Analysis

  • max time kernel
    1199s
  • max time network
    1201s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-04-2024 18:07

General

  • Target

    https://create.roblox.com/dashboard

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
  • Sets file execution options in registry 2 TTPs 4 IoCs
  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 58 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 2 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Checks system information in the registry 2 TTPs 34 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 10 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 43 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 5 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://create.roblox.com/dashboard
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4648
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab50846f8,0x7ffab5084708,0x7ffab5084718
      2⤵
        PID:3392
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
        2⤵
          PID:4948
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:5308
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1800 /prefetch:8
          2⤵
            PID:644
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
            2⤵
              PID:5108
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
              2⤵
                PID:3116
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
                2⤵
                  PID:5376
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2040
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
                  2⤵
                    PID:3396
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
                    2⤵
                      PID:3052
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
                      2⤵
                        PID:2216
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
                        2⤵
                          PID:1720
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
                          2⤵
                            PID:1864
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
                            2⤵
                              PID:2604
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5408 /prefetch:8
                              2⤵
                                PID:5304
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
                                2⤵
                                  PID:6124
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6412 /prefetch:8
                                  2⤵
                                    PID:2140
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
                                    2⤵
                                      PID:4116
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
                                      2⤵
                                        PID:4020
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
                                        2⤵
                                          PID:5040
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6232 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:4672
                                        • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
                                          "C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
                                          2⤵
                                          • Executes dropped EXE
                                          • Checks whether UAC is enabled
                                          • Drops file in Program Files directory
                                          • Modifies Internet Explorer settings
                                          • Modifies registry class
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:672
                                          • C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                            MicrosoftEdgeWebview2Setup.exe /silent /install
                                            3⤵
                                            • Executes dropped EXE
                                            • Drops file in Program Files directory
                                            PID:3812
                                            • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\MicrosoftEdgeUpdate.exe
                                              "C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                              4⤵
                                              • Sets file execution options in registry
                                              • Checks computer location settings
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Checks system information in the registry
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:2624
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                5⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • Modifies registry class
                                                PID:1056
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                5⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • Modifies registry class
                                                PID:2228
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                  6⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Registers COM server for autorun
                                                  • Modifies registry class
                                                  PID:6084
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                  6⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Registers COM server for autorun
                                                  • Modifies registry class
                                                  PID:4588
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                  6⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Registers COM server for autorun
                                                  • Modifies registry class
                                                  PID:5944
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODMzMTI1RDEtOEVEOS00QzdBLTk2REQtOUMxMEU5ODA0MzlEfSIgdXNlcmlkPSJ7QTYyREI4NzEtODY1MC00RUY4LThENTktRDg1QkUyNzQxQTc3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBMTVFNzEzNy02MUQyLTQxRjEtQkYxQy1FNjRBQjU5QTdBM0J9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RHhPYmpIR2ErblJhMmF0QzN3bytJRXBDNzgrWlllQVVia1hwREMyY2o3VT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUzMjE4MDUzMDMiIGluc3RhbGxfdGltZV9tcz0iNjU5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                5⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • Checks system information in the registry
                                                PID:3112
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{833125D1-8ED9-4C7A-96DD-9C10E980439D}" /silent
                                                5⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                PID:4832
                                          • C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe
                                            "C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
                                            3⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            • Checks whether UAC is enabled
                                            • Enumerates system info in registry
                                            • Suspicious behavior: AddClipboardFormatListener
                                            • Suspicious behavior: EnumeratesProcesses
                                            • Suspicious behavior: GetForegroundWindowSpam
                                            • Suspicious use of SetWindowsHookEx
                                            PID:3404
                                            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3404.2204.1014538039668588742
                                              4⤵
                                              • Checks computer location settings
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Checks system information in the registry
                                              • Enumerates system info in registry
                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                              • System policy modification
                                              PID:2680
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=124.0.2478.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x188,0x7ffa9c80ceb8,0x7ffa9c80cec4,0x7ffa9c80ced0
                                                5⤵
                                                • Checks computer location settings
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • Checks system information in the registry
                                                • Checks processor information in registry
                                                • Enumerates system info in registry
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:6040
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1764 /prefetch:2
                                                5⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                PID:5568
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=2024,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1828 /prefetch:3
                                                5⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                PID:3532
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=2184,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:8
                                                5⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                PID:5060
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3564,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1
                                                5⤵
                                                • Checks computer location settings
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                PID:4564
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4128,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4144 /prefetch:1
                                                5⤵
                                                • Checks computer location settings
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                PID:4024
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4284,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1
                                                5⤵
                                                • Checks computer location settings
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                PID:5988
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=2172,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:8
                                                5⤵
                                                • Executes dropped EXE
                                                PID:3192
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5064,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:8
                                                5⤵
                                                • Executes dropped EXE
                                                PID:4900
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=788,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:8
                                                5⤵
                                                • Executes dropped EXE
                                                PID:3660
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5176,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:8
                                                5⤵
                                                • Executes dropped EXE
                                                PID:1464
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4996,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3888 /prefetch:8
                                                5⤵
                                                • Executes dropped EXE
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:1144
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4676,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:8
                                                5⤵
                                                • Executes dropped EXE
                                                PID:3856
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=5104,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4524 /prefetch:8
                                                5⤵
                                                • Executes dropped EXE
                                                PID:5224
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4680,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:8
                                                5⤵
                                                • Executes dropped EXE
                                                PID:3984
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --field-trial-handle=4552,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:8
                                                5⤵
                                                • Executes dropped EXE
                                                PID:1228
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 622, 0, 6220470" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4532,i,7133626098670474156,6481061524800066622,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4496 /prefetch:1
                                                5⤵
                                                • Executes dropped EXE
                                                PID:5956
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
                                          2⤵
                                            PID:5576
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
                                            2⤵
                                              PID:5668
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
                                              2⤵
                                                PID:4492
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,5555476561794338055,4182285322385178646,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6140 /prefetch:2
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:1684
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:988
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:4080
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Checks system information in the registry
                                                  • Modifies data under HKEY_USERS
                                                  PID:3232
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODMzMTI1RDEtOEVEOS00QzdBLTk2REQtOUMxMEU5ODA0MzlEfSIgdXNlcmlkPSJ7QTYyREI4NzEtODY1MC00RUY4LThENTktRDg1QkUyNzQxQTc3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswMTJBODQzMC0wRkVGLTQwN0MtOUM0Mi1CMkRGMjNCMDc0QzZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTEwLjAuNTQ4MS4xMDQiIG5leHR2ZXJzaW9uPSIxMTAuMC41NDgxLjEwNCIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUzMjY0NzUwNDgiLz48L2FwcD48L3JlcXVlc3Q-
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Checks system information in the registry
                                                    PID:5728
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5DFDBE77-D170-4DAE-9F07-8774127BF60C}\MicrosoftEdge_X64_124.0.2478.67.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5DFDBE77-D170-4DAE-9F07-8774127BF60C}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:3436
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5DFDBE77-D170-4DAE-9F07-8774127BF60C}\EDGEMITMP_BFC15.tmp\setup.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5DFDBE77-D170-4DAE-9F07-8774127BF60C}\EDGEMITMP_BFC15.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5DFDBE77-D170-4DAE-9F07-8774127BF60C}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                      3⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Program Files directory
                                                      PID:6028
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5DFDBE77-D170-4DAE-9F07-8774127BF60C}\EDGEMITMP_BFC15.tmp\setup.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5DFDBE77-D170-4DAE-9F07-8774127BF60C}\EDGEMITMP_BFC15.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5DFDBE77-D170-4DAE-9F07-8774127BF60C}\EDGEMITMP_BFC15.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x230,0x234,0x238,0x22c,0x23c,0x7ff7d70288c0,0x7ff7d70288cc,0x7ff7d70288d8
                                                        4⤵
                                                        • Executes dropped EXE
