hxxp://google[.]com

Analysis

max time kernel
519s
max time network
525s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

microsoft discovery evasion persistence phishing privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

Processes:

MicrosoftEdgeUpdate.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

MicrosoftEdgeUpdate.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation MicrosoftEdgeUpdate.exe
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe

Executes dropped EXE 21 IoCs

Processes:

RobloxPlayerInstaller.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_126.0.2592.81.exesetup.exesetup.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

pid	process
2896	RobloxPlayerInstaller.exe
544	MicrosoftEdgeWebview2Setup.exe
3552	MicrosoftEdgeUpdate.exe
836	MicrosoftEdgeUpdate.exe
5696	MicrosoftEdgeUpdate.exe
3104	MicrosoftEdgeUpdateComRegisterShell64.exe
5352	MicrosoftEdgeUpdateComRegisterShell64.exe
6092	MicrosoftEdgeUpdateComRegisterShell64.exe
584	MicrosoftEdgeUpdate.exe
732	MicrosoftEdgeUpdate.exe
412	MicrosoftEdgeUpdate.exe
1080	MicrosoftEdgeUpdate.exe
5332	MicrosoftEdge_X64_126.0.2592.81.exe
1288	setup.exe
1204	setup.exe
2932	MicrosoftEdgeUpdate.exe
5728	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
652	MicrosoftEdgeUpdate.exe
3904	MicrosoftEdgeUpdate.exe

Loads dropped DLL 23 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

pid	process
3552	MicrosoftEdgeUpdate.exe
836	MicrosoftEdgeUpdate.exe
5696	MicrosoftEdgeUpdate.exe
3104	MicrosoftEdgeUpdateComRegisterShell64.exe
5696	MicrosoftEdgeUpdate.exe
5352	MicrosoftEdgeUpdateComRegisterShell64.exe
5696	MicrosoftEdgeUpdate.exe
6092	MicrosoftEdgeUpdateComRegisterShell64.exe
5696	MicrosoftEdgeUpdate.exe
584	MicrosoftEdgeUpdate.exe
732	MicrosoftEdgeUpdate.exe
412	MicrosoftEdgeUpdate.exe
412	MicrosoftEdgeUpdate.exe
732	MicrosoftEdgeUpdate.exe
1080	MicrosoftEdgeUpdate.exe
2932	MicrosoftEdgeUpdate.exe
5728	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
652	MicrosoftEdgeUpdate.exe
3904	MicrosoftEdgeUpdate.exe
3904	MicrosoftEdgeUpdate.exe
652	MicrosoftEdgeUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

RobloxPlayerInstaller.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerInstaller.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Checks system information in the registry 2 TTPs 12 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft
Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid process

5728 RobloxPlayerBeta.exe
4680 RobloxPlayerBeta.exe
756 RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 54 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid	process
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

Processes:

setup.exeRobloxPlayerInstaller.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdge_X64_126.0.2592.81.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\Locales\gu.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\MaterialGenerator\Materials\DiamondPlate.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\particles\explosion01_shockwave_main.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\New\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\hr.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\WeldCursor.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\script.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\TagEditor\Insert.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\Locales\kok.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\models\MaterialManager\sphere.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\AudioPreview\play_hover.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\MenuBarIcons\HomeTab.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\xboxX.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\LeaveGame\thumb_strokeStyle.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\Error.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\identity_proxy\win10\identity_helper.Sparse.Stable.msix	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\PlatformContent\pc\textures\sky\indoor512_ft.tex	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AvatarEditorImages\Stretch\bar-full-mid.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\DropDown\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\RoduxDevtools\StateTabs\Full.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\Gamepad\ControllerSelect.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\icons\ic-more-about.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdateres_ur.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\ru.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\DevConsole\Minimize.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\MaterialGenerator\Materials\Sand.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\ko.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\image_keyframe_linear_unselected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\StudioToolbox\Gallery.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\icons\GameDetails\social\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\rigbuilder_blue.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Locales\bs.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\TopBar\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\SpeakerNew\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\avatar\compositing\CompositExtraSlot4.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AnimationEditor\menu_shadow_side_left.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\tab.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\Radial\RadialLabel.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\RecordDown.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\Players\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\TerrainTools\mtrl_leafygrass_2022.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaApp\graphic\playBtnBackground.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VoiceChat\Misc\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\AvatarEditorImages\Sliders\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\scrollbuttonDown_dn.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Controls\PlayStationController\ButtonL2.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Settings\Help\ResetIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\sparkle.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\InGameMenu\ScrollTop.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\Keyboard\mic_icon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\content\textures\ui\VR\closeButtonPadded.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{93779A7F-2BDE-4B44-8E86-589B9CEF367D}\EDGEMITMP_7E9BC.tmp\setup.exe	MicrosoftEdge_X64_126.0.2592.81.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

dwm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exeRobloxPlayerInstaller.exedwm.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxPlayerInstaller.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 61 IoCs

Processes:

MicrosoftEdgeUpdate.exedwm.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643813887912733"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

Processes:

RobloxPlayerInstaller.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exechrome.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-034c0d4a0a9b44cc"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\ = "Update3COMClass"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\PROGID	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LOCALSERVER32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\PROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog"	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

chrome.exemsedge.exechrome.exeRobloxPlayerInstaller.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exe

pid	process
4584	chrome.exe
4584	chrome.exe
5620	msedge.exe
5620	msedge.exe
5844	chrome.exe
5844	chrome.exe
2896	RobloxPlayerInstaller.exe
2896	RobloxPlayerInstaller.exe
3552	MicrosoftEdgeUpdate.exe
3552	MicrosoftEdgeUpdate.exe
3552	MicrosoftEdgeUpdate.exe
3552	MicrosoftEdgeUpdate.exe
3552	MicrosoftEdgeUpdate.exe
3552	MicrosoftEdgeUpdate.exe
5728	RobloxPlayerBeta.exe
5728	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
4680	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
756	RobloxPlayerBeta.exe
652	MicrosoftEdgeUpdate.exe
652	MicrosoftEdgeUpdate.exe
652	MicrosoftEdgeUpdate.exe
652	MicrosoftEdgeUpdate.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

chrome.exe

pid process

4584 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

Processes:

chrome.exe

pid	process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: 33	4752	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4752	AUDIODG.EXE
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exe

pid	process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

chrome.exe

pid process

6028 chrome.exe
Suspicious use of UnmapMainImage 3 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid process

5728 RobloxPlayerBeta.exe
4680 RobloxPlayerBeta.exe
756 RobloxPlayerBeta.exe

pid	process
6028	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4584 wrote to memory of 1028	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 1028	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 4408	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2672	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 2672	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe
PID 4584 wrote to memory of 3428	4584	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6e7ab58,0x7ffea6e7ab68,0x7ffea6e7ab78
2⤵
PID:1028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:2
2⤵
PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:3428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4168 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:3328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:3884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4472 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4628 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4908 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:1860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4924 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5052 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5480 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5088 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5056 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5616 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:3168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5304 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5780 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:5880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5524 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:5552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1752 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:4008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5456 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6064 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5492 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:5332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6112 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3888 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:3136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6276 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:6064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:1172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7152 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:5308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6980 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:1368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6372 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:5180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5624 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5620 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:5708

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2896

C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:544

C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
4⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
PID:3552

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:836

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5696

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3104

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5352

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:6092

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEIxRDdBMEYtOTZCMC00RUU5LTg1NzAtMUVEQjZFOTY5RUQ2fSIgdXNlcmlkPSJ7QTFBRDZDMjktNjE5Qy00MTVELUI3ODgtMTE1MEVFNERDMzNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5OEM3MEZGQi01MTQ1LTQ0OUMtODI4RS1BNEFDNEExNjlGMjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2MjMxMjE1NjYiIGluc3RhbGxfdGltZV9tcz0iNTQ4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:584

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{0B1D7A0F-96B0-4EE9-8570-1EDB6E969ED6}" /silent
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:732

C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" -app -isInstallerLaunch
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:5728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6944 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:5536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7108 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:4260

C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:TxWKnuUc_KvPU6NGKQeghzzpYXzJNK-gEm76qHGLnt5apj9PTUuXoaBeXb-gSGuo2ZfdbAzdZNDJfjdHXMdQZcoFZ9N5eESpCN86N24kzJy5preYKzUI2YXPBCRdUX05kP2Iwju2f_Xo-mZ45XonTupjOAchKVYD5Nnmm26GrUx1p_g64X-5pGvUsYbqp7AUjSbdLoawKfvqtjMj4nUk1sZdf08bwaCNzePEfu3m-_A+launchtime:1719907955923+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1719907885135007%26placeId%3D17811009787%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D71e04d4d-b54c-451c-8611-e1d06a3e682c%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1719907885135007+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5784 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6648 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7136 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:5232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5828 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
PID:5188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5476 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6524 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:1120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5924 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5636 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6208 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:3372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6024 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=7172 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7308 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=4964 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:1
2⤵
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7424 --field-trial-handle=1648,i,15363773029967793913,14364140275594663881,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6028

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:948

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb6961443h0040h4a97h8c44h8d6a828f2909
1⤵
PID:5888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe94d346f8,0x7ffe94d34708,0x7ffe94d34718
2⤵
PID:5980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,15085837410621205998,3381706656855362987,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
2⤵
PID:5580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,15085837410621205998,3381706656855362987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,15085837410621205998,3381706656855362987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
2⤵
PID:5632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5216

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5804

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:412

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEIxRDdBMEYtOTZCMC00RUU5LTg1NzAtMUVEQjZFOTY5RUQ2fSIgdXNlcmlkPSJ7QTFBRDZDMjktNjE5Qy00MTVELUI3ODgtMTE1MEVFNERDMzNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBMTM2NkZGOC1FOEVFLTRDNDgtQkVBOC04Mjg1RDk3RjQ2MUV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2Mjg1NDE3MzEiLz48L2FwcD48L3JlcXVlc3Q-
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1080

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{93779A7F-2BDE-4B44-8E86-589B9CEF367D}\MicrosoftEdge_X64_126.0.2592.81.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{93779A7F-2BDE-4B44-8E86-589B9CEF367D}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5332

