a093c796f256937e970d7961231630f375832e3fdb4035b0ba07f12e8152935e

Analysis

max time kernel
694s
max time network
686s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

My Logo.txt
Size

1KB
MD5

bbc32d16965e2f899e0aac0db24d3172
SHA1

701a48a505b0e339445e4bcd3c8687e821300b5f
SHA256

a093c796f256937e970d7961231630f375832e3fdb4035b0ba07f12e8152935e
SHA512

7d9b120eec8235fa61ba491910a4e74dbb215904c07905a501c1e684d9d485ef741e07a581b5a5599de2cc8b0b798700bdbb47f772ea02f7f8b5ad068d06ee11

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedgewebview2.exeMicrosoftEdgeUpdate.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exeRobloxStudioBeta.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	msedgewebview2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	RobloxStudioBeta.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 47 IoCs

Processes:

RobloxStudioInstaller.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_126.0.2592.87.exesetup.exesetup.exeMicrosoftEdgeUpdate.exeRobloxStudioBeta.exeRobloxCrashHandler.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exeRobloxStudioBeta.exeRobloxCrashHandler.exeRobloxStudioBeta.exeRobloxCrashHandler.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exeRobloxStudioBeta.exeRobloxCrashHandler.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateSetup_X86_1.3.187.41.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe

pid	process
508	RobloxStudioInstaller.exe
452	MicrosoftEdgeWebview2Setup.exe
2496	MicrosoftEdgeUpdate.exe
4612	MicrosoftEdgeUpdate.exe
6084	MicrosoftEdgeUpdate.exe
5896	MicrosoftEdgeUpdateComRegisterShell64.exe
5168	MicrosoftEdgeUpdateComRegisterShell64.exe
2928	MicrosoftEdgeUpdateComRegisterShell64.exe
1984	MicrosoftEdgeUpdate.exe
1120	MicrosoftEdgeUpdate.exe
4728	MicrosoftEdgeUpdate.exe
4968	MicrosoftEdgeUpdate.exe
2288	MicrosoftEdge_X64_126.0.2592.87.exe
2992	setup.exe
5128	setup.exe
1600	MicrosoftEdgeUpdate.exe
5200	RobloxStudioBeta.exe
1320	RobloxCrashHandler.exe
1268	msedgewebview2.exe
636	msedgewebview2.exe
6044	msedgewebview2.exe
6068	msedgewebview2.exe
3384	msedgewebview2.exe
5668	msedgewebview2.exe
6140	msedgewebview2.exe
1996	msedgewebview2.exe
968	RobloxStudioBeta.exe
2516	RobloxCrashHandler.exe
5500	RobloxStudioBeta.exe
5488	RobloxCrashHandler.exe
6852	msedgewebview2.exe
804	msedgewebview2.exe
6372	msedgewebview2.exe
8292	msedgewebview2.exe
8936	RobloxStudioBeta.exe
1400	RobloxCrashHandler.exe
804	MicrosoftEdgeUpdate.exe
6772	MicrosoftEdgeUpdate.exe
4220	MicrosoftEdgeUpdate.exe
1412	MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
6304	MicrosoftEdgeUpdate.exe
8244	MicrosoftEdgeUpdate.exe
8220	MicrosoftEdgeUpdate.exe
8952	MicrosoftEdgeUpdateComRegisterShell64.exe
3416	MicrosoftEdgeUpdateComRegisterShell64.exe
1892	MicrosoftEdgeUpdateComRegisterShell64.exe
232	MicrosoftEdgeUpdate.exe

Loads dropped DLL 64 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxStudioBeta.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exemsedgewebview2.exeRobloxStudioBeta.exe

pid	process
2496	MicrosoftEdgeUpdate.exe
4612	MicrosoftEdgeUpdate.exe
6084	MicrosoftEdgeUpdate.exe
5896	MicrosoftEdgeUpdateComRegisterShell64.exe
6084	MicrosoftEdgeUpdate.exe
5168	MicrosoftEdgeUpdateComRegisterShell64.exe
6084	MicrosoftEdgeUpdate.exe
2928	MicrosoftEdgeUpdateComRegisterShell64.exe
6084	MicrosoftEdgeUpdate.exe
1984	MicrosoftEdgeUpdate.exe
1120	MicrosoftEdgeUpdate.exe
4728	MicrosoftEdgeUpdate.exe
4728	MicrosoftEdgeUpdate.exe
1120	MicrosoftEdgeUpdate.exe
4968	MicrosoftEdgeUpdate.exe
1600	MicrosoftEdgeUpdate.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
1268	msedgewebview2.exe
1268	msedgewebview2.exe
636	msedgewebview2.exe
1268	msedgewebview2.exe
1268	msedgewebview2.exe
6044	msedgewebview2.exe
6068	msedgewebview2.exe
3384	msedgewebview2.exe
3384	msedgewebview2.exe
6044	msedgewebview2.exe
6068	msedgewebview2.exe
6044	msedgewebview2.exe
6044	msedgewebview2.exe
6044	msedgewebview2.exe
5668	msedgewebview2.exe
6044	msedgewebview2.exe
5668	msedgewebview2.exe
5668	msedgewebview2.exe
6140	msedgewebview2.exe
6140	msedgewebview2.exe
6140	msedgewebview2.exe
1996	msedgewebview2.exe
1996	msedgewebview2.exe
1996	msedgewebview2.exe
1268	msedgewebview2.exe
968	RobloxStudioBeta.exe
968	RobloxStudioBeta.exe
968	RobloxStudioBeta.exe
968	RobloxStudioBeta.exe
968	RobloxStudioBeta.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 4 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

RobloxStudioBeta.exeRobloxStudioBeta.exeRobloxStudioBeta.exeRobloxStudioInstaller.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxStudioBeta.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxStudioBeta.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxStudioBeta.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxStudioInstaller.exe

Drops desktop.ini file(s) 1 IoCs

Processes:

svchost.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Checks system information in the registry 2 TTPs 22 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exemsedgewebview2.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxStudioInstaller.exeMicrosoftEdgeWebview2Setup.exesetup.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\InsertableObjects\Light\Large\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\VoiceChat\Components\onClickedCameraIndicator.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\validation\rules\UniqueFieldDefinitionNamesRule.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\Ribbon\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\WidgetIcons\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\EmotesMenu\Reducers\Locale.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\DomTestingLibrary\DomTestingLibrary\DOMElementFilter.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\BulkPurchaseApp\ReactFocusNavigation.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\avatar\compositing\R15CompositRightArmBase.mesh	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\Attachment.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\JestTypes-3.8.0\JestTypes\init.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\AuthenticationStatus\Rodux.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ToastNotification\Dev\JestConfigs.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\WidgetIcons\Light\Large\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\textures\StudioToolbox\AssetPreview\ReadyforSale.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\InGameChat\BubbleChat\Helpers\maybeAssert.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\InGameMenu\Components\GameSettingsPage\SliderEntry.spec.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\FriendsLandingTestSuite.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\TenFootUiGlobalNav\React.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\VideoProtocol\VideoProtocol\default.rbxp	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\avatar\scripts\humanoidAnimatePlayEmote.rbxm	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Lua\AvatarCompatibilityPreviewer\Dark\Large\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\execution\__tests__\values.roblox.spec.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\ReactReconciler\ReactReconciler\ReactPortal.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\AppChat\FormFactor.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\LoginV2\RobloxAppEnums.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\Qml\QtQuick\Controls.2\designer\images\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\StyleLink.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\Server\ServerChat\DefaultChatModules\TeamChat.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\TrustAndSafety\Components\Toast.spec.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\UGCValidation\UGCValidation\validation\validatePackage.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\DiscoveryOtaPatch\OtaPatchLoader.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU528.tmp\msedgeupdateres_uk.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\TestEZJestAdapter\TestEZJestAdapter\Reporters\JestSummaryReporter.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Lua\AvatarCompatibilityPreviewer\Dark\Large\test.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\Ribbon\Dark\Medium\RibbonAlignTool.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\textures\localizationTargetEnglish.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\textures\StudioUIEditor\icon_rotate3.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\GameThumbnailsRodux\Rodux.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\Qml\QtQuick\Controls.2\AbstractButton.qml	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\Debugger\Dark\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\Ribbon\Dark\Medium\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\DevConsole\Reducers\ScriptsData.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\Picomatch\Picomatch\stringUtils.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\Qml\QtQuick\Extras\Private\TextSingleton.qml	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\textures\particles\explosion01_core_main.dds	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\_Workspace\ServerUI\RoduxNetworking.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\textures\ui\LuaChat\icons\ic-check.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\InsertableObjects\Light\Large\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Shared\WidgetIcons\Light\Standard\[email protected]	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\textures\MaterialGenerator\Materials\Wood.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-12e911c4-0c4b13ff\LuauPolyfill\AssertionError\init.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Workspace\Packages\Style.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Locales\it.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Lua\DeveloperFramework\Light\Standard\Search.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\studio_svg_textures\Lua\ImportPreview\Dark\Large\OptionsDots.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\LuaPackages\Packages\_Index\JestCore\JestMessageUtil.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\content\textures\GameSettings\ArrowLeft.png	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\Chrome\Flags\GetFFlagFixMicSelection.lua	RobloxStudioInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\WideView.lua	RobloxStudioInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exesvchost.exefirefox.exefirefox.exefirefox.exesvchost.exesvchost.exefirefox.exesvchost.exefirefox.exesvchost.exefirefox.exefirefox.exesvchost.exesvchost.exesvchost.exesvchost.exefirefox.exesvchost.exefirefox.exesvchost.exesvchost.exefirefox.exesvchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe

Enumerates system info in registry 2 TTPs 16 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

RobloxStudioBeta.exemsedgewebview2.exemsedge.exeRobloxStudioBeta.exeRobloxStudioBeta.exeRobloxStudioBeta.exeRobloxStudioInstaller.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioBeta.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioBeta.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioBeta.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxStudioBeta.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxStudioBeta.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxStudioInstaller.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxStudioInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxStudioInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth	RobloxStudioInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio-auth\WarnOnOpen = "0"	RobloxStudioInstaller.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exesvchost.exesvchost.exesvchost.exemsedgewebview2.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "12"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "10"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "5"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "6"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "9"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "1"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "4"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeRobloxStudioBeta.exeMicrosoftEdgeUpdate.exesvchost.exeRobloxStudioInstaller.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ = "IPolicyStatus4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	RobloxStudioBeta.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ = "Microsoft Edge Update Legacy On Demand"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	RobloxStudioBeta.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2650514177-1034912467-4025611726-1000\{ED63E130-C594-49ED-93A4-88F4754F1707}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LOCALSERVER32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rbxlx\ = "Roblox.Place"	RobloxStudioInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{0DD41A78-E3D4-44A8-9EAE-697BCF1781A3}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\PROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID	MicrosoftEdgeUpdate.exe

NTFS ADS 2 IoCs

Processes:

firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\SecureAdonisFixed3.rbxm:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\RobloxStudioInstaller.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

Processes:

RobloxStudioBeta.exeRobloxStudioBeta.exeRobloxStudioBeta.exeRobloxStudioBeta.exe

pid process

5200 RobloxStudioBeta.exe
968 RobloxStudioBeta.exe
5500 RobloxStudioBeta.exe
8936 RobloxStudioBeta.exe

pid	process
5200	RobloxStudioBeta.exe
968	RobloxStudioBeta.exe
5500	RobloxStudioBeta.exe
8936	RobloxStudioBeta.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

RobloxStudioInstaller.exeMicrosoftEdgeUpdate.exeRobloxStudioBeta.exe

pid	process
508	RobloxStudioInstaller.exe
508	RobloxStudioInstaller.exe
2496	MicrosoftEdgeUpdate.exe
2496	MicrosoftEdgeUpdate.exe
2496	MicrosoftEdgeUpdate.exe
2496	MicrosoftEdgeUpdate.exe
2496	MicrosoftEdgeUpdate.exe
2496	MicrosoftEdgeUpdate.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe
5200	RobloxStudioBeta.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

RobloxStudioBeta.exeRobloxStudioBeta.exeRobloxStudioBeta.exe

pid process

5200 RobloxStudioBeta.exe
968 RobloxStudioBeta.exe
8936 RobloxStudioBeta.exe

pid	process
5200	RobloxStudioBeta.exe
968	RobloxStudioBeta.exe
8936	RobloxStudioBeta.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedgewebview2.exemsedge.exe

pid	process
1268	msedgewebview2.exe
1268	msedgewebview2.exe
1268	msedgewebview2.exe
1268	msedgewebview2.exe
7856	msedge.exe
7856	msedge.exe
7856	msedge.exe
7856	msedge.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