                                                        PID:4664
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODMzMTI1RDEtOEVEOS00QzdBLTk2REQtOUMxMEU5ODA0MzlEfSIgdXNlcmlkPSJ7QTYyREI4NzEtODY1MC00RUY4LThENTktRDg1QkUyNzQxQTc3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3NDZCQTA0OC1FRUEwLTQ3RDgtODYzNS03NjJFMDFGQjVDNkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTMzNTExNTA5OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUzMzUxNDQ5MjQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Njg0Nzg0OTc1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8xMzFiZDVkNy05YzY1LTQ3NmEtOTA3NS1lMjQ5NGY4ZGE5ZTQ_UDE9MTcxNTAxODkxNCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1samczTjdmN0NwQnNTNDZwVzR1NkRvVHRIWXZ4dGcwTzhOSTZobUpGUmZUSUhrJTJiOFlJdEc4dnd0akNKdFBRNzJuVXNQczN4aDMyRUVNNTQ0SmFhQkR3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBkb3dubG9hZF90aW1lX21zPSIyODg0NiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU2ODQ4NjUwNTMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Njk4OTY0OTI3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MTQxMTg0OTkxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNDEzIiBkb3dubG9hZF90aW1lX21zPSIzNDk3MCIgZG93bmxvYWRlZD0iMTcyNzIzNzY4IiB0b3RhbD0iMTcyNzIzNzY4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NDIxNyIvPjwvYXBwPjwvcmVxdWVzdD4
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Checks system information in the registry
                                                    PID:5824
                                                • C:\Windows\System32\GameBarPresenceWriter.exe
                                                  "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
                                                  1⤵
                                                    PID:1572
                                                  • C:\Windows\system32\OpenWith.exe
                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                    1⤵
                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:2952
                                                  • C:\Windows\system32\svchost.exe
                                                    C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
                                                    1⤵
                                                    • Drops desktop.ini file(s)
                                                    • Checks processor information in registry
                                                    PID:4080
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Checks system information in the registry
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:5408
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Checks system information in the registry
                                                    • Modifies data under HKEY_USERS
                                                    PID:2872
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8209779F-F204-4F38-AC30-8C9F59C9EE9D}\BGAUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8209779F-F204-4F38-AC30-8C9F59C9EE9D}\BGAUpdate.exe" --edgeupdate-client --system-level
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Adds Run key to start application
                                                      PID:4992
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzBFRDE2MUMtODM5RS00ODc5LUIyMjYtMURBMDkxN0Y4RDNBfSIgdXNlcmlkPSJ7QTYyREI4NzEtODY1MC00RUY4LThENTktRDg1QkUyNzQxQTc3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0QkU5NkU1Ny1GQjhFLTRFODktQTFDMC0xRUM5QThEMzcyQTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7MUZBQjhDRkUtOTg2MC00MTVDLUE2Q0EtQUE3RDEyMDIxOTQwfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMi4wLjAuMzQiIGxhbmc9IiIgYnJhbmQ9IkVVRkkiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MzIzNzQ1MjExIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODMyMzg2NTAzOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4Mzc3MTY1MDkwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNWYxOTU2MTItMzg0YS00OGVhLTg0MDgtYjRlZGU5ZGM1NmJiP1AxPTE3MTUwMTkyMTImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9QUdXQVl5WUglMmYlMmZHdUJiOGg5NGZ6QUlKWFY4V0RLdEhqQUxoQk5pJTJiQzFvRkFUaE81S0tuVVFWbkFRODM5cGh3T0tKVGJrQWU5U0JjUGtZMk8ydkdpb1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgzNzcxNzQ5NDkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzVmMTk1NjEyLTM4NGEtNDhlYS04NDA4LWI0ZWRlOWRjNTZiYj9QMT0xNzE1MDE5MjEyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUFHV0FZeVlIJTJmJTJmR3VCYjhoOTRmekFJSlhWOFdES3RIakFMaEJOaSUyYkMxb0ZBVGhPNUtLblVRVm5BUTgzOXBod09LSlRia0FlOVNCY1BrWTJPMnZHaW9RJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTgwNDQ0NDgiIHRvdGFsPSIxODA0NDQ0OCIgZG93bmxvYWRfdGltZV9tcz0iNTAwNSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgzNzczMDUxMTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MzgzNDc0OTYxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODM4NTk0NTA3NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjEwMzkiIGRvd25sb2FkX3RpbWVfbXM9IjUyOTciIGRvd25sb2FkZWQ9IjE4MDQ0NDQ4IiB0b3RhbD0iMTgwNDQ0NDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjI0NCIvPjwvYXBwPjwvcmVxdWVzdD4
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Checks system information in the registry
                                                      PID:3856
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Checks system information in the registry
                                                    • Modifies data under HKEY_USERS
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:5088
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9BFD3A7B-198D-4A83-80A4-8B5E40BA8CBF}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{9BFD3A7B-198D-4A83-80A4-8B5E40BA8CBF}\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe" /update /sessionid "{90D6D469-4A94-4CE2-B1F4-6A6DE7A32BE6}"
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Program Files directory
                                                      PID:2124
                                                      • C:\Program Files (x86)\Microsoft\Temp\EUCF2A.tmp\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\Temp\EUCF2A.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{90D6D469-4A94-4CE2-B1F4-6A6DE7A32BE6}"
                                                        3⤵
                                                        • Sets file execution options in registry
                                                        • Executes dropped EXE
                                                        • Checks system information in the registry
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:1824
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Modifies registry class
                                                          PID:1896
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Modifies registry class
                                                          PID:2764
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Registers COM server for autorun
                                                            • Modifies registry class
                                                            PID:5432
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Registers COM server for autorun
                                                            • Modifies registry class
                                                            PID:1676
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Registers COM server for autorun
                                                            • Modifies registry class
                                                            PID:5032
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTBENkQ0NjktNEE5NC00Q0UyLUIxRjQtNkE2REU3QTMyQkU2fSIgdXNlcmlkPSJ7QTYyREI4NzEtODY1MC00RUY4LThENTktRDg1QkUyNzQxQTc3fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7Qjc5MThFNzgtNjNBNC00RTdELTlDODgtMkNBOEZFNUUyNzI0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjI5IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzE0MTM0OTgwIj48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4ODUyMTg1MTA2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Checks system information in the registry
                                                          PID:2112
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OTBENkQ0NjktNEE5NC00Q0UyLUIxRjQtNkE2REU3QTMyQkU2fSIgdXNlcmlkPSJ7QTYyREI4NzEtODY1MC00RUY4LThENTktRDg1QkUyNzQxQTc3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0QTAwNkYyRC1BMDVDLTQ4NUUtODZDQy0yOEU1OERFNjk3NUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODUuMjkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iSXNPbkludGVydmFsQ29tbWFuZHNBbGxvd2VkPS10YXJnZXRfZGV2O1Byb2R1Y3RzVG9SZWdpc3Rlcj0lN0IxRkFCOENGRS05ODYwLTQxNUMtQTZDQS1BQTdEMTIwMjE5NDAlN0QiIGluc3RhbGxhZ2U9IjMiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg4MjgyNTUzODkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODgyODMwNTEyNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODgzNjM1NTExMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzE1MDE5MjYzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWxLRjFuQ241VEowZWhGT2hiV1ZDWXhBbVd5eWI4NFBmQkl3a09qU2JlaVElMmJ2JTJiU3JGTGNSZGNwUkU3S3JWN2hUTXhjRUx5SUZ5NEFnenpHZ21sSWIwQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg4MzYzODUwNjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyZWQ4MDg3LWVlOTgtNDI5Yy05MzMwLWNhM2MxOTNkNDFhZj9QMT0xNzE1MDE5MjYzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWxLRjFuQ241VEowZWhGT2hiV1ZDWXhBbVd5eWI4NFBmQkl3a09qU2JlaVElMmJ2JTJiU3JGTGNSZGNwUkU3S3JWN2hUTXhjRUx5SUZ5NEFnenpHZ21sSWIwQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzA3OTIiIHRvdGFsPSIxNjMwNzkyIiBkb3dubG9hZF90aW1lX21zPSI2ODciLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODgzNjQwNDkzNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4ODQxNzI0OTE3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iMyIgcmQ9IjYzMjUiIHBpbmdfZnJlc2huZXNzPSJ7RTc1MTE0MTgtNzhGOC00QTA3LUE0QTQtRDIzOUQzNEJGNUNBfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIzIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1ODg4NzYzMTY3MDcwNzAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSIzIiByPSIzIiBhZD0iNjMyNSIgcmQ9IjYzMjUiIHBpbmdfZnJlc2huZXNzPSJ7RDExMzQ4NUUtMTBFMC00NkU0LTlEMTEtRUIwQjU3NTM3M0NGfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjQuMC4yNDc4LjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MzI4IiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1ODg4NzgwMDI3NjQ3NjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezU5QjExQkI5LUU5MkItNDM5NS1BQTVFLTdFRUFGOEYwQkYyRn0iLz48L2FwcD48L3JlcXVlc3Q-
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Checks system information in the registry
                                                      PID:968
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:2228
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Checks system information in the registry
                                                    • Modifies data under HKEY_USERS
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:3288
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0QzMkMzMTQtQkRFQy00RkE2LTlDRjktN0REOTE5REY2REM1fSIgdXNlcmlkPSJ7QTYyREI4NzEtODY1MC00RUY4LThENTktRDg1QkUyNzQxQTc3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NzdDQzQ2MEItQzI4NS00NTcxLThDMTMtQ0Y2MTBEQkNCNkFGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0R4T2JqSEdhK25SYTJhdEMzd28rSUVwQzc4K1pZZUFVYmtYcERDMmNqN1U9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjExMC4wLjU0ODEuMTA0IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MTQxMzU5MjEiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM1ODYwODU4MDAwMDAwMDAiIGZpcnN0X2ZyZV9zZWVuX3RpbWU9IjEzMzU4ODg3Njk5MzEzNDc3MyI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIzMTExODgiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNDM4OTM1MDUyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Checks system information in the registry
                                                      PID:5144
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\MicrosoftEdge_X64_124.0.2478.67.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                      2⤵
                                                      • Executes dropped EXE
                                                      PID:1576
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\EDGEMITMP_22310.tmp\setup.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\EDGEMITMP_22310.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\MicrosoftEdge_X64_124.0.2478.67.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                        3⤵
                                                        • Modifies Installed Components in the registry
                                                        • Executes dropped EXE
                                                        • Registers COM server for autorun
                                                        • Installs/modifies Browser Helper Object
                                                        • Modifies Internet Explorer settings
                                                        • Modifies registry class
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        • System policy modification
                                                        PID:3948
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\EDGEMITMP_22310.tmp\setup.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\EDGEMITMP_22310.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\EDGEMITMP_22310.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff61ef188c0,0x7ff61ef188cc,0x7ff61ef188d8
                                                          4⤵
                                                          • Executes dropped EXE
                                                          PID:2608
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\EDGEMITMP_22310.tmp\setup.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\EDGEMITMP_22310.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Drops file in System32 directory
                                                          • Modifies data under HKEY_USERS
                                                          PID:1896
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\EDGEMITMP_22310.tmp\setup.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\EDGEMITMP_22310.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\EDGEMITMP_22310.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff61ef188c0,0x7ff61ef188cc,0x7ff61ef188d8
                                                            5⤵
                                                            • Executes dropped EXE
                                                            PID:2392
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0QzMkMzMTQtQkRFQy00RkE2LTlDRjktN0REOTE5REY2REM1fSIgdXNlcmlkPSJ7QTYyREI4NzEtODY1MC00RUY4LThENTktRDg1QkUyNzQxQTc3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins1MEY2NjdFOC04MkUwLTRCMDItOTNFMy1ENThBNjQ5NDlCMkZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE4NS4yOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9LXRhcmdldF9kZXY7UHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iMyIgY29ob3J0PSJycmZAMC41MyI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjMyOCIgcGluZ19mcmVzaG5lc3M9InsxNTUwNEM2RC04Mjk1LTQ4Q0MtQTY4OS1CMEZDQUIwMDdCRTd9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTI0LjAuMjQ3OC42NyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIzIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNTg4ODc2MzE2NzA3MDcwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjQ2MDE5NTA4MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjQ2MDIzNTI3MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjQ4ODI4NDk3OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjUwMjUyNTExMiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI4NjIwNjUwODciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIxNjc3IiBkb3dubG9hZGVkPSIxNzI3MjM3NjgiIHRvdGFsPSIxNzI3MjM3NjgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjM1OTUxIi8-PHBpbmcgYWN0aXZlPSIwIiByZD0iNjMyOCIgcGluZ19mcmVzaG5lc3M9InswRTk2RDFCMC0yNjI4LTQ1RkItQTQ0MC0xQjc0RUM5NjM3MTl9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNC4wLjI0NzguNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzMjgiIGNvaG9ydD0icnJmQDAuODQiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1ODg4NzgwMDI3NjQ3NjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIwIiByZD0iNjMyOCIgcGluZ19mcmVzaG5lc3M9Ins4NjMxM0M5NC1BNzE1LTRBM0YtQjNDRi0wNDk3M0JEMTkwMTR9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Checks system information in the registry
                                                      PID:2320
                                                  • C:\Windows\system32\AUDIODG.EXE
                                                    C:\Windows\system32\AUDIODG.EXE 0x340 0x344
                                                    1⤵
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:3612