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{93779A7F-2BDE-4B44-8E86-589B9CEF367D}\EDGEMITMP_7E9BC.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{93779A7F-2BDE-4B44-8E86-589B9CEF367D}\EDGEMITMP_7E9BC.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{93779A7F-2BDE-4B44-8E86-589B9CEF367D}\MicrosoftEdge_X64_126.0.2592.81.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1288

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{93779A7F-2BDE-4B44-8E86-589B9CEF367D}\EDGEMITMP_7E9BC.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{93779A7F-2BDE-4B44-8E86-589B9CEF367D}\EDGEMITMP_7E9BC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{93779A7F-2BDE-4B44-8E86-589B9CEF367D}\EDGEMITMP_7E9BC.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.81 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6acd5aa40,0x7ff6acd5aa4c,0x7ff6acd5aa58
4⤵
- Executes dropped EXE
PID:1204

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEIxRDdBMEYtOTZCMC00RUU5LTg1NzAtMUVEQjZFOTY5RUQ2fSIgdXNlcmlkPSJ7QTFBRDZDMjktNjE5Qy00MTVELUI3ODgtMTE1MEVFNERDMzNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCOTQzOTQ0My02NjlDLTQ5MUQtQjA4NC1BNjA3MTZENDM4OTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI2LjAuMjU5Mi44MSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjY0MDA4MTY5NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2NDAxNDE4MzUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2OTIxMzQxODQ0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xMTEwYmY2My1jNmNlLTQ3MTQtOTY5Yi1iMzAyOGI0NDFjNDc_UDE9MTcyMDUxMjc4NyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1BNUVtWkRHd0dSUVZqYUZqVGZab1pOdHVIa1QlMmJxc2x0VW5qVk41Y3pUSndWYTh3dmZzZUFTTllWY3ByUUNEZFhrUDI4SDZoSVVXVTBLV0FlMHNJWWtBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczMDgyMTY4IiB0b3RhbD0iMTczMDgyMTY4IiBkb3dubG9hZF90aW1lX21zPSIyMTY4NSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY5MjE0NjE3NzUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2OTM2NjIxNzE2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MzgyNzgxNTg3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzc5IiBkb3dubG9hZF90aW1lX21zPSIyODEyMiIgZG93bmxvYWRlZD0iMTczMDgyMTY4IiB0b3RhbD0iMTczMDgyMTY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NDYxMCIvPjwvYXBwPjwvcmVxdWVzdD4
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:2932

C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:756

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:1920

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:652

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:3904

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.81\Installer\setup.exe
Filesize
6.5MB

MD5
7c44a5cba89f38d967b1f4e11225da0f

SHA1
44837f2ff9b3ebc7c371ee5f9e0cd5dcaad508dd

SHA256
a10c3e0b2ec1286bfe6b3fe9005a9132fad01be9afc4bdd5adb29f174b8fb706

SHA512
25b4cae7fc6d200dab70e94461b7f2e7899813975cab498fb367a32aa2e187fb7b1330545b60f6340d53fe5e04a1ecfb5d6b8bf004ac26ecaa7a8f6e387dfe99

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\EdgeUpdate.dat
Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\MicrosoftEdgeComRegisterShellARM64.exe
Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\MicrosoftEdgeUpdate.exe
Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\MicrosoftEdgeUpdateCore.exe
Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\NOTICE.TXT
Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdate.dll
Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdateres_af.dll
Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdateres_am.dll
Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdateres_ar.dll
Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdateres_as.dll
Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdateres_az.dll
Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdateres_bg.dll
Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdateres_bn-IN.dll
Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdateres_bn.dll
Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdateres_bs.dll
Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdateres_ca.dll
Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU67F3.tmp\msedgeupdateres_en.dll
Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
Filesize
5.4MB

MD5
4fa63f4ccb9b1fca93ab82e51c6d4750

SHA1
1f26018c15ed5e14140ed44c28cf52a7b892fc86

SHA256
685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb

SHA512
a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat
Filesize
280B

MD5
de26891995244ea9e84b430ad55b3b78

SHA1
453d99eacfef4e9bcfd434e8ceaad6f425d5db9b

SHA256
cbb135977b386365139ded5168416bef3009333c427147e991cda6f28f5d8d76

SHA512
a57a52a11ff451d70e034be375c173e488396c2b5bad9ad1c48305081d05d6363f793a5c7145f547d213356153be4969af901be8a1e3ee416d8039f91eb55308

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
Filesize
105KB

MD5
376db4b1d91f48777f8cfbd78fde1cba

SHA1
38a465a621e7afe9c160c82aa8cc483c4ff99e90

SHA256
4b61753d200aae47537feacb3c9d8f46b52d9fe558ca53735b649334e280028d

SHA512
46483fd0e7d0c18293b25051bde8dc332a67fa696fdc04220689901b9f0b8384706f5d94d1abc7d5fff5188aec0e2695984e65f70ebe64dff9676020f9fb8f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8e659d28-5e21-45ce-9082-becd27457d88.tmp
Filesize
7KB

MD5
91720b8637f981a5e57c3bbec5924db8

SHA1
d26744887e534902469d17e64bcde0d70832aa0a

SHA256
4075a6fa66133a0c03e372b719773bd4a90e66386e4eb3be7ffa1009bd2cc428

SHA512
945339fdd2b96990ec30e640fc5a25faa7a138804a8480762f4a05aa67492870ae8dba6556760572c007e93adf290aedb0d8d24f734954c7246e1838026dae10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053
Filesize
33KB

MD5
1e716406133e63853729cf416f065351

SHA1
e6a54a42a36bfb5c781b6873a79431b11e016f24

SHA256
241d46d249782fa9b9163f89ccd2d1537b55a567438863c46001a86cf12eb3c7

SHA512
d3aefeddd21de9f8fef8ec288224131f78049475ac449b193bb31584bea25b6844bb4f75d561d93dfcd08d7f442f659c301ffec210e03bf4f3403e994c63156a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000076
Filesize
28KB

MD5
1784d82edabfbc66aca767eb7becc500

SHA1
6b5e78f735d0d09fec5ff94efc3374af2a75ad74

SHA256
7ea81e7c911e5ba134b67278f0d7f2baf4e652243c57bb699030ecc77e85619a

SHA512
852dbdb202cd0e83dcd4b2e83a9875db060cc2202d55b9b37c3514e8e63f1d12178a3ba24ea6e2cd10b57888c56477d18a6883e520bbf7092c3f9b2d33746849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000096
Filesize
27KB

MD5
12d0c6aacad574881a5f55670e94c11d

SHA1
7aadf8d1038e32609557c5169f45ce77175b42d6

SHA256
3b455652ce5f370e939b8c79efca8193db3a55924d68650f584c963859704d54

SHA512
428dcde26e1f97d8ad74f8f9f33fba5d74e8c4fb869119cf36d236a8586ff7223490ffa988a6dc7df3e912a471616c3cab676056dcfb9835698f050bbaaabdd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000af
Filesize
41KB

MD5
cfd2fdfedddc08d2932df2d665e36745

SHA1
b3ddd2ea3ff672a4f0babe49ed656b33800e79d0

SHA256
576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536

SHA512
394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ce
Filesize
62KB

MD5
823cc03dc2a57ff7ddcc40c4728be9f9

SHA1
385a6d029a0d1efd47bf12fbb64a018a0d7737ec

SHA256
29d4725dbfdff4c26719db2a8c3b065e6911745ae745717e688bd22843eb3053

SHA512
2a572ac4f1a6d1ab42695892d457acde1887f2ba1f786823afb805aab88edc3244afe3a7a5d288e616b8031b98e8a084046da55daa7d8a42498bae0b2322979d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000eb
Filesize
98KB

MD5
65e56706c75f6e9a6919adb6a758b8ee

SHA1
10a88a193c4a11bc6ae69e032061fdf62b564173

SHA256
4b9169f4e8dc65736458fb1d2d74ff0254cf5e3d883be7dfd05606eea40092c9

SHA512
2049960c061dfaec124791e5842985662d70ac7fe7996448c7ca6960243f3fa09da77561c0840a32677f55656d3e96a330f6a5fea579c17b3643929588e583e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
16KB

MD5
d2750ed7bfd18d3c390d33bdcb0be4b1

SHA1
0ae3c9bab711e525a3ac0ff941dd77cebf70fa2c

SHA256
6063c9c18025696d920942affce902242b67c0b95726eb46cea3be180c07d583

SHA512
dc68d9d68279ec9f9f46e651c13fbbfd74742472e46723ec850faace25f0ecaed92cae0d239a1d35f622ab541178a214d1d415f6c959d596021cd42a74de90f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
5f41aee41886c149b26e95de7ddb3958

SHA1
5922cdb3c5d68bfc2f2995c805607a1e45175fa0

SHA256
6349211399778e1310467716b6a74094b821308abfb9b2172bf8163480fd1965

SHA512
8201ae26c6e8bd67daf81f86fa5c4c7e56e32afe5eeb2dc4d1bc631dc6962bec229df97c8b766e655da93a3aa2c42cb41d4e74546f7fc37ab4df7ca0843e935c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
16KB

MD5
6c8dd0765c357b694be22b7a9f5a97bc

SHA1
43b7e14bac2cfd0da3db87f5abc2208b4c5fe6cc

SHA256
b1a1117fe374b400f556e155e4a20efb6a0a5c910e9ee5791940227ce47aed56

SHA512
f6ef219be76989a169c3c128526638382cba314f5bf5c9f95f53efe4ef649b983820c1d70c1e789a768e69589cf295a66741e365609543a92d0feeaf90e45af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
13KB

MD5
330ba1860def2ae94161811ca87a2805

SHA1
7335a01d422949fbd580bfb36c8d04a3254e9c0b

SHA256
60e783bfd48d564d07f7c4a454b815fc02da57ef345f14f1276ef8f401a73c17

SHA512
52cd64172481e222bfb5f5fe2f03a277db1d39bb8cef333f45e86ed6a16518b85101aa0313e4f489968c079e4a7354fe2904b586d8e4d1fd8a1564c1e02d6fa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_outlook.office365.com_0.indexeddb.leveldb\000005.ldb
Filesize
545B

