
a254558a4c4a72f3cbf3370a8499824bb4b7d9e09f0e93400ddfe6b9b87d441d2f773e2713baa79ef825ff9fdbee7dfe09afbfb3f43c39886c443f441a8bd232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
81021a46fa433d523a4971789d8746f7

SHA1
daf84d0f107c61b8581436d36e2d12b21c9aedaa

SHA256
fbe02af0adffea568e470f1b3a78d0c3ef8a20d0c072186867776f202e25adf3

SHA512
a8f211af8746603392b58b8db80d60d72f9f42fbe13fa4b4df5b1d66306cf1751e687a2b39f5d2c5a294c0e6fa5857f245f5c466c089d962633224de83630695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
6755409a947561fdfa2746d8bbf3ec74

SHA1
12eccde736e59d57239517adf710487f269aa875

SHA256
7247819a53da15ba7ddf73f1055409016c4a00ef123be3c277ffd118f15f365b

SHA512
da8d80775ee13e14cfbd76c14b6f4658796114aa1c9f8de928b9e21c1dc7082325f4e62eb72651604bddb69f31b19190a5baebd7505c0c9c6b8879137e0e9037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
118ae3acae764fc6ee262595c214dc34

SHA1
d987eff9bab529b8c2ea82842a7e0595e05452c9

SHA256
fa877c804ba4a9c20ecfa3c99fbb151957f3332fe675583144e3f612e4d6bb34

SHA512
7085dcdb67815aa04c30e56d6ef321a2d973a4e562a0f3bea6a9f160484e538593326c0a5c169d418f385060385385f498842492dfdce93d39f40cf6c71d84c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
5d707ee359d2456ddf70e91a8764bf06

SHA1
d2c5f4eabbfcff81261851ef7ceff12a1fd80f2c

SHA256
e07f52dc5bf0a534af72cbbd482f23fe234cf91e71acf24581b595061f1c1701

SHA512
cce9da74be59ebdc4356ae1ecc5ead3be7a59c33eaeac6e803c3cd915564cecba704e52dd3dcf435e213d82b9d30d6c2e52a6472034aa4c5c241a5284ed45b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
47116849ec63b302bc469eb776e869c2

SHA1
813e6adc9f895c7e0a27f36ab7b52de4ca2aec22

SHA256
cbad7efc5172a32942a7a83785eeed5566ca55f3b6f4c24f30aaf1a7b19c4cb2

SHA512
3db131e6ff9ba0686c3a6e8dd6a96ff5e5d87ed08a585a9cae51d8314c8db4aa2e81c0d56fb42aa934a5f8f7ba394648cfd02dabb5501861fdbfb701065adfe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
fba1e99df6afa1a3d1e58a3fbd102c29

SHA1
54640844e25c59581f180ea1a9443eb8ae5ade62

SHA256
c984c4211a2561abd0fb51e86994497fa48dab7bba91258587f3339b28f7e7cf

SHA512
9512126e316149b0757878d31b8cb86c2ebd980016166e5d3cd0602bb2dd6592b315ef7efc24186c3fd43156cfd72a1f3373469a0619d8089ae0eacc1b88ab6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
84afba6d709dde076cecccd98bf0dfcf

SHA1
6c6886477d50b82764df866b5bb1512b51611d94

SHA256
124795379799668a14c00574be269b7c8a465e04b95cf7cde96f5a81b220a4d3

SHA512
64809b2cc23c3ab3aed65ff16c1ad55b7f88f41ddfe65e30f4fe63f11f381ba157f13ff1a7d2c4a43ecc93500530c69d227841e43d151805cec00fa99588aee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d4b5.TMP
Filesize
2KB

MD5
fa3d62d29f4136cf7c60e7ddc438876d

SHA1
4958c5b68de1ce4bed4fc7ec14e0b44beda5c36c

SHA256
32503f40b5a334a770931859d095837a9aa2a03e7745cd50420093747c3ce080

SHA512
5c71577bc836af32d2f0439e88819d125f8a99761a3f3a76559c18bdd5dbfeee0e44dbebee96d4b4c5053823629523b2256a4ec43f92ca49d331de76b2f7c592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e3697541-4ddc-4ab8-9db0-ed85808dfd20.tmp
Filesize
5KB

MD5
3e7dd0199a3d9da95a57a9193b3990fa

SHA1
9cc9ced16e99544154ac86f61a05e8379ed43dea

SHA256
7e415bc838d6b0e60467c7e2f1321e9f717ca594e2cc82e6e19ac4af3ba03375

SHA512
27e24e40e080bb35751c566217a7ee5d47713b91a834409a3e4aa3b5c68bacaba23887cd8d3b4e0c7fc27b9a058054845f59e6efd4dfd63ffc19ec587fe59c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
e66b98ce27a4afc2af0debbf9542e8f9