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.67\Installer\setup.exe

                                                    Filesize

                                                    6.8MB

                                                    MD5

                                                    c31297188ec9fbaa60449f769339963e

                                                    SHA1

                                                    8502d9e0cef18137529f0a46ad6e69a1577e6cae

                                                    SHA256

                                                    2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9

                                                    SHA512

                                                    9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a

                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.34\BGAUpdate.exe

                                                    Filesize

                                                    17.2MB

                                                    MD5

                                                    3f208f4e0dacb8661d7659d2a030f36e

                                                    SHA1

                                                    07fe69fd12637b63f6ae44e60fdf80e5e3e933ff

                                                    SHA256

                                                    d3c12e642d4b032e2592c2ba6e0ed703a7e43fb424b7c3ab5b2e51b53d1d433b

                                                    SHA512

                                                    6c8fce43d04dd7e7f5c8bf275ba01e24a76531e89cc02f4b2f23ab2086f7cf70f485c4240c5ea41bf61cb7ceee471df7e7bdc1b17dfdd54c22e4b02ff4e14740

                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\124.0.2478.67\MicrosoftEdge_X64_124.0.2478.67.exe

                                                    Filesize

                                                    164.7MB

                                                    MD5

                                                    dabc3160a804b9fadd89ceb0fcecf388

                                                    SHA1

                                                    b52f15e866a18637683bdf0ea4eaa326b787396f

                                                    SHA256

                                                    53eb39a92ee0d2eb94f6d33c015097bddd9cfe5c4129d3ac9a9facbfb5087bfe

                                                    SHA512

                                                    74fc0f21d7cf99e07c079224e2af8a4a51bff98a97bc471cfedfbd3a28d3ee681fbd63fa7239948c3c0bf4f9af56dc582dd128f8c08b54cb73389e85f949f431

                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\MicrosoftEdgeUpdateSetup_X86_1.3.185.29.exe

                                                    Filesize

                                                    1.6MB

                                                    MD5

                                                    b18c705b3c68cc49d9bf3649abc75c24

                                                    SHA1

                                                    6dc8963dea0f3185368790dee2a346301b4fa24c

                                                    SHA256

                                                    c2ca3135f3cafd79bf90d4cb3118943ca17f40e0d651d1fc32b1b3d22d1412aa

                                                    SHA512

                                                    7ac302c1e85c652bd897ce1af812950cd23a53c041af82fdcecb2314bbd1667bf2fc672dea40c21858e64befc9bf60190a4428f0b41c30317bb0e5ec7c00f71b

                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{550B44BA-1F4D-4884-9677-777374AF4A6B}\EDGEMITMP_22310.tmp\SETUP.EX_

                                                    Filesize

                                                    2.7MB

                                                    MD5

                                                    5070a34dbada1aaa375cc572b5fc7d0c

                                                    SHA1

                                                    e74b7ef714755870976abe3d2b4a7db0b9cc21e5

                                                    SHA256

                                                    03e7a32e1f10fced6a07dfa4e6cfd92510d4bf6929d423798e4fb5ca91fe6c20

                                                    SHA512

                                                    fed3fcbb64a59070b0efd677ca2edc982d28e37cdf7283f2777af8aca7d3760a7eefb8d01b3c2bf4b4ec3708a74c3412f0dede91e31dca1b6f8a4e4edc673aa7

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\EdgeUpdate.dat

                                                    Filesize

                                                    12KB

                                                    MD5

                                                    369bbc37cff290adb8963dc5e518b9b8

                                                    SHA1

                                                    de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                                    SHA256

                                                    3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                                    SHA512

                                                    4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\MicrosoftEdgeComRegisterShellARM64.exe

                                                    Filesize

                                                    179KB

                                                    MD5

                                                    7a160c6016922713345454265807f08d

                                                    SHA1

                                                    e36ee184edd449252eb2dfd3016d5b0d2edad3c6

                                                    SHA256

                                                    35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

                                                    SHA512

                                                    c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\MicrosoftEdgeUpdate.exe

                                                    Filesize

                                                    201KB

                                                    MD5

                                                    4dc57ab56e37cd05e81f0d8aaafc5179

                                                    SHA1

                                                    494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                    SHA256

                                                    87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                    SHA512

                                                    320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

                                                    Filesize

                                                    212KB

                                                    MD5

                                                    60dba9b06b56e58f5aea1a4149c743d2

                                                    SHA1

                                                    a7e456acf64dd99ca30259cf45b88cf2515a69b3

                                                    SHA256

                                                    4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

                                                    SHA512

                                                    e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\MicrosoftEdgeUpdateCore.exe

                                                    Filesize

                                                    257KB

                                                    MD5

                                                    c044dcfa4d518df8fc9d4a161d49cece

                                                    SHA1

                                                    91bd4e933b22c010454fd6d3e3b042ab6e8b2149

                                                    SHA256

                                                    9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

                                                    SHA512

                                                    f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\NOTICE.TXT

                                                    Filesize

                                                    4KB

                                                    MD5

                                                    6dd5bf0743f2366a0bdd37e302783bcd

                                                    SHA1

                                                    e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                                    SHA256

                                                    91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                                    SHA512

                                                    f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdate.dll

                                                    Filesize

                                                    2.0MB

                                                    MD5

                                                    965b3af7886e7bf6584488658c050ca2

                                                    SHA1

                                                    72daabdde7cd500c483d0eeecb1bd19708f8e4a5

                                                    SHA256

                                                    d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

                                                    SHA512

                                                    1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_af.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    567aec2d42d02675eb515bbd852be7db

                                                    SHA1

                                                    66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

                                                    SHA256

                                                    a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

                                                    SHA512

                                                    3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_am.dll

                                                    Filesize

                                                    24KB

                                                    MD5

                                                    f6c1324070b6c4e2a8f8921652bfbdfa

                                                    SHA1

                                                    988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

                                                    SHA256

                                                    986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

                                                    SHA512

                                                    63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_ar.dll

                                                    Filesize

                                                    26KB

                                                    MD5

                                                    570efe7aa117a1f98c7a682f8112cb6d

                                                    SHA1

                                                    536e7c49e24e9aa068a021a8f258e3e4e69fa64f

                                                    SHA256

                                                    e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

                                                    SHA512

                                                    5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_as.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    a8d3210e34bf6f63a35590245c16bc1b

                                                    SHA1

                                                    f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

                                                    SHA256

                                                    3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

                                                    SHA512

                                                    6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_az.dll

                                                    Filesize

                                                    29KB

                                                    MD5

                                                    7937c407ebe21170daf0975779f1aa49

                                                    SHA1

                                                    4c2a40e76209abd2492dfaaf65ef24de72291346

                                                    SHA256

                                                    5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

                                                    SHA512

                                                    8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_bg.dll

                                                    Filesize

                                                    29KB

                                                    MD5

                                                    8375b1b756b2a74a12def575351e6bbd

                                                    SHA1

                                                    802ec096425dc1cab723d4cf2fd1a868315d3727

                                                    SHA256

                                                    a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

                                                    SHA512

                                                    aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_bn-IN.dll

                                                    Filesize

                                                    29KB

                                                    MD5

                                                    a94cf5e8b1708a43393263a33e739edd

                                                    SHA1

                                                    1068868bdc271a52aaae6f749028ed3170b09cce

                                                    SHA256

                                                    5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

                                                    SHA512

                                                    920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_bn.dll

                                                    Filesize

                                                    29KB

                                                    MD5

                                                    7dc58c4e27eaf84ae9984cff2cc16235

                                                    SHA1

                                                    3f53499ddc487658932a8c2bcf562ba32afd3bda

                                                    SHA256

                                                    e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

                                                    SHA512

                                                    bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_bs.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    e338dccaa43962697db9f67e0265a3fc

                                                    SHA1

                                                    4c6c327efc12d21c4299df7b97bf2c45840e0d83

                                                    SHA256

                                                    99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

                                                    SHA512

                                                    e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

                                                    Filesize

                                                    29KB

                                                    MD5

                                                    2929e8d496d95739f207b9f59b13f925

                                                    SHA1

                                                    7c1c574194d9e31ca91e2a21a5c671e5e95c734c

                                                    SHA256

                                                    2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

                                                    SHA512

                                                    ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_ca.dll

                                                    Filesize

                                                    30KB

                                                    MD5

                                                    39551d8d284c108a17dc5f74a7084bb5

                                                    SHA1

                                                    6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

                                                    SHA256

                                                    8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

                                                    SHA512

                                                    6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_cs.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    16c84ad1222284f40968a851f541d6bb

                                                    SHA1

                                                    bc26d50e15ccaed6a5fbe801943117269b3b8e6b

                                                    SHA256

                                                    e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

                                                    SHA512

                                                    d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_cy.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    34d991980016595b803d212dc356d765

                                                    SHA1

                                                    e3a35df6488c3463c2a7adf89029e1dd8308f816

                                                    SHA256

                                                    252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

                                                    SHA512

                                                    8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_da.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    d34380d302b16eab40d5b63cfb4ed0fe