MD5
5f6ce09abad5e354df758de5677d4165

SHA1
70e3a92d8dc386dcd044a237bb9be908e60a9b00

SHA256
6d4da31da7950977060b6727c6e4d75e98ab98f2a5df332451a073c22d8c4e16

SHA512
e6cb478aae99a4cd612593ee8f05b87f4cc85b86419736a1fe3a2d6700c1b67494e8eec8ea67bab41b445b80b510faaa231d83004777b6e7895bcb97794a86d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_outlook.office365.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_outlook.office365.com_0.indexeddb.leveldb\LOG.old
Filesize
1KB

MD5
e1808b0f99fc73679d58dc2e7ac3e243

SHA1
c88b21ef4d34228eebeeca9d8a431582332b332a

SHA256
ec298d4713fdfda098564518ee3c0a82e980b7c25195b718b90b66ce78e10e92

SHA512
e5cfd71fba638572f953917100085379b352cf751833dd0c4732e1a4c0bad95f067f54ee7e43a5fccf11d664d9fa658d0cc8656c612e13ef631ae6f49f135d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_outlook.office365.com_0.indexeddb.leveldb\LOG.old
Filesize
446B

MD5
42f1e803d630764101d003ba4408d898

SHA1
e29db855d445d98f6f25f1b01d34b9d2cff6194d

SHA256
10af5517ba4ae26bed708e2dbc2eeeabde58754759c2de87ba2d511f99368708

SHA512
9c4195dc69b0f6e326f5d722cb0f3470848742d7db560902053907e5a0408d64acb325d894068dd33b879bf663ab6bd8fd6335cbb013c956a9b53ee33d319e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_outlook.office365.com_0.indexeddb.leveldb\LOG.old
Filesize
3KB

MD5
54f344f7178f94ab9ff94cb27746b634

SHA1
7c0ee8b42df770bc36c4023d5ba3e53e8bf27e31

SHA256
0158e50d0789337275fea82e4957a15c7cd6a92cec573235462e4a951e021195

SHA512
015c620fa35b77cb33768808a4d82d05043dd1427df25bf142637a9b7bac609aa684aea9eabcf7361a70c89becda0794426f2cab97389aa07b3a9b90dcdb1864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_outlook.office365.com_0.indexeddb.leveldb\LOG.old
Filesize
1KB

MD5
c6dd0d803a1eafface5acde1ad51ac08

SHA1
1e7d0737b5e37c9539d1a72f3cac716f74efe522

SHA256
83ceece5e1de0c18dc44d196bbebc78fc6a984c74190028c3441046c0dda252d

SHA512
d5c0e506d90c1819969e68858555b6ae796aeb11e5316bb4b9f3e8fb1723e56d468af9221c3adc305e242fb7dc55cfe121db1f4f635c8efcae7d608748f16885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_outlook.office365.com_0.indexeddb.leveldb\LOG.old~RFe58c629.TMP
Filesize
684B

MD5
07ed6371a4ec7438ccad3585cdfc26c7

SHA1
42cd3d344564f1f3c10f8f93249295387e4da98d

SHA256
654240313efcb6bd6fb8b3ae772470f1c2efd30ef2c7bb5f59cf629e59b0e94d

SHA512
eb27cca2bc90924ec37ffa34314a35f6dea4b1263677b073e2de0d717fec08556b6c591fc178f028b56052171fa7666f27819e5304b39a89a422630e3670e6d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\50b8eb03-0a68-4681-a1f7-0207c5848dc0.tmp
Filesize
8KB

MD5
20158aba6132ef1aef9b3d85710bd31f

SHA1
1732113f67aaeebbd0f168d294df0ccf2dbc934d

SHA256
1130559ba339d65818563dfc80c34a5b7b9f9c3cd7334de03f9d2a23886a2ab6

SHA512
92094bbcdfd4f78e903ab5963370390717acf19cc035e88479e1cb7bb20d43c83585949376391e9989bb3b262be5a92c54ffb83b2aef6cc695018b861e3986ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
fc31057aa18a0be2816b9c326dcf7479

SHA1
5016a5bae0b4f13f8756755baab23234519a7d47

SHA256
6c10dbd420c62311663f2a43c3401cd1759583241904c4aec3b8845c680e7c16

SHA512
b2bcbe7664632ab125c6a1a21f85a10f23812a1ab2d7af445824793a8a06f8c182cb09c10d80738dd92301394f4e6cab9d9619dbce701cee87bfb27504dbd1cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
14KB

MD5
089228a492a7a258711bed8171df79d0

SHA1
c0c575294b78e178eb938e52cade6ef07fecf8fc

SHA256
3a4ef588f739913044c69183e36251d3ece0e3eb7303f3dc2edccb479db45f46

SHA512
904d50c27ee70337489d091a8f7440bf6d5a3214c2da038c04060897282efb9c26a7b7afbf1e742e40aa3a10c499a139decf05473673b2a8de96a4f9aa7d7638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
16KB

MD5
b70bdabd8993b13c1b5d90e826098d81

SHA1
b9ce91300c8aac7c8e56c9ff2a0ab45f694fcf64

SHA256
2f962bd2ade2878628db4de43e0f868e3518e7a482111a2d3da849d0deb2f8dc

SHA512
cc143a5f1d5667953805e64165ebbe41a9f1fdfe630a66361652475818f9d552f448c392b48e4c121b491d094dff413145c6d6a53c4b696bc56a460982586b51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
17KB

MD5
9fadcf71421a87b924901ed7dc2208aa

SHA1
95cec5bf07cc16cac8adb3b245353bf18f390794

SHA256
cccda184865e5d1560c2191ef992595fe2353ed8f906fae2d3d92a51a7287a3b

SHA512
cdfdd715df0e21fbac07da4fbb97f8bf988309e3b3eb25ffa32127dee3a4eaa2185d770017a50aed614e03fdc0dc7e77bbf22c43ffda77f2992536659fe3af5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
9KB

MD5
8366d37a8627af1079effc4bb0711448

SHA1
2ef4693d4ed491d2217508ddb617a8a8b6907284

SHA256
84cb37b51f7de592ec98d46ffbcce2e429441ee40da96df481a113aa1d0a84a3

SHA512
4cb3a46b90c96b205aaca13cee9db8482fb3e278c420118001ccde2e49f8b78c30217b20ca87e671f55a0afd02edea7b9c3e2e0d9d500949404f9e3e89a49fc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
9KB

MD5
6bd9ec7bdfdf7724c8b8e84fa4916caa

SHA1
e36ea6cdace8749a41386523c309a3470122afc3

SHA256
a055c869429360928419722dfafc64e44f8877a3061e7ffb88af94d4bc89f21d

SHA512
497d0762539106f8e1d1bc3c33ae7446fd3168c19e91eba498d13fd9a5fe5e1edb646b4619258d0fd912db60c9720a643e33295871e41233b64eb4397e0b4bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
b12b9ce416d5e79a4888ed26364f4231

SHA1
f7729f0410aecc2bad41843fe133ee3f2aa48d53

SHA256
46f9064d0f63b8f9665ef501d91c8b2217563b582645c0958fe65ade8a371b4f

SHA512
fd4a0617908a92822a22232b09398c6d45fe7a58f523a49c079d614c2cf90404ca44ea82ed55336ee2047a7d4e0ee88dd7301e971f287b589a29518c5cf34366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
21d2f3df89c45e915fa13b3959b36176

SHA1
679f956e349c9b503f17a8c6442d8fd40a478acf

SHA256
fcb7b858f987341876946ff4814d1960c0e7a746a5a1a802d69ee81d00e055b2

SHA512
ff82752e017983ffe8b189dab5d370a0fdfeb09afe2f11f227832a7f2a006d2c9bcf6fb20ae81677d735cffcd3457665abcdbc7433bcd7ae02c866b382dcb6a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
c91c9fccbc6e1c21fd203dd440aa63ec

SHA1
fd2427073108a0e904f12a489b81342e367d67ca

SHA256
ff73e2205a7a2cfc16a222904e2d08265336c3c776179d6a8f5e2ff8e223525b

SHA512
32b8bc5b31be9a860d9a8c06a74cea8b713eca3d76e375c7205af5b912d25f3d8431502e3310636a721b9590c7c49e751baec709acc1d9e598b8b0ffb7ecbbb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
9df0da99f803f99098d7a3c11fa2a760

SHA1
e92aa5d38dc7470beaeec9f5e046ee62bbdaa92c

SHA256
81723e0ad576860bb99e7de3e9af2e304c528b8ad9733585af08f027862bb2c4

SHA512
3247629976f6f63302339c0938b576bce9918e4821f1b8884dc570483a58d1162d666a86c0273ff5fbe1785d94dfc80a3ee0c8f73621768de8768f6ce484399f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
da8ca32df43e3c6f8585b1effba8f6d7

SHA1
ae10d1c96b6fbfb46031ecbf0768cc5d48441f0c

SHA256
57a7642cf9e558e8995434762e964c3b03330a60001e6b44806b2c4633ba40f9

SHA512
229ef805d264fb4afc233788f662d65418a15da331729438ea91b14ae46efe32b8c919f46f692b9f3fc231de4834f47622ca3e3dcc3959febfcecb417d83d8f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
caa8d518d635dcf672ed99e1b97be912

SHA1
6cb4e2a1006fca0fe7fc6a15d26b011df9d7545f

SHA256
dfaea8bb8d1fbe3b5eddfe91d6a5fb28241e9d7d8cf7eca4d15454dcd7ca9d2f

SHA512
fbea74c968587452cf6b50d870f71cfd3d292a217710ba6f6c9b4f4dff9bd28e0d99416de856e08cfc545671f6326fd3aa1b0a9128e8e28d69e15a6e61d6d183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
c3f82b3cc9b2bb441176b9e8c81a8296

SHA1
44f12598857147817d99bf7544a3cd23d67e812a

SHA256
7da321f9ab9e9ebf86fe58177ed43a84b4107d4b15630165656696791ebae611

SHA512
a83f07adf4d9206674f6f48af2327ea2d368bd0e825598659dc24f98fa527790e03004ec04d3eff18cb902e6bda18d0a22423dbad6ad7a9c6950be8b7956da19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
b3e1a4667fb4b321f7e1b56a7501bf91

