Overview

overview

8

Static

static

1

RobloxPlay...er.exe

windows7-x64

8

RobloxPlay...er.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    1618s
  • max time network
    1784s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    24-04-2023 07:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RobloxPlayerLauncher.exe

  • Size

    2.0MB

  • MD5

    ea422ffc74fbfbd6d980ae8e4d3513e8

  • SHA1

    1f1b01250bbab5d1b893add52c1d6654336c2f00

  • SHA256

    47d56b778f5a1815155fcb5c6a782df9a5b85866a1ced4d3cf1c4bc8dce8e17a

  • SHA512

    806b4d93a6435f1771b6022e9380c4cd7e039aaa659c4fc72b0d89b197432cbcbddaf72ed97c4c2d2078e250e421cfe8051c601122cbc324696219a25e63c3d3

  • SSDEEP

    49152:oUvIzhIhn1g5yca9e3jTITTMao+8k1TymMYPMQ3dS/BT79b6XrvZ:oSnhn6yca9ezCY9b4

Score
8/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Sets file execution options in registry 2 TTPs 2 IoCs
    persistence
  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 24 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Registers COM server for autorun 1 TTPs 34 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 3 IoCs
    evasiontrojan
  • Checks system information in the registry 2 TTPs 12 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 11 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 17 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 17 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:1376
    • C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe
      C:\Users\Admin\AppData\Local\Temp\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6867c2d3365d29f9b40f61bb5c51a4bc7df908c0 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5d0,0x5d4,0x5d8,0x5ac,0x5e0,0x12eb480,0x12eb490,0x12eb4a0
      2⤵
        PID:1892
      • C:\Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe
        "C:\Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe"
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Drops file in Program Files directory
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1192
        • C:\Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe
          C:\Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=3f368f2239fd95fe34aa8c4dcce2f54fa0700bce --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5bc,0x5c0,0x5c4,0x598,0x5d4,0xce2768,0xce2778,0xce2788
          3⤵
          • Executes dropped EXE
          PID:628
        • C:\Program Files (x86)\Roblox\Versions\version-40b6a27c6c4d46ef\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
          MicrosoftEdgeWebview2Setup.exe /silent /install
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:664
          • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
            4⤵
            • Sets file execution options in registry
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks system information in the registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2036
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
              5⤵
              • Executes dropped EXE
              • Modifies registry class
              PID:1164
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Modifies registry class
              • Suspicious use of WriteProcessMemory
              PID:1308
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                6⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Registers COM server for autorun
                • Modifies registry class
                PID:1048
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                6⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Registers COM server for autorun
                • Modifies registry class
                PID:992
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                6⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Registers COM server for autorun
                • Modifies registry class
                PID:884
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkFFOTk4OEYtQzFGQy00MUU4LThDODQtQkFBRjk4RERGODcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyOUQzQjQyQS00QjI4LTQ3NDAtQkUxQS0yODFBQjYyRUI2NkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY3ODk3OTcwMDAiIGluc3RhbGxfdGltZV9tcz0iMjEyNiIvPjwvYXBwPjwvcmVxdWVzdD4
              5⤵
              • Executes dropped EXE
              • Checks system information in the registry
              • Modifies system certificate store
              PID:1448
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{2AE9988F-C1FC-41E8-8C84-BAAF98DDF871}" /silent
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:836
              • C:\Windows\SysWOW64\wermgr.exe
                "C:\Windows\system32\wermgr.exe" "-outproc" "836" "448"
                6⤵
                  PID:2040
              • C:\Windows\SysWOW64\wermgr.exe
                "C:\Windows\system32\wermgr.exe" "-outproc" "2036" "532"
                5⤵
                  PID:1632
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /unregserver
                  5⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Modifies registry class
                  PID:1756
                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe" /unregister
                    6⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Registers COM server for autorun
                    • Modifies registry class
                    PID:1688
                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe" /unregister
                    6⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:2256
                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe" /unregister
                    6⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:692
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks system information in the registry
          • Modifies data under HKEY_USERS
          PID:1980
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkFFOTk4OEYtQzFGQy00MUU4LThDODQtQkFBRjk4RERGODcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2MEJEMTcxMi04Q0Y1LTQxRTEtQjQxRC0zRUI5OTA0NzkzMDJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2ODA4MDk3MDAwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
            2⤵
            • Executes dropped EXE
            • Checks system information in the registry
            • Drops file in System32 directory
            • Modifies data under HKEY_USERS
            PID:428
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EC45511C-C310-49B8-99FC-F2B670445395}\MicrosoftEdge_X64_109.0.1518.95.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EC45511C-C310-49B8-99FC-F2B670445395}\MicrosoftEdge_X64_109.0.1518.95.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
            2⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2804
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EC45511C-C310-49B8-99FC-F2B670445395}\EDGEMITMP_9AE15.tmp\setup.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EC45511C-C310-49B8-99FC-F2B670445395}\EDGEMITMP_9AE15.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EC45511C-C310-49B8-99FC-F2B670445395}\MicrosoftEdge_X64_109.0.1518.95.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
              3⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in Program Files directory
              PID:2920
              • C:\Windows\system32\wermgr.exe
                "C:\Windows\system32\wermgr.exe" "-outproc" "2920" "492"
                4⤵
                  PID:2688
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkFFOTk4OEYtQzFGQy00MUU4LThDODQtQkFBRjk4RERGODcxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDRkQzQjFCNS05QzQ0LTRGRjAtOEVBQy0yRjQzODMxOUNEOTh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iMiIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxIiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEwOS4wLjE1MTguOTUiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcyNjI5NTcwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MjYzMDY3MDAwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzc2MTAwNzAwMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZTlmOThjNTUtMjQ3My00ZTM3LWJhYTEtODJiYTU3ODE3YWViP1AxPTE2ODI5MjYzODcmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZU5WQnBlV1J6c1NScjhXbnREaTlKdEkyYzVnUEpvY3hJaEdSSUo4TnVjSlJBQzNSUFRxV1NpRDlvcE1IVDY5ajQyMHlhV3A4dHd6QnhRd1p4eVc1R1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNDA2NjQ3ODQiIHRvdGFsPSIxNDA2NjQ3ODQiIGRvd25sb2FkX3RpbWVfbXM9IjQ3Njg3Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzc2MTQxNzAwMCIgc291cmNlX3VybF9pbmRleD0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3Nzk0NTcwMDAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iNiIgZXJyb3Jjb2RlPSI4NyIgZXh0cmFjb2RlMT0iMTA3NDc5MDQwMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA5NTc0OTcwMDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxMTM0NSIgZG93bmxvYWRfdGltZV9tcz0iNDk4MjYiIGRvd25sb2FkZWQ9IjE0MDY2NDc4NCIgdG90YWw9IjE0MDY2NDc4NCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzE3Nzk2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
              2⤵
              • Executes dropped EXE
              • Checks system information in the registry
              • Drops file in System32 directory
              • Modifies data under HKEY_USERS
              PID:1324
          • C:\Windows\system32\taskeng.exe
            taskeng.exe {5D933369-2EF4-4E65-9DCD-48B933BF7F8B} S-1-5-18:NT AUTHORITY\System:Service:
            1⤵
              PID:2768
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                2⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Checks system information in the registry
                • Drops file in System32 directory
                • Modifies data under HKEY_USERS
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:2796
            • C:\Program Files (x86)\Roblox\Versions\version-40b6a27c6c4d46ef\RobloxPlayerLauncher.exe
              "C:\Program Files (x86)\Roblox\Versions\version-40b6a27c6c4d46ef\RobloxPlayerLauncher.exe" -app
              1⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Loads dropped DLL
              • Checks whether UAC is enabled
              • Modifies Internet Explorer settings
              PID:2676
              • C:\Program Files (x86)\Roblox\Versions\version-40b6a27c6c4d46ef\RobloxPlayerLauncher.exe
                "C:\Program Files (x86)\Roblox\Versions\version-40b6a27c6c4d46ef\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=3f368f2239fd95fe34aa8c4dcce2f54fa0700bce --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5c4,0x5c8,0x5cc,0x5a0,0x5d4,0x1532768,0x1532778,0x1532788
                2⤵
                • Executes dropped EXE
                PID:2808
              • C:\Program Files (x86)\Roblox\Versions\version-40b6a27c6c4d46ef\RobloxPlayerBeta.exe
                "C:\Program Files (x86)\Roblox\Versions\version-40b6a27c6c4d46ef\RobloxPlayerBeta.exe" --app
                2⤵
                • Checks computer location settings
                • Executes dropped EXE
                • Modifies Internet Explorer settings
                • Suspicious behavior: GetForegroundWindowSpam
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of SetWindowsHookEx
                PID:3064
            • C:\Windows\system32\AUDIODG.EXE
              C:\Windows\system32\AUDIODG.EXE 0x24c
              1⤵
              • Suspicious use of AdjustPrivilegeToken
              PID:2332