                                                    SHA1

                                                    1d3047119e353a55dc215666f2b7b69f0ede775b

                                                    SHA256

                                                    fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

                                                    SHA512

                                                    45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_de.dll

                                                    Filesize

                                                    30KB

                                                    MD5

                                                    aab01f0d7bdc51b190f27ce58701c1da

                                                    SHA1

                                                    1a21aabab0875651efd974100a81cda52c462997

                                                    SHA256

                                                    061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

                                                    SHA512

                                                    5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_el.dll

                                                    Filesize

                                                    30KB

                                                    MD5

                                                    ac275b6e825c3bd87d96b52eac36c0f6

                                                    SHA1

                                                    29e537d81f5d997285b62cd2efea088c3284d18f

                                                    SHA256

                                                    223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

                                                    SHA512

                                                    bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_en-GB.dll

                                                    Filesize

                                                    27KB

                                                    MD5

                                                    d749e093f263244d276b6ffcf4ef4b42

                                                    SHA1

                                                    69f024c769632cdbb019943552bac5281d4cbe05

                                                    SHA256

                                                    fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

                                                    SHA512

                                                    48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_en.dll

                                                    Filesize

                                                    27KB

                                                    MD5

                                                    4a1e3cf488e998ef4d22ac25ccc520a5

                                                    SHA1

                                                    dc568a6e3c9465474ef0d761581c733b3371b1cd

                                                    SHA256

                                                    9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

                                                    SHA512

                                                    ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_es-419.dll

                                                    Filesize

                                                    29KB

                                                    MD5

                                                    28fefc59008ef0325682a0611f8dba70

                                                    SHA1

                                                    f528803c731c11d8d92c5660cb4125c26bb75265

                                                    SHA256

                                                    55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

                                                    SHA512

                                                    2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_es.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    9db7f66f9dc417ebba021bc45af5d34b

                                                    SHA1

                                                    6815318b05019f521d65f6046cf340ad88e40971

                                                    SHA256

                                                    e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

                                                    SHA512

                                                    943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_et.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    b78cba3088ecdc571412955742ea560b

                                                    SHA1

                                                    bc04cf9014cec5b9f240235b5ff0f29dbdb22926

                                                    SHA256

                                                    f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

                                                    SHA512

                                                    04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_eu.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    a7e1f4f482522a647311735699bec186

                                                    SHA1

                                                    3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

                                                    SHA256

                                                    e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

                                                    SHA512

                                                    22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_fa.dll

                                                    Filesize

                                                    27KB

                                                    MD5

                                                    cbe3454843ce2f36201460e316af1404

                                                    SHA1

                                                    0883394c28cb60be8276cb690496318fcabea424

                                                    SHA256

                                                    c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

                                                    SHA512

                                                    f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_fi.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    d45f2d476ed78fa3e30f16e11c1c61ea

                                                    SHA1

                                                    8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

                                                    SHA256

                                                    acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

                                                    SHA512

                                                    2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_fil.dll

                                                    Filesize

                                                    29KB

                                                    MD5

                                                    7c66526dc65de144f3444556c3dba7b8

                                                    SHA1

                                                    6721a1f45ac779e82eecc9a584bcf4bcee365940

                                                    SHA256

                                                    e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

                                                    SHA512

                                                    dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_fr-CA.dll

                                                    Filesize

                                                    30KB

                                                    MD5

                                                    b534e068001e8729faf212ad3c0da16c

                                                    SHA1

                                                    999fa33c5ea856d305cc359c18ea8e994a83f7a9

                                                    SHA256

                                                    445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511

                                                    SHA512

                                                    e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_fr.dll

                                                    Filesize

                                                    30KB

                                                    MD5

                                                    64c47a66830992f0bdfd05036a290498

                                                    SHA1

                                                    88b1b8faa511ee9f4a0e944a0289db48a8680640

                                                    SHA256

                                                    a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961

                                                    SHA512

                                                    426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_ga.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    3b8a5301c4cf21b439953c97bd3c441c

                                                    SHA1

                                                    8a7b48bb3d75279de5f5eb88b5a83437c9a2014a

                                                    SHA256

                                                    abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0

                                                    SHA512

                                                    068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_gd.dll

                                                    Filesize

                                                    30KB

                                                    MD5

                                                    c90f33303c5bd706776e90c12aefabee

                                                    SHA1

                                                    1965550fe34b68ea37a24c8708eef1a0d561fb11

                                                    SHA256

                                                    e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c

                                                    SHA512

                                                    b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_gl.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    84a1cea9a31be831155aa1e12518e446

                                                    SHA1

                                                    670f4edd4dc8df97af8925f56241375757afb3da

                                                    SHA256

                                                    e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57

                                                    SHA512

                                                    5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_gu.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    f9646357cf6ce93d7ba9cfb3fa362928

                                                    SHA1

                                                    a072cc350ea8ea6d8a01af335691057132b04025

                                                    SHA256

                                                    838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150

                                                    SHA512

                                                    654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

                                                  • C:\Program Files (x86)\Microsoft\Temp\EU6C13.tmp\msedgeupdateres_hi.dll

                                                    Filesize

                                                    28KB

                                                    MD5

                                                    34cbaeb5ec7984362a3dabe5c14a08ec

                                                    SHA1

                                                    d88ec7ac1997b7355e81226444ec4740b69670d7

                                                    SHA256

                                                    024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9

                                                    SHA512

                                                    008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8

                                                  • C:\Program Files (x86)\Roblox\Versions\version-e2728ac197f84660\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

                                                    Filesize

                                                    1.5MB

                                                    MD5

                                                    610b1b60dc8729bad759c92f82ee2804

                                                    SHA1

                                                    9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

                                                    SHA256

                                                    921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

                                                    SHA512

                                                    0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

                                                  • C:\Program Files\MsEdgeCrashpad\settings.dat

                                                    Filesize

                                                    280B

                                                    MD5

                                                    091fdc53905224380e37753e827ecd06

                                                    SHA1

                                                    74ff9d78f9dedb5e8f922c1677b812aa4530c30b

                                                    SHA256

                                                    a582f795e958da5b74ff6f7d19abaffebd59b7eeef7ca50cb28a9b43610ebf67

                                                    SHA512

                                                    9395a74bbe0b68682d1eed29717c112e37d7daae0754a855a070356a574ba66c81517da83728f196cbd5a46b31c6091538316770316586cd11db8d8eed6680d2

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2680_1619883188\manifest.json

                                                    Filesize

                                                    76B

                                                    MD5

                                                    ba25fcf816a017558d3434583e9746b8

                                                    SHA1

                                                    be05c87f7adf6b21273a4e94b3592618b6a4a624

                                                    SHA256

                                                    0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

                                                    SHA512

                                                    3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2680_1620670\hyph-as.hyb

                                                    Filesize

                                                    703B

                                                    MD5

                                                    8961fdd3db036dd43002659a4e4a7365

                                                    SHA1

                                                    7b2fa321d50d5417e6c8d48145e86d15b7ff8321

                                                    SHA256

                                                    c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

                                                    SHA512

                                                    531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2680_1620670\hyph-hi.hyb

                                                    Filesize

                                                    687B

                                                    MD5

                                                    0807cf29fc4c5d7d87c1689eb2e0baaa

                                                    SHA1

                                                    d0914fb069469d47a36d339ca70164253fccf022

                                                    SHA256

                                                    f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

                                                    SHA512

                                                    5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2680_1620670\hyph-nb.hyb

                                                    Filesize

                                                    141KB

                                                    MD5

                                                    677edd1a17d50f0bd11783f58725d0e7

                                                    SHA1

                                                    98fedc5862c78f3b03daed1ff9efbe5e31c205ee

                                                    SHA256

                                                    c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

                                                    SHA512

                                                    c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2680_1620670\manifest.json

                                                    Filesize

                                                    179B

                                                    MD5

                                                    273755bb7d5cc315c91f47cab6d88db9

                                                    SHA1

                                                    c933c95cc07b91294c65016d76b5fa0fa25b323b

                                                    SHA256

                                                    0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902

                                                    SHA512

                                                    0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2680_162687416\manifest.json

                                                    Filesize

                                                    102B

                                                    MD5

                                                    8062e1b9705b274fd46fcd2dd53efc81

                                                    SHA1

                                                    61912082d21780e22403555a43408c9a6cafc59a

                                                    SHA256

                                                    2f0e67d8b541936adc77ac9766c15a98e9b5de67477905b38624765e447fcd35

                                                    SHA512

                                                    98609cf9b126c7c2ad29a6ec92f617659d35251d5f6e226fff78fd9f660f7984e4c188e890495ab05ae6cf3fbe9bf712c81d814fbd94d9f62cf4ff13bbd9521a

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2680_1867690625\manifest.json

                                                    Filesize

                                                    116B

                                                    MD5

                                                    178174a0125d4ff3ed5211426f1ea113

                                                    SHA1

                                                    26f72c5a2f65c767c4edb04d8da62bdadc02e809

                                                    SHA256

                                                    64986dfeefa8855069e799b28e5523b35c9efcf2ea152a2b03461471c218da1f

                                                    SHA512

                                                    c0d1d9555f4cd7e9a4b0ee5fc1b069782638ba1680d18ba9c83f796746086b6afdf1400c80b7f586422c3a2a73e51bd04fb250e2db818ef723cb4f7a8b3b15a2

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2680_1936383712\manifest.json

                                                    Filesize

                                                    79B

                                                    MD5

                                                    b2ac91ca2bec034d1a335f9e2f574526

                                                    SHA1

                                                    ae9d2be2c07bfe84fea807d18a235609ac5cae8e

                                                    SHA256

                                                    dfa347c4668c5d16a7d946e9330f08d3551a89dea06e53e1cf24bcf3510ea40e

                                                    SHA512

                                                    ff3dd90c1dc9b10754f54c5c54fff2a6877f00fda09f47e07ab05bcaa40a8d3e960a3654b1cad498cd233c0c09d44d686b523b882a385525b60040d708e88b44

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2680_2129118726\manifest.json