SHA1
e42351836404769a2e628a3384cba7236a49c4a6

SHA256
a3c42b5b779495be4323bad7024898b02513200a94ca6c153b3746397a8288e0

SHA512
af4d6f2fb732834fb944e1c48a6df47828e0c3ae3731b6578d2887068aae598c66c1e40d7d9f9606533dea1900ea35c574cf8568c1516e4b890ad1a761db11c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
f6013e509ffa445a5e2891a8c3d0bb24

SHA1
177e789c5805b486b16428f76615744dc0b48abe

SHA256
fb958947536deed5b4c5d39bba6330721c6ceb09dfca2ea71850ca2405e90a15

SHA512
5ddcdf1d9ce6a9703c0741d1e61b4cc4767768bcb80a5740776f0a7dea4460020e674cb51d10366fb9c91ce88394c8b5d9517cc436fee7428c2b55af62486ebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
663f936242d620da156ed346a1c63718

SHA1
e94764c13fb955cbb579ab9a8eacc3c32c4d72af

SHA256
99336158958e1a22ed0c24097ed32ba19e801cff7ae7c79d21a95514dc19738d

SHA512
b0dc52ddbd03abd8a15bbc2c6781a872d1ee3424cc20179e10952544fb8287c6f1da063ca18a11cf4d3d16f700b0b2d22eb6b0a406e33c9e46485a525a60be04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
d82be3c2542f1e0272b7cda5a6db4422

SHA1
923fe00523bf04384b03816c1d43a6e206888d0b

SHA256
b6684b366a1c907cef169fceb4ea4105452d62139f4d137ea429ac25ea575f6d

SHA512
e2bea5f07086ca519e9200af6d01f39124d214515567c849792942cf1e5fce3c11a875656dccd9196c3c912ca89c0c68cf14ff5fc57eda12870a4253e1fb0c06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
f1f0a999d4eb644494a6bc1433d625ed

SHA1
00d6469bada2562d041101896b944349a8593147

SHA256
fd84482e92d2b3ce3ec0cef73ceaf42df528573da74c8d15df3ede36e3461caf

SHA512
9b009b61b8637ce8d4b0eadafce86412b8475c4283f2b3389e7102148ee4e53e4419a5e1a0e9c50a432e6bb4ff0c99999a484a259875da28f0eaa22441948e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
9KB

MD5
b971510a575b4f05b98c65076fd80d46

SHA1
65de3d2a506dfabc394c88d002374a4b2068cc03

SHA256
9194a4f15b0d993374173171eea47b1d0b344b28ed36b2a4abac7bef04e29a9f

SHA512
77ecb2468811d3e48402c4f3847ae06cf24665fef13420c67857404c2244f77fcee221e733b18f51d5db930b709a98d67b8f849aaca15308112d94e0b29440fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
9KB

MD5
708b0e4542ba9e4346e3dcffeb109205

SHA1
0b87998409336506cd79d9ee2ae2fafeedd62415

SHA256
40dd366dc947b0445da98237a2b801619333ce8fc67e9b68b091e0876a7fc817

SHA512
09543dbf27ab152e4cab966a4d2781dbc17137cab45e5d22b449d43a68c073edb717236d4a1e5c3e4c7fe095dba12970f95c4f797ba235014db8ae6aa18271dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
9KB

MD5
50f3d41baab19846b5cd11b5b8bd6630

SHA1
ce9757058f3004e5826f76b0acbffc9c64ef4c8e

SHA256
12d8e9b00b26aea8798b87d120e3eafc73067116eabb84cac69f05fce9dea339

SHA512
976409d5aff68d24c8ed4ed1fe502d8a204d8815d070370c4895f843fac35f9db6a428f64ec5c00583a019b16bd570d9fd5fdee1de7f32b7ff9d83487baa7608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
10KB

MD5
f576ac1ad94c01e7c1768aebd16f45d8

SHA1
792e6f3f1c61f1767ec5d1539bc44c9da1d92b1c

SHA256
4ba4e821c747cb3f06c2a698ebdbf58e5b14c4fbb38115c29e00dac369b3b4dd

SHA512
67e46c906639b12cdfebc31f6e722ad1b68d1d9c2d4fd6221815a3ee67c6e98638d1759233ba42cca5588dfc1418e017a3725e97c3ee7161e990b0ca2cfc8270

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
1d18edfdbe7d08fc4a6fa13b983feded

SHA1
8c74533ef45a36b42329de0bc1cf9af6f086b983

SHA256
854d48fbbfdea6ccef237c55d0d580c704c6b78c46ef43f3b4650f03a221dd5f

SHA512
cb9cda0291bbb532e9dca84aa336971c1fc148f6d787b532a5c5d94dfdccf087fa4cab48fb023b4858cbe7c93665ffa3470875fb2618a2fdfeff39f869dc5683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
c20e8a34e772d923beaddccc9d908395

SHA1
c07349b5f903a83e7d765af967621f288ca919ce

SHA256
279e06ec3a22323d09cfff3fe667601d44aee8ef66147a6c4836e2b0014141a0

SHA512
100353bd6e8acac4d1b63f0cb8a452691958747028feeaae4b44dc991de6e39df63a24113b5d2d693915ce2881c46282e055ec17d57aff63da67a94eddd84ebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
8ff10f99ec2b8e1ea0b1cf422f9afeea

SHA1
650cc1c675c6d18ae8cbd4dd79eb9533006c45b6

SHA256
51df49ff67ffd9788cf889700ebbb4e1ba8855a9072c3829aa4064c5fe6ea710

SHA512
ac8f0af68241eb3d8141612963e23256e96f95e743e49f0f9ced14f390f126c676fb8c88282e183496b0bc8e72dc07804522cd0c065b2a5fadfb9166900cb99f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
835f8350f9102dcaf2fde735529856fc

SHA1
9430ad1a01352f8dbb0ce90b34fa7f055f26a7a6

SHA256
d497447f07bd29576c6a7bd7d7ef8a5b325613484b285ad0a40db4454bf04f82

SHA512
0ae895a70cb0c74809c40b3c0f8a2a45918e67d2452da025680c2484672ffb7b82171aa49c58b95e3cef008264c174e1f05a66ec85a692fad67caf9fd80ca213

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
dd033646b4861b1aa0abfc4ba2e9d135

SHA1
3cadbc2c65f893439c96386280d963b1a28de21c

SHA256
474644d9784f79017c91386fbd8797beff0075c4370ed16242609c707f757ffc

SHA512
70550d4516b29c9bc5ad0a39d249c82f6713be10664b72e171c9d8966ce9511f2573e2c87d1f5b7cac700d5846b23a44e65cd2e277146d767f72433717b55b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
9KB

MD5
b4a4b935cadb4c0379ca857939d469ca

SHA1
863b321485e67f49688231020ba620bfca78597a

SHA256
481eeffa9d7ae9db6d755f4d686bfc63f8bf0e3310f9b07a2d82f71c13180811

SHA512
196b84cad462490efc032bd5e6f71f906b06d5e95159b85cc4325701044569be780fb8cf09ddb81eec5db61a068f84fff7f551ef13fa49db9cee0c0096d7de24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
c40d505d8254bb9e413a2ca8e4229b62

SHA1
e4e4fb4ea97b654fb891ffb47c03b5bf2b3a4697

SHA256
4162f5b4fe09f0f4d941284cfb7353f72a4eb9d9c5468fd7b11d291e4d7ec09c

SHA512
72a738cd77245bfe048cdbac3202c2ea727ca246675786ebf394ad98e878efc051145dd3218b4a65a053a53a8e1ae1d1922c443dbb48c3763b05d0dadbda8c3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
1dbb47aea3b0250b4c9c6d4d27779ecd

SHA1
2843c1f87c92ed26cee5f33900c4152a3cc60325

SHA256
e6941dcb816a0b514e8f7c3bf50c02d58dae982fb0e6b3733f4132db975017da

SHA512
e6434eac380fc63fcbaca9ed5b36405be1bb9ab4feafc8c070b00fd7defcb8c3d2bf8f281a6276dea2e3d598215c2bced41e3e80707d0ab6acbde98e003eb296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
f67085a857db10d72b4f40f2d4987ac8

SHA1
104ee312f797b330c9d2d8f0e8458891f0fa72ab

SHA256
95b65ee77ea07619452303266a6efb190c1bd0e7eac4ec28bcdbc6e0d3cfe3cf

SHA512
65a2fe88b1bb2da0a0796448cb17001cd2696b873f9bad6faf66a3d700da0b40733687ec74ba16a00ca2fdba068c6ec14ea2a0063525a4cbb05ffc0b8a34c675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
9KB

MD5
54d18e3ec55b86a98417b84e85f392e8

SHA1
353815fa5e6f9ed3bbbb8abae23de4e829087d7d

SHA256
211713729ed6e4a384609ea0e29d901151c38eddd7ecfa284b9f3bda528b7e44

SHA512
0ab7d63fab1e85d2bd3533f46bcd4099d40325952d177f1167a5009940bf8af5293371509e61d85c982e0e20d155ce8f7c95e4c44c69d82ffe796b45ca98a310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
0173c84ab4f67a4ce136d077e896c3d6

SHA1
741eb92baef9543cdf2d8a8d31359da314e44201

SHA256
e1b396c9ea20cb4dd481767fac441a4c2ab236aab1adf75bc6e7aea4c7808057

SHA512
1bfe2d77a85104bfcadd5fdb511d65747b95b2641acd57c40a5a43e1835f03789884a490614999a14d5c18a0d8af70f3bb83445f60c002bac9be6de6632ba06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
d16c1036ae03edc3f055ea100940a6a9

SHA1
8687a33f7ac65f5d29d31bc71e1cd4e7a15fdce3

SHA256
6f184315a31065f11cd28fc8d4b2e6b95845883442d56ea924c379763112ab69

SHA512
93c642942b39bd1fe6e775d6118b217f066aaab5fcd0a0bee3da9077561a2533df3372d54a62c405d62201404d2a9206d7c05718adda8edc1e66bf1581045029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
73d1c9a4ab6c070c0bb392fd0a79765b