Processes:

firefox.exefirefox.exeMicrosoftEdgeUpdate.exeRobloxStudioInstaller.exeRobloxStudioBeta.exeAUDIODG.EXEtaskmgr.exetaskmgr.exeMicrosoftEdgeUpdate.exefirefox.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exetaskmgr.exe

description	pid	process
Token: SeDebugPrivilege	2620	firefox.exe
Token: SeDebugPrivilege	2620	firefox.exe
Token: SeDebugPrivilege	2620	firefox.exe
Token: SeDebugPrivilege	5784	firefox.exe
Token: SeDebugPrivilege	5784	firefox.exe
Token: SeDebugPrivilege	5784	firefox.exe
Token: SeDebugPrivilege	5784	firefox.exe
Token: SeDebugPrivilege	5784	firefox.exe
Token: SeDebugPrivilege	2496	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	5784	firefox.exe
Token: SeDebugPrivilege	2496	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	508	RobloxStudioInstaller.exe
Token: SeDebugPrivilege	508	RobloxStudioInstaller.exe
Token: SeDebugPrivilege	508	RobloxStudioInstaller.exe
Token: SeDebugPrivilege	508	RobloxStudioInstaller.exe
Token: SeDebugPrivilege	508	RobloxStudioInstaller.exe
Token: SeDebugPrivilege	5200	RobloxStudioBeta.exe
Token: SeDebugPrivilege	5200	RobloxStudioBeta.exe
Token: SeDebugPrivilege	5200	RobloxStudioBeta.exe
Token: SeDebugPrivilege	5200	RobloxStudioBeta.exe
Token: 33	7276	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	7276	AUDIODG.EXE
Token: SeDebugPrivilege	5388	taskmgr.exe
Token: SeSystemProfilePrivilege	5388	taskmgr.exe
Token: SeCreateGlobalPrivilege	5388	taskmgr.exe
Token: 33	5388	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5388	taskmgr.exe
Token: SeDebugPrivilege	8856	taskmgr.exe
Token: SeSystemProfilePrivilege	8856	taskmgr.exe
Token: SeCreateGlobalPrivilege	8856	taskmgr.exe
Token: 33	8856	taskmgr.exe
Token: SeIncBasePriorityPrivilege	8856	taskmgr.exe
Token: SeDebugPrivilege	804	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	8752	firefox.exe
Token: SeDebugPrivilege	8752	firefox.exe
Token: SeDebugPrivilege	6772	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	6304	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	5476	taskmgr.exe
Token: SeSystemProfilePrivilege	5476	taskmgr.exe
Token: SeCreateGlobalPrivilege	5476	taskmgr.exe
Token: 33	5476	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5476	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exefirefox.exeNOTEPAD.EXEtaskmgr.exe

pid	process
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
1880	NOTEPAD.EXE
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5388	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exefirefox.exetaskmgr.exe

pid	process
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5388	taskmgr.exe
5388	taskmgr.exe
5388	taskmgr.exe
5388	taskmgr.exe

Suspicious use of SetWindowsHookEx 37 IoCs

Processes:

firefox.exefirefox.exeRobloxStudioBeta.exeOpenWith.exeRobloxStudioBeta.exeOpenWith.exeRobloxStudioBeta.exeOpenWith.exefirefox.exe

pid	process
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
2620	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5784	firefox.exe
5200	RobloxStudioBeta.exe
2540	OpenWith.exe
968	RobloxStudioBeta.exe
5836	OpenWith.exe
968	RobloxStudioBeta.exe
8936	RobloxStudioBeta.exe
4796	OpenWith.exe
8936	RobloxStudioBeta.exe
8936	RobloxStudioBeta.exe
8936	RobloxStudioBeta.exe
8936	RobloxStudioBeta.exe
8936	RobloxStudioBeta.exe
8936	RobloxStudioBeta.exe
8936	RobloxStudioBeta.exe
8936	RobloxStudioBeta.exe
8752	firefox.exe
8936	RobloxStudioBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3312 wrote to memory of 2620	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 2620	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 2620	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 2620	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 2620	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 2620	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 2620	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 2620	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 2620	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 2620	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 2620	3312	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 916	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 436	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 436	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 436	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 436	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 436	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 436	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 436	2620	firefox.exe	firefox.exe
PID 2620 wrote to memory of 436	2620	firefox.exe	firefox.exe

System policy modification 1 TTPs 1 IoCs
evasion

Modify Registry
T1112

Processes:

msedgewebview2.exe

description ioc process

Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection msedgewebview2.exe
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedgewebview2.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\My Logo.txt"
1⤵
- Suspicious use of FindShellTrayWindow
PID:1880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ecdd48e-0126-4d10-aca3-0f883ca7f119} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" gpu
3⤵
PID:916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 25791 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {313442fe-c7c9-4b16-9b52-b3257599bb88} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" socket
3⤵
- Checks processor information in registry
PID:436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2788 -childID 1 -isForBrowser -prefsHandle 3180 -prefMapHandle 3140 -prefsLen 25932 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8ba56a1-10bf-4682-91f1-eed61160dbc0} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" tab
3⤵
PID:884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3764 -childID 2 -isForBrowser -prefsHandle 3784 -prefMapHandle 3780 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63742898-4bf3-4570-b02e-d7f5c504fd8d} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" tab
3⤵
PID:4052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4840 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4828 -prefMapHandle 4796 -prefsLen 31165 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcee97d7-e822-447c-8593-f2140da22908} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" utility
3⤵
- Checks processor information in registry
PID:2868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5220 -childID 3 -isForBrowser -prefsHandle 5264 -prefMapHandle 5132 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4ce4c7c-57f5-41ea-bab3-c89c10257dd3} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" tab
3⤵
PID:3208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5124 -childID 4 -isForBrowser -prefsHandle 5408 -prefMapHandle 5416 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {045dfa39-bbf6-4890-9f68-d5c1e1f5be69} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" tab
3⤵
PID:1432

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 5 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04929a32-7d07-46aa-b4b1-40bece696675} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" tab
3⤵
PID:4380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4420 -childID 6 -isForBrowser -prefsHandle 2708 -prefMapHandle 2740 -prefsLen 27307 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b72c8c4d-9e9e-4be4-bb49-1899b94f2d59} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" tab
3⤵
PID:4300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 7 -isForBrowser -prefsHandle 4424 -prefMapHandle 4112 -prefsLen 27307 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0c1f515-656e-41da-80d2-44c9a98fe5c1} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" tab
3⤵
PID:3212

C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
"C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:508

C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
4⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:452

C:\Program Files (x86)\Microsoft\Temp\EU528.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU528.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
5⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2496

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4612

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:6084

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5896

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5168

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2928

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODREOTc0RTktRDI0Ny00MEExLTlGNzktRUE3NjU0REE2RkFCfSIgdXNlcmlkPSJ7RjMxQkY0QTAtMTJERC00Q0Y0LUJFOUMtMzM4M0ZBNkMwOUQzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2OTMzMDcxNy02MTlCLTQyODMtOUFCRC0wOTk4MjhCOEJBNkZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2NzIyMzIyMTIiIGluc3RhbGxfdGltZV9tcz0iNDI3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1984

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{84D974E9-D247-40A1-9F79-EA7654DA6FAB}" /silent
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1120

C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxStudioBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5200

C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxCrashHandler.exe
"C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.631.1.6310472_20240710T211400Z_Studio_7DDAE_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.631.1.6310472_20240710T211400Z_Studio_7DDAE_last.log --attachment=attachment_log_0.631.1.6310472_20240710T211400Z_Studio_7DDAE_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.631.1.6310472_20240710T211400Z_Studio_7DDAE_csg3.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.631.1.6310472 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=cb5e1ef861e0b94bbfd3c1c166285778889972be --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.631.1.6310472 --annotation=UniqueId=540372825888335386 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.631.1.6310472 --annotation=host_arch=x86_64 --initial-client-data=0x5bc,0x5c0,0x5c4,0x598,0x5e8,0x7ff66a45e708,0x7ff66a45e720,0x7ff66a45e738
5⤵
- Executes dropped EXE
PID:1320

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=5200.5752.17781793995948494821
5⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- System policy modification
PID:1268

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=126.0.2592.87 --initial-client-data=0x178,0x17c,0x180,0x154,0x188,0x7ffa403b0148,0x7ffa403b0154,0x7ffa403b0160
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:636

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,3970764900331675836,16483248933379899214,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1816 /prefetch:2
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6044

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1956,i,3970764900331675836,16483248933379899214,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1944 /prefetch:3
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3384

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2256,i,3970764900331675836,16483248933379899214,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:8
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6068

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3524,i,3970764900331675836,16483248933379899214,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
6⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5668

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3588,i,3970764900331675836,16483248933379899214,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:1
6⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:6140

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3560,i,3970764900331675836,16483248933379899214,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:1
6⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1996

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=792,i,3970764900331675836,16483248933379899214,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:8
6⤵
- Executes dropped EXE
PID:6852

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4912,i,3970764900331675836,16483248933379899214,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4864 /prefetch:8
6⤵
- Executes dropped EXE
PID:804

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2864,i,3970764900331675836,16483248933379899214,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:8
6⤵
- Executes dropped EXE
PID:6372

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 631, 1, 6310472" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4540,i,3970764900331675836,16483248933379899214,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:1
6⤵
- Checks computer location settings
- Executes dropped EXE
PID:8292

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 8 -isForBrowser -prefsHandle 5504 -prefMapHandle 3692 -prefsLen 27307 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5ada7f6-771c-4562-8899-7fd2fa1c047e} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" tab
3⤵
PID:5488

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7852 -childID 9 -isForBrowser -prefsHandle 4100 -prefMapHandle 4104 -prefsLen 27307 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b47e3d1-a0a0-49ce-af77-4004444a79a3} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" tab
3⤵
PID:5500

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7948 -childID 10 -isForBrowser -prefsHandle 3692 -prefMapHandle 5504 -prefsLen 27307 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b446dc7c-b646-4882-9064-a6267cfd2c74} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" tab
3⤵
PID:5156

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8252 -childID 11 -isForBrowser -prefsHandle 8260 -prefMapHandle 8264 -prefsLen 27307 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b6110da-e375-4406-ad6e-f9dd79376502} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" tab
3⤵
PID:3432

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8544 -childID 12 -isForBrowser -prefsHandle 8536 -prefMapHandle 8532 -prefsLen 27307 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e245795f-1aac-4462-ab84-52e37145352e} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" tab
3⤵
PID:1376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8648 -childID 13 -isForBrowser -prefsHandle 8272 -prefMapHandle 8660 -prefsLen 27307 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23dbc7c4-14b4-4d08-b84e-25a8b7a9d05e} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" tab
3⤵
PID:3312

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1680 -prefsLen 24420 -prefMapSize 244977 -appDir "C:\Program Files\Mozilla Firefox\browser" - {358e15d9-ec73-4128-ad9a-57146691c57d} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" gpu
3⤵
PID:4456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2316 -parentBuildID 20240401114208 -prefsHandle 2300 -prefMapHandle 2296 -prefsLen 24420 -prefMapSize 244977 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afa75c05-ed13-46f5-9f8c-5e15680acc33} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" socket
3⤵
- Checks processor information in registry
PID:6128

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3128 -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 3108 -prefsLen 24919 -prefMapSize 244977 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc5e760d-eec4-4b12-a969-ea6812e21626} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" tab
3⤵
PID:2376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3724 -childID 2 -isForBrowser -prefsHandle 3716 -prefMapHandle 3624 -prefsLen 30152 -prefMapSize 244977 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbcc82a8-4f94-4630-84a5-0a351e0fea4b} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" tab
3⤵
PID:3440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4700 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4752 -prefMapHandle 4748 -prefsLen 30206 -prefMapSize 244977 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1561cdf6-1759-4c28-8877-33affa4e4f1b} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" utility
3⤵
- Checks processor information in registry
PID:2912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4888 -childID 3 -isForBrowser -prefsHandle 4908 -prefMapHandle 4752 -prefsLen 27721 -prefMapSize 244977 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bdf3659-771b-45a1-9caa-63ecf4e66209} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" tab
3⤵
PID:2988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 4 -isForBrowser -prefsHandle 5464 -prefMapHandle 5468 -prefsLen 27721 -prefMapSize 244977 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7978d65d-c22d-444d-9b57-2aa501881f62} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" tab
3⤵
PID:1548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5704 -prefsLen 27721 -prefMapSize 244977 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8e65f79-ca68-4425-9ff5-cdfd4a1b0b9d} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" tab
3⤵
PID:4076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 6 -isForBrowser -prefsHandle 5884 -prefMapHandle 5888 -prefsLen 27721 -prefMapSize 244977 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d774e9e0-faf5-4d8f-8207-7a148843add4} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" tab
3⤵
PID:4308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4900 -childID 7 -isForBrowser -prefsHandle 5136 -prefMapHandle 5132 -prefsLen 27721 -prefMapSize 244977 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d7594eb-b94f-4f1e-8f38-2a95dee5b991} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" tab
3⤵
PID:4420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4904 -childID 8 -isForBrowser -prefsHandle 6428 -prefMapHandle 6424 -prefsLen 27721 -prefMapSize 244977 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4049ff5-02b3-4419-9b43-e31e1046c750} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" tab
3⤵
PID:884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5768 -childID 9 -isForBrowser -prefsHandle 5780 -prefMapHandle 5720 -prefsLen 27721 -prefMapSize 244977 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c2c7696-d862-4ba3-a0be-102b0ad101a4} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" tab
3⤵
PID:2756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6940 -parentBuildID 20240401114208 -prefsHandle 5836 -prefMapHandle 6944 -prefsLen 30256 -prefMapSize 244977 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78a24aee-a9e0-4000-8060-92a204cc1874} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" rdd
3⤵
PID:5424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5692 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 5780 -prefMapHandle 5720 -prefsLen 30256 -prefMapSize 244977 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb742ddd-bb2c-4c13-bb57-af2e17658e93} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" utility
3⤵
- Checks processor information in registry
PID:1904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6704 -childID 10 -isForBrowser -prefsHandle 6768 -prefMapHandle 5088 -prefsLen 27771 -prefMapSize 244977 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae9992dd-1906-444d-98f7-b00e20c75983} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" tab
3⤵
PID:5408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6292 -childID 11 -isForBrowser -prefsHandle 6524 -prefMapHandle 4680 -prefsLen 31084 -prefMapSize 244977 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f21d069d-fff6-40f2-b2af-5a4678643fbd} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" tab
3⤵
PID:740