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\109.0.1518.95\MicrosoftEdge_X64_109.0.1518.95.exe
              Filesize

              134.1MB

              MD5

              fb9403029d0ae74997d390b1cfb5a8b9

              SHA1

              f60dac76ef55475a031c80206da69c5e4d496767

              SHA256

              3a7d3a59a08e7121043e6b6c1c361b00eb01a8cf55d6c157b980447d0386858c

              SHA512

              213d253be1b05bbd8c7248a496bfe6ad0c6984ab1398107f7a30b63a62b557d8477dc94a56eb32142db74200537b8259ad6de71afd44e3d73d339d6835e1d716

              Download Submit

            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
              Filesize

              201KB

              MD5

              4dc57ab56e37cd05e81f0d8aaafc5179

              SHA1

              494a90728d7680f979b0ad87f09b5b58f16d1cd5

              SHA256

              87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

              SHA512

              320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

              Download Submit

            • C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2920_1745815661\109.0.1518.95\Installer\msedge_7z.data
              Filesize

              3KB

              MD5

              40466a356d1ca94ac91647d401bd5f76

              SHA1

              3b521dd8e38ab2d9031af168731652b1a5e77872

              SHA256

              cf741c2bb16c07368a42111c26bf1a77c3b05cb82c749a0e2bf93c8f0f43ddd1

              SHA512

              7ffd917ead5134ab3694d00dcc9c58843e68a3cfe47fa1cb81f03075698125a71dbec731008a9b893b31f961ce10c357e19e19bce5e93e0ac231292427cb2e34

              Download Submit

            • C:\Program Files (x86)\Microsoft\EdgeWebView\Temp\source2920_1745815661\109.0.1518.95\Installer\setup.exe
              Filesize