SHA1
bdb60ec198c16528bc0483a8292fb7d2aafeb354

SHA256
d420749e85d48e30d340496627b907ac243a6d5ce975022cd4ca06bd9a7ff3e3

SHA512
a080ea3544634d017015c65551d377c4bb879b0a274836838e04c092ba343c1855cda446d1a7dfa8b7badb8de5252bec1009e0808e08bc8c6de78e33da6e3a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
6212616fb7c74f95f7addbfc511a8629

SHA1
bd331585445e32861c14aca1b9da6be4f96f64d6

SHA256
486c156d0a6c44a7bb155310b74754ab3475e5fe292f580831948d201e5c8499

SHA512
33163ed298166698cadc7da17cb015d2a9c93facebec6555c57104fd457d87288ab2c474a59f6eb4f8908e1ae50ed144b440ad348d2684a7491c5e40a91a1f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
e5b59ab706eb2e5fcf1e5af139bcd4ba

SHA1
4d227bfc6bbd6bdb4c49db19893ce7800cc2b175

SHA256
dc99ea5fee62108c1939ef760615abcd8c15bfda01dd780c8a55a45a10cbc606

SHA512
0546e248d2a86b7d83a4e95d7fac71a454e01f81045bf8b734c2fef72983276a89da84430da62661dea4450812b7605aa7ef8f9c8198b277f40ad9c4159725cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
59b1927ddfeef1fd1e0a092ed48f9d42

SHA1
10f0b52d868dd74e22ee3c41f31bca1c920a0d56

SHA256
3e54f1cd2bfa70951ff4225a0b97f39a2630de077f2f49b56723e3a50d6ffa52

SHA512
672952d9de78fca3bbb00651b4db9f222e87375cda9a37f3c2b0473e6310c37671b3e276fdbb3bf88f9d06c3eb6e52cc707a7fc40226863b319a3464c92b9a97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
87d4fd0f1733f2c280e73df83037dc8e

SHA1
84d7d9dfcd6d2276ba2b265b7bf7bcdcbc1b31dd

SHA256
f435265a3208d817271c73bac1faef88ef9a2679ad95bfb4f2ece499b111bdd0

SHA512
4943d5677eba751cbe90125ebc1c8c4cfd93f4fa2290e06d29c513faaab3f25dcef25eaeabd1ffceb42b2fa89e991704c215ed2053d55d78874a9b0f0e174798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
1235fac45f14a9c3267b72532f43d7a4

SHA1
952fd1f5aa87213597164b9e951bed1d05ad6e02

SHA256
900f8b202a9ad63b7c051c4410ef51dabbaaa1101bc952b6746773c141f4e2a1

SHA512
650792b41f77edb6087b847fe45d1de6d4f64647e18551853800f9444e3de9d998f30b1f670396ccf1d35c94b0821b1b329a16ba36ba4e03b6049cdceab1cda1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
10KB

MD5
e9979b0a144266070f483f1dc30a93a3

SHA1
a28e23f44fefa14aa8deadcb29d2a0d65231319f

SHA256
5c3d74cf9101e47dc2a305fd10904b7894c2c93e0176a18de15e4f222b999148

SHA512
e76e852d8ff3c0c54b992a78f1538e1baac124e29ec9e88fcca471352f91916cc0af8ded5de1587b616d8ab849c78bdb22594d754482ee5f73791df804c56697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
a249d152c0707bb6fc7129021828ef2c

SHA1
8e36c7228c14fc643c69cae3ac6db1091bb214b6

SHA256
179b4c1537b19b19dbaa02d6507f7afaf1ad872204544fad132176757bcbca7a

SHA512
8300ce64b02887e8abe2ad447935a11aff751c154dbd18cc2687a2a8f92be23dc33e9dee06021845bc5fb8a75b718036d963616717d444ce42d24f0a4a27cd4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
a9e916216eefdff652fc5681875d2ff1

SHA1
a37d91b53bf3bdcc94eda3b672e3f95038cdd946

SHA256
9d2d425eb41697e37f5228a32f34ec504cb3cdf72a3627e52aed51ac09cbf274

SHA512
819bb7ad059459f2e4d71ef59694e3be1979a6903d4c39695a9bc4b133ac676c7f80c3607585f58ec5630d105c73799b071d4c239386626fda1148f16a86dddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7cfa70383151fa89091c063b2eb9927d

SHA1
d51f8e4619f748fe28d06fa0c53df53fc541d63e

SHA256
708766d720c85b5b2f6bc1be836c7604c3f2d2a45dd66fa75e530af671a7d9e0

SHA512
93e6821060f576a0f4b94aea2a0e07137fbf032d172af6765aafe33df1f0831f69eb9ed9d325b6a5fdcac3704c6d66de90aa66f0dfc92eb7bf8d320375807b34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
5b3250efc2bb4ea5bfe6e3194f19d632

SHA1
878cee8fa692ce754efa21d1747334e22953d587

SHA256
91ddf517cf245ba229ac32d63975d078041003a8cdabe9e83442a156996f0288

SHA512
eb211e51c081de660d829556a09980201a9cc1aa47d8b84ecedd586966f819aee5be1bdf73f6925af841c3fc2c86c8f505fed21dfc907bd3cd2f7e647a819f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
25a3a5f6ecb7fc50c07bddb9a4831dca

SHA1
ed6b0127e4bde3e7c2bb9c108fddf69695e9d73b

SHA256
3375f3515510c3bdae19ae5432d07992ef3d2d770b57b9b1aefa0cfd19b6ddcd

SHA512
b174f1676b4c4b6b18b5399866f64e7ee6306ca7551fc6d38db85bc780bf3f243ac3656af02811bf5990b20c5c0363dcbceb9eea00df2e04f0d80b32786414dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
967b97c8efbf54183fac9b9c7863001c

SHA1
89e51ae099bb0eb959e07c8d1d0142a9671ba5cd

SHA256
138ead15b5e1df3d6ad6c2d8baf4d12182b681b653f428b07df49bab8bee24c7

SHA512
6617c02214bdbd54f4828597553fd2e12c9e14d8be320f19d2647d725beda51352cf508cd18b95cc3880f90dab42a23728d384ab9dc42e44d17e26afa0ab060d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
3f6ac8c4889da2fca1250c423bbe117b

SHA1
e010f3f8680dddb741949cc00004ece5892baa23

SHA256
903b3c83251e9e98c2f9cb5a50297c0f987ffdba30b0f30cfd93fa85e0e81e14

SHA512
931d238622e9c9baf64174e1d8091260db78d39659f7616c39ebf6617a993e29608eaa4218760d7e8a31beaff7a3a94156123d2a41a0847be6d676cb71e8576d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
f0a4e72e00bb84f9563ba3b249c46818

SHA1
39874cf71d093b76090dbd563cdd19cc89309518

SHA256
c070c9122f5652aab48c4aad79afa26d9b0f37b52a8198b9512cc7b3580ea773

SHA512
749b9e9e7d89cc7dcd719459ca81f7ba2a4c46199db4d1e5d1cecd1d34ea64b2d5adb6f8f24f30900e7a5aa3ae717528f05adeac2088278b1bfad77ec2da072f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
35f23887373b629a8916e6ca0327bfe5

SHA1
171b983f3b6d3a4eee40fe579b01857602e2a92c

SHA256
46948dd1ee65e368579662e7474bfeffebbaa8bbd4525c565083af3938126f04

SHA512
c8081924b40c278f0e79d26a43fac7b7426c0d0f039a923de0d69772b7b410f58aba7084a06b32e4c89ba2af2f57713df1848eef9cf4f9b8bd4fb6ac9d3a9c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
1dd4d7c0b3753809b549b046795c26a7

SHA1
fdb096e9007a9161ea1179087c8a6e1d268fe427

SHA256
55d165301c910d078ee74386b9b99205face94db7f1117996d7a2fbf3f5ea4d5

SHA512
519303dbfb6d15e0c18ad2c9f528a2ea4be36ed05680c75d58315afe8ebc1eb03eed4c7dd2361430faa097d7cecf1d5b8dff0f23a283279151a106caa5a44913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
e5441cba212c32372726964400c29e5c

SHA1
2d681ad8acd7dfa47379da22c3cb21951d4fbff7

SHA256
ea7e5ff505f28198afcd2b11015a61652de72b0e871b7a6dd77bc10a2269d92f

SHA512
ba57d79485150821ae42c69a64557f51730ff961ee0f910ef2b6337423f576031d73878e1b127b01812469730177cc22fccedf22633868c2af10f611d83b362c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\7722baf6-b92d-44bf-9ca4-63139ddf528c\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\7722baf6-b92d-44bf-9ca4-63139ddf528c\index-dir\the-real-index
Filesize
72B

MD5
a0188863124e5c209488677f23a4deef

SHA1
3b3b54feb86033df265f909bbd35a0c39f74889e

SHA256
217968d47c68ac03cce60f7f9113610cebcaa5dc75c95582c27b881ef41c1dba

SHA512
1d56b69d665ed4180c12ac4daf8185821f9343e61d5da7243e8f7b25feba7cd140ff9766a43ca615203b411ef8599c2a96e88ee310247999bcb2346b6d847cb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\7722baf6-b92d-44bf-9ca4-63139ddf528c\index-dir\the-real-index~RFe592272.TMP
Filesize
48B

MD5
de79c1caf3e0f8fb69f7a38e09487d62

SHA1
c671a5c44f28547414371bd85902940234e90561

SHA256
69c8eb21498e9a9f27be336aec9a4d722f4e99dfbfb9e6cae1783970bd910c78

SHA512
212be701eecdfd0d6caf1bb3500059e50c9c9725ed0e13b839f9749cc5c6d333813aca7fb5c3de328bf396a1158e0ac2811ebb9f215a2cdf4bfb933d39b07497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\048e351415e7f8ea_0
Filesize
79KB