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 12 -isForBrowser -prefsHandle 6564 -prefMapHandle 7392 -prefsLen 31137 -prefMapSize 244977 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6450ddd7-ba37-451e-b63f-f2ef455c8dba} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" tab
3⤵
PID:3992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 13 -isForBrowser -prefsHandle 6008 -prefMapHandle 7508 -prefsLen 31137 -prefMapSize 244977 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e77cc0e-17a2-465f-8def-38887181a394} 5784 "\\.\pipe\gecko-crash-server-pipe.5784" tab
3⤵
PID:2368

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:4728

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODREOTc0RTktRDI0Ny00MEExLTlGNzktRUE3NjU0REE2RkFCfSIgdXNlcmlkPSJ7RjMxQkY0QTAtMTJERC00Q0Y0LUJFOUMtMzM4M0ZBNkMwOUQzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFMEVFRTY4Qy01NTRDLTQwNEItQUY3OS1BOTc2RUVFMDdGMjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMDYiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEwNiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2NzY0MTIwMjkiLz48L2FwcD48L3JlcXVlc3Q-
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:4968

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{88FE1040-97A0-48FC-8AE3-E7DE2681F96F}\MicrosoftEdge_X64_126.0.2592.87.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{88FE1040-97A0-48FC-8AE3-E7DE2681F96F}\MicrosoftEdge_X64_126.0.2592.87.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
2⤵
- Executes dropped EXE
PID:2288

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{88FE1040-97A0-48FC-8AE3-E7DE2681F96F}\EDGEMITMP_E99B6.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{88FE1040-97A0-48FC-8AE3-E7DE2681F96F}\EDGEMITMP_E99B6.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{88FE1040-97A0-48FC-8AE3-E7DE2681F96F}\MicrosoftEdge_X64_126.0.2592.87.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2992

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{88FE1040-97A0-48FC-8AE3-E7DE2681F96F}\EDGEMITMP_E99B6.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{88FE1040-97A0-48FC-8AE3-E7DE2681F96F}\EDGEMITMP_E99B6.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{88FE1040-97A0-48FC-8AE3-E7DE2681F96F}\EDGEMITMP_E99B6.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.87 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff7df48aa40,0x7ff7df48aa4c,0x7ff7df48aa58
4⤵
- Executes dropped EXE
PID:5128

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODREOTc0RTktRDI0Ny00MEExLTlGNzktRUE3NjU0REE2RkFCfSIgdXNlcmlkPSJ7RjMxQkY0QTAtMTJERC00Q0Y0LUJFOUMtMzM4M0ZBNkMwOUQzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2QUI2MzkzOC00ODAwLTRCQzQtQkM5OS1CREIyRjNCQzczQzV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI2LjAuMjU5Mi44NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzY4NzQzMjAwNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2ODc0NjIyMjYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3ODc0NjEyMTY5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9iZGU2NGY0Ny04ZmEzLTRmNmMtOGJjZS1kMjc0MjQxYjZhMmI_UDE9MTcyMTI1MDc3NCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1OZVhET084R3FwSFNIT2Vya292Q0Z3dktvQVFHd0YlMmIlMmZEYjFLT3NRc2RSREJ4QjE0NkgzVkF0aXhFazFHcWIlMmZ6R3ZBa1dWVHJ6d0Frbnl5SDdNM1RidyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MzA0MTIyNCIgdG90YWw9IjE3MzA0MTIyNCIgZG93bmxvYWRfdGltZV9tcz0iMTIwNjciLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3ODc0NzE4MTUyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzg5MDc5MjIwNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iODM0NTg4MjEwNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjcxNCIgZG93bmxvYWRfdGltZV9tcz0iMTg3MjEiIGRvd25sb2FkZWQ9IjE3MzA0MTIyNCIgdG90YWw9IjE3MzA0MTIyNCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDU1MDYiLz48L2FwcD48L3JlcXVlc3Q-
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
PID:1600

C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxStudioBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxStudioBeta.exe" roblox-studio:1+launchtime:1720646079739+avatar+browsertrackerid:1720645783055003+robloxLocale:en-US+gameLocale:en-US+channel:+browser:firefox+userId:7004881642+distributorType:Global+launchmode:edit+task:Default
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:968

C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxCrashHandler.exe
"C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.631.1.6310472_20240710T211448Z_Studio_F1471_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.631.1.6310472_20240710T211448Z_Studio_F1471_last.log --attachment=attachment_log_0.631.1.6310472_20240710T211448Z_Studio_F1471_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.631.1.6310472_20240710T211448Z_Studio_F1471_csg3.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.631.1.6310472 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=cb5e1ef861e0b94bbfd3c1c166285778889972be --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.631.1.6310472 --annotation=UniqueId=3636462586132893172 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.631.1.6310472 --annotation=host_arch=x86_64 --initial-client-data=0x51c,0x520,0x590,0x490,0x5b8,0x7ff66a45e708,0x7ff66a45e720,0x7ff66a45e738
2⤵
- Executes dropped EXE
PID:2516

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://apis.roblox.com/oauth/v1/authorize?response_type=code&code_challenge=ExD2T3jFOAeJXgRo0CPTy668s5WNwziR2lELUvHCaME&code_challenge_method=S256&client_id=7968549422692352298&redirect_uri=roblox-studio-auth%3A%2F&scope=openid+credentials+profile+age+roles+premium&nonce=id-roblox&state=eyJyYW5kb21fc3RyaW5nIjoiajc2ZzFDTUJ4dnlRYkc5eGk1RDRMaG81dkxKYkZkLTJVWnNaLUNWZlA4byIsInBpZCI6Ijk2OCJ9
2⤵
PID:3404

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://apis.roblox.com/oauth/v1/authorize?response_type=code&code_challenge=ExD2T3jFOAeJXgRo0CPTy668s5WNwziR2lELUvHCaME&code_challenge_method=S256&client_id=7968549422692352298&redirect_uri=roblox-studio-auth%3A%2F&scope=openid+credentials+profile+age+roles+premium&nonce=id-roblox&state=eyJyYW5kb21fc3RyaW5nIjoiajc2ZzFDTUJ4dnlRYkc5eGk1RDRMaG81dkxKYkZkLTJVWnNaLUNWZlA4byIsInBpZCI6Ijk2OCJ9
3⤵
- Checks processor information in registry
PID:3112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://apis.roblox.com/oauth/v1/authorize?response_type=code&code_challenge=RlpT0E_1nXhIc1tj1Ta6QL8o-OUg1zrwqvfng2AAyDc&code_challenge_method=S256&client_id=7968549422692352298&redirect_uri=roblox-studio-auth%3A%2F&scope=openid+credentials+profile+age+roles+premium&nonce=id-roblox&state=eyJyYW5kb21fc3RyaW5nIjoiX1FIT1VKdjRIaUkxel9DQnBOazBWZWdUMmI0RlRoQkZrd1Fja1kwekJPYyIsInBpZCI6Ijk2OCJ9
2⤵
PID:2540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://apis.roblox.com/oauth/v1/authorize?response_type=code&code_challenge=RlpT0E_1nXhIc1tj1Ta6QL8o-OUg1zrwqvfng2AAyDc&code_challenge_method=S256&client_id=7968549422692352298&redirect_uri=roblox-studio-auth%3A%2F&scope=openid+credentials+profile+age+roles+premium&nonce=id-roblox&state=eyJyYW5kb21fc3RyaW5nIjoiX1FIT1VKdjRIaUkxel9DQnBOazBWZWdUMmI0RlRoQkZrd1Fja1kwekJPYyIsInBpZCI6Ijk2OCJ9
3⤵
- Checks processor information in registry
PID:4552

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:1616

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
PID:5368

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5836

C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxStudioBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxStudioBeta.exe" roblox-studio-auth:/?code=argyNZiPhyCBuXXrtcAoGWL_Dd7FJsx7I4blANc9djGYP5FUtLBZktMjTRBL34Nmps8aSOdBv3Rs3zU6ZAcDZLLgudnFX_-ge-MGbiUK0D_lViD9jbpCvh-hOoRWgjzcpbzwQr-eXPotYlzr4a9iCbUxKWLtP3yl6_a798HnhwtEIsZDYyTZT621spQ1CGxSMQwSip6g779VAROm7oA6faaMpfErBlj-ZVJZIejbK3_Cbc8UjA_C9FXCd5T2AOs4c-147SH1gk2z8Nb9dtsuzbaaX1A5wXVb9wzp-HXS_dCiOmlaPjB1DOLEtw4sRa8ChPUmKkNc6e2_XD3vJQsvaEwsCgOgXOIX8PFOJdtxXXE&state=eyJyYW5kb21fc3RyaW5nIjoiX1FIT1VKdjRIaUkxel9DQnBOazBWZWdUMmI0RlRoQkZrd1Fja1kwekJPYyIsInBpZCI6Ijk2OCJ9
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
PID:5500

C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxCrashHandler.exe
"C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.631.1.6310472_20240710T211506Z_Studio_19A4F_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.631.1.6310472_20240710T211506Z_Studio_19A4F_last.log --attachment=attachment_log_0.631.1.6310472_20240710T211506Z_Studio_19A4F_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.631.1.6310472_20240710T211506Z_Studio_19A4F_csg3.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.631.1.6310472 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=cb5e1ef861e0b94bbfd3c1c166285778889972be --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.631.1.6310472 --annotation=UniqueId=6669211146899629245 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.631.1.6310472 --annotation=host_arch=x86_64 --initial-client-data=0x58c,0x590,0x594,0x568,0x5bc,0x7ff66a45e708,0x7ff66a45e720,0x7ff66a45e738
2⤵
- Executes dropped EXE
PID:5488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3bc 0x4c0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:7276

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:7516

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:8636

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:8952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:7060

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5388

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:6584

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:8856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:5968

C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxStudioBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxStudioBeta.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:8936

C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxCrashHandler.exe
"C:\Program Files (x86)\Roblox\Versions\version-034c0d4a0a9b44cc\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.631.1.6310472_20240710T211642Z_Studio_9CE47_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.631.1.6310472_20240710T211642Z_Studio_9CE47_last.log --attachment=attachment_log_0.631.1.6310472_20240710T211642Z_Studio_9CE47_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.631.1.6310472_20240710T211642Z_Studio_9CE47_csg3.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.631.1.6310472 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=cb5e1ef861e0b94bbfd3c1c166285778889972be --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.631.1.6310472 --annotation=UniqueId=7732906506753912727 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.631.1.6310472 --annotation=host_arch=x86_64 --initial-client-data=0x598,0x59c,0x5a0,0x574,0x5bc,0x7ff66a45e708,0x7ff66a45e720,0x7ff66a45e738
2⤵
- Executes dropped EXE
PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://create.roblox.com/dashboard/creations/store/18306005968/configure
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffa525946f8,0x7ffa52594708,0x7ffa52594718
3⤵
PID:7340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17814006641326726386,15669429153456900949,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
3⤵
PID:8052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,17814006641326726386,15669429153456900949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
3⤵
PID:8112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://create.roblox.com/store/asset/18306005968
2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:7856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa525946f8,0x7ffa52594708,0x7ffa52594718
3⤵
PID:7820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9232197208453539395,1638166925217850051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
3⤵
PID:7784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9232197208453539395,1638166925217850051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
3⤵
PID:3716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9232197208453539395,1638166925217850051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
3⤵
PID:6324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9232197208453539395,1638166925217850051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
3⤵
PID:6544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9232197208453539395,1638166925217850051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
3⤵
PID:2040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9232197208453539395,1638166925217850051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
3⤵
PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9232197208453539395,1638166925217850051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
3⤵
PID:5916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,9232197208453539395,1638166925217850051,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5356 /prefetch:8
3⤵
PID:8360