SHA1
16f470a85a2b9ddb07004948dbac010aa3b98e12

SHA256
2b8b4ad82c33b9179903bb68bdfd1d39e7e2c13a839d4d914649d8661cb901ef

SHA512
4dd8a45f720e5afd39df6dc5b4a929dd68526cf24b254ac0c31740e9810eabdf529100d38fc074c25efebca2151d91f4ecb581d518c623855ae5ffaf93e3c4df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a402b4056e3dd155293d3ab6b9d9f2dd

SHA1
d2f158c6fd65983a82c62116217e5364ecf4056b

SHA256
9f75500700e94f28158109b806c10e3c3f28f18252a0b330d8c6407e8de646ff

SHA512
2a70a78e95e9b10bd445c0a323daddb4177df6b5253b91214413dd25d0e41d4de78948320e53f0daf64b08f7f5488706c4a877e02984c13b66fec0fcc626d99c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
beccf25a27d94e78a78774901cf1b4cc

SHA1
37af20d82190487466fa970275797f98194192f5

SHA256
6c621d20b0b3f03a9a60f7fae5fe93a504f2954dab2cae2cdf8956a87a634921

SHA512
9e7d0c75b8f0dca92b0ed0296163ff76819fd0220d5b6bcf24a16b788c5ed91e374079febdbf19d79d73c1769e86721dab75c63ddcd7ab6adcfd4857228cfc31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
01b667fe0be1630edc632639223f3a2d

SHA1
3003c3f8e7cc46422011d70b74545f78cbae64ef

SHA256
8e64d5620236093ecc6c89b603435bb4fe889c5a88b7cc1c4b173a52faedb012

SHA512
616dd5ccaacd3121cb11671414bcc354d340a8369eefb90d8afa93e0b40309b347fe13ffea8d526baa51329f5f395a9c6e487f23c9d31ec9a0d372846c7950bb

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
84e94ac310b20db6c8608c3df2198bf6

SHA1
c65ce5045ad7550073b81d75068b91488363da93

SHA256
2c4231cbe53b8985f37f44521d899b01e95cffe6732934d4ea0661ce1a862cae

SHA512
a209cc28fef5fe09fd9aa1d68aaca22a84741041ed132fc715cdc0ce22a1d7e8335d289afcb97952f98be876c78a008ee7e418ebc4e4eb58f02bc177c829ee14

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\b022682dd39d113f2d5a65a172dbd28f
Filesize
5.8MB

MD5
b022682dd39d113f2d5a65a172dbd28f

SHA1
aa874df3d3d0a9539c53a8a0c96c4c119bae2c52

SHA256
47a2e8bbef18d5491be3c449d9a5464a8804d9d1a85bc7e24ff80876e85104a3

SHA512
d6746ca7c1e10b1ed7fb48d857210ce5cd0f0542c81fdbf00a6afaf4607f30020ccc09f4c41ef9f50bc2562bf6e4380e7abaef1d5a5b1e91773281bcd9e58525

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
Filesize
5.5MB

MD5
94740510822524d579f869a81e02f5ea

SHA1
0e87d714e9eec2eee7c3af028e8e66e7478a107f

SHA256
ad927962330c2d2cf2bf7c33c1a5395df5ccd4ceabfb10c72db240041d773dda

SHA512
7cb3e72b0f1bdcbd53096fdec470fec9a6aa56d56b5f4bfa86b6afaa3ddbd2be6878f7874feb2c15647a627cea34a1fee7be35f6d1dffbf6a5a9c0bf8efa1d24

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
Filesize
280B

MD5
81a0dab02267c2684fad640a42cde8e0

SHA1
2874f7eb9cbb42dcaac8f8f2469b2e1e25affe16

SHA256
e809febe9cb2cc0a1f9076e9df479ccbf567baee267c625029fd038283f52d0e

SHA512
cd06b749c7ef61d109a6fa9084c806ee3794830b21c751094e66b53f518e1015849d462b8e3200747fc8a118c572e15fa16761f9d61b20a418a556ef8771b7f7

Download Submit
\??\pipe\LOCAL\crashpad_3008_RRDFRBOGARQJYMCQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/444-1775-0x0000000072FD0000-0x00000000731E0000-memory.dmp