              3.8MB

              MD5

              474e9d6d6f4f74afda8699f11443d82e

              SHA1

              8078bb55925612a11b6bbf50e68655adaf4b2698

              SHA256

              a047ef0b8f08c3ed4a78e6c7ff5f043acbc3f528173244cc07f71c1680b3f8cf

              SHA512

              0df153d410cddf78d849ca77e7fb54a77025b2116f9eb8e641b5e8b7b3f2d15e29161267acc7cd7bf2a8af00cbf3a55d37ca88cb38271ea9cfbd58ecd68fbecd

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\EdgeUpdate.dat
              Filesize

              12KB

              MD5

              369bbc37cff290adb8963dc5e518b9b8

              SHA1

              de0ef569f7ef55032e4b18d3a03542cc2bbac191

              SHA256

              3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

              SHA512

              4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\MicrosoftEdgeComRegisterShellARM64.exe
              Filesize

              179KB

              MD5

              7a160c6016922713345454265807f08d

              SHA1

              e36ee184edd449252eb2dfd3016d5b0d2edad3c6

              SHA256

              35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

              SHA512

              c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\MicrosoftEdgeUpdate.exe
              Filesize

              201KB

              MD5

              4dc57ab56e37cd05e81f0d8aaafc5179

              SHA1

              494a90728d7680f979b0ad87f09b5b58f16d1cd5

              SHA256

              87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

              SHA512

              320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\MicrosoftEdgeUpdate.exe
              Filesize

              201KB

              MD5

              4dc57ab56e37cd05e81f0d8aaafc5179

              SHA1

              494a90728d7680f979b0ad87f09b5b58f16d1cd5

              SHA256

              87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

              SHA512

              320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
              Filesize

              212KB

              MD5

              60dba9b06b56e58f5aea1a4149c743d2

              SHA1

              a7e456acf64dd99ca30259cf45b88cf2515a69b3

              SHA256

              4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

              SHA512

              e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\MicrosoftEdgeUpdateCore.exe
              Filesize

              257KB

              MD5

              c044dcfa4d518df8fc9d4a161d49cece

              SHA1

              91bd4e933b22c010454fd6d3e3b042ab6e8b2149

              SHA256

              9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

              SHA512

              f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\NOTICE.TXT
              Filesize

              4KB

              MD5

              6dd5bf0743f2366a0bdd37e302783bcd

              SHA1

              e5ff6e044c40c02b1fc78304804fe1f993fed2e6

              SHA256

              91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

              SHA512

              f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdate.dll
              Filesize

              2.0MB

              MD5

              965b3af7886e7bf6584488658c050ca2

              SHA1

              72daabdde7cd500c483d0eeecb1bd19708f8e4a5

              SHA256

              d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

              SHA512

              1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_af.dll
              Filesize

              28KB

              MD5

              567aec2d42d02675eb515bbd852be7db

              SHA1

              66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

              SHA256

              a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

              SHA512

              3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_am.dll
              Filesize

              24KB

              MD5

              f6c1324070b6c4e2a8f8921652bfbdfa

              SHA1

              988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

              SHA256

              986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

              SHA512

              63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_ar.dll
              Filesize

              26KB

              MD5

              570efe7aa117a1f98c7a682f8112cb6d

              SHA1

              536e7c49e24e9aa068a021a8f258e3e4e69fa64f

              SHA256

              e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

              SHA512

              5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_as.dll
              Filesize

              28KB

              MD5

              a8d3210e34bf6f63a35590245c16bc1b

              SHA1

              f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

              SHA256

              3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

              SHA512

              6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_az.dll
              Filesize

              29KB

              MD5

              7937c407ebe21170daf0975779f1aa49

              SHA1

              4c2a40e76209abd2492dfaaf65ef24de72291346

              SHA256

              5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

              SHA512

              8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_bg.dll
              Filesize

              29KB

              MD5

              8375b1b756b2a74a12def575351e6bbd

              SHA1

              802ec096425dc1cab723d4cf2fd1a868315d3727

              SHA256

              a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

              SHA512

              aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_bn-IN.dll
              Filesize

              29KB

              MD5

              a94cf5e8b1708a43393263a33e739edd

              SHA1

              1068868bdc271a52aaae6f749028ed3170b09cce

              SHA256

              5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

              SHA512

              920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_bn.dll
              Filesize

              29KB

              MD5

              7dc58c4e27eaf84ae9984cff2cc16235

              SHA1

              3f53499ddc487658932a8c2bcf562ba32afd3bda

              SHA256

              e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

              SHA512

              bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_bs.dll
              Filesize

              28KB

              MD5

              e338dccaa43962697db9f67e0265a3fc

              SHA1

              4c6c327efc12d21c4299df7b97bf2c45840e0d83

              SHA256

              99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

              SHA512

              e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
              Filesize

              29KB

              MD5

              2929e8d496d95739f207b9f59b13f925

              SHA1

              7c1c574194d9e31ca91e2a21a5c671e5e95c734c

              SHA256

              2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

              SHA512

              ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_ca.dll
              Filesize

              30KB

              MD5

              39551d8d284c108a17dc5f74a7084bb5

              SHA1

              6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

              SHA256

              8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

              SHA512

              6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_cs.dll
              Filesize

              28KB

              MD5

              16c84ad1222284f40968a851f541d6bb

              SHA1

              bc26d50e15ccaed6a5fbe801943117269b3b8e6b

              SHA256

              e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

              SHA512

              d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_cy.dll
              Filesize

              28KB

              MD5

              34d991980016595b803d212dc356d765

              SHA1

              e3a35df6488c3463c2a7adf89029e1dd8308f816

              SHA256

              252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

              SHA512

              8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_da.dll
              Filesize