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9232197208453539395,1638166925217850051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 /prefetch:8
3⤵
PID:920

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9232197208453539395,1638166925217850051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 /prefetch:8
3⤵
PID:3532

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:2124

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4796

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:4224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:7040

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Suspicious use of AdjustPrivilegeToken
PID:804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:3300

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:7468

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:8752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1892 -parentBuildID 20240401114208 -prefsHandle 1784 -prefMapHandle 1776 -prefsLen 27909 -prefMapSize 245361 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1214b138-ff46-4256-8d77-a3eb382a88bf} 8752 "\\.\pipe\gecko-crash-server-pipe.8752" gpu
3⤵
PID:1548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20240401114208 -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 27909 -prefMapSize 245361 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c149d66a-45ef-4a71-b0f8-6a4de517174a} 8752 "\\.\pipe\gecko-crash-server-pipe.8752" socket
3⤵
- Checks processor information in registry
PID:8656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3260 -childID 1 -isForBrowser -prefsHandle 2632 -prefMapHandle 3188 -prefsLen 28408 -prefMapSize 245361 -jsInitHandle 1052 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e2c822d-32d7-412f-96a9-dadeddee16b7} 8752 "\\.\pipe\gecko-crash-server-pipe.8752" tab
3⤵
PID:2984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3440 -childID 2 -isForBrowser -prefsHandle 3132 -prefMapHandle 3084 -prefsLen 32757 -prefMapSize 245361 -jsInitHandle 1052 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2259e7b-183b-47b8-bfe5-6ee283dace45} 8752 "\\.\pipe\gecko-crash-server-pipe.8752" tab
3⤵
PID:4288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4956 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4948 -prefMapHandle 4944 -prefsLen 33695 -prefMapSize 245361 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb458f3b-3752-412c-b0b4-5e78bc393859} 8752 "\\.\pipe\gecko-crash-server-pipe.8752" utility
3⤵
- Checks processor information in registry
PID:3548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5084 -childID 3 -isForBrowser -prefsHandle 4996 -prefMapHandle 4960 -prefsLen 30514 -prefMapSize 245361 -jsInitHandle 1052 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6de6eaa0-8564-480f-b3f7-f148c345c9c1} 8752 "\\.\pipe\gecko-crash-server-pipe.8752" tab
3⤵
PID:6716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5220 -childID 4 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 30514 -prefMapSize 245361 -jsInitHandle 1052 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {467568a7-d1d1-478b-a2d1-efe5b28c6df7} 8752 "\\.\pipe\gecko-crash-server-pipe.8752" tab
3⤵
PID:9156

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 5 -isForBrowser -prefsHandle 5432 -prefMapHandle 5436 -prefsLen 30514 -prefMapSize 245361 -jsInitHandle 1052 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddbcceca-784f-4626-bcd8-e85b613c3eea} 8752 "\\.\pipe\gecko-crash-server-pipe.8752" tab
3⤵
PID:7008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5500 -childID 6 -isForBrowser -prefsHandle 5888 -prefMapHandle 5884 -prefsLen 30514 -prefMapSize 245361 -jsInitHandle 1052 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5b67ae5-6bfa-4d9f-8c67-f7d957795933} 8752 "\\.\pipe\gecko-crash-server-pipe.8752" tab
3⤵
PID:7128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:6632

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Checks system information in the registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6772

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3E28FE8-7FD9-480D-B542-5DBC54BA0B5F}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F3E28FE8-7FD9-480D-B542-5DBC54BA0B5F}\MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe" /update /sessionid "{4369D724-DFA3-4559-9F17-96B3CB2563CB}"
2⤵
- Executes dropped EXE
PID:1412

C:\Program Files (x86)\Microsoft\Temp\EUCC96.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUCC96.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{4369D724-DFA3-4559-9F17-96B3CB2563CB}"
3⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Checks system information in the registry
- Suspicious use of AdjustPrivilegeToken
PID:6304

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
4⤵
- Executes dropped EXE
- Modifies registry class
PID:8244

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
4⤵
- Executes dropped EXE
- Modifies registry class
PID:8220

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Modifies registry class
PID:8952

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Modifies registry class
PID:3416

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.187.41\MicrosoftEdgeUpdateComRegisterShell64.exe"
5⤵
- Executes dropped EXE
- Modifies registry class
PID:1892

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuNDEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDM2OUQ3MjQtREZBMy00NTU5LTlGMTctOTZCM0NCMjU2M0NCfSIgdXNlcmlkPSJ7RjMxQkY0QTAtMTJERC00Q0Y0LUJFOUMtMzM4M0ZBNkMwOUQzfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7Q0M3QkY5MkUtQ0M0Qy00NjJCLThEQzktM0RCNjFCMEZGMTM4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg3LjQxIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzIwNjQ1OTcyIj48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTQ4NTcyMjQxMyIvPjwvYXBwPjwvcmVxdWVzdD4
4⤵
- Executes dropped EXE
- Checks system information in the registry
PID:232

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDM2OUQ3MjQtREZBMy00NTU5LTlGMTctOTZCM0NCMjU2M0NCfSIgdXNlcmlkPSJ7RjMxQkY0QTAtMTJERC00Q0Y0LUJFOUMtMzM4M0ZBNkMwOUQzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2QTM0Nzg1OC04QzhDLTRFMDktODIwRi02NkMzNDE4OUVDOUV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xODcuNDEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTI4MDg5ODUxNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTI4MDk1ODM4NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE0MzM2MTg0NjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy80YWQ5Y2I2ZS04MjQ1LTRlNDctYjI5OC0xZmY0YjA0MjU2ZTE_UDE9MTcyMTI1MTEzMyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1RNll3RGVDRlNzR2VibG5qYWdrNnB4YWZjNkttUWZaZ3hYUVd2SmY3SEJCa1JpSm91aHh4T2FzRVhlMndsZ053UTk2b0U0M1NvbUNBbHVXemZCcXhlQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ1Mzg2Mzg1IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTQzMzYzODM5MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNGFkOWNiNmUtODI0NS00ZTQ3LWIyOTgtMWZmNGIwNDI1NmUxP1AxPTE3MjEyNTExMzMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9UTZZd0RlQ0ZTc0dlYmxuamFnazZweGFmYzZLbVFmWmd4WFFXdkpmN0hCQmtSaUpvdWh4eE9hc0VYZTJ3bGdOd1E5Nm9FNDNTb21DQWx1V3pmQnF4ZUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIzNTk2IiB0b3RhbD0iMTYzNDM3NiIgZG93bmxvYWRfdGltZV9tcz0iOTU2OSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTQzMzY0ODM0OCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0id2luaHR0cCIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNGFkOWNiNmUtODI0NS00ZTQ3LWIyOTgtMWZmNGIwNDI1NmUxP1AxPTE3MjEyNTExMzMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9UTZZd0RlQ0ZTc0dlYmxuamFnazZweGFmYzZLbVFmWmd4WFFXdkpmN0hCQmtSaUpvdWh4eE9hc0VYZTJ3bGdOd1E5Nm9FNDNTb21DQWx1V3pmQnF4ZUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSI4OC4yMjEuMTM1LjczIiBjZG5fY2lkPSIyIiBjZG5fY2NjPSJHQiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzQzNzYiIHRvdGFsPSIxNjM0Mzc2IiBkb3dubG9hZF90aW1lX21zPSI5ODIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE0MzM2NjgzMzgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE0MzkyMzQ0NzgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSIxIiByZD0iNjM5OSIgcGluZ19mcmVzaG5lc3M9InsxMTAzOTc1OS0xQTlGLTQ0OTQtOEYwRC01RkRFOEExNUY4NzJ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzY1MTE5ODk1Mjc5NDI3MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9IjEiIHI9IjEiIGFkPSI2Mzk5IiByZD0iNjM5OSIgcGluZ19mcmVzaG5lc3M9InsxOERCOTZGQS0xOEMyLTQwM0EtOURFQi05QzlEMzFDMTdCRjV9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNi4wLjI1OTIuODciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjYzOTgiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzY1MTE5NjQ2OTg0MTMyMCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7MkNFNkEzNjItRDQ4RS00RkVELUExMkMtQjJCMzI0Qjk0RjBEfSIvPjwvYXBwPjwvcmVxdWVzdD4
2⤵
- Executes dropped EXE
- Checks system information in the registry
PID:4220

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:7744

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:5476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.87\Installer\setup.exe

Filesize
6.5MB

MD5
44bab1ba8bbc80a6f11a59a921ade1fe

SHA1
71292aa421fc9cefd9eeade06fc5af52f71e8dc2

SHA256
a03c11b73af7ccf83f2a4bc1995f9083f8415174d1e8f6d6465e9192aabb542a

SHA512
fcb6f75c3367b91da92b3d866ae6b85428d8c2ef13499344e80ddd3bb30f47d1243120aa41eba519756bcb6ff5f9708e7fe7281265c4c32766231765aa8104e2

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
d25a97329461572825caa95ec4e4cbd3

SHA1
7ea5959d4334b175a9775bd4be1e29a875490252

SHA256
8f777474f31d3dcf477c0e1dbf86b10249a26ae1d7cfb337674f98f3065ef79d

SHA512
9c2c51bcf4150efcc4a57a6fd80b7e44555c6a6129823c905e28095c7548994594ddd0e2a351a02d247b79fa8cc354f77c6353aa9f3612f0f280408847c08a55

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1268_161763444\crl-set

Filesize
21KB

MD5
d246e8dc614619ad838c649e09969503

SHA1
70b7cf937136e17d8cf325b7212f58cba5975b53

SHA256
9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1

SHA512
736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1268_161763444\manifest.json

Filesize
113B

MD5
b6911958067e8d96526537faed1bb9ef

SHA1
a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

SHA256
341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

SHA512
62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1268_927876471\hyph-bn.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1268_927876471\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1268_927876471\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1268_927876471\manifest.json

Filesize
179B

MD5
273755bb7d5cc315c91f47cab6d88db9

SHA1
c933c95cc07b91294c65016d76b5fa0fa25b323b

SHA256
0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902

SHA512
0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
74KB

MD5
4dcbceced594446b96e0c7cb138228b0

SHA1
60e1e00fa0f245717a75336d5db63117b527da34

SHA256
814269a61614773836070dd46209e36745a751fb3cb5c1f3756178c4eeaf6ce8

SHA512
13975ced9c639066549efe35a6305c59caad5e551d2332f74f34dc444aaab3057d1bfd397cfb038ab80d859613b21895f722f462505d9f8ce3c0e8b3a17d5a5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\32e92a5d-b32f-45a9-9c08-9f111f0916a3.tmp

Filesize
11KB

MD5
6202f37e1101b06f5fe46bb690cde096

SHA1
00c069700b92c1552f1edc5ddb3203e8fe7525bf

SHA256
381d8176b6348b7f349b88a77dff16ef8997cc681b1e2ccf6df07a3fabee5292

SHA512
015161e2507485aabbcf29f727dfe8fa462b5934e53ffb02487663d6e11be5afa820ce04aaa4fcbe70454678e8986137f5dd46b2d25b144b83780eecb4822aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
40KB

MD5
0c4880fb1de7d2ef097042adee0d2d31

SHA1
ea7b12eae99f8f044352f1dd1bc4f7ea3786eecb

SHA256
506fd688cabceb56eed3a3ffaed6afe80f124c61b223b3c8cc231c74ceb5c73d

SHA512
74d5d2148505142bcfee0f99d3879a4c5baca87575026df3eac7d504b56c849f827645b83fa7fe2d64bc6bc3b53ee35ad458ba56b846b2d4a5e03996e2ddd80c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
42KB

MD5
e375447ed0a7aa1ca7d5dc5ca4632b2b

SHA1
34cefcc7ffd7b329b63af54d2b35d890d14fa870

SHA256
01bc6b654fbb35db915a7963ab9ce2473ce952985796aa9c07175deb4df28e35

SHA512
2202c9152a15458694c83f25962b8adcdd90cd06a8f4ffd2b062ae88e0803e560cb111c241a81e04f6f07d97348aadbaca0522a5a67613708a747717e7b4356b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
98KB

MD5
461b1ce98240466558c4b258394d8009

SHA1
6c7ed066a9858330257ba808a06adc96edd09588

SHA256
cba053ebf928df08fbbcd78e32d32e1fdc632b8ab24651153375b4c9aca77221

SHA512
1de347eaa96cdc0682ec041fe893155a4725c32af6f25ec185d77704f504cdf30e151a44f0363c0bf8754eb25189e1bc3f6fdbd65d421990a61e23f572462252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
42KB

MD5
cc7ad65e0558327d8fbe8ade40ab94e8

SHA1
6c153e9bf971f196db25cb2cb3b62f77f0a1299a

SHA256
956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30

SHA512
0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
39KB

MD5
e1f6e032096b2924e561c3928b9dc73d

SHA1
f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad

SHA256
fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8

SHA512
b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
42KB

MD5
b715a5dd019d1b8771a3031ff85c972b

SHA1
5768744eb85d3137d094458e4b7842c1c5c526cd

SHA256
e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a

SHA512
22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
40KB

MD5
f1cad4800853bba09a023250de102801

SHA1
76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6

SHA256
e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b

SHA512
4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
28f2c72a532ee4c43d043fa122833929