MD5
d8a8484012ff741124c1fff448385666

SHA1
102db61f01230ef5c17bb696d20ffd169e9c9d19

SHA256
3980ec7cb0ccd0c16416b80997f0f52d35341052c59f7e8d8c455703f880ba51

SHA512
2b86d4752e7b05f94847735a3d0c76a1df25b7aabf56cf566c5a9a3e18717de2e0ddb771e8f7a35c76579b4f40ffa6124351d7e83cd9c933a773e0a4ed1b2e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\32460e172f5e27f6_0
Filesize
10KB

MD5
981bcf30a96a761a02679412f46dc099

SHA1
41c122d53dc77efc43efb4491048fa36a9cb0fa9

SHA256
96334dcdb62720db069462a5bd0b4e1f86bdf681ac8d5b533d83a26b7ea27d6e

SHA512
72b064115cea5748af715f0963f21bc5a67d5510d8c35bd41c3c7738be6b475f3296f0ee3faa5baed1a853b65bf2f79ec65ebf8c25b74d4dcb7b78ef6b77a151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\7641c6ffc07cd03a_0
Filesize
13KB

MD5
511b70ee3930f0b149b01da1947fbf71

SHA1
fe45bc0d426f160375481f0a13c48c20a987564b

SHA256
48552ad2844a82088254fa0fe8a52fd64841d8d846960bbe6a892f6bb0feb6e0

SHA512
923f99667e50074d252566d6215bdf7eaec74cecee4a7e15e77ae44ba7798f02fe573e682a33f2a9c4c99fd3a32f5e777197ae443e1aba584fdd4a743cbc46bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\93a21fc0a37eec66_0
Filesize
50KB

MD5
e26e204d38b0a5ef719db4ab84c36757

SHA1
29485e3eb33697c0fcd11af5e2e0cfb854a22856

SHA256
fc4670076b960364a4f7ad51d205f3924505a8a333f58be4fb936cb29bf5b492

SHA512
fa99efee9d6d1a0eac7302ad7c556d423c93e64483e641c75cd6b71b58c3a4619f2a29094fd2e5c94cc0980dbad8cd74f821db29210c993d438711b4744df6b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\aa743a69c21e7ce1_0
Filesize
9KB

MD5
1bb0943adbcbf0be3b9b74026bd502f7

SHA1
c2de1ed0dff7af69b26f294e528c29e44baffaf5

SHA256
0e99123b5bc3b11565cf29c18e1238a3d76f22b5975485eccf3aa2e3ed59be09

SHA512
ea5ae325fbfeebc958baa65d29f9aff66750078226e260304d200b785eef46f2829667e97842b26ceca95ab11bacf7976388262d8de68eed58d0024f24d6b603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\c50139eaf486f144_0
Filesize
9KB

MD5
989627ba17701cb5115b0085591fdc3f

SHA1
fc1b54c66f2cda717dc84ab76c75922d9cbb8914

SHA256
df9e01260292c8151ad33cc2948ef72f0983811c81d856bb8d101f8fde8d2658

SHA512
84e59ea6c4d4725e1981ed305a45cba8ba64b56bb58f56e39788dc3f3564998cf94e1bd8d2e983fa59a50cca9bf132560297047aea0cb948aa03d6986b5873d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\ca2c57ef4515fb83_0
Filesize
11KB

MD5
36e0fc878ffe6ad67307c491ee94c3c8

SHA1
917b81012f5e29ee25b5cae6547a7cbba2e3e21a

SHA256
c0e6f7c154f227e989e049e76cd73d37ee1c10a5c255c3be83364ea75985ad0c

SHA512
40a8940fb359f0411e455b37117bfc65b5e2eaa3a3af5eaab4cd6f66bdf02e10c9b87649cd3e19b99b12883eee345d260cd747a7ab9a9074e95256e2be117ad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\cc2fd9a6c88fd60a_0
Filesize
9KB

MD5
b18ceee046a8cf8648f660377d9f63fd

SHA1
b28246877019e229cf44a1abba181b24b514d6d8

SHA256
ba746fe526a49833f79f5f3d18bb6b87fc673ad399c2e8b4be07aaaaed2003a0

SHA512
7bd5ed945a5546785a8423cb5052dbb8a48d6f732c197f4e291ff04da5308c0142b3470d60512021133605df8097836a4c535be4e4c92858387a3656598a3167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\d404ca11742d9617_0
Filesize
65KB

MD5
721b9f933e3b132df1a3ecf5c13b6f94

SHA1
f478de7e67cca52344a1735865ee1d20a29d4c20

SHA256
cab61c839f5ae1be258250bd497abe087abe85f5bb2071bd261ef6a990ade360

SHA512
e5d266d6dfbeeaa749910e10da7eeb1fe6cdce1727e705833413c4c4e58db0554949bfd009c9bf45466237c61987150a76e2febc0d08b74148570ef2ebb7a971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\eacc3992a40cd2cd_0
Filesize
18KB

MD5
531d8970a2de56bf45c802ff0fa08551

SHA1
6aa89b76de9b4902fbac56d02c70fd5634f9659b

SHA256
a8b9c56f29dcf40e5c69163ef73b7b8f5352d38aa596d75c9656a9792f722e02

SHA512
8ae86d30637752c631b266ead6052e299208d108dbde842cdbdd4287e5283d37ee254d88a727bec5608146b673d03ff2c9eb9f663f436791b0ada1462c2f4c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\f8b114780e842c58_0
Filesize
9KB

MD5
7809fad1df912a22340ffdf975018f4e

SHA1
eb57902eb2ff64370d4b8acc918c9dc846434804

SHA256
22398c100b18d3680602cf52289d8050cc7c26680d6efeec1ef0c2f63ba09b08

SHA512
fccefa88cc06d70fd5adfed49ad62deff4c4f0e4c72950aedd0c8b4b86016cd28716047644588d67c78e2e3326944e1de2d44e612f0eb7579cbcdd0a7e877539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\index-dir\the-real-index
Filesize
13KB

MD5
f55ea730d8fe8fd3f8dd61b6b2dd57c5

SHA1
eab446a108a2a2bd04ba0c61153f0573e097790c

SHA256
e02727d8e912e10ba60d3bdbf1a43b0747a679edd0da2b325539b7b765b7a083

SHA512
9246524fb2592e4f60803c5b1a72858077d2a78a5e2879c91aa1ea1c0ee720baa1c2cfbbc53ccf87c0322d0cf839e101cbac90bbc31747963abc3372cf45db16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\index-dir\the-real-index
Filesize
13KB

MD5
b1239edf036d52f341d65e33a6cb6e6c

SHA1
c8597f7441e8d05d4fdf8cd445fcc576c2ed7de1

SHA256
d22de52a246f3b59b7206c1fdbb6c23910f58d0b0d7b1fe96816e0e7ea3fe152

SHA512
09e9db88307c2a9cf94679988b4ab57496cc567420d6ec07577d9aac47e52a5407d6707c6b7643dd9117c61ab2b9216e30e84fc5592c91a92c375031f29b172b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\aa336f3d-c52a-4c50-8057-4e67715a648a\index-dir\the-real-index~RFe592272.TMP
Filesize
48B

MD5
744c0b0dc3fbde6120be7530118c5927

SHA1
46a71535284737b11b00e070fe46af7bcf8f43dc

SHA256
3fa6b9b87c7400ab441c0adc0976688acb39ffca0e0be9fc3747c4213c208564

SHA512
95834fde40522eaacbe922222aa599f0de3f20693531ce278e040484c79b8211d255ac9e4ffee40bcea83c930fc466074053b2c403bc688d88ff9e96b52e6271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\b6afe382-bf48-4f16-8b4c-eeec64684b86\index-dir\the-real-index
Filesize
96B

MD5
32244559728fb3b5b8bc935a3b2d9419

SHA1
8f6dda1622bd620620d4e0c770b63acf96cf9eeb

SHA256
ecb0d54151d21cc69d1a16c23722e48827b0aa3031137d0a8fa211582131fad9

SHA512
1390260d6a44c4f093e9a2d38d57890aad594d4eb19b5879950a5492b1678a4454ba89da4cfd6a912a6fa1c63012f7aff5b8dd79350846ca172c3ca84e7b6d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\b6afe382-bf48-4f16-8b4c-eeec64684b86\index-dir\the-real-index
Filesize
96B

MD5
b7cd5f57c9899dc52e7a3b0e197387f9

SHA1
e660657cb7e67911c8a97e17e900ca2ae45bc512

SHA256
ebcaf409cb852f7a7fd6298bc04c3f6c53bfd6a1d8c453f404c95132cedc8b3e

SHA512
b60eef0a80756f8aeea53cc85a7c1e1b6d3790f091c506bda1387a392ebda2b014de5b59feb0736be33eea64ee23b16ac3816b5e9923538e46967616f197316d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\b6afe382-bf48-4f16-8b4c-eeec64684b86\index-dir\the-real-index~RFe590ce7.TMP
Filesize
48B

MD5
7ce8b62caf8100ea0fc2f13f8a7d43c7

SHA1
3af3610a5c8d71256115ae18de4e78e02f9bbfda

SHA256
8ad1b86cad5cf21153ad3cfa9aa13bc31fef944e541b65629bdbebc3946d9457

SHA512
fa04037aca5bc6b61c683f0f7b2315a9883e93002734fa74cec6034e25059308cc50f3bf606f23e056318f537c7e607102b7eb88231e7c8737930468b4d665a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\index.txt
Filesize
208B

MD5
f2ea0a1218f371c95b1d2706e68e8ba6

SHA1
8c31981a3a605936effae8dfa2241706ba859462

SHA256
7bc99f1fe651b9ea84a528b796118088cd8ef8150bfad995809fe31478022da1

SHA512
137012183bd4859454f38a9378df70560be2328a7fc1ac94b5e40d8c0e039a87edf503dda4bc632031a042acefecd504c857c2512fa8e4aba2f1144a5cae0d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\index.txt
Filesize
142B

MD5
03dad47762071d974549058ce04273c6

SHA1
82cd1ad6e915d8c34245ad35d62c051cd2bbba0c

SHA256
50beeda74c4a3a1512dd8aca40613dd7454e075df50c79885ed9a476f3f48e69

SHA512
e829c4bebeee576d4d35d9837b39afc1d7330b612a4672dd78c790d531a7c5a604460bfbddd7a263279d644fe95fee7488a82623573b0521299269c81b485536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\index.txt
Filesize
202B