              28KB

              MD5

              d34380d302b16eab40d5b63cfb4ed0fe

              SHA1

              1d3047119e353a55dc215666f2b7b69f0ede775b

              SHA256

              fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

              SHA512

              45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_de.dll
              Filesize

              30KB

              MD5

              aab01f0d7bdc51b190f27ce58701c1da

              SHA1

              1a21aabab0875651efd974100a81cda52c462997

              SHA256

              061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

              SHA512

              5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_el.dll
              Filesize

              30KB

              MD5

              ac275b6e825c3bd87d96b52eac36c0f6

              SHA1

              29e537d81f5d997285b62cd2efea088c3284d18f

              SHA256

              223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

              SHA512

              bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_en-GB.dll
              Filesize

              27KB

              MD5

              d749e093f263244d276b6ffcf4ef4b42

              SHA1

              69f024c769632cdbb019943552bac5281d4cbe05

              SHA256

              fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

              SHA512

              48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_en.dll
              Filesize

              27KB

              MD5

              4a1e3cf488e998ef4d22ac25ccc520a5

              SHA1

              dc568a6e3c9465474ef0d761581c733b3371b1cd

              SHA256

              9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

              SHA512

              ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_es-419.dll
              Filesize

              29KB

              MD5

              28fefc59008ef0325682a0611f8dba70

              SHA1

              f528803c731c11d8d92c5660cb4125c26bb75265

              SHA256

              55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

              SHA512

              2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_es.dll
              Filesize

              28KB

              MD5

              9db7f66f9dc417ebba021bc45af5d34b

              SHA1

              6815318b05019f521d65f6046cf340ad88e40971

              SHA256

              e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

              SHA512

              943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_et.dll
              Filesize

              28KB

              MD5

              b78cba3088ecdc571412955742ea560b

              SHA1

              bc04cf9014cec5b9f240235b5ff0f29dbdb22926

              SHA256

              f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

              SHA512

              04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_eu.dll
              Filesize

              28KB

              MD5

              a7e1f4f482522a647311735699bec186

              SHA1

              3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

              SHA256

              e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

              SHA512

              22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_fa.dll
              Filesize

              27KB

              MD5

              cbe3454843ce2f36201460e316af1404

              SHA1

              0883394c28cb60be8276cb690496318fcabea424

              SHA256

              c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

              SHA512

              f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

              Download Submit

            • C:\Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_fi.dll
              Filesize

              28KB

              MD5

              d45f2d476ed78fa3e30f16e11c1c61ea

              SHA1

              8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

              SHA256

              acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

              SHA512

              2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

              Download Submit

            • C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
              Filesize

              2.0MB

              MD5

              869a00ad6525080f22e06f0a8b5a8fd0

              SHA1

              053085ba1ef8264f2c030fae52ad7c8fa541bb08

              SHA256

              b6744e15755e1b1e8ef266aade9330dc61961344e4e1db2cd2041ee81cbe00c0

              SHA512

              9dffbfc8769581d0d92bf7ede1fbb0d564305360bf73b70c177f101c85708d4ad591235257fb63ba43ea5270f08a2268f89cf81b3d1e7673d9618563299977ce

              Download Submit

            • C:\Program Files (x86)\Roblox\Versions\version-40b6a27c6c4d46ef\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
              Filesize

              1.5MB

              MD5

              610b1b60dc8729bad759c92f82ee2804

              SHA1

              9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

              SHA256

              921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

              SHA512

              0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

              Download Submit

            • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
              Filesize

              14KB

              MD5

              d5b4f12bb18307ce25f0cce7243ff33d

              SHA1

              03f94165b68020e22f7b03b97fd9bc93158b0662

              SHA256

              cc204d5cd1fd589ac30a7bf8c344e6215d989400946a0cafbc6893df0977603e

              SHA512

              037cd99821a55a8e1e42b1cf764d10d40c8dea2100d5144bcddfa4f24e3e9db9fa8aa7a89255acb83933d2e8e91f95bc4525790a8fbf4386c7bb08e00b59b4bb

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
              Filesize

              2KB

              MD5

              b1bbae3d02612ef0485c2bf2b91e3fdb

              SHA1

              61746c670c78dbb791555df29c5ceec11425bf2d

              SHA256

              360dbf3edd7156fd05f6d2c85dac5c74b891d8f2899291d1790acbca43c9e013

              SHA512

              5fbc5e67249538527f3bd9154b0b5d704a26c4b3771587cea4a1b139d7a027c22cbb8886124c3669aefd807ba77b68b2253a268bf9b13e2b0eb80a641ea39fff

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
              Filesize

              61KB

              MD5

              e71c8443ae0bc2e282c73faead0a6dd3

              SHA1

              0c110c1b01e68edfacaeae64781a37b1995fa94b

              SHA256

              95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

              SHA512

              b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
              Filesize

              1KB

              MD5

              89d78eb124083dfc7d87ddbf1acdff7f

              SHA1

              069a3b78c24057041ccbd928672113f95523a17d

              SHA256

              ad777b3e2ac62663252cfcd7495e832f1a043bc3e0e4ecda3abf1c291eedcb0c

              SHA512

              34632fe51ac8fb71e52dd7490e01a3e92bbcfa545cd0309d50cb1706f336e09d754b9df04913e6a0f91cbc374cdb365da29c0b29768b56410e82d310b5ba6ebe