SHA1
4da1530a407fbbfd19717fe67f70296e3de40f0b

SHA256
14871714b39d1298f6a4193a90e0e5ca738e769fc413df2862b5056917bd2213

SHA512
2e9640936e90597fc6a87b42d6a1e386ef9df6edca46b6786736113161142b58013f8e1c068b29006a5119e652981aa1cc5ad798f56a5209d1e2759865108d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a2e8af4fa472da3f960c617cd8acd596

SHA1
894ecd4a26220fef24fe934e12065bdf9af10763

SHA256
69c6f77fd09f7fea57454c812be67280d47716daa4073f6525f50e195bc25cbd

SHA512
3132d372db9b2d9e359867ebbe4dc5fed8f2bdaacd747991702d2c6c43c11ab769d3cdb73bd612bc246a1496fc138dbc08afc678a4b128f64ecdef4fcd68211f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
734db91dfc99f3ed50991c6ab371583d

SHA1
4a2fa5cfb7bd7ad8752423e67d288135c828654a

SHA256
e5186c0290fbb9f1df110766ed252a0c6c878faa1c3cce01aaebadd4b94e8344

SHA512
c2f37de3ac612d4ff4ef61deed1ecb76af33c08d78c091fe64cde3bfeabe8c56d542a4eb13e6d92db5760093df785f042bff0ba37d28fa9466a86d1d7c899aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a69f124e7f6d065b36172725b76f1e24

SHA1
f8b0e4e1129a761f117687cf6196538371c37e56

SHA256
abffaf995c0747000efcfa9964b54ff7c82ed8008eced5833c698499486ccfc5

SHA512
59241663a810d997183c3fc153a6aea1c760e1e349ea301e65e59ee8101fede5668512fc9e2e5bbae4dd3232ab629378d71599ff305d38798a34f24870688e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b661f29b18114c4d10e3b808f4e2e4e

SHA1
a3ed604237eb82a7ee3f56c8b5460278da8e088a

SHA256
e9a7df3976ded286b636ab78edff5a887914d81acbdd1282bbd121f8b9a3f271

SHA512
749d6d116872747587ff4ba2740a8487f599a0bb3d65750d3c345119f7e79827bf67e060c6985a0f1ca8ce4bf3c2fb67523d4d40668bb962e1a56fbf3f6f2f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3412d16754c68b4a4c936b384801d802

SHA1
4f71ea6fae32a098316421a3fb390753ce1da58a

SHA256
fd19d0c333316d85f03b1db11b02e495e6cdb7a4c3b7191eb884533d95fec5a9

SHA512
81b25118eb6ca80519e5f226e45a9f5311d7c377cf14ffb52700ad5c631931f2217fa2bc67da21a0f04df49fa9ea2d5e17efef917240250f845f88ddd9098af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d56825aaa68ae98998325cc6c9c7a4d5

SHA1
5f13ce411a19336a52a6bbe94b1389390377c17b

SHA256
11b47b1e1893ccff1210584b260607fa6a2b33d78c6723c3efbc30b2a362f880

SHA512
44f954e4dd13c91e9a7649d6aa1d689aa8991a1179bf5efbdd3002ed7b7a4068a5ac3b84010f84de9308ce0760cd238d60775140a428c8b8bb6ebfc92a3312dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
066cfcdec8b54606437b4c546e5d72dc

SHA1
c5e70a94eb4ebe4edc80d5a452e4b370327e06b1

SHA256
fe306260cec2e615229592c3925b2581a3201fa0ae02d253438554de4e886a2c

SHA512
12fbe74e03a636d80d4ccc0e4058f6c11134180752f4bf678f64300c8e58c77ccd6c17f4decf2bdddf062fdf87fcd5f69a86b1db287678df1b1c3a3d5081814e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe61563d.TMP

Filesize
2KB

MD5
e2ef73e903a684b42397af167fca85ff

SHA1
f6c8b85cba8f116c0b66197aba3fbe20be3854ff

SHA256
b5e2ac9f3701a5a831b7f61c894f449848f9617d208e8d09b85dd9d9156321c6

SHA512
0e0031d891745668180919cdf8cfcaefc53a44d525d7f30fa19bbea4a45735924a3918cbf80eb78f0f16b6533dab77fd9a095a32c8679da381ffd0083fcaabb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f457faeb405383cf95d292df4dcbf4d

SHA1
03a19c630647ca9f1f2b87ff1b2788b9cf5bab62

SHA256
586b5ea60d83216b0548cb0fb54b75003aa5b26ef21456c6359b6008040a72d2

SHA512
de3cca2c8e4198cc595d5a8c5c6ebf2c7d6367c3f96738b84552c896c9b67c17a390ff838af3996741df7eca56cd9265d531fde38550c45ba7e3202e1e49a6a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
1b2413a6913858a6c99fb2b681a603cb

SHA1
f5cab2b7e57390d32598b40cfc1171d03d12aaba

SHA256
d1f208d2348fcf1681e568ea598d809f46b67678be0bd78e0f08fe40bd432d53

SHA512
83bb347c14b3eb2fc5baddc7ffa3c9f10f74e75f632223637418da242a9b1e7d6b64643e11ebf187cd66085247248d7c516b7a4838f9ad3675a5fa3e219e94a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
46e8581f9b2dcbfafe8637229feabd9a

SHA1
a3e32df7127257ba1f0a839cbfba4f53e8a968f2

SHA256
75d6e0b2ca5e49478f0dcd7061fd561a2f3c750548c4cea2a4b7f0347ca4afcf

SHA512
3fc9c7df550a223dcfd03e813b65877e2859881d971060feb65ab639f0792e777cc76d33a8c74451e30af6a7741393422165ac998198b04063e683033be29081

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\activity-stream.discovery_stream.json.tmp

Filesize
25KB

MD5
e47be8f767c8af79d697aff6a1d56009

SHA1
807d60cb416165aaaa1d88141861c695e3caa908

SHA256
67aef2e560ed17ff78b737cdef7064f3252943275fb78aa9d5eb09d84e0965b7

SHA512
9215c89ac636edb25ebe85a5c97f6df8aa511feb54489bb272b53424e9fd139f43161daab221bf69e0cee4b659c08739ef2934e3ac503b0423e2d8a5e9942856

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\025C5045F0DFDD7A5C1F710A4C4A0F085B3DBD3A

Filesize
94B

MD5
3074b7927e5bd7ce1448d775ff4c2c00

SHA1
41ecd5668ea783060e4f745b2786b2c89691a0aa

SHA256
6671e6443a5ca0ce943e6e36445ae03aaa6a2eb7eb5b6bb34840e709fa45c41a

SHA512
0d4e3032e05d2cddd978e087451a34e28bdc7df9cc49bfce7967d65ad339bc13ca15bfbb0c2d62d0cdb8409214572096e23a0b104fc40628805af1f56c1d63f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\026FFF67A62C72CC61D50061C7293FF2F650A30C

Filesize
8KB

MD5
09494800cba8c782003e9418f0b77824

SHA1
48354b058297aa32b873230896b01584ae25eff2

SHA256
dff51a23cfc51ee8259fd3b01e4b1cf771fc357855a9c4039556f9fd2c8b3197

SHA512
fb58315673e53c292232e113c9a249d2e0c273082bfce2491f2ea0b32344c8598e98277053bc8fa469e0901276949061b7e9fe7a35b7fbd2ad33230d214e2728

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\04D55E571EDCE18BBB52F0C37A63E0FCB4BEB7BA

Filesize
7KB

MD5
8f0146cd4dd924ad7c932ffd821a44b5

SHA1
8527cbc03310b4396fef05ad5d7ba5b3903f4413

SHA256
7376c709a690c46c4af7e9fceac88238caad5487ee56f422a2e2eb6abee13776

SHA512
29207299a53b7b6e8b0ba9ddba0ee12efe274b3bc32424ea9d2f74cb76aaae931a5086bc5d94191fec2e786084245f455f1b4f6bc067b48b0683647667ee4582

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\083066E16BF3253EEBFA53E9A59F26A3C2641C65

Filesize
6KB

MD5
fd3c3ce6a60a29887ded60294f45ed29

SHA1
d4958b1383b7b76ea85a696933c9fb3c627c7633

SHA256
9597bb819e425d101ac71e450fbff777facd7c124abf4e4b263d58dc24e0ba46

SHA512
13ed1c508d79a7a6a395dbaa76bcfc39689125b7af0cd31527148b9b1117c4d38c7051ce3be1abf40b7635e821b03513317869c6cd66c130ff9e4e24a2d652d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\0A40B5E9C4D7520ACF269256537AE2D4FF9C2F2B

Filesize
10KB

MD5
9570b38ad16b67010a8d889c2384bd81

SHA1
dcf310445d42f0f0934a0ae9a83d95ca7ecdf723

SHA256
713e6eb472d6eb82ebc2eadc9eb1efeaafe53b48074c815d35494d468b78ac81

SHA512
3789d35bf5f1a0face8f4206a470436b53f1a913cefb52c2b040dd03961829b558ea7664c2f7731b5662fb12d7fe082f37f69d1f221a467d932e23ab1fd55388

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\0E048DD6E04F611EEE102875C20C9EBA89D0E9EA

Filesize
37KB

MD5
6f69020d23602c1ebe62f07d82bfda1e

SHA1
73f7ae632aba7628e526ab8fee6644b77cc98515

SHA256
5fc0dadb15a3ab3dd744678a59a5d16e0891dd689af3cf034fb8566a34c0ea34

SHA512
7e2c50c249edf8385d29f280317dcdfdc118915e668b62b4467b2e8d82b085070ef38cae25e2014d5668102aa43271b28c865d05ac6cc32f03a70d99837e7cd0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\0EA2E1AC3653A248EDE38E975FF2A4ADDA308244

Filesize
480KB

MD5
487f692a54c58ce40fb5f19718e7576c

SHA1
de932d79907bb5d3e3ed7d2486852791b4b765ba

SHA256
4ff26e494caf3adc2888167c92d8b8177deb06f36b1b2e965afc69c948cfa480

SHA512
35e9197e59800692f3fcbae5e06fbfbfcb53cd44798409796a077f5e38d846085d9e99f109758ddce2daba6781b0b38ab7e9348207bfd2c15d100c04e0124bbb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\12E5947B4266F902244FCFDC92FD330542CCC476

Filesize
12KB

MD5
467e2e085d8a7f9f81127b2f4b05ebeb

SHA1
71f1e117cf9cc3cfb88d0f672208b68d4a698b9f

SHA256
3693c1cd4f52dad276676bd577e0f0fba12b35e544eb5b755bb8ab2833e83575

SHA512
7f60e8670d33f9ef88aefd22463838fc80ec3dc185184a262889df108d6b79889a45efed69f731d7339db5deaddeaa449114af88fc328925b3bc477b62b11272

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\1340ABD49C932ACE08A495ABA1DCF23C8D5FEB10

Filesize
73KB

MD5
0c5468e0957e039ce68be65d15b7956c

SHA1
1282f9a026f159303c4e6de8c419f0c4e0af4bf1

SHA256
1947c61910a9f7eee1e66b477b209a0f369fed5b05fb4c67cd28fd1d6b35ee86

SHA512
5f284686fd1c445d852cc8be744752fddf5dbf78fffd56bf4392960168c6b9d5c37d702820c9b64016ec2f16d4857a4064d74acc223fcd8117042ff29587edb6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\1398D3C9804F3EEA208BADFF53AC3C3A46294532

Filesize
12KB

MD5
87bdda586b5d59935ce85fda75c1ed54

SHA1
99b7a4c64b3fdea8ccf83577b6778357d36e44e2

SHA256
cf33dacb856a136306848cae1f0c445f6b9533e06c64d84420c61d74e5ca727d

SHA512
21a78706a1a0d983397ecc44c731a347ab2bf32588b17ecdf66c30ffd3a290a030ec3cc131897291895dabf58765f5fe5ecfc035eddcc0e09d0aaaba07dcd5bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\13B80F3F5F24C150A580F8D7979DA2232D8EFAED

Filesize
9KB

MD5
3d54c646dd4dc9658d6b622faf564cbc

SHA1
aa75189d05569179fb760d71ea5ece95357d5848

SHA256
6e49e17d1d6a6297ecd6d32b9838c365c2ef52551407f2625324b1f8a5c0ac8a

SHA512
0ca1f982445f5eede67ccab0ab2661895c1f8880dffd79b078c443f7fddded4fe1222b1a5a78d1ba20a524204e2bac4a01b8ce6a8ba5d35585daf0889e692f78

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\14196E7D560AF3D7E82CB01FB9594569C732C120