                                                    Filesize

                                                    43B

                                                    MD5

                                                    55cf847309615667a4165f3796268958

                                                    SHA1

                                                    097d7d123cb0658c6de187e42c653ad7d5bbf527

                                                    SHA256

                                                    54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877

                                                    SHA512

                                                    53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2680_947023148\manifest.json

                                                    Filesize

                                                    113B

                                                    MD5

                                                    b6911958067e8d96526537faed1bb9ef

                                                    SHA1

                                                    a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

                                                    SHA256

                                                    341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

                                                    SHA512

                                                    62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2680_995545918\manifest.fingerprint

                                                    Filesize

                                                    66B

                                                    MD5

                                                    0c9218609241dbaa26eba66d5aaf08ab

                                                    SHA1

                                                    31f1437c07241e5f075268212c11a566ceb514ec

                                                    SHA256

                                                    52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b

                                                    SHA512

                                                    5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping2680_995545918\manifest.json

                                                    Filesize

                                                    134B

                                                    MD5

                                                    58d3ca1189df439d0538a75912496bcf

                                                    SHA1

                                                    99af5b6a006a6929cc08744d1b54e3623fec2f36

                                                    SHA256

                                                    a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

                                                    SHA512

                                                    afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

                                                  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

                                                    Filesize

                                                    100KB

                                                    MD5

                                                    4a0d189dd240facfc2412e4874714e6a

                                                    SHA1

                                                    a9190d96ce1e617823751ed01d3796e17b495f5f

                                                    SHA256

                                                    87d644705978f6d648fe5f9fd373e49809d49fe1670038d2f6ecad9bbb714233

                                                    SHA512

                                                    dac909989ce694f38510952715f362ee6f023d18fd7875740abba380f608e66ffe8e2c5f8592c39b72ba2541e9d0ac187f88785a8f53cd095dfcf8fc14152356

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    ae54e9db2e89f2c54da8cc0bfcbd26bd

                                                    SHA1

                                                    a88af6c673609ecbc51a1a60dfbc8577830d2b5d

                                                    SHA256

                                                    5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

                                                    SHA512

                                                    e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    f53207a5ca2ef5c7e976cbb3cb26d870

                                                    SHA1

                                                    49a8cc44f53da77bb3dfb36fc7676ed54675db43

                                                    SHA256

                                                    19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

                                                    SHA512

                                                    be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\37746660-e3b9-4320-be93-7197eb92db26.tmp

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    1e67656e52dd40e580d518448447a451

                                                    SHA1

                                                    1b029cb6c3e5ce317e14ee8d40577d1d83e84277

                                                    SHA256

                                                    c812a8cdebcd96c19b820920b35a13a666b8b61c63d4de1d1df568d0b91236b2

                                                    SHA512

                                                    26d893b0c41a8dfbb3d36a1187f2095d0473929bdfff7e3d3ce41950e6a268c2bc5a1ed1feaacf5115234a4e28d4076924b7ee3793f2692fcb4599c9eff9af57

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    4KB

                                                    MD5

                                                    f05674f50501815ee9b52e71266f7766

                                                    SHA1

                                                    9e508872db73f2032726b51e7cdf1695363a3bae

                                                    SHA256

                                                    ede337a0715fe5e85fc86031bd3c390d26cf92cd9a9162a34edd0106d17d657c

                                                    SHA512

                                                    53caca6fa1e716236ae98cae98451f0262252bd1271dcd4fba1bb600b4d0bfd7a8b7adb8ec9221d06c92d48ca72ae3640c0f7a9261dfc0115c446c558f5ca30f

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    696B

                                                    MD5

                                                    b75ae2390a1f1966c51108246038dcd6

                                                    SHA1

                                                    24cbc3ac24cb949006ebeebe4de9d3808aa49d1f

                                                    SHA256

                                                    8f9248506e53395eac6fa182aab5a774a11626df2a1cc4e418bc1f84daac618e

                                                    SHA512

                                                    14883e4d476bb875f0addaf666fccf4a2db3f113d15288cd5d5045d602e21902184ca70e008a1cdf555ca83c900b4109638cc1c33a54db17d4503fdab70f16ce

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    e5510680fa1a4cce3113356f8b342624

                                                    SHA1

                                                    d90e9331d59a9dc6caf7d454dc941533a85f13d9

                                                    SHA256

                                                    7adc29eaad057435f2f836aa623ae0eb944f87e029d03cd0d71a5444dfc4da14

                                                    SHA512

                                                    25e85a23d1c663629a626febfe772fd08d0288b0970cca42e01d79ed3ac13b8c3a265e2f39d79067f893c77a9e68c024fdb1d27a4bec4749a58ecf6495a28101

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    4KB

                                                    MD5

                                                    54c3fda27f8233ba945087a157dca795

                                                    SHA1

                                                    dd61989f50583bca30e58e900fd47d0bd158e849

                                                    SHA256

                                                    c8e683c4fbc45d754f6d81f2a7c213e42188f9ce861fc3744f5ff2ad3af1c299

                                                    SHA512

                                                    2e5156f020da7d73e2bbe72e7ed46f7dd40399c07988a48778d297faf320da1896d59633702ad6ba82931400e584dd34c85e1d1c027606909a438f88a33d9cb5

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    111B

                                                    MD5

                                                    285252a2f6327d41eab203dc2f402c67

                                                    SHA1

                                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                    SHA256

                                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                    SHA512

                                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    7KB

                                                    MD5

                                                    fa056a2ca7fbc6af18c21d31f1bb6980

                                                    SHA1

                                                    76f02b9aa24c30b231b544d529a34659ce7a5f89

                                                    SHA256

                                                    8e8a899442316a33f2a9b59e83fddc1ddd99581d128153974459fe5ed9840b46

                                                    SHA512

                                                    a02056a4803817661ba33b689254cf55ce1f100a2455c81407cd11a020b94c9783a19ce89fac8d64db5d65b6ebc31b2d9fbc6b8f14af460f92e4901559664dad

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    1a3c1f143ad7ce4c811e5b18beeae1dd

                                                    SHA1

                                                    c341c227b9cade1564963cb3a0b6955c8dc5adb5

                                                    SHA256

                                                    1e7148fe5586690991564f467a9a78a3d6b3ff3d5e7d6b7c646a6648d326c761

                                                    SHA512

                                                    e855f17c58d86a5781cd3f9463c56be8cbad8df804cad23da09e802992b4d4ce2a6138a69a57d09e1ec7572b7c0593ca95ae0446b2c2faf9a464dff5bd32c39f

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    7KB

                                                    MD5

                                                    e04e0c9d48c1937490a238d6c6cf623a

                                                    SHA1

                                                    d048fd82fae734526043ab5128fd34da6ac20e16

                                                    SHA256

                                                    572ea8aa323098cddb253278b62e403b19debbec9cbc677ad086d20a6d516500

                                                    SHA512

                                                    56a51a828b0445d98daaaaba4f46377e381e3096a79250183d147f0fca23192f53a471945de4155dd6164bfbcf8d9221580287c08e99daae2e5323dec5fb9a9e

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    7KB

                                                    MD5

                                                    fd6b9698c1ee645196e8d471380100fc

                                                    SHA1

                                                    c04344e122a08d9db532205f3ac4342f99d0e71d

                                                    SHA256

                                                    51fd7c73a215455aa67cddb22568ca7e034e1e79b9a955f08447b1dca2944aa3

                                                    SHA512

                                                    6ba8840e47c560b5021f705d0ba54a372750dc811e7743668febd006532a752c3a1cd1fef89d4b756c56192ef107fac6a18d55cc31d4b73204904c45efd8c81e

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    563b9156390c51b5a4bd9b8eee5d4411

                                                    SHA1

                                                    f2e1da8b5e0b3fdc5a395bcff0ef2fee3fd7b3a8

                                                    SHA256

                                                    fc1ea7dc0f6f74856a5e67cba4afcd07dc2948dab886474f6e747a1ae37ac634

                                                    SHA512

                                                    5545946891db7ee81e83d3dbc7f53facccd6e9b3471899cdcc62496d2d6df89c85b49db8ab4a7571c0dccca797f5f6698dd6055949f7e8b85f26cc2bb0434244

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    3d11fba129d061bf241c3a6273c5c311

                                                    SHA1

                                                    b4255d8e309d4c64f9fa9000243816ddc6952d66

                                                    SHA256

                                                    a817f5579cdff42a0f66dc0458c6128af92c4e44dff024ed3a553f415e212313

                                                    SHA512

                                                    eca47fe4f5a042a82089200a4e2622614ff47a9614c2b9652c8324fdfed2a50aeaa99ff849c6fddbfc6c6bc410930747acac351ed187bab292dc4e4eb71b3658

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    22d743e9948bc726cb65cc643d5ac826

                                                    SHA1

                                                    ce45959c4fab479634fb6e5ad323770a1e2cb64b

                                                    SHA256

                                                    911fdd4f4d1d8963ba0c681909b71d86e3ae76f76d7bfa753fa0ee74ac718cc2

                                                    SHA512

                                                    08e7177d97ef111b58df6f0899a930f809ab5efa44feb2fedc663c706f0003a75187cda794e101294c9bc235c40465e6871ec8cdfe3ceb62a038f79cdc1e0a3e

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    b278a42e5576d8a849e1d7da80f63342

                                                    SHA1

                                                    8e376de9372fddd3d127a3533602c84a81c8a1be

                                                    SHA256

                                                    e3a016971b5cf88304dbb65a35956066c332cf1f868bc0a5d4f85fea6ed6e39e

                                                    SHA512

                                                    b22e138f1386bd4cef3574c50fa69d1b20393f4da84dc2b892ede979d9fff85e8b3d2b59eddaf1a61abc075f954758cb44c03af73e3b1518d4339bd23b2aada3

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    462c63058e785841c9fc1b3ae79503ac

                                                    SHA1

                                                    fcca24ee0c635e01a42d6575703c8b25e69ef4aa

                                                    SHA256

                                                    123861d47bf9e70f4c1a83621a0f479df24abfa093914aad7661a7baabb6ac79

                                                    SHA512

                                                    38b2f9aef785abde626e09cd1eea4db8638930899799c8a72d65beeb6deddad908e56491dee83f6ebe8de4bd86bf5752e9fccf258bfbd9ea36d25604c8486d22