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
              Filesize

              471B

              MD5

              76fb81c195ae34eb84eef956c1b662b3

              SHA1

              c89f3b998d7eb26ec576f7151571ffe0755bfdf7

              SHA256

              a3ebef704604af27d1f8cb16bc89dc8912d400f694cc87d694cc8d80daa43b17

              SHA512

              60c8775be45db2592a7d1d6ea0c2f53cb3c84200352b49a65e97c9b8072ad3fccfa9883869f17ebf954ddc1f77fe150fa89d1e002815c139bfed8b9b1dc0a79e

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
              Filesize

              488B

              MD5

              e5342912248ae62c30799851e1f1c40e

              SHA1

              f73050eac3979590814d409b6b6f9217c1a53d32

              SHA256

              bfbb704a9a087aa311e65a6062c2593f408b38625de3da43f8302e0ec0964824

              SHA512

              7f85d96a432769ba0e832408f8d0a7f75c0984cd9cac675845d9c630c4b6c8ea64c17d186931a00518a8a1ce9d8c68878294e41d909afa246ce0f7ff79201c16

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
              Filesize

              252B

              MD5

              7ad0f7cf68ff45e8e3904770539cccc7

              SHA1

              2835ff12d12e2f9b7352c63f0376eabb1245d233

              SHA256

              f61221089bb4f339f30c9bd13721de09e6d7065e1b43cb5eab4e5692402aae16

              SHA512

              d51ed806ee8a22c4827631b0f4978df1e4f6a6b68c6fd11c068f472a097c0ed25fb848e6680b765e4d79aa90374f21ff54fb2bed6f38a60db01b1a1afc3c3ecc

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              8f8ca9c56879444fe963f833176e5761

              SHA1

              2b72d148e66aa9fea69d5e019762318baa46c437

              SHA256

              b43e2df6eae0d9698e4680963d2de17d2bbcacf1e94f910d8321a2a47a012aa1

              SHA512

              2a35d61ca493f3df0b7e1b18813c11228c4e2b9a93bf0be061b884fe6ca6ad81c1f7516823d4e4659cc027706c6db62aa51d186ae3522f7c002a31fc4aaf263c

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              2956c8c70cf961582666b7e3f279301d

              SHA1

              ab99a7718a0024b5a36f08a40e974b07e554ee5f

              SHA256

              2f7b2b16410d834c8eb138f296a57050162725ffa5ba54afe3c161a76344e549

              SHA512

              f72e9182f101c297baca35067cd851862db51f14ffa13ada23952294ae99a53247c5ca199fd8e7c152d638632d85cc5a150d5bce4fed859b9e54104cbe8a82dc

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              c4aa9af258493200de562fcb2a9b9c6b

              SHA1

              b8151902a29a268cb6046dc81d66ff4bb58e6660

              SHA256

              b785609e873953754ba492f5db0c8ea0daa0b3f67a21bfd13ec8ec5ce3966f69

              SHA512

              4b75e86793ab460081b5313334e2e442d87432a5ab95da0c470c03badd21bee3744347fbb2b48a1f6ff91dae89b21e06d7800d18fa97ff4730d81814a94bf102

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              1df17be25160f4088e706c7b586c449a

              SHA1

              d5a6983e63022ea30c1e0cf5020a278eeb4d4292

              SHA256

              7698a0811f18d88c4a93a7cfbfb924b0e925d0edca901c2f7072fa0c72f201d4

              SHA512

              52ef6fca70551cd8804127493944268315354592eb3315e98d92a07b4e5acac01b45a947fcbbb47eacfd523ae4174eec59aedf613f592df00a113980298b0a6d

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              030a1c6a3ba6297e4eccf2c860e8660f

              SHA1

              87209b77e72d872239d45f07382e7c391ae25968

              SHA256

              cb620a658a17a4aeb4759b8070fe049adb529797ea4ff940e1adb990daa41d93

              SHA512

              14a480b14163701015ed5eb9b5599946f0e311b6ea35e66f1b81780705cfae89ab124b46169e03d7c7b0c77a8aefecf92a5c096ccf76cdc2c5a97521c29cf549

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
              Filesize

              482B

              MD5

              aedde9a3b9f9cd26de030ff1fd04e8e4

              SHA1

              f36ea173507eab970b7156f540608447a0ac473e

              SHA256

              bd0e40734ba2db156cfd1c75cc558791bd2619452ac2052d5029f190195cee4a

              SHA512

              6e0abd8aa347530653aed0e4374a751766148789e225c62177aa3cae444e112a8f11aadc586a86be475ee3739de050cd5399acf6f2253155a5a89dbead926bd0

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
              Filesize

              430B

              MD5

              4050b9c1c99a1ee42fd100b5a4fc3544

              SHA1

              861f2a26f703f68d4ecbbf3dac1ce6f93604ac2f

              SHA256

              67a17eade02f82a4b6268b76fcc66b77b1d9452861c562f558b514e0fc1e41c1

              SHA512

              042efb4337623bc78094f540daa76e2206a51ce208be85cab0fabc72cff5b665552d1ab32f347cd2052913f9367bc808a95865e0b0d34814d3b64c646e13fb3a

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\PCClientBootstrapper[1].json
              Filesize

              3KB

              MD5

              661455c7d073758ff6cadbe9ff681270

              SHA1

              39e6ff7203a41177bb9ea1491e943bb088f89d6c

              SHA256

              4737f61c7db82d6821bd256c83bceb6c89e0301f059cf20209bea5c2c3f8f97f

              SHA512

              c7a41f35dea77604be5d0befa54709fd2823a90de20b0b09c019311c0e9eb43b2f44ee8840ecf07dbe2a8398f6a24f67e650d0e28b31ec42ca8208b7b181c5ab