Filesize
154KB

MD5
a1cd92a0ca369b2db986e3f5c9f06a54

SHA1
b20f2d1d346b866bc7f790516d3c528246a1406f

SHA256
94e82f7c4734db72063d279766d3788f74b8ecc9d137ffa197ac5fa983f09c96

SHA512
a761c9a7cc8474fdeb837ef8ccc7fc5b9491ffedb2a1d6414ad934435a3099b1401fe1ade3872761664584982952906bacc53b69f70e1e20e4bc614b86b1fbe4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\142E5FD498B07F9CB27BEFAAAE433F8F4A16655A

Filesize
9KB

MD5
ff77c05ffb2eac19582a08ea01f403fb

SHA1
f0f83022b0795b5d0669c0dd805332ac99cc618b

SHA256
e0cec511c81d99c7fb3ec5a30c1b47b139e9d16b1c0abb8a1d828b02edb06346

SHA512
9336043e888d805451f97117d57cbbbf8d24d0c774c5690455163f75be8303b1cccfb7c57c94e802f6ad83e611fe819175b4dfbb5a96dc17915898d39334aec4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\162FABDFF5DAC409129B57FC03ABE3B3931E1589

Filesize
134KB

MD5
67a7238ab7b690df6acd6e466bf1be99

SHA1
28cc504a9164e379cb817dffc93aceb40c22563f

SHA256
f4b4abe55471461231b6700d1f774c63f2926aea05c28dedb17b5909628f4615

SHA512
3669bd6b6e2466f3f9849c42929c9c6db904d07501d478d51d1b87314e4ef9e62179e0e6a12d6e800b121e106cfc85fb5e66aa5c97771392b47bc8ba979779af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\16C366F2DF913B073C5CE892DF938A3BDE790D22

Filesize
40KB

MD5
7fea46bd6c4bddffd82f9037280ae5ca

SHA1
8fadc91be72ff6f852072cf96426ab5e239113b1

SHA256
bd4a6efb74ef832ebd6f98679737e6870e3fa8a02c60ed46329ecfc56c751fbb

SHA512
ab2a7309dae3fb27aeb1829dfb27969eb35b867d999a62963129d771226cbb57207e665f2d73038965d6aa05f102f49d3837ee6d0ef3df1def1777372f0ad4e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\178FCDE95A1376BFAC685C9E230CDFE7B2CCA597

Filesize
9KB

MD5
8ff702b0491b5f66589bee270bc4903b

SHA1
46f1315ae89b70a2e6b06936769bd601e0fff933

SHA256
8afd373286150209465ea159f48bbf79868792168b46a497b010e99670ad4e9d

SHA512
aeb33aa4693eb7b591caa4270b0fecdca80b1f073a94e16a1fadac21efbb362c5e76f6fa2255dd5c2e6adc15ee6ddd6e8888a320150777d3fb0fb5adccf23480

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\1964D83AC29CB6B5503521BE5AF3E6AE2ACBB32C

Filesize
8KB

MD5
552781b2b044b843c034cc8766147969

SHA1
dc4e5b5ae22683ad75ef42381e1521f1a8715266

SHA256
875740de27e23b4b54395e52aad96575a343ccb15cd5d327a652a836e9fb565b

SHA512
6ce5246ad7d9a2eea16659d87ee2aff93654f824f4f951f9e972a6c5a8e198023b0825909adfcab90876b4cc69a0a80a0023408e54465dd059307cb231de7685

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\1DE6D50E995ABEEEFD0D7F0D7B33404465452DFD

Filesize
13KB

MD5
68e363503e4884ef532158c027256d97

SHA1
82de897c7c76c7a072c90252f785d2c8d41a81ed

SHA256
9be70dbb40dd0a4e68d82d0013d78d1d91cf10bc72faa2653e61031c775536c7

SHA512
a26c7dfd17430bec5410d14d54c16aef50cf706a188e752c38d92be6b6fd791f12286af42be1164e8e6368e2be40f34ede680f5bdd156e3e4022d56df714c50b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\1F1F7E447B71B0754DA33D917D2A2D4CB5260FF4

Filesize
20KB

MD5
8b2059151570eba320bf41c8263fc841

SHA1
cb2f3fbd5e2cadbc05a2bc2ea10565283b4a3b5c

SHA256
1f71b5916bdd52f286af9bd61897fa6f82111e901a83232e417d936bc766571b

SHA512
32a69ae08d701d8f8d899c394d71881b475538be097821d4c970ad53044e5a5785dadafec06af638625c500f176226222160b50978f0f4a9622342dd78f4c4ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\1F6929D95FD79C0DE6259510E09C5133084BE76B

Filesize
9KB

MD5
48df7f94596ca11484005aa4af3483db

SHA1
f7c35b72bd2507cd65cacd72b4bcd583c875ddcd

SHA256
52d62bcf51f2d9a839e8f0a92b26709ab35799579169c7a8becae65e717b91ea

SHA512
77aeea95f7c96537f0f21efdd747b9f51ed7fb187043d173141371ea596f6ddf89e49abfb1fc5cb81c0984a91e6f701e840990e66b14c0350d1b0399b348579f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\203E51E4C8F6E6743E539EDB830E9B28EFDE300F

Filesize
49KB

MD5
2afc838f18aba135e34ab7bddfec95ec

SHA1
944da3e982f4e938401015a454543739e88213b0

SHA256
cd53795d88537ca0c7c21fd41d2cebe4dd3d7bf32f797ee5d93807fa753963bb

SHA512
5096a511511b4e74a4b8fcd13e36658080082a122e7301e1c10debe3e7e837b40177f8d502beff7d79d54467a5f1bae32ceb654a078bb838d5af39b434ff161d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\2260EF38B7773510BF0173F4B69C4E7693BB6DD9

Filesize
17KB

MD5
e56680bb7b2f4dd4150b365d64e60d7a

SHA1
4049b3552447b3f07e1cc12fd02f8bbb14c1d10c

SHA256
caaeb85f2fa8a971a5b5ef8db145c1a42e935b0a0bc570d871281ca45725548d

SHA512
854dfcb2494367a983f9b0955477223e78d1dd67c5591a08d055cbdbde94f06b2204d2af8f6142a7c13052908051f888c9b3697feab5a675b8aa82b0681b5737

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\232B4E6BD567364B67669F1149A77B65562A9366

Filesize
9KB

MD5
c91d4d65701cb14f344c2e25caab3be9

SHA1
06cf86788a1e3c09372af6de74d290fdfce2f4d1

SHA256
bd50dcc1a8d96af4dccef0e8bd244c426dbcd79d7bd502a9fa7d24fe3e54d254

SHA512
44633e12e5025857463014bd8f21cd9f7fd59f413b70c270836ab3a38d8f4d161a1b5c66a52862acccca588d3b2896fba51f33dd47d76bbef696d23077a01db4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
7c4708db462159a8d56984d1515dad5b

SHA1
72d9acf671b33d6f51c9cd11e5b64f0d6fd4ff71

SHA256
f251bf476c946dc831651a99ce61e673435a2e9c21725bd4f8fd45b0ebde44ee

SHA512
350915a38f3dd8fd42478c4c4fa38b651bcb9a2e01205d98fa1ce916e19eda4ed499106aafbe0058a3678a47195976c5ff6387e7b920f7471b5d2e938e0622bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\25F1A85E3133B93A007FED6CD3883DA69EA40C15

Filesize
8KB

MD5
cd6f96468173cf428df6338d62c0aa92

SHA1
a128decdb8a4e18c9385eb58f7bf21b9cbf4184d

SHA256
10af939b2fad4efb31a11e86b0ab5a773165b708acb6d77b5361b0973cde7d10

SHA512
8a2b5406b5ce4be6c50fe81adaaffbcda34e74b4998c04253a1b06a21462e594eefc96b8b48e458ecc6dee8b647db72888375216b96f6db8d4b6088322f23b6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\2A4425D6B60CB7588A7D807187AA5269A0031731

Filesize
8KB

MD5
ab5122b93230d4c20d1747246febc167

SHA1
01a05a326e641ea3eb92bb991191a7a72d057526

SHA256
051aa6c81952bee3cf835e3efcef73cfdceec44d86f5e72fb3f765cedb44dda6

SHA512
ebbd39d9c9dbed013d6f6dbabdf6f39c6e62a378963e7882b0c11b37fc26883c2e64ec46e47a0ca48c967254950604cd4fd97f5f136fbe678c57987bba6f8c58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\30713FA0A1CEF2B2D170FCC92B27E2D46DE667A3

Filesize
112KB

MD5
1309be64c26e0873fb90ed60340a8875

SHA1
d5fc210253557bf4fa8d6242fa52785f8ffca3e1

SHA256
8873ee130999acd672071aae5b75b4c76154d9a092b726e77c2dedbe97a01264

SHA512
77c246495368bdc42421bb41c45fce9e1bc62b63e59bb78169354e93c35e6d89c34f8f316ba91d964c369449b70fa4168180b550ea8bc913872e3040501098cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\368BC6AA6C03A6DAE3C210BE72F67005DFC6B531

Filesize
12KB

MD5
fe5d279446355ea49e962428b847866d

SHA1
704eab42aa6dca5ff0288a8c5950065d724862f1

SHA256
9eb4d2eadb328a03e1497d954cda04749a4ccaf5582490b136df4cdead67c9e3

SHA512
cfa9829212b3818255d1cee9ad3385e301b88c7e83286a9ba3bfffc96e9aa068fac2e271136f0c772230be929661aa31e52e8e1e7d2154a5f37b65a6e2fdfd7f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\3BE26F5A5FDDF671FD741D8C436D68A76391AE78

Filesize
21KB

MD5
c232b387cef26fa0512810ee4011f32b

SHA1
3148aabfba8fa4d5c0e186c7c66f87e0f680222e

SHA256
eb1fd80cdc303378684fd2d9f8fed2482490436f971c0832c60ad8b9a3421b51

SHA512
bc1e03eb2824fbf77e3a62e0697b2dde31c16ecf8737caecbf3321ac21ff02e7a037af632fc7788e129a6119fca82c7b478e2ada70f86dad3f747c0f56b8d862

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\479D52579D3329550E8C09C229FE1D0663A1DBD5

Filesize
437KB

MD5
ef76b7d81bc6bb253607a28a96715428

SHA1
a3d610227a17ef1becf2bcb59372476143c42508

SHA256
939dcbdd2b7397c71e64aa27b1395f678d826c519281a456e4074f88ebe69a76

SHA512
4c78c09ac5fba357b2c6a1d434b214845429648894ae112aa2cf78ae7615740f964812cfeed636418aac3f3405d92bb6304523f692c269eae104d1fecdc1680a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\4F8641BD742AC7D22291B5AD209FB32130B9A960

Filesize
406KB

MD5
9603edbaf8a159de4cd3e6561f86c04b

SHA1
61074c8117060cefde4c71443f88a240f4846126

SHA256
f0ff3f050b8879d1b86e8b9ed009a139622ceec896a078165714acae8ceb9fd8

SHA512
cd0fa7eb3970d56fd50469c26d341faeef38ed454d1d9aa36eeb982035696b6b436bb35fdadb9086c113c1d23b598a787caabc09de61b0f671f41062fa63b998

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
65982da9d02fe4d87f2437eef8e6f9bf

SHA1
276987d47c3a53f82a27a9d88b36cb2042812227

SHA256
7ee73334599aebb7348a3c3cdaf90bddaff178a972cedefd449c874bfffa0cc7

SHA512
c42ea1d6cda4e763a23eb84a2b9ba0b7c5041d467ac361a213a2273d5f852d064ea0850f45f190c525a70c0e4828f413866289d1b79da45b54aac3866164b8fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
806849ca0dd212ef7f1197d5402b3a0b

SHA1
171b0c4327bd0b9a4010a60dc30c7d46dc1585c5

SHA256
84280730cbd411d7dd9f9d0aa8d9c397717d4155c3676891b4d81855f05815aa

SHA512
7956863387b72f09b1fe84a827afe8d35c5c038b8bcef9d8a47c8f73d2b414227b14e7340347e0ac7fe76568d6dc5c0fd179adf2f128c8500abd4a7abf0957ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
968c9247b1cd631927c05abc0fffdc6a

SHA1
833c1611fa5b0fe04e273a2c27856d9483ce4527

SHA256
1f83f187445f291d4400ae8defa06223d068a37ddb0fda302a83e2e3a4e2ac9f

SHA512
719c8a1ecee4e60a0f6d544490c67e2460102bb736b59b71a2621beb184bea8328678605db4eaad576f88c0b28cbb07fed90e61a93665d123658f8b5e9e917f0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\72D9C061EFA82F0F0F944418BA7ABEFD33AC0AA7

Filesize
206KB

MD5
0b6b004e31b7f0214c64a06f9e477e42

SHA1
807c5733caf22fc66c09a682b0b04cb0461ed637

SHA256
0363d837ba99ed6063ccff1da398c9fe593cfcfaa6ef4b0cb7cdeee4df2fcdfb

SHA512
3270008bd9bb755c0b0dab9ee3df74acf8429b8d832d95e191e89bda45ac0e75d29c2d0db2e8b249a8805adb2fee3a5b97e0136212949d749a5a002a5a15db04