Filesize
2.1MB

Download
memory/444-1730-0x0000000072FD0000-0x00000000731E0000-memory.dmp

Filesize
2.1MB

Download
memory/444-1861-0x0000000000930000-0x0000000000965000-memory.dmp

Filesize
212KB

Download
memory/444-1729-0x0000000000930000-0x0000000000965000-memory.dmp

Filesize
212KB

Download
memory/3532-1900-0x00007FF884BF0000-0x00007FF884BFD000-memory.dmp

Filesize
52KB

Download
memory/3532-1871-0x00007FF8861B0000-0x00007FF8861E0000-memory.dmp

Filesize
192KB

Download
memory/3532-1875-0x00007FF886240000-0x00007FF886249000-memory.dmp

Filesize
36KB

Download
memory/3532-1872-0x00007FF8861B0000-0x00007FF8861E0000-memory.dmp

Filesize
192KB

Download
memory/3532-1874-0x00007FF8861B0000-0x00007FF8861E0000-memory.dmp

Filesize
192KB

Download
memory/3532-1866-0x00007FF886040000-0x00007FF886050000-memory.dmp

Filesize
64KB

Download
memory/3532-1870-0x00007FF8861B0000-0x00007FF8861E0000-memory.dmp

Filesize
192KB

Download
memory/3532-1869-0x00007FF886160000-0x00007FF886170000-memory.dmp

Filesize
64KB

Download
memory/3532-1868-0x00007FF886160000-0x00007FF886170000-memory.dmp

Filesize
64KB

Download
memory/3532-1867-0x00007FF886040000-0x00007FF886050000-memory.dmp

Filesize
64KB

Download
memory/3532-1873-0x00007FF8861B0000-0x00007FF8861E0000-memory.dmp

Filesize
192KB

Download
memory/3532-1876-0x00007FF885910000-0x00007FF885920000-memory.dmp

Filesize
64KB

Download
memory/3532-1883-0x00007FF8859C0000-0x00007FF8859E0000-memory.dmp

Filesize
128KB

Download
memory/3532-1885-0x00007FF885AB0000-0x00007FF885ABC000-memory.dmp

Filesize
48KB

Download
memory/3532-1884-0x00007FF8859C0000-0x00007FF8859E0000-memory.dmp

Filesize
128KB

Download
memory/3532-1882-0x00007FF8859C0000-0x00007FF8859E0000-memory.dmp

Filesize
128KB

Download
memory/3532-1881-0x00007FF8859C0000-0x00007FF8859E0000-memory.dmp

Filesize
128KB

Download
memory/3532-1895-0x00007FF883C10000-0x00007FF883C20000-memory.dmp

Filesize
64KB

Download
memory/3532-1897-0x00007FF884B40000-0x00007FF884B50000-memory.dmp

Filesize
64KB

Download
memory/3532-1904-0x00007FF884BF0000-0x00007FF884BFD000-memory.dmp

Filesize
52KB

Download
memory/3532-1910-0x00007FF885090000-0x00007FF885099000-memory.dmp

Filesize
36KB

Download
memory/3532-1909-0x00007FF885090000-0x00007FF885099000-memory.dmp

Filesize
36KB

Download
memory/3532-1908-0x00007FF885090000-0x00007FF885099000-memory.dmp

Filesize
36KB

Download
memory/3532-1907-0x00007FF885070000-0x00007FF885080000-memory.dmp

Filesize
64KB

Download
memory/3532-1906-0x00007FF885070000-0x00007FF885080000-memory.dmp

Filesize
64KB

Download
memory/3532-1905-0x00007FF885070000-0x00007FF885080000-memory.dmp

Filesize
64KB

Download
memory/3532-1903-0x00007FF884BF0000-0x00007FF884BFD000-memory.dmp

Filesize
52KB

Download
memory/3532-1902-0x00007FF884BF0000-0x00007FF884BFD000-memory.dmp

Filesize
52KB

Download
memory/3532-1901-0x00007FF884BF0000-0x00007FF884BFD000-memory.dmp

Filesize
52KB

Download
memory/3532-1899-0x00007FF884BB0000-0x00007FF884BC0000-memory.dmp

Filesize
64KB

Download
memory/3532-1898-0x00007FF884BB0000-0x00007FF884BC0000-memory.dmp

Filesize
64KB

Download
memory/3532-1896-0x00007FF884B40000-0x00007FF884B50000-memory.dmp

Filesize
64KB

Download
memory/3532-1894-0x00007FF883C10000-0x00007FF883C20000-memory.dmp

Filesize
64KB

Download
memory/3532-1893-0x00007FF883C10000-0x00007FF883C20000-memory.dmp

Filesize
64KB

Download
memory/3532-1892-0x00007FF883BF0000-0x00007FF883C00000-memory.dmp

Filesize
64KB

Download
memory/3532-1891-0x00007FF883BF0000-0x00007FF883C00000-memory.dmp

Filesize
64KB

Download
memory/3532-1890-0x00007FF883BF0000-0x00007FF883C00000-memory.dmp

Filesize
64KB

Download
memory/3532-1889-0x00007FF883A40000-0x00007FF883A50000-memory.dmp

Filesize
64KB

Download
memory/3532-1888-0x00007FF883A40000-0x00007FF883A50000-memory.dmp

Filesize
64KB

Download
memory/3532-1887-0x00007FF8838D0000-0x00007FF8838E0000-memory.dmp

Filesize
64KB

Download
memory/3532-1886-0x00007FF8838D0000-0x00007FF8838E0000-memory.dmp

Filesize
64KB

Download
memory/3532-1880-0x00007FF8859C0000-0x00007FF8859E0000-memory.dmp

Filesize
128KB

Download
memory/3532-1879-0x00007FF8859A0000-0x00007FF8859B0000-memory.dmp

Filesize
64KB

Download
memory/3532-1878-0x00007FF8859A0000-0x00007FF8859B0000-memory.dmp

Filesize
64KB

Download
memory/3532-1877-0x00007FF885910000-0x00007FF885920000-memory.dmp

Filesize
64KB

Download