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\WindowsPlayer[1].json
              Filesize

              119B

              MD5

              736d17708542d925b6f452959c1f66fb

              SHA1

              a9b945171638bf1060836ef5f80599ec4b6e9779

              SHA256

              94f30c730a6d89740ffd189f1b42e7b5f3cc21973d8129b9a52efbb394b59180

              SHA512

              f4035fd5dfda49ffd16577c40d9ce955d5fc6fd81d7f2407a0e8c0a4b0094f0d5d34efb106e20900f7bee8eaad55abe573deba50c712d3f87725b308661a9c5a

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFOBZ3YS\BatchIncrement[3].json
              Filesize

              163B

              MD5

              bedbf7d7d69748886e9b48f45c75fbbe

              SHA1

              aa0789d89bfbd44ca1bffe83851af95b6afb012c

              SHA256

              b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

              SHA512

              7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFOBZ3YS\version-40b6a27c6c4d46ef-rbxPkgManifest[1].txt
              Filesize

              1KB

              MD5

              eaee32d99fa336e10c8782f4524af2b2

              SHA1

              59b97aa3758a6816da1e3f38de085ee120bf8ac3

              SHA256

              a5acf4e8fc95fd16c9e2f37a331acd30157bb9c4a635a5f719fb07ec283f7305

              SHA512

              e88bccd33d39754861d283f78144c0af3de87cd9aa3e86f84caf3b3049e8573bf2f3cce76da55bfc6666c85c53d74a3dd155d8c0f69eace7bb420793e32b0e41

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMXH1C0L\WindowsPlayer[1].json
              Filesize

              119B

              MD5

              736d17708542d925b6f452959c1f66fb

              SHA1

              a9b945171638bf1060836ef5f80599ec4b6e9779

              SHA256

              94f30c730a6d89740ffd189f1b42e7b5f3cc21973d8129b9a52efbb394b59180

              SHA512

              f4035fd5dfda49ffd16577c40d9ce955d5fc6fd81d7f2407a0e8c0a4b0094f0d5d34efb106e20900f7bee8eaad55abe573deba50c712d3f87725b308661a9c5a

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\Cab3016.tmp
              Filesize

              61KB

              MD5

              fc4666cbca561e864e7fdf883a9e6661

              SHA1

              2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

              SHA256

              10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

              SHA512

              c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\Cab4B44.tmp
              Filesize

              61KB

              MD5

              e71c8443ae0bc2e282c73faead0a6dd3

              SHA1

              0c110c1b01e68edfacaeae64781a37b1995fa94b

              SHA256

              95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

              SHA512

              b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe
              Filesize

              2.0MB

              MD5

              0d27f9cb1e48cb0dd24a3c7563bb56f9

              SHA1

              f174179176a400842251a38009ea194c1cf5751b

              SHA256

              0dd0117aa603ef82d810ec10ca4ee6cf1fcbf8b7d9e9c0bb9562d8ad5954fb56

              SHA512

              3e81fc5790f8244a0065f06b88772a9ea51c03698ed210dae987e3e8e475277cc121055fae771807d62bc37aa80899b216e0262459ad59bb5a84ea591d7f9aa9

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe
              Filesize

              2.0MB

              MD5

              0d27f9cb1e48cb0dd24a3c7563bb56f9

              SHA1

              f174179176a400842251a38009ea194c1cf5751b

              SHA256

              0dd0117aa603ef82d810ec10ca4ee6cf1fcbf8b7d9e9c0bb9562d8ad5954fb56

              SHA512

              3e81fc5790f8244a0065f06b88772a9ea51c03698ed210dae987e3e8e475277cc121055fae771807d62bc37aa80899b216e0262459ad59bb5a84ea591d7f9aa9

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe
              Filesize

              2.0MB

              MD5

              0d27f9cb1e48cb0dd24a3c7563bb56f9

              SHA1

              f174179176a400842251a38009ea194c1cf5751b

              SHA256

              0dd0117aa603ef82d810ec10ca4ee6cf1fcbf8b7d9e9c0bb9562d8ad5954fb56

              SHA512

              3e81fc5790f8244a0065f06b88772a9ea51c03698ed210dae987e3e8e475277cc121055fae771807d62bc37aa80899b216e0262459ad59bb5a84ea591d7f9aa9

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe
              Filesize

              2.0MB

              MD5

              0d27f9cb1e48cb0dd24a3c7563bb56f9

              SHA1

              f174179176a400842251a38009ea194c1cf5751b

              SHA256

              0dd0117aa603ef82d810ec10ca4ee6cf1fcbf8b7d9e9c0bb9562d8ad5954fb56

              SHA512

              3e81fc5790f8244a0065f06b88772a9ea51c03698ed210dae987e3e8e475277cc121055fae771807d62bc37aa80899b216e0262459ad59bb5a84ea591d7f9aa9

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\Tar3B21.tmp
              Filesize

              161KB

              MD5

              73b4b714b42fc9a6aaefd0ae59adb009

              SHA1

              efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

              SHA256

              c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

              SHA512

              73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\Tar4F5A.tmp
              Filesize