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    6d8fcdfa3ff5514e10b0e1e1201ee666

                                                    SHA1

                                                    3def321bb8498e83c550c64c82b99c6dad9e117a

                                                    SHA256

                                                    c534a9dedefe12d106a212e6f20568a6f72e6a886d42e12eabb87d28f08adf1b

                                                    SHA512

                                                    9e9bbfb5a22f7cc35f67ef1532011b9f46f79af4f65696ad254ea68613ea64ce09aed160fa04ed90aebaf01c2e7a86118bbd6e0fbbf3322e5e877f8b57731e85

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    fa56ce272e342ac6ed484bddbd714498

                                                    SHA1

                                                    dc5cf146a07d275a242dbe156a3898b3f2fa7447

                                                    SHA256

                                                    723819f763bb4930e250dd08e767fae95ef9d474a86c5da8b7752080f3801ad4

                                                    SHA512

                                                    a6401d469db8670825dc0e7f4cdf9c6f91831cffa9668f90965f8fc5c0b8c533719e2a6808096484c23fbb1b364838fc5e6237170a46bc354ea5c59e3854485b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57951c.TMP

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    12bd286a8f3dda045d40b72eeb988ffc

                                                    SHA1

                                                    5c9e5be0fcb59270f963297fbd048dd55a325022

                                                    SHA256

                                                    a9bacd3fad6a19bc56bfb154b0f23a12dc5a801e7d64fb4f120705318abf0528

                                                    SHA512

                                                    09e694d558e735b075e7c2df5b5e32e197eade0a63fcd0176e14516443836a1418a364287faca3f39e28d482b1a8e528f7524d777663f9f3bddaea5299318b41

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                    Filesize

                                                    16B

                                                    MD5

                                                    6752a1d65b201c13b62ea44016eb221f

                                                    SHA1

                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                    SHA256

                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                    SHA512

                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    12KB

                                                    MD5

                                                    7e43eb5a2549921140cae6d8e44be925

                                                    SHA1

                                                    c3f84e70eb70d648dcb032046f9075a2062643a2

                                                    SHA256

                                                    68bd02b60bfebebd26e806729813e375a53e708e539886060ce0100b1856bd4b

                                                    SHA512

                                                    9379baed2ff5bb5f0fd493295549838522753d838319508bb3e5e4e4c6b4c0f7a213e8b7808123e5175a4cab78de1d5a1dce40be55d342efa609fbd30f6abc75

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    11KB

                                                    MD5

                                                    c7abf123339a34ae22db1378ffd9f06e

                                                    SHA1

                                                    1e8420890ef6ea228e4b88b385d15e876bc52bf2

                                                    SHA256

                                                    a221eecdedacef7d7ce4ee8a7a1044bd393d54e3247e917b39e4ececad3ef255

                                                    SHA512

                                                    240a6b2405173d1946a33658f2ed19b6b6970dbee41ca5b6389c2fb3c96910977cd6e67b40caf466fccaf539021b09f3c5abf1f9c35870504778ec22f02ed625

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    11KB

                                                    MD5

                                                    c5c6a46db9143f085a7d8d1b8299a796

                                                    SHA1

                                                    78256f719bf58cffade26ccb26c5248d33dd3b48

                                                    SHA256

                                                    6ecdc18f227abab94cc77633ed70a0c5118c9b82402b69430be45f85cf5491e2

                                                    SHA512

                                                    d0b7534b293666c52ea31c0d7bc7a7856c15dce0fa8cec5a87c7c694fd332af43ac5f0fb3c83be3c244456cf12398b27d7cf19b784d9dd9a732c1e113f24f258

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    6bbb18bb210b0af189f5d76a65f7ad80

                                                    SHA1

                                                    87b804075e78af64293611a637504273fadfe718

                                                    SHA256

                                                    01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

                                                    SHA512

                                                    4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\crl-set

                                                    Filesize

                                                    21KB

                                                    MD5

                                                    d246e8dc614619ad838c649e09969503

                                                    SHA1

                                                    70b7cf937136e17d8cf325b7212f58cba5975b53

                                                    SHA256

                                                    9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1

                                                    SHA512

                                                    736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\reports\bcb7ece9-3b39-4e90-abb2-6d39f4be80f4.dmp

                                                    Filesize

                                                    10.9MB

                                                    MD5

                                                    067ec7896b44b14b901e39c6a4d72417

                                                    SHA1

                                                    697be047dbe9db2a1e1b466d242875e97ef7d70d

                                                    SHA256

                                                    bfb82b8f52a27a15719a6d28e5a468e214e0d95503d07f1b2f6ee51ee4d85bf6

                                                    SHA512

                                                    77738b268e4a001100ad3942245783e7e48ce1a335ec5ea0f7506649f4ec55b38fe1d6f4c219994a3c5d33598336ac22839e8b23317e22c2a8c7daecda27e26e

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat

                                                    Filesize

                                                    280B

                                                    MD5

                                                    b84e904b2ef780ca65848ea4c7335ab7

                                                    SHA1

                                                    cb7cf00dcd50b822b7c4d6087251f734ccb83c8d

                                                    SHA256

                                                    945e242fe33a26b06fa05f8febfa53300a1ea2a1addc6f9cc9a9d728958b8713

                                                    SHA512

                                                    a13f5feedbd87b6cfd635a9692967b9cb440ae28384e4fa3d29e699b5562feba79eebc29ff864b6e73fdfed899221c6e822b0bda84cc9971b5cd0e5c80ed5efe

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000022

                                                    Filesize

                                                    41KB

                                                    MD5

                                                    e0a5b5b5b60870c900d4e965d0582b5b

                                                    SHA1

                                                    324bb751461fb997107f4c2f869042b093ac3ca4

                                                    SHA256

                                                    a4658e257cd9b7c17301efa73ef9d9d66c9561ceffdbc92fb5e5b64454b87f96

                                                    SHA512

                                                    e7c17425d5a6954710393ec309e473db216db095072f64caa968b9a3e1943efa75160873c8d965ee1a36a7493816c11a59bc24c245014fb9f8e6b5d043c7455a

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000023

                                                    Filesize

                                                    40KB

                                                    MD5

                                                    0c4880fb1de7d2ef097042adee0d2d31

                                                    SHA1

                                                    ea7b12eae99f8f044352f1dd1bc4f7ea3786eecb

                                                    SHA256

                                                    506fd688cabceb56eed3a3ffaed6afe80f124c61b223b3c8cc231c74ceb5c73d

                                                    SHA512

                                                    74d5d2148505142bcfee0f99d3879a4c5baca87575026df3eac7d504b56c849f827645b83fa7fe2d64bc6bc3b53ee35ad458ba56b846b2d4a5e03996e2ddd80c

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    48B

                                                    MD5

                                                    b0eef3ab29eb758006b2dacffc2c85d5

                                                    SHA1

                                                    c93495ea1f9472abb3bd51448bba4d267ea91ab5

                                                    SHA256

                                                    7e94b737a8f2431beb29578cd5b5bd5a21d55a264f487a8174a591cfddfb2320

                                                    SHA512

                                                    e4f48c74aadfe1a22ae08fcc3f200fdb41cd6377cce22ff9148bce68c25653d06fb3d0333471969c485c6a6a3db65b2106cd03c130980f2ac438f8df3a306af3

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    206111aefc4e85f3677604ca97bbac9e

                                                    SHA1

                                                    50761ed97ac410823a4ffee370d1d398b3984803

                                                    SHA256

                                                    b7c184fb9e4d882c8efc8bfb6fb05d5317ea336119721acdd5f917193ba735bf

                                                    SHA512

                                                    d04a85e246d48e0d9cc7edcfe591c1ba5e99fef2613643190124bb3e340d6456891dca58c869ef9b06ae80e9f2998d22d37a5c36936eb4466d73a52a05e36300

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    8d126a3438dbe86cd1c52af332007cda

                                                    SHA1

                                                    4824edb47cd4ac259768d7e2d9eda8952ddae5df

                                                    SHA256

                                                    bbb2f91b5117348e2d175e7f437627eefed2fa35db18da3741fe45aab7fbde93

                                                    SHA512

                                                    8bd7acba5d60fc27c2b81210bcbc555abd141a2773a5cc26c60aada565a11e020ec0754204ffe9551f3ffe3cf7ca8b367e51c3339e2563b013dc9106eaee81f2

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001

                                                    Filesize

                                                    41B

                                                    MD5

                                                    5af87dfd673ba2115e2fcf5cfdb727ab

                                                    SHA1

                                                    d5b5bbf396dc291274584ef71f444f420b6056f1

                                                    SHA256

                                                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                    SHA512

                                                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

                                                    Filesize

                                                    420B

                                                    MD5

                                                    f96122a19a2cff67aed2ff7ecfcb1b43

                                                    SHA1

                                                    4cff17634771879fe1a76762e7bde6036a1e3228

                                                    SHA256

                                                    3bdcef46a0a9c694c6144c112420314af64e6053502c35c2c6d06018ff1f10dc

                                                    SHA512

                                                    1bb66044b1716b99eaa6c18aeb5f8fcbec9dde157c1a6e854753d1551f48fc609565e63d5b7dcb8238ee1eda3d8bb42ccb6e6843c1d9a2dff3d8cafb46a7768a

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe6926da.TMP

                                                    Filesize

                                                    377B

                                                    MD5

                                                    48b7f614983d04cb3dc40ac0c1798105

                                                    SHA1

                                                    7fea7ec74eb2bf394bc3b8abe660adc834faf083

                                                    SHA256

                                                    7565774d79257064622d37815e3f1ceaa063e3e0d0cb93da37cff667bc8d6a22

                                                    SHA512

                                                    20b7284d58622491febde58c91be22c08f23cbcdf03736054d5b63921a5d160fafa4f36d41a59a6bb34e7c1399ffd1b947b10a70439371d9c81d2c62beb488ab