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\74AC86B1587CDBA7CBFC44EBACFB111426FA8BEE

Filesize
50KB

MD5
bb84a9b9b7ec414366c7786c53a79a4a

SHA1
50b42553be98646e9479326d1fc7241b5251214b

SHA256
cbe1facc16a91a68dcffab9f9c55d60148af251153a973c4b11e627c61eefd3f

SHA512
4e043f53a1257c891dcb11fc1db08cd34967645af23babbe0a9e062ff3aaf64ae94a002f84a029880d57fe246331cb49438531081e9e93f5fdde12772134160f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\8B725A982654E3C8395012B14BF6389E80A34178

Filesize
57KB

MD5
49fb021e671dd69a01166cdd492b6419

SHA1
e32a284629e0b994feca9e8722449bcfa5b50b14

SHA256
b04d164fb0b668193053b997e32310ba58f2ff73deb17758feeff688ece6c016

SHA512
dfc6a929236ed01c34ba080cdfd2d673e70a8e5ba4c9747c6b2d8627db1fa529d0a17b3e1889f8eac92cdaac345d8999c77e4b702046bf3713d19dbf8898ba22

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\9AB8BC3BA6D8F8EC4ECD38C1F10C483C79F7A0D6

Filesize
178KB

MD5
745e9e25f157cee241e35ea0c64adeac

SHA1
fcc2a1e152e62b34d79116bb96f0614641b29a51

SHA256
9f5b14c4fcf796db9e6e9f8fedf81ef932d3e218384795091e69c22b2b37645b

SHA512
3e305f9f272fb568e3cf93ce6cca2d0fa5e7690b1380d49e84426ff1025ee34398eacc517629b9f6b31862d3a618a33bd45293a61e34c8b025b600394b62059e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\AB8B1A0B34435AB6ED70A8A26E45693A13136A42

Filesize
38KB

MD5
d0e4eccb0b676d4841a7083bdb8f7b31

SHA1
1b8dc430e1f0a7484dfb4eb6d76497bb7ef371f7

SHA256
f400c163c34df9f0a2713de8196a9a8bc4cc453ed9666c9b2b67f7d5fcb4c55a

SHA512
7f512f55f2e84d8955ce421d582954d111c41b31c790f46c3a979e144a54445536a9b16a36944a8681d4368819840a2cbf7e143e511c80742bd50d41870d04fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\C4C1BD32A852B6A06FCA9CF5263923380DAC2885

Filesize
187KB

MD5
85dc5fd856c8e0c1331ac2cf0e767f3e

SHA1
7f3956e8775931c41683d3b35ffe65c8a28d7704

SHA256
7980ec49d8cd4eb26a5cafbdc2dc4333a2f3fa46476e49134e1bb418c6e12dc3

SHA512
d34751beb66614ca24420c4a78e3741877e8004988900fdaded597278b2147a26127978726183ffecc9919f2a3dc7d8a417e692aefe3f3f5d35bab2c5dc52f4a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
136KB

MD5
39087cce4065925f4a28b17c838e9a32

SHA1
6cc6dc8b298cf3b2f7c39f9e0fcc7214a071f091

SHA256
d809ee8129c444c525d9235e679c3744205cb337d37ea2eeec554b2d1af2fd9b

SHA512
9fff773f31ca927cc4555417eff9be28ed3768eb6327b1e1be498648dbd5a8dba166df69767ef2e4081f1fc49ef276fc58d27957e659fe0e1896fe5ea45aedc5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\DC866696E61C06DB06E86C409894D141ED7E18F1

Filesize
104KB

MD5
1c51db0fd263812aaea7a709cdeb46bb

SHA1
1ee6554f094bccab48ecd99ee2b384d49b295546

SHA256
8afff4b51d6026c690c935303ff76c9465b49a13a82f1fdf47ecb4cf5c811d58

SHA512
970c8ebd2bacbec8a128ed762dd19bd3c07a53c033062b250f61e3ede7bbe56410db2b588e37e55729e21876a68336536abea7169f4f9d1c872eac7fffe0b034

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\EAA85ECE2025B774D35D9684FDA7E7F3AB19275B

Filesize
49KB

MD5
dd33f8c8525830386f76a7bf8af4b5ae

SHA1
364a61d483a98936f77dc7ef0078dc42312ad858

SHA256
14f37ec2f1873463f250819af0a371a5f4f4dec043ccd74a0f89f0b795e1ed16

SHA512
23620e3637a1fc9f13e788968eeaa021f4dd0f4a24cbac08a1b1d9c606a099dca9af2c6c1a8dbcbd3086a98d6264cf08fa37a01c2e64374186879c21ed2a28cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\F27E0CDCD1C7E6F6CED7F2BE71ED722173C6CCAB

Filesize
54KB

MD5
51e3778182f158eb706fc9a2c6923c95

SHA1
8b2a76271ce40b382124584883bbda8a2f20a193

SHA256
2fa3ec1a110c3e2586fa07838a362520300a919e2c3450b68d70bdc3eca8d8f8

SHA512
c2043764f19257859c76cd7c7f385b8c301420b9e9f975e3b71794a19cb2b3626658abe74dd4cb9c62e534ff029f54c857dcb596086dcc9bbdcfff81a2ef40c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\F4AD8BDEBA2090D308AA09EBAC963D452BD775EE

Filesize
67KB

MD5
3a0529412304448056f8dd857db2a01b

SHA1
3ec172622a7a5c2f13fc0531472ac3f05dde967d

SHA256
2c4ff90bbf494ead6b1939aa32231a7e145e48ca92fe71b39a0b1d7b5ba4c7e5

SHA512
f06983eaa1b6cdca01df53b5aae8970cec65119375a8cfb114b6c81f1358d4c928a22d5d2e5b6d3a1cb68fb884e77a4ff5476b9c08090b962c4f8db975b164e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cache2\entries\F9D41122071BBD517CDF3EDC8258B8B8CA31E839

Filesize
107KB

MD5
c682b92cf2a817378736b09e803c3811

SHA1
3701e8c5535a6f580bbb6dfedb73e6be5420747b

SHA256
22a67c053e9d534a276241dc7d0fcee97729bd27e3f4a1160d6131e6118f154f

SHA512
97c9fbf218afd1fc131aa199867c76bc22a00faae406b13b4666b9158af2e63077a1738ebabeb382552b6806e78bc0f6b411a6e8070bc6ab8d7498f3960949d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\startupCache\scriptCache.bin

Filesize
8.6MB

MD5
51e2b60b435eb60f5ffd1134e4066e6f

SHA1
a289984f92fa293f5f8ea3dd6137390469055dd0

SHA256
8c5bbf7ab0d3abbc7b3eb7856e887450aa8c966cc03c986a1b015fc6e68f6320

SHA512
ae88ba80ec0f78f74790597a2e7db2b2efedc9fa238be8e655599de1adf90fe40f11aafe80a83f26387295fd078e72eb400c64d998441569122944cf9afc8bf8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
9a430952ff88d1c6e07c72efad9933f1

SHA1
0c0d3c691d7d6d115b92cda332b388dd78ca3082

SHA256
f97279a1d8c399e397a1549dacb2c8ad684798adbcf6a857bdc4f5192aa25fd4

SHA512
cd5c0f0ae1ddb5eb5414ba272cb8f4b9d90a274627341315ec577ae1e360d948217966172e3632bd84d0f6119fad6c313ac9e8fa5cfb271660520ed844be8075

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
66da3a3b05e4d4c59d90628e9cf8afd5

SHA1
128644a60c3878cb1715dd08105b7c050fe1c5cb

SHA256
587095d31c0f82571e9b469056c9049302d23fbfcc8c8e953234196bb1b555d7

SHA512
94b567f7c378fe17d3dbb33ea88bdb438accf1b5187116537bd0a90d104c9d967fa3e0053d417dc9f7f46e708ac208f65ba30cd0aa6dc32db326656265c7d034

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vvc8bff9.default-release\thumbnails\3470f713e9a70156e95105b925a0ee9a.png

Filesize
3KB

MD5
8b5dc8858622bb50b689222232a1fa6b

SHA1
bc1e6b3cbdf58cf0ffecfbd05f020570f5da30b3

SHA256
3958aceec77a876d377b20146e8d4513c2ce484a1829f8c893846351a4b4dd0e

SHA512
81082937b1ff6d275f12f7c67c5e5963774a64c520c00109b63455a295ae8a23a4742f009df649df6bc893b75e14a68c1f4f9bc9c86388fe2b67cb5d8174eebe

Download Submit
C:\Users\Admin\AppData\Local\Roblox\7004881642\InstalledPlugins\0\settings.json

Filesize
2KB

MD5
4705e802fe699fb8ae96360305531f09

SHA1
08af92ab95ca541d1e798fe60331c26c69391aa2

SHA256
fd96fc96a0ef279be4bcb8d30a732e550e3878ce4e4d89b985d86959ff639db0

SHA512
42e40d0e235c17b80ea7f2ca1f67decb4f32bd0b6792622c1d05f2aca619141362b30669668c604b36d6bb788c38e981851dcc06c92a4462ea2073f59aab9257

Download Submit
C:\Users\Admin\AppData\Local\Roblox\7004881642\InstalledPlugins\0\settings.json

Filesize
3KB

MD5
d826a0ef2956a801591102f50923b3b5

SHA1
d2100edf99aa9be4d92bb560a5029d31a7f145e6

SHA256
cc91510153d0fb66b49445f20ee33a24710e68628933c537a545c87ff63aac27

SHA512
bec122727df6f7ec0eefabce11d04a4c0e517434f0536022a876cb497e44ba3fabdf5e1106ba32b83da389af4afff1dc1bb905eaff4ec9a9462c60a3e4b43aa6

Download Submit
C:\Users\Admin\AppData\Local\Roblox\7004881642\InstalledPlugins\0\settings.json

Filesize
3KB

MD5
ea9df7243c022fbe49cf706275aa1817

SHA1
e05f8d7d3f8d1f58cabeba79215d49ec241c2840

SHA256
3407640f6d4d24328942a95f8267fddd9f1196bd8c588ec72d2c61c3595b41e3

SHA512
118170b83498e7e9cbb27af96d7320e1c421739da0273589f9126a82e5a49a98928e5ef61bab9f4144ec78bdc0269e34b72c6c2f46028ac8ae990830382b3fbc

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
4ae58340804571bc5e56c4146bfe2205

SHA1
52bf95569865eade336d3e1ace92cff94de48e6f

SHA256
5c30e0104eddc835661d4187d880095503296c3d35eb25c388ce8490f9099729

SHA512
7b11a5731892941d93fbfd01563b41a6ca60700cb0dca9c8de8e12d9b1868603c2e870b883117db73265cf43a42e4fb508a00d83a81df538cfe9fccea2706954

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
6fd014b685fdfa1c541b256d63e44615

SHA1
cac0693e7488d51363914523654451dc0a42ffdf

SHA256
c73da78f8d0fbda5136fb4d953172f66653014063241bc23ddd69ab7a0ab2399

SHA512
a9d7be37a7fa959684e9f9f5bbad83482cf34041cb6208b077d6a6ade6ed68924be5ec43f34c6cbc3cfc27a6be0ef5671c33d483d8aef93323f7cf5228867361

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000002

Filesize
23KB

MD5
e4b0d20f483b4c24ecffd4678479e3ae

SHA1
f0f3175f2c92922d123eac1e3a4c5bc8f6091b49

SHA256
ab25f94f51f31d69f3a7ff1959eafe9ddf3fad8e983fa216c91795bae573e13a

SHA512
54dda1d96956961788768dd0d5cb0ef9f660898b3b4fd1f6c02d5b092fe3629cb38f478e5e2fa5b074963616e63a235593a2de9e3fb420b502b40ded7430a715

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000005

Filesize
29KB

MD5
0184869286788eacac1ba69396519d49

SHA1
0c5f414d628c549f94ad3a74b0afcb60e5dbedd1

SHA256
f696dbf8cecfefca50ea3fa5cf29f5ba98c37e723bbcd5c6381269e08be54e0f

SHA512
b6bb6bec302cb11e978fb40be6ed3ad6ec18afbf3bc4e81aa5aa078c841bc323542b7a4c83037c7eeef8245c29e27d0143528f071d33acf5346ccef4fd5f38df

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000007

Filesize
28KB

MD5
51c3a5f5523fe418aa7a8808e8a56c00

SHA1
836a73c61a244d3fdbd0231d6d1f26ef57532f19

SHA256
4f4740450d6128924e63409a6b11e245a7dad6b1dfcb5dfee6da5910396f5131

SHA512
fe4646420945734fdb177c8b583fbc88c069e62aa20675d3dccefce44d0051c94d054fa1ff8ac964b315f41faeb884c12ef47d2daea1875b8243ced63a59be57