              161KB

              MD5

              be2bec6e8c5653136d3e72fe53c98aa3

              SHA1

              a8182d6db17c14671c3d5766c72e58d87c0810de

              SHA256

              1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

              SHA512

              0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\crashpad_roblox\settings.dat
              Filesize

              40B

              MD5

              925cf1cd8b641600e14d7f616d97969c

              SHA1

              0f79e3071f848da3f636a62920f9f4ad1d31c67a

              SHA256

              847c2e28992eb708be76ec56bb449c41317664e47dbe7ed4b24664584973ae21

              SHA512

              05d4ec3eb18236386cacd3177301d854ed7d43866c785c2b159d6e7cec8e5b123f79d0a8eaec4affaf5d6cddf38df7ff63dc246bfd2b1b4542478fcb67229b74

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FJZHZ1NV.txt
              Filesize

              67B

              MD5

              ff3ebb6403a40b51acd3d0bfddc03dd9

              SHA1

              6017d9f0e87d950ee1fad55ffab81326be2d4eef

              SHA256

              f2333f1186790f248d566ccd125b6dc80d9c076b1182e2f81b65d3154f2fc2e3

              SHA512

              be5ec73b6b2c8e6667813d0f3f7028867bc209a224e6fc01416ba5e56539fc6585d8228f46c3d24d7da9cea9f9ee8ea32c9948ba41d71b47032d5985adf82c52

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
              Filesize

              914B

              MD5

              e4a68ac854ac5242460afd72481b2a44

              SHA1

              df3c24f9bfd666761b268073fe06d1cc8d4f82a4

              SHA256

              cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

              SHA512

              5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
              Filesize

              1KB

              MD5

              a266bb7dcc38a562631361bbf61dd11b

              SHA1

              3b1efd3a66ea28b16697394703a72ca340a05bd5

              SHA256

              df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

              SHA512

              0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
              Filesize

              252B

              MD5

              e768ed316abfd97cc8c56957920f46e3

              SHA1

              fab7196b5e87a4fa49daed9cacb377d4b37fce05

              SHA256

              45d85d0aff836bb2555939ff0ae9672a448ac5d950cdb97660a3588ed7f55e17

              SHA512

              1cc98b93920438fe4192a0dee669efbe4e38a473e8e1c2b77389428a2ca769fa49be78f765dd5cbbb98ed29eace78bb36832d5345607472425b14cf99637f4d1

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              3cbdc768cb073ca47fbb4090d001b1ad

              SHA1

              03c755c86a8424db8c23a62301918a7a5331c25f

              SHA256

              fb4696384fcc99d164d46157b4afd2954e79126f53d37f2e6da72d506d51ba58

              SHA512

              a079336798a4ad7c80cadc033ba28c01fbd62deca9c7599d71ddbec69fafa66cbe1bb1d8c3cb5276ef7f0fc46275f17f4c7090b82723ed7ffe0b4c6e8b1a6933

              Download Submit

            • C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
              Filesize

              242B

              MD5

              379bace021170f5a975a05510b59d5b0

              SHA1

              4d496605799442a22e3d392fee7e0b4319e7b5d6

              SHA256

              34b6375e207a61d8d363512201ac140d5385cca77349df5c0bf8eeef4b36f8b8

              SHA512

              cee0d1669f7b973d6fe4cc297b64234cddd7ee8d79d9c115dc96b895dee335f97cf35fb47f1f7e951106d462f53aea7fdd27b0749a24a8e6ce1a2b4f96bc8f8f

              Download Submit

            • \Program Files (x86)\Microsoft\Temp\EU363E.tmp\MicrosoftEdgeUpdate.exe
              Filesize

              201KB

              MD5

              4dc57ab56e37cd05e81f0d8aaafc5179

              SHA1

              494a90728d7680f979b0ad87f09b5b58f16d1cd5

              SHA256

              87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

              SHA512

              320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

              Download Submit

            • \Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdate.dll
              Filesize

              2.0MB

              MD5

              965b3af7886e7bf6584488658c050ca2

              SHA1

              72daabdde7cd500c483d0eeecb1bd19708f8e4a5

              SHA256

              d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

              SHA512

              1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

              Download Submit

            • \Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_en.dll
              Filesize

              27KB

              MD5

              4a1e3cf488e998ef4d22ac25ccc520a5

              SHA1

              dc568a6e3c9465474ef0d761581c733b3371b1cd

              SHA256

              9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

              SHA512

              ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

              Download Submit

            • \Program Files (x86)\Microsoft\Temp\EU363E.tmp\msedgeupdateres_en.dll
              Filesize

              27KB

              MD5

              4a1e3cf488e998ef4d22ac25ccc520a5

              SHA1

              dc568a6e3c9465474ef0d761581c733b3371b1cd

              SHA256

              9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

              SHA512

              ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

              Download Submit

            • \Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
              Filesize

              2.0MB

              MD5

              869a00ad6525080f22e06f0a8b5a8fd0

              SHA1

              053085ba1ef8264f2c030fae52ad7c8fa541bb08

              SHA256

              b6744e15755e1b1e8ef266aade9330dc61961344e4e1db2cd2041ee81cbe00c0

              SHA512

              9dffbfc8769581d0d92bf7ede1fbb0d564305360bf73b70c177f101c85708d4ad591235257fb63ba43ea5270f08a2268f89cf81b3d1e7673d9618563299977ce