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

                                                    Filesize

                                                    23B

                                                    MD5

                                                    3fd11ff447c1ee23538dc4d9724427a3

                                                    SHA1

                                                    1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                    SHA256

                                                    720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                    SHA512

                                                    10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    035a72c78a0b71194ed61f8da3c9adc1

                                                    SHA1

                                                    745857acc192d56a689369d26506e9302a393a11

                                                    SHA256

                                                    f7b05fd9f8340fdf2b616c3162c6175e448e5f612b50d3ea9b11f16c8bbf8ef5

                                                    SHA512

                                                    018f093b50fe44e6ac56a721fef295e03c69f87ed08eadda153ff1ad06d6e34b68334aa247d6cf95d35d01c76f9c276bc90f16b0f28f3f6f889409f7428db49c

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    7f599757e88acf75f7991c2aaef6a170

                                                    SHA1

                                                    4f1cbd18af88ae1b9fb4ae1a9bf99a65720f9f71

                                                    SHA256

                                                    4c353bcc3b8871b542be6769b5e8ac90d3adb1b445530a80917bd74c99820401

                                                    SHA512

                                                    7aec89b7377aea3cfcb027d4ff55d1383746609ac44caf4ea85f162cf348e9c90e90eef1f998de87b8703fac960f523628f6c52e5d8a856e507b3fce597a6880

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State

                                                    Filesize

                                                    4KB

                                                    MD5

                                                    4b8d37c9d4c64b0734e8c940a0f7d958

                                                    SHA1

                                                    9226627f79b88eaf106f220385b1d51d3bf236eb

                                                    SHA256

                                                    b023b70597f196bf0bc3df4563009770bdbdb469cef2df1f852a9717a751765b

                                                    SHA512

                                                    d4570d1a25bf212bf6dde0e36377995807529af39e82986fb35e10b1d6cee3af8054cf06c9f86bc3690d989da9880dcdbe44b9dcd48700c60579fb87d42a8b5a

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State~RFe5adf74.TMP

                                                    Filesize

                                                    59B

                                                    MD5

                                                    2800881c775077e1c4b6e06bf4676de4

                                                    SHA1

                                                    2873631068c8b3b9495638c865915be822442c8b

                                                    SHA256

                                                    226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                    SHA512

                                                    e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

                                                    Filesize

                                                    2B

                                                    MD5

                                                    d751713988987e9331980363e24189ce

                                                    SHA1

                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                    SHA256

                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                    SHA512

                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    b83d125586d30853d945add4bfc104f1

                                                    SHA1

                                                    dc8503c53c8a83947a30bebcb9a1282b877cf455

                                                    SHA256

                                                    2913f27332874d8ed7465829d5ae8b7ba2f4f0c3a49a58456efc1e592cfba277

                                                    SHA512

                                                    0733f5c3cb3e6d67ca422cd9f88813f27709b9e522edf0cd986f89dcf25135e6b63b376e2ace469571f7b74825f7b5d071f9fffb249a13214f3aac446a1532ce

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    b32514a9e04925f163d21446d1c43157

                                                    SHA1

                                                    8bf570c9838e496c845cbdc94c82c7ef0aaaed85

                                                    SHA256

                                                    96139ba30b4466c9e5d287d7608de2d33f631237828b341906587becb6b7d168

                                                    SHA512

                                                    4daffcafe254050d63b5d9e9894b6e9eebe25363f78047e66f005dadf8099a5d6cc830338be6c1fe4889795cfaa0bc30b7e181c3afb6524c604625da155d5ea8

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    1ceb9692d29ff43461514c38d7f0ddd3

                                                    SHA1

                                                    f0dc88ba09d8644d220287364ddafaddeae8ef86

                                                    SHA256

                                                    d679c93b4fbf7c4d49194679cdd73acbb7da37c32c982ebcf47c269f0f1d5ec8

                                                    SHA512

                                                    dfa3d709a95fb64ca9081159c958abc79e6979afab7ae410aaa4023d180cdc3223c962f5e9badf1efe5f8d8ece239deea270e0c95a27a41fbef4f10fced476f0

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    6aa3501e4227fe15d6d2af1b577fe038

                                                    SHA1

                                                    f0a37858b9b7f95db4e896b0d15cb096b4eca43b

                                                    SHA256

                                                    ee33d5f684e0cae651a79db2319ecffe53c2abcd2e8a771dabf9616c71d7fbe3

                                                    SHA512

                                                    e424f372806f4d401cd8e9e64784b3dbb6675e3f7644d9ba1f495a3320e442403084e18ac9e29fcd15ffa758ab85736c2f7225da19205ed36fab0eb18167c934

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    d9c30a50eb560c766bb7b191bf68f797

                                                    SHA1

                                                    dbe81d6a60f0518733aed17a6dac55302f19fbda

                                                    SHA256

                                                    79378532b2045b87762dbb3cda13f04531c48e0ccf0fef0dc1a99cc8d7892fc7

                                                    SHA512

                                                    7574aaa937e92dc03320a788179d511b08ddc0f60f0959473029a0592e5bcc316fcfff1d62de45f8be69ba5a47a8249cf69dc3236ea5006b6fcf6915523a6fac

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe5a1df9.TMP

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    8d14cb59bb386e423e0595e8c2d0b404

                                                    SHA1

                                                    a46fb654f918850cc69a97c65ee0fccdc17a1cbd

                                                    SHA256

                                                    d297571a702497f93b72f14339481319aec05dfbb8ab6d3ad156c5da06489641

                                                    SHA512

                                                    5bd83b42073700b97acc3d58f9d3da9fbcb8e4c8d7cb8eb96726a83bc1a582b308a60219ea596e904bb22346df95591388b9f8da331cb81c8317aacbd5603f3b

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\a5179292-d7f4-4254-8349-0f11872b972f.tmp

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    df14a4f7be4f157f8ace8b870ea8f5bd

                                                    SHA1

                                                    58559821cae8dd67c4fc0d4106587535a2d0b534

                                                    SHA256

                                                    cee143b90ddde81dd42f5f3979bddbd4805e4e1d40dd44791347ecd03f361147

                                                    SHA512

                                                    156bfacb1476dbcbbe2c27db1faa185d12e2214f92e270d8aed4e3f6da5dd2502a2bc5e1f770b03bfd7d7dd97a11a708759813e7bc4bf615fb9faf218c2fca1f

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    cc380c023a84f755b2d2ad306c4365d4

                                                    SHA1

                                                    aefa0d0ff5d7e26b0abb4700d25527bbc500c8d7

                                                    SHA256

                                                    cfd5a4a99f3cd32fa6388d9d409effb28b30affde2140b3ac4848366ee63ea05

                                                    SHA512

                                                    3e8df9e8f1dbd19a723043e78bc1800f573fd35f40309cdd158ee085ae9589a56857dc8ef58b5958b172bf754c5ccfc33257a4a7c72ba3c7e240ad02abe13ce3

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

                                                    Filesize

                                                    7KB

                                                    MD5

                                                    c42fd5077256ed126413cb9ab1cd0558

                                                    SHA1

                                                    749d23c9d88d2c32f4f4e561e46b1332dcf11ff4

                                                    SHA256

                                                    577c6a23ebfd101b655e5ca1653d363dd31a5b69952321c73083654c244839ba

                                                    SHA512

                                                    73393fc33e11ed52999ac4cf0ba4dcf920be56235d8250a904f7c29a0200ab2029abddc0166ad6c9b26c5d18d07cf8dbcce0f3deaa8cc78a5055899253bc03e0

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

                                                    Filesize

                                                    7KB

                                                    MD5

                                                    e1eab358d62e0d5ed2715bac4a1c668c

                                                    SHA1

                                                    3c02c5b2fe9e8a029818796f2a0af755ea505531

                                                    SHA256

                                                    82bf76284b572ba4cc618c5a23a40e7a5919b00c89ff263fe2cee568cb78e201

                                                    SHA512

                                                    1c853bd4122753de14851405a26151fa6e84519f5dd8b97ae79a7d161258e55f0943ec36210c45c59a531085e5ca2e1ddf11140730e348de908911827188d2b0

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    f3ec8a229bd04feb57c39d1b8474506e

                                                    SHA1

                                                    9959225a0d56cb1d856756aa7da2bbafee9121de

                                                    SHA256

                                                    3f50853839a09f4ac523eac84ccbc215eaee907affe20b7722bb457a0aa6ca13

                                                    SHA512

                                                    fbb871a18084cc3dba872d1276d7babc90383010c94f96cdcc73f40ec7ecc18e0915bd472897cf324326240773364d2930c144c0d8bae3e30b98be7183fd6079

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences~RFe5a2210.TMP

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    67a256d5e768854f32157e70d9195463

                                                    SHA1

                                                    6561ce3e700656daba33e2df0045f1c36a9be1be

                                                    SHA256

                                                    8e8aed57470025fe7b9019ab0e33087639f795d28fadd7f837d6666138dee586

                                                    SHA512

                                                    f2e683a9909ad357a60bfdc916690c6769aace40e16d03334ade36559c79a73d9856cc2e4bd34e8f6716599cc78786c9f3846c2fa2ecd58a060a4a2d61588836

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

                                                    Filesize

                                                    16B

                                                    MD5

                                                    46295cac801e5d4857d09837238a6394

                                                    SHA1

                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                    SHA256

                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                    SHA512

                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_0

                                                    Filesize

                                                    8KB

                                                    MD5

                                                    cf89d16bb9107c631daabf0c0ee58efb

                                                    SHA1

                                                    3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                    SHA256

                                                    d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                    SHA512

                                                    8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_2

                                                    Filesize

                                                    8KB

                                                    MD5

                                                    0962291d6d367570bee5454721c17e11

                                                    SHA1

                                                    59d10a893ef321a706a9255176761366115bedcb

                                                    SHA256

                                                    ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                    SHA512

                                                    f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_3

                                                    Filesize

                                                    8KB

                                                    MD5

                                                    41876349cb12d6db992f1309f22df3f0

                                                    SHA1

                                                    5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                    SHA256

                                                    e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                    SHA512

                                                    e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GraphiteDawnCache\data_1

                                                    Filesize

                                                    264KB

                                                    MD5

                                                    d0d388f3865d0523e451d6ba0be34cc4

                                                    SHA1

                                                    8571c6a52aacc2747c048e3419e5657b74612995

                                                    SHA256

                                                    902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                                                    SHA512