MD5
3c1549f3a317f84a6fa912cccc639282

SHA1
0f0b4f5630adad822d9cd5a2b514c096d75a48d3

SHA256
34d53379d785255e05ba068322939f57574950d752beac857c02cf2d274652a1

SHA512
c485c2ad2b6303a624639a177b1f87969a74768d7d2c1751138963619031dfeffd07868b2adc4fe549904503bff5ab16b423495a277b2fabbe17abc8764a5189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\index.txt
Filesize
283B

MD5
f8008a6a26d157ae9d0486f22fdf6143

SHA1
4713611fda2c9d4dbec63b5494e355042f0c8d47

SHA256
0f71c34065a419a14d2e65af6addb0f4bc945e2b22ca44a9e4ac0734ec962801

SHA512
40b136c0c8a5a7dfc089b08171fa20512e6f138a158d5fd781f0120de72878256ae83779d77ea538b3e9000f22edb7d5d913438358d58b3125168e5cacf0deac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\index.txt
Filesize
135B

MD5
23bea63721d279d16796e355ee00a98b

SHA1
9c7a34176266a042e45bfdde5eefce8df5968a42

SHA256
347d018f5b5cbc1a5892bb7b314cdbcefed8b0507808127b108c6d4a49b22252

SHA512
9fd11fd6ebd6cb8f0a940ce3833d07515e71c53da6d279069560d4f549fc78d74b5e856934c7919b03f6ea0b1820a0df2ab010a6649fb6a60c1d8e319ffce689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\index.txt
Filesize
68B

MD5
0af1a10e19f765da2f2792dba876996c

SHA1
b15f130680714e87921cfaf864122f9c708691fd

SHA256
970f547da4f8656d2bacd529a3fd8d950abf522244f26a2c5511308d65e6499c

SHA512
03b2672ad1a1209fd5c48a6ac9566e139f1de47cde4dcf88d772ca233b4bae99dd525b84858244e8f3159d43870068e2014512007bc3d25135751909b7ccb0ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\index.txt
Filesize
280B

MD5
7647db68c8788a0585022d8379e59ecc

SHA1
e3bdb047d38fd627a8af8072d2a2a537c82a4a32

SHA256
17e4a099234edd2ba45f09218e4be2aae067c42563d40e5f788fe839413a46d4

SHA512
94a83d78a4053b17f6414daab1e57cf30be71b767431ff2dd646fea6cab0b1d26b7dba83186679255cb33e0f22255b6c6333fc51765f57ffd9a82d91bf7d994a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\index.txt
Filesize
280B

MD5
491e09ac0fa9d5723da59ca260b00fd2

SHA1
0e35c829f18a3f49c55a06cc63c4a6b6cd0f5a2f

SHA256
e27d6264224f2858c247eeee229459988b7b508f86e07b528801635866693983

SHA512
6e429cb99f604937def2aae67d82cc8c8094669c8a9fd6a69de985b7cbe9d291cb0c8d6d2d2acab98bb63117be1a92e90161e71869d9348b773870298cb2a7ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\355690543901cc08c45dface808d8446dd9e58ee\index.txt~RFe58be88.TMP
Filesize
134B

MD5
ca4abbd72530d4abbc9c30ebf1afc388

SHA1
6bb191167d0eabaae8491f943f1664a9422cd7ec

SHA256
292d7ee116f4454d1c15258aa7d4530080eb7369f169020f9f48e338c7b8047b

SHA512
e490bb758a2fca2ba50dd4cec4d73ae691fda9dfe2de2c5b080941159b56e123130f0526c6732baace8eca0121b541fbe10dfa5e5e3e9ba5725cd23185172f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize
5KB

MD5
09a955cce6cc6f66e75a39d9e9b14b99

SHA1
fe79923c32a25ea6c9a1310f2f0e6b7ff78144ce

SHA256
de8bf204eb380ee4d32184b57c87c6f62758ef6ae0c0845e6544a6501d20b0e4

SHA512
5fa06929adc522142a6dad98e88e5f7a8fe78738d5a98580ac08bb61f26874b56e8f59a566757843705f443bddfe01d69390a1414d2cefeea76e7e6888abace2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize
393KB

MD5
c56cd574947e4073b95c68dafc1621f9

SHA1
664700bf0ab65c9a8084feefeec640591a3cec9a

SHA256
1acd526b80c32da652fa4a1d5173552c0d079c45f51fd5b66ee5d4cd9ef47c8a

SHA512
7a59252560a42d799d044edefed0452ad505555ad14216974b1e8a9a042f91640aa8a02af8ccb46afcaa711ca07894bcb0fa88d3d5dc4735a8eb23dfc876d41e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
Filesize
1.1MB

MD5
b654cfe44f357d59134935edb2363c76

SHA1
986e0e399e82e263ba61701dc90693eaffac126f

SHA256
a11cfd181fc979ddccc9aaa821e864cfbbaeda812041ffe83d1a4845ee3add48

SHA512
98524291ec09ac8a68f1c2dc5cb3faa58d3eaf8ce14db5da02ada2dbedb2034243a70a93c65448b4b03cb7a59162dc711769c0c1af98b921664c3b62fd0f6f26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
0cfc07a82d2b89d7e8febebb61705a1b

SHA1
1fc9269a92b1f3101fa41d3d445ccb8e773456be

SHA256
e96dc955e83940bbbbb7669024d8ac4ac4cda510b343bcad3369f193b696cb75

SHA512
eb2f096dfa6d9bd2a863c0e32c29d55edd582a03a30f4efa73f6bcb464723e8172325c0d2d217539b76fb77d71ff6322fffd4e6886a1ed978317756638ce207f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590ca8.TMP
Filesize
48B

MD5
f4797a7d46f7f9a4d9c5da942177e900

SHA1
2f0a48ea3c56d290b679cf82a46eea6f8ef03f4b

SHA256
27a174bd7e17955bcaf5444d76291634fa07e005c935f0c509962a6189d7e18d

SHA512
a5822cf2107e8f554c79f5d1a87de42f1274fdb520a246e1a4f54a092bc9278aaf2b55a3fd06333fbde215d80317534ce74e3a6c2d4fed12de108fb9fc83ed95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
0ab3833c80425aecb05be0bb77216f13

SHA1
20c0fcbf1af69354d61d62d215fe0a1f04249067

SHA256
448cc9256b47d8b01ca16cde10f0b6ed81f217bbdf64609e3f99576378fe6725

SHA512
3bde62a5c6b38aa164c86775c7a6b35b04e8a52440017af5041872d98471e7220f169e144884c4d37012455145f038e403548590438baec831fb4b0ff0c0195a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
a4d8c7c5e43b47f4c9c3a8da79a3b658

SHA1
4de5fceebe83bd132a1a40ab53b02c7c2fadc173

SHA256
05ab9f0c35dafa91497461fdee508d4ffe532c53c554294d8ecfe118ee12984d

SHA512
346d631f61431327eba41ea3abb615eddd50fa57418ee6a856dfc08879098ae57e5889f0bcb3445b40699a0ed32464f65262051373d9ffe0a3ab36bfc8fc7a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
b746001db9fac6a00772d38c28982933

SHA1
39511cb025660b132e6364c68402c144ff8f40e9

SHA256
033fb98e27523f83ae2171a21920c8fd7482f2da3c1fd4073f61c64dab9aabb6

SHA512
2515f68f3b963d706feafc288b76724b5f9abe9200e3952204a82f8f5af52d4043da94339c3a21bfa4ac887c594907d640a450796adddbefa3d381f448684f2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
5d97b9f890697ce3ff2cc4c9dd936bad

SHA1
682b48b86df0a93fd38037b72019a7dcfd3582b8

SHA256
0d8db0f7da37f220604dec546806a40f4cbb1acd6ef6769e55d82f7cdba6ada5

SHA512
4def091cb9a34604370f7bf9c765b6c11b0b43183029a860ebb2ea38ebc711a85db6dbf67bddf88e74677384990a5e02ed5f984fce968ac257d4110bc18a5d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
93KB

MD5
47e51ad8d6c275dc0445afd51f24f7e3

SHA1
51f44f15f520254b5d11eaed7fbe1ff44aabbab0

SHA256
df1cfe6f4137dcfe3c9e8bc2d3074c17a0cd42f543b7a04476b1b4295dd9ca58

SHA512
07a5e05b357f18cb7828b02c4aed1fbfbe8706cc0e9eba69873a88228edbeaf8ba28401dd4e9ed2527eb04d399a1230eb40de31f3fdad5947e7aa2b1060a6a83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
106KB

MD5
1b90c67ef3281dcf23af3515d9a7a319

SHA1
11357506f2a82799bb2a4ca1e612cfa996cd54aa

SHA256
6a3c5f24e522fff61fd492c094a73f17d152f5e87029fa60e8f5a2e988bdcd84

SHA512
b71b3c037f7b3ff7fa7fb9d2dbcce4a42aac3f452d3332c8b2711af983dc480c7ff496d720f968536d9669ba3ce9190a28abf782b6d4dd9e22c359fa8004622e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
89KB

MD5
07d6db5244f1e786812935e8a8837412

SHA1
ecb1c0506a0f804c7e40996a6ef735de20eb3289

SHA256
c6760ab9b680c8e2edcf6da3c16d80c9b5b4376d331289849eec23c76d24546d

SHA512
e139f28f8a7ebb13d82463663ffbdd9b749da2b5bd4c310518c63c3653776d1000f7245a54a8d761cf680a78df22368e2041133d7fedb619cdc4cafe7fd8c662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
f2e0485876de7c26ff09375362b3c0bc

SHA1
1e26909ad121a4841e0b4e7892a2a4518295bbef

SHA256
94d8cb04320647d35882f07b289b99e0162d524e34363366bbc1673e6d0fdf07

SHA512
b207a8d170d3e1ed89e7ad7e956c0eb1e39afa8c78af4c700fab043fad5da765c657186052a9a2c3270f0c43984aaf99b9974cb61feb140decc021222d13dcba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
108KB