              Download Submit

            • \Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe
              Filesize

              2.0MB

              MD5

              869a00ad6525080f22e06f0a8b5a8fd0

              SHA1

              053085ba1ef8264f2c030fae52ad7c8fa541bb08

              SHA256

              b6744e15755e1b1e8ef266aade9330dc61961344e4e1db2cd2041ee81cbe00c0

              SHA512

              9dffbfc8769581d0d92bf7ede1fbb0d564305360bf73b70c177f101c85708d4ad591235257fb63ba43ea5270f08a2268f89cf81b3d1e7673d9618563299977ce

              Download Submit

            • \Program Files (x86)\Roblox\Versions\version-40b6a27c6c4d46ef\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
              Filesize

              1.5MB

              MD5

              610b1b60dc8729bad759c92f82ee2804

              SHA1

              9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

              SHA256

              921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

              SHA512

              0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

              Download Submit

            • \Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe
              Filesize

              2.0MB

              MD5

              0d27f9cb1e48cb0dd24a3c7563bb56f9

              SHA1

              f174179176a400842251a38009ea194c1cf5751b

              SHA256

              0dd0117aa603ef82d810ec10ca4ee6cf1fcbf8b7d9e9c0bb9562d8ad5954fb56

              SHA512

              3e81fc5790f8244a0065f06b88772a9ea51c03698ed210dae987e3e8e475277cc121055fae771807d62bc37aa80899b216e0262459ad59bb5a84ea591d7f9aa9

              Download Submit

            • \Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe
              Filesize

              2.0MB

              MD5

              0d27f9cb1e48cb0dd24a3c7563bb56f9

              SHA1

              f174179176a400842251a38009ea194c1cf5751b

              SHA256

              0dd0117aa603ef82d810ec10ca4ee6cf1fcbf8b7d9e9c0bb9562d8ad5954fb56

              SHA512

              3e81fc5790f8244a0065f06b88772a9ea51c03698ed210dae987e3e8e475277cc121055fae771807d62bc37aa80899b216e0262459ad59bb5a84ea591d7f9aa9

              Download Submit

            • \Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe
              Filesize

              2.0MB

              MD5

              0d27f9cb1e48cb0dd24a3c7563bb56f9

              SHA1

              f174179176a400842251a38009ea194c1cf5751b

              SHA256

              0dd0117aa603ef82d810ec10ca4ee6cf1fcbf8b7d9e9c0bb9562d8ad5954fb56

              SHA512

              3e81fc5790f8244a0065f06b88772a9ea51c03698ed210dae987e3e8e475277cc121055fae771807d62bc37aa80899b216e0262459ad59bb5a84ea591d7f9aa9

              Download Submit

            • \Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe
              Filesize

              2.0MB

              MD5

              0d27f9cb1e48cb0dd24a3c7563bb56f9

              SHA1

              f174179176a400842251a38009ea194c1cf5751b

              SHA256

              0dd0117aa603ef82d810ec10ca4ee6cf1fcbf8b7d9e9c0bb9562d8ad5954fb56

              SHA512

              3e81fc5790f8244a0065f06b88772a9ea51c03698ed210dae987e3e8e475277cc121055fae771807d62bc37aa80899b216e0262459ad59bb5a84ea591d7f9aa9

              Download Submit

            • \Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe
              Filesize

              2.0MB

              MD5

              0d27f9cb1e48cb0dd24a3c7563bb56f9

              SHA1

              f174179176a400842251a38009ea194c1cf5751b

              SHA256

              0dd0117aa603ef82d810ec10ca4ee6cf1fcbf8b7d9e9c0bb9562d8ad5954fb56

              SHA512

              3e81fc5790f8244a0065f06b88772a9ea51c03698ed210dae987e3e8e475277cc121055fae771807d62bc37aa80899b216e0262459ad59bb5a84ea591d7f9aa9

              Download Submit

            • \Users\Admin\AppData\Local\Temp\RBX-ABBC94C0\RobloxPlayerLauncher.exe
              Filesize

              2.0MB

              MD5

              0d27f9cb1e48cb0dd24a3c7563bb56f9

              SHA1

              f174179176a400842251a38009ea194c1cf5751b

              SHA256

              0dd0117aa603ef82d810ec10ca4ee6cf1fcbf8b7d9e9c0bb9562d8ad5954fb56

              SHA512

              3e81fc5790f8244a0065f06b88772a9ea51c03698ed210dae987e3e8e475277cc121055fae771807d62bc37aa80899b216e0262459ad59bb5a84ea591d7f9aa9

              Download Submit

            • memory/836-672-0x0000000000190000-0x0000000000191000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2796-2456-0x0000000000E40000-0x0000000000E41000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3467-0x0000000000120000-0x0000000000121000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3470-0x0000000000140000-0x0000000000141000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3464-0x0000000000110000-0x0000000000111000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3466-0x0000000000120000-0x0000000000121000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3465-0x0000000000120000-0x0000000000121000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3462-0x0000000000110000-0x0000000000111000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3469-0x0000000000140000-0x0000000000141000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3463-0x0000000000110000-0x0000000000111000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3472-0x0000000000150000-0x0000000000151000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3473-0x0000000000150000-0x0000000000151000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3475-0x0000000000160000-0x0000000000161000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3476-0x0000000000160000-0x0000000000161000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3478-0x00000000001B0000-0x00000000001B1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3479-0x00000000001B0000-0x00000000001B1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3064-3480-0x0000000000330000-0x0000000005AD2000-memory.dmp

              Filesize

              87.6MB

              Download

            • memory/3064-3498-0x0000000000240000-0x0000000000241000-memory.dmp

              Filesize

              4KB

              Download