                                                    376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    7584206a2d1c915273a901f6dc31ab7a

                                                    SHA1

                                                    96ce6aee8436f6243ab502d34aa45f66d6252ac9

                                                    SHA256

                                                    06490297ab99196f3329de789b9b73f66d9fbd1b3c6652b42eded8420cdaa745

                                                    SHA512

                                                    6c530d47ee1901f1c3d90bdb6b79fb78eba6f459ee292f68515c5e4677018c5bf7c4702e706e0bff01ae0cc913b6a4ce3da61083d8b7c884a37c33caabb0d275

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    e19a99e34cf3b995390346b2cfcf9d03

                                                    SHA1

                                                    f27248be69b0a74686f6290691e630116d8c1cfe

                                                    SHA256

                                                    66416ac5a3191ac8f3069d44c2afcb38003ff2fde5097e8e35b70b61e9e6c1cb

                                                    SHA512

                                                    d56da695c263430cbdcc54953bd0923cace09fa9d2683fc831c4b599949fe8562c99c2b6a7a14db512b73bee5334d81adf01913d05e7baf0e5f8b5df43dbf675

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

                                                    Filesize

                                                    16KB

                                                    MD5

                                                    fb6c7a6cacd2910f5dd262a8fe9597fe

                                                    SHA1

                                                    07cbd287a67afa7fd9da1d09bbf6080c8e83eb68

                                                    SHA256

                                                    53ca7cf8edb0d5de4a32cb1f044dc8811bcd6ba730a088bb0ca0b179940687b5

                                                    SHA512

                                                    e76471503aa529e22039d6772f5ba1a164374793c72f7a35a24ca1e5cb003d78ca0c002f0999af2a0b9da23aa525ba8e5921daebe06921e4d0d1a15df1bbef6f

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

                                                    Filesize

                                                    18KB

                                                    MD5

                                                    1230cb692091097510b18b26b943990a

                                                    SHA1

                                                    54e6b4031c633f0c29092e83c82400775b82ea78

                                                    SHA256

                                                    8ca05a835be2dcd8271297b43a1f76926867c77414c0b8cc7ee7f70be583a187

                                                    SHA512

                                                    5d8db3901542225e8f34cb3fbeafdac4281ba7b960b52d2ed1ed7ba050efc99ebcd9d262e45b310ce36b706c99b640da6ba897831478c127ef2075db3bc07a3e

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe59cc10.TMP

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    09af89148be4812cab9414fddae65600

                                                    SHA1

                                                    85e4179c2f4a16bad1b79669bacb9816ae230871

                                                    SHA256

                                                    41f3e3b8ebb5cc1fcf6a5f8475d3bc6e497b7a5fd790942662c14f71f7f8e1b2

                                                    SHA512

                                                    81f303b77f951757e93a0e6c6847d2a1417096b653a1f205b73bd4f42e1879749ad462ccc8c026f4f520b6559d2fe0e55d2a4d624430d5465e6bf32623394a5e

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\crs.pb

                                                    Filesize

                                                    278KB

                                                    MD5

                                                    981a9155cad975103b6a26acef33a866

                                                    SHA1

                                                    1965290a94d172c4def1ac7199736c26dccca33e

                                                    SHA256

                                                    971393390616fbe53c63865274a40a0b4a8e731c529664275bdc764f09a28e2d

                                                    SHA512

                                                    2d75ce25cb3a78f69f90fbd23f6e5c9f1a6ed92025f83ce0ab3e0320b64130d586fc2cd960f763e1ab2c82d35ef9650ebd7ff2a42a928a293e0e7428cc669119

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\kp_pinslist.pb

                                                    Filesize

                                                    11KB

                                                    MD5

                                                    d43d041e531dc757a69a90cb657ef437

                                                    SHA1

                                                    09138b427565bc276cfd3ba9f59b0c8bad78e91d

                                                    SHA256

                                                    9431360a5534ad2f8eddde157cce39704b99da035fcb6d2cca11220700b11ccb

                                                    SHA512

                                                    476a98122059b9cc19492b7ae557c61381842c8c347f85c686e0a493bfd0e8707ce3491b690e7978b3fb7d7d2a4daa2767e4a590398a50562519bf32e8d12ec6

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Subresource Filter\Indexed Rules\36\10.34.0.52\Ruleset Data

                                                    Filesize

                                                    2.8MB

                                                    MD5

                                                    16176aa639f8d0bf6c1a823f9d973d8c

                                                    SHA1

                                                    f1f365a4705a3fcab04bc4aa8f080ed7ae2f372c

                                                    SHA256

                                                    75da3c6add63a83efb735ae0f1f4e6578607ea33187753b0f65f750a1ab0ab34

                                                    SHA512

                                                    d8711e8a2d417f1f9b81a13d04951420460d1be2dd0459916a3226f364b65cd77fc0feb4be22412df3da0a2433cd924df7d0684fab04a2c6cf3a6e9715ea9f84

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\Filtering Rules

                                                    Filesize

                                                    1.8MB

                                                    MD5

                                                    a97ea939d1b6d363d1a41c4ab55b9ecb

                                                    SHA1

                                                    3669e6477eddf2521e874269769b69b042620332

                                                    SHA256

                                                    97115a369f33b66a7ffcfb3d67c935c1e7a24fc723bb8380ad01971c447cfa9f

                                                    SHA512

                                                    399cb37e5790effcd4d62b9b09f706c4fb19eb2ab220f1089698f1e1c6f1efdd2f55d9f4c6d58ddbcc64d7a7cf689ab0dbbfae52ce96d5baa53c43775e018279

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\LICENSE

                                                    Filesize

                                                    24KB

                                                    MD5

                                                    aad9405766b20014ab3beb08b99536de

                                                    SHA1

                                                    486a379bdfeecdc99ed3f4617f35ae65babe9d47

                                                    SHA256

                                                    ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

                                                    SHA512

                                                    bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

                                                  • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\TrustTokenKeyCommitments\2024.3.25.1\keys.json

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    af8fcadd95b5f42bdb56962938f7d078

                                                    SHA1

                                                    2713e1da42c96163d18f84ee662b8b61a1e56d35

                                                    SHA256

                                                    142c07267a3e13f64862d83748ff110704354d3facc3b60743602fc47e651ab3

                                                    SHA512

                                                    a45d792cb98509a1ec7e87e8371f6dd16b7c12b167f62ab68af43f7f3c3d2e5f5890a9556826dc80565adc2db20f7f06eeb3f12cef797ed2d1b132bd6c304d28

                                                  • C:\Users\Admin\Downloads\Unconfirmed 616186.crdownload

                                                    Filesize

                                                    5.1MB

                                                    MD5

                                                    911c020a364b10fe1de664c01de4534c

                                                    SHA1

                                                    8731aee51722d2e1604864eb8f03abe3e6d35441

                                                    SHA256

                                                    cb84418aa6ff71e927125f05cd74b10cef07b40fe19a17f9ba5c3bd57f2d9591

                                                    SHA512

                                                    7e2c2259dde1fcb1a10a3864b1e24f892fb28d1c0a9a8b1b32d6b512d9f49b031cf6119f55dad008f0b2a5dc87ae606ee0c2918fdc44fc307d56bc933537db7b

                                                  • C:\Users\Admin\Videos\Captures\desktop.ini

                                                    Filesize

                                                    190B

                                                    MD5

                                                    b0d27eaec71f1cd73b015f5ceeb15f9d

                                                    SHA1

                                                    62264f8b5c2f5034a1e4143df6e8c787165fbc2f

                                                    SHA256

                                                    86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

                                                    SHA512

                                                    7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

                                                  • memory/1144-1698-0x0000021B84830000-0x0000021B84831000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1144-1699-0x0000021B84830000-0x0000021B84831000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/1144-1700-0x0000021B84830000-0x0000021B84831000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/2624-940-0x00000000003B0000-0x00000000003E5000-memory.dmp

                                                    Filesize

                                                    212KB

                                                  • memory/2624-941-0x0000000073B10000-0x0000000073D20000-memory.dmp

                                                    Filesize

                                                    2.1MB

                                                  • memory/2624-1078-0x00000000003B0000-0x00000000003E5000-memory.dmp

                                                    Filesize

                                                    212KB

                                                  • memory/2624-995-0x0000000073B10000-0x0000000073D20000-memory.dmp

                                                    Filesize

                                                    2.1MB

                                                  • memory/3404-1085-0x00007FF612EA0000-0x00007FF613EA0000-memory.dmp

                                                    Filesize

                                                    16.0MB

                                                  • memory/3404-1084-0x00007FFAA1440000-0x00007FFAA198C000-memory.dmp

                                                    Filesize

                                                    5.3MB

                                                  • memory/3404-1086-0x00007FFAA1D10000-0x00007FFAA2112000-memory.dmp

                                                    Filesize

                                                    4.0MB

                                                  • memory/3404-1083-0x00007FFAA1D10000-0x00007FFAA2112000-memory.dmp

                                                    Filesize

                                                    4.0MB

                                                  • memory/4024-1274-0x00000207C6200000-0x00000207C62CD000-memory.dmp

                                                    Filesize

                                                    820KB

                                                  • memory/4564-1255-0x000001F27B000000-0x000001F27B0CD000-memory.dmp

                                                    Filesize

                                                    820KB

                                                  • memory/4564-1204-0x00007FFAC2240000-0x00007FFAC2241000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/5060-1186-0x00007FFAC2600000-0x00007FFAC2601000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/5060-1187-0x00007FFAC2F20000-0x00007FFAC2F21000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/5568-1117-0x00007FFAC2240000-0x00007FFAC2241000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/5568-1463-0x000002AC082D0000-0x000002AC0839D000-memory.dmp

                                                    Filesize

                                                    820KB

                                                  • memory/5988-1464-0x000002C171810000-0x000002C1718DD000-memory.dmp

                                                    Filesize

                                                    820KB