MD5
f079b0dacf0e6894b44b1f37246eaa10

SHA1
44e85ed587ba13fa4f1d8a0965c2450682af6f2f

SHA256
5ec513d0c133d05a66ce13d1c8d221b0033ba61ae0b5a2466be11f74aa9b5454

SHA512
514291455d6f1d378113dfd2b5a9b6f89157a2039442db421c0d3df72bd3c7c5342d9f26e9540ea5318a7e12a88cf629ebe261e00cd469f5fa2ffa17aee251ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f1b3.TMP
Filesize
88KB

MD5
d1742476d10dfe908a0cdaf9ea318880

SHA1
9cd468637eebbfef9587a24751a50548836d5cb3

SHA256
3a76cbcda97d9a29f9b5daeac5a7f59cf1798a94199ccfb354ba590865c2c658

SHA512
3c229798cf283c4526302a9945bd489f5cd9d11cdf0da0496180ac3dd1e9dfd34c044f878f8f14b37b2ca8e526ef48083c0ad0ade204aa31f67b8679100f4db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6f1400791d863e1b5fb1a971e70185c1

SHA1
1116ec153591635f167ab626c86ce2c601aa554b

SHA256
37d37b963c2b881ecaf31085e97fea2c92a61e34d652fc182fb267dca12df62f

SHA512
6c57092b31a8132368ea63529dbd82de9219e58eb7005db86738db5dbe878149e937b419b0f8cc47dbc5084193f556b39c32630e8ee9d7ce0c301070183c51ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
862561583951f75a2c692854a1a72672

SHA1
792e7a3667ae2e09033ed59e9920ea402d985173

SHA256
b5d4990bb9208a3156a24b2d7346dd284494b4d47f14665a482254d40f2a217b

SHA512
270e0100a52d21b339fcd362615c4509e4e57dec7859eb931f723184ea54653a2a328f1085a25875e7795777074f7b51af6f17ce935c2ef4bf9a958aebeda003

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\b022682dd39d113f2d5a65a172dbd28f
Filesize
5.8MB

MD5
b022682dd39d113f2d5a65a172dbd28f

SHA1
aa874df3d3d0a9539c53a8a0c96c4c119bae2c52

SHA256
47a2e8bbef18d5491be3c449d9a5464a8804d9d1a85bc7e24ff80876e85104a3

SHA512
d6746ca7c1e10b1ed7fb48d857210ce5cd0f0542c81fdbf00a6afaf4607f30020ccc09f4c41ef9f50bc2562bf6e4380e7abaef1d5a5b1e91773281bcd9e58525

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
Filesize
5.5MB

MD5
94740510822524d579f869a81e02f5ea

SHA1
0e87d714e9eec2eee7c3af028e8e66e7478a107f

SHA256
ad927962330c2d2cf2bf7c33c1a5395df5ccd4ceabfb10c72db240041d773dda

SHA512
7cb3e72b0f1bdcbd53096fdec470fec9a6aa56d56b5f4bfa86b6afaa3ddbd2be6878f7874feb2c15647a627cea34a1fee7be35f6d1dffbf6a5a9c0bf8efa1d24

Download Submit
\??\pipe\crashpad_4584_PHFCUJZUEPKITOCO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3552-3535-0x0000000000530000-0x0000000000565000-memory.dmp

Filesize
212KB

Download
memory/3552-3398-0x0000000000530000-0x0000000000565000-memory.dmp

Filesize
212KB

Download
memory/3552-3399-0x00000000734D0000-0x00000000736E0000-memory.dmp

Filesize
2.1MB

Download
memory/3552-3433-0x00000000734D0000-0x00000000736E0000-memory.dmp

Filesize
2.1MB

Download
memory/5728-3567-0x00007FFEB3C30000-0x00007FFEB3C60000-memory.dmp

Filesize
192KB

Download
memory/5728-3548-0x00007FFEB63F0000-0x00007FFEB6420000-memory.dmp

Filesize
192KB

Download
memory/5728-3569-0x00007FFEB4640000-0x00007FFEB4650000-memory.dmp

Filesize
64KB

Download
memory/5728-3568-0x00007FFEB4640000-0x00007FFEB4650000-memory.dmp

Filesize
64KB

Download
memory/5728-3564-0x00007FFEB3C30000-0x00007FFEB3C60000-memory.dmp

Filesize
192KB

Download
memory/5728-3566-0x00007FFEB3C30000-0x00007FFEB3C60000-memory.dmp

Filesize
192KB

Download
memory/5728-3584-0x00007FFEB4250000-0x00007FFEB4260000-memory.dmp

Filesize
64KB

Download
memory/5728-3565-0x00007FFEB3C30000-0x00007FFEB3C60000-memory.dmp

Filesize
192KB

Download
memory/5728-3552-0x00007FFEB5AC0000-0x00007FFEB5AD0000-memory.dmp

Filesize
64KB

Download
memory/5728-3582-0x00007FFEB4150000-0x00007FFEB4160000-memory.dmp

Filesize
64KB

Download
memory/5728-3553-0x00007FFEB5AC0000-0x00007FFEB5AD0000-memory.dmp

Filesize
64KB

Download
memory/5728-3554-0x00007FFEB5AE0000-0x00007FFEB5AF0000-memory.dmp

Filesize
64KB

Download
memory/5728-3583-0x00007FFEB4150000-0x00007FFEB4160000-memory.dmp

Filesize
64KB

Download
memory/5728-3586-0x00007FFEB4280000-0x00007FFEB42A6000-memory.dmp

Filesize
152KB

Download
memory/5728-3555-0x00007FFEB5AE0000-0x00007FFEB5AF0000-memory.dmp

Filesize
64KB

Download
memory/5728-3557-0x00007FFEB5AE0000-0x00007FFEB5AF0000-memory.dmp

Filesize
64KB

Download
memory/5728-3556-0x00007FFEB5AE0000-0x00007FFEB5AF0000-memory.dmp

Filesize
64KB

Download
memory/5728-3558-0x00007FFEB5AE0000-0x00007FFEB5AF0000-memory.dmp

Filesize
64KB

Download
memory/5728-3587-0x00007FFEB4280000-0x00007FFEB42A6000-memory.dmp

Filesize
152KB

Download
memory/5728-3541-0x00007FFEB6290000-0x00007FFEB62A0000-memory.dmp

Filesize
64KB

Download
memory/5728-3542-0x00007FFEB63A0000-0x00007FFEB63B0000-memory.dmp

Filesize
64KB

Download
memory/5728-3543-0x00007FFEB63A0000-0x00007FFEB63B0000-memory.dmp

Filesize
64KB

Download
memory/5728-3545-0x00007FFEB63F0000-0x00007FFEB6420000-memory.dmp

Filesize
192KB

Download
memory/5728-3546-0x00007FFEB63F0000-0x00007FFEB6420000-memory.dmp

Filesize
192KB

Download
memory/5728-3547-0x00007FFEB63F0000-0x00007FFEB6420000-memory.dmp

Filesize
192KB

Download
memory/5728-3570-0x00007FFEB46F0000-0x00007FFEB46FE000-memory.dmp

Filesize
56KB

Download
memory/5728-3549-0x00007FFEB6480000-0x00007FFEB6485000-memory.dmp

Filesize
20KB

Download
memory/5728-3544-0x00007FFEB63F0000-0x00007FFEB6420000-memory.dmp

Filesize
192KB

Download
memory/5728-3540-0x00007FFEB6290000-0x00007FFEB62A0000-memory.dmp

Filesize
64KB

Download
memory/5728-3571-0x00007FFEB46F0000-0x00007FFEB46FE000-memory.dmp

Filesize
56KB

Download
memory/5728-3563-0x00007FFEB3C30000-0x00007FFEB3C60000-memory.dmp

Filesize
192KB

Download
memory/5728-3588-0x00007FFEB4280000-0x00007FFEB42A6000-memory.dmp

Filesize
152KB

Download
memory/5728-3572-0x00007FFEB46F0000-0x00007FFEB46FE000-memory.dmp

Filesize
56KB

Download
memory/5728-3585-0x00007FFEB4250000-0x00007FFEB4260000-memory.dmp

Filesize
64KB

Download
memory/5728-3575-0x00007FFEB5030000-0x00007FFEB5040000-memory.dmp

Filesize
64KB

Download
memory/5728-3576-0x00007FFEB5030000-0x00007FFEB5040000-memory.dmp

Filesize
64KB

Download
memory/5728-3581-0x00007FFEB5050000-0x00007FFEB505B000-memory.dmp

Filesize
44KB

Download
memory/5728-3573-0x00007FFEB46F0000-0x00007FFEB46FE000-memory.dmp

Filesize
56KB

Download
memory/5728-3574-0x00007FFEB46F0000-0x00007FFEB46FE000-memory.dmp

Filesize
56KB

Download
memory/5728-3550-0x00007FFEB5A30000-0x00007FFEB5A40000-memory.dmp

Filesize
64KB

Download
memory/5728-3551-0x00007FFEB5A30000-0x00007FFEB5A40000-memory.dmp

Filesize
64KB

Download
memory/5728-3577-0x00007FFEB5050000-0x00007FFEB505B000-memory.dmp

Filesize
44KB

Download
memory/5728-3559-0x00007FFEB39B0000-0x00007FFEB39C0000-memory.dmp

Filesize
64KB

Download
memory/5728-3560-0x00007FFEB39B0000-0x00007FFEB39C0000-memory.dmp

Filesize
64KB

Download
memory/5728-3578-0x00007FFEB5050000-0x00007FFEB505B000-memory.dmp

Filesize
44KB

Download
memory/5728-3579-0x00007FFEB5050000-0x00007FFEB505B000-memory.dmp

Filesize
44KB

Download
memory/5728-3580-0x00007FFEB5050000-0x00007FFEB505B000-memory.dmp

Filesize
44KB

Download
memory/5728-3561-0x00007FFEB3AC0000-0x00007FFEB3AD0000-memory.dmp

Filesize
64KB

Download
memory/5728-3562-0x00007FFEB3AC0000-0x00007FFEB3AD0000-memory.dmp

Filesize
64KB

Download