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000008

Filesize
64KB

MD5
3a384d3c2ae42a4ee6faa7638ec916cf

SHA1
4422b29b51090b5c9d7c81efc5208818ddc434b6

SHA256
6973efe856c9d26966358850446574dc6bef2c145d4849888549557c478235db

SHA512
a9d8624764e96953f1ba282ca5ff4c95ee49eebc458e2da23afacb06a6e35c28e5958651430e7bdbbf8377347422e4fab9ea4ff24746e2b8046edccf952b33f3

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000009

Filesize
30KB

MD5
d031fa762d0f958c866cfb24fd9eb5f7

SHA1
d7e4884d5881c430671f58395521713eb0302b2b

SHA256
59b2b9f5db192164a7097a38181bf75052d174afc279c7cbb11e619ed36a12a5

SHA512
83b9ce03112f3ec103509e4dd63cb70887d1694734402387dc46d9f1ef058c45c297c031e9611e5b3851eade120dd9b24399a918f874c913cb0c5892563f5868

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00000a

Filesize
101KB

MD5
761338e7d858565d6976e2c442e65384

SHA1
c36363d7b6391c958778f27956a8f033e79675be

SHA256
8dfa8eaa5ffee5d0f297c5793bc907f1ecdd88980617064d15751b0191cf5d9b

SHA512
630332ca5f39c7edb2f829f5cd445ac27f157dd2efae8670fbbf0808665917ee599c197e8f1d071db3d54d7cfa1225603704c46c16a330b79a606a07e92bef77

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00000b

Filesize
75KB

MD5
15a2f0d9497bdefec193f1951b076696

SHA1
b673c0729fa90d589261edd38bcaa74439297cdf

SHA256
aad6b6bb918d96aa219dcb54ff8a8a9587a9abbe51b4ee131fdb1a82f028745b

SHA512
36cb398ffe146e46e57ba37a2ac92d03476ac0b0368c64ce0102ac3b9d6a484d5e4200c136db9e04f25b327641299457b8f9d140aba6bef6a9fdc04313415e42

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00000c

Filesize
77KB

MD5
2d15222a408c1adce44f6af5870631fd

SHA1
4008eead65b8acf5f6a3ac07b951b3575cd44ad3

SHA256
8bb0e0637a92494445648ea0e750c0bb32d7b1d73769e3ff1bf4466d30b4652d

SHA512
a2523bbf2b25daed486239341b9377b011288dac42ff7f76a0f450f9f2c1792613d51513d2caf27fd67064c2aeb9dc8aae1c7f1e394bc7f5b6690070c6b080b9

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00000d

Filesize
59KB

MD5
7fd069146ea79b16633bc8b45f90482a

SHA1
98dfafac54f6f5db51e3baea698208833ed1b642

SHA256
a746ba588555b584fe98e42ac1a2dfbb92c2831b54c263f51fe91d124b9214d7

SHA512
c31822f497ebb35a5da455e77965f16a83e2007215ae88e64bc21019d8d45fff4671ab4300d9cf518bd2b652d071cc582fdfb99b4807c75e2022755e6c60a06c

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00000e

Filesize
88KB

MD5
cf32003b2a71b7f09b15e9ad77a42d40

SHA1
dd13a04a430ae36e5947a503abf60c24f17d31a1

SHA256
9442cba9804cbfce11010881cda395e6df369f778358e50536bc183c926370d7

SHA512
6007af3fe5be0f250b877d18351510f82fe40458033c7342e26aa4ab8fa75f728881b2b872e1bf1a6aca7810151523bb53bf9609f87d414390b45c32c0e66542

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00000f

Filesize
67KB

MD5
fe3ccc272d22fa7647fd864c6da928e0

SHA1
ae5eef81f4a371e719256c765b5a56906c1f2d03

SHA256
156257252e490ca420f98c1e5c1ae5acfff1b5f64791ca02f13ae71f81567887

SHA512
ea24087bfde0a3703db3076a096d8a66b854d00a38ef4e3f95523fc01e6d49f8a5adb294e525a35d830e9ae94a648199f9d2cbd054b25fcc0fbbd7cebd1ec86b

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000011

Filesize
30KB

MD5
6fd1421c547715cb7b78ca67104bfb78

SHA1
cc7f1d6761d9c7256745ef7586ad53e3183f0e2f

SHA256
57b9a684f743cf229723c1a5e9936d930cf48c3b5056c16c09cdd71ee6fe803d

SHA512
f64899cf62a1696adbf62f597f69c3a1ddd62319071f9a87076977b9f6c80992b333223a07cc1645a2fd578306e30abae12e18afc41cd582ee9717ebcb423a69

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000012

Filesize
16KB

MD5
18d460a7c11a59904399d1b54784f780

SHA1
d9580c4481818d5ebb2915c0d0beb2a36f1a0685

SHA256
5d7e8e13437a8feced33e51ed1feb8ebd20c000871bf046e14e1e4535b64643d

SHA512
e2c75c3d184b571721d9da3722ca11026188ed309214de38b393a6edaa990d6694acf6e1bf145ab1f90ec4715707e98e155e4fdcec86693d6449697a8baff538

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000013

Filesize
20KB

MD5
f550dad3dbfb045a5d3b91aaeca0b384

SHA1
ae0700d295166c471d2e3640134d7bcfb183bbcb

SHA256
a2d804e54d655a53053419498366fcc7e4a9e485fcc872795b22b31c6b889720

SHA512
1eeab46bbd2eaadd75ba18fa3d74f9ba0555082588e7dfca77425adf6716d9553b669250af5cb2948cd4d4a5a4453866834f018709941da5aa67214c0f6b8b95

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000014

Filesize
20KB

MD5
efd99f6b50b61e6bc88ab81db271f5dc

SHA1
13a91d8c6aae48306779d950cd3da773bac54a04

SHA256
3eb3416904e2d4354a4760874b015d4b7ad0f4f231889eb2e80a7c2ba79c22b9

SHA512
3532987383c85b0cb80ada4314a3fd155cfb78d23470aa7ea43c40342d48982bb8b3824b65c05fe496662e433ce65598cc902cc9e51d6a32802709683221e160

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00001a

Filesize
51KB

MD5
39b81d65634260b15593cfb1f361e410

SHA1
a5e6654e7109c8f410a973ab8dd40a9d4edc533c

SHA256
d8f023e34ad28c370d0185dfaf17ecb5ab67037885a1651199e4c735c6852437

SHA512
4c7d23ef62006d3c0f9a6b1f3eff7d81b9d3b80d7b002b2665d76f3156ef122ae9cb8f4189e31ce43225742c16527d690e637a97f5e6a9a3faa8d860cbc86dea

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
ca062ce7cc128a6817a4f7215a313f40

SHA1
a1a80a88c0db9bb7d04a6a525f1fd9b135cfeb7d

SHA256
790f77269caeb12858f5a49c6b616ce774cc8e8bb2849e27a38ed5a3ecc213c0

SHA512
e2c71217a4d734dc88c46076885667c212d510b137d3f6ebd040655dc22f5c1b4baaef0672dc924e013ba23139456bbb7d9e90a70c1bf97574e0c610e5d158b6

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a62d533802e5648a2dc40f140801191b

SHA1
8f16923ce2ab474eb403a75007e2654005c9b2c5

SHA256
f79e1464daa5a5e7f87620320c058e5198b4f5ddfe8c3da9b96b280f7835a59c

SHA512
eebba2a81a6d27dc0d404ee0bd4bf868b4b4ac7a8be348af6b58f0269cc172192101a8760d1f83768501bd5847531e76cf7f3bcee604bae71f17dde5e7bdb346

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Scripts\000003.log

Filesize
76B

MD5
cc4a8cff19abf3dd35d63cff1503aa5f

SHA1
52af41b0d9c78afcc8e308db846c2b52a636be38

SHA256
cc5dacf370f324b77b50dddf5d995fd3c7b7a587cb2f55ac9f24c929d0cd531a

SHA512
0e9559cda992aa2174a7465745884f73b96755008384d21a0685941acf099c89c8203b13551de72a87b8e23cdaae3fa513bc700b38e1bf3b9026955d97920320

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\ExtensionActivityComp

Filesize
4KB

MD5
b4658f0ac4d1a96ff23e9edd0de90b1e

SHA1
752b065125d6fd91e8eba3fcbcb32ae2d1d1c1f9

SHA256
8f6bc4d06d8f3f8424d8856fbcd03034a61cb4170f409973dabfefec21d5ae7f

SHA512
4a35569e6334f50d8c879f4985fdcb43f9e4e0927bb6f133360ae541de1e41cc9024d551b33d2114f97a53a07837e62dca24e2a45b9d7b47b1642a384d6e5bd1

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\819e63f4-4f91-44ca-9913-54b97035163e.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\9d39938e-e9e5-4165-99e4-2568b327636c.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
2KB

MD5
e50b56a22fd2abde09ac3c91f6336ba5

SHA1
688dd7fdf78df72e2242dab168c857f082a757d5

SHA256
a1b3eac8defda31ff9e85ca983a2019dff1d3b057c5656504c0e5874ef3ecbe3

SHA512
d844c17b70017bc8b2a708956168463be9da51dd48fd94a16f1b24228c012ead77ce1baf2e11510d8f8779c922576b67a3c578a934a21442f5c3a882639b6a67

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
2KB

MD5
edd8222265556436b7cab145a7f1bf72

SHA1
652f071ae0ca3244c2d2b4af350f06959e140364

SHA256
e32c21abdbb8f0230ac5f0b1c7b6cbedb70614c692a35e8a2f901589dc18e53a

SHA512
98b14b0b5ae22713030c94bce8502be60f9aef9a726f837c6ea5e0df8e823e20e3675451a89f6d84f271e50ba8ed942e7c3bc98ef4ace66c57881ef4647d0a42

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

Filesize
1KB

MD5
4009c4c5682edfe974c4f43558b306b5

SHA1
e87bcb7966d7db51f7264b1a0f7ff2a66f9b748e

SHA256
6095bfa410e49c1319856577a57eba8e7d22109fc1cb32b0b8a08a2c66735b8c

SHA512
57a2cc08630918c56b124a410efcf40867baba1b068f1c6d8f9dffcae488de64f50767e3e958b0dfa8faf66899896899d0630b3f0fff587d0d3295c51c0856b9

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

Filesize
1KB

MD5
3357405058b5ba52c31f1db82f41d376

SHA1
9689f120c9e3412924408cfc320a9e8267f38e00

SHA256
890fd3e749b1c309044513f17e55940421bdb05bc337100d7c44f37d95a35d06

SHA512
22d0e59f64a27808e9581d94dafb64035820527a4a714bb2d60df2aca0001c58ba8a279d4c7c6cec73860b5235001e1ee4e303916840f0dab0dc8843f5c282fd

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity

Filesize
1KB

MD5
ef3ed4c4990e4bb7a8026220e4cb473c

SHA1
f2de289b4b2478420677892d2037940e0e795a43

SHA256
8759ba443fc11fd54c03cd2719421575d5c8fe4579238a120b5621200f7d3e65

SHA512
32b53427012e66b61ad058d4c61c7a41826e312607cb4b05c4e19f48fb6908246d4bf54d0b12cfccf5c7a6c53b0fde99355e00b133805e41218b9951b031438e

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe5d8119.TMP

Filesize
1KB

MD5
3278774546c55689929d7f81d63d1e48

SHA1
b367e2fa35bed867b7714c7bcd1aa2d30f97a7f5

SHA256
c083c1abc6d71ccfd7c6003de4f5970f8e4b16f12c6c74f68ea9d0d7ab51ece5

SHA512
5284a5b718b72432861d7b0ddaa09cafadc6edfea19300e2d95c74e7cbafb87dee6cea553bda358b0be7b0e11204a8e51f2f90da263687add7cc138f2535b7db

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
6c3913b8683de10f96aab3a7c1846c49

SHA1
462c2da32f97e5f042aae44030a71b52467cf077

SHA256
4e1ea79ca01677d29c9ab6a66d0f8e47d20f4f12866939656cc2d1a8f1ba38c2

SHA512
7bff84d6256c94643e4e0984c7e9fd9b313acecf7a6b83336e9b0687a9c691d305667e2af67d602b947be9dafdb113ec124f792ecfcc0824543711103ab5c16b

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
29bc161c3c79ae206c60909a23ee124f

SHA1
e0b116a81fe249652be469f06b96af9e3c2d91cd

SHA256
97d5d813988f2192f2df01e4d455e34f02f554904d405e7c447a56506ad53177

SHA512
c83af6ee02dab48d826c547cea7a9ce246b903b7bd99cab27997b8696b7eca5b554a1dedc4016c8900242f2c8a27f34678c1ac21cbee1716e4ea267d15d71079

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences~RFe5d5576.TMP

Filesize
5KB

MD5
f41429cce7a9d9cd3d7ac33a99ff9538

SHA1
ce59ce4c7c1ac848c174b79e102282e083040fa2

SHA256
55418531a10bd98cd26343f733a0da3eb9d45c1b9460302b8e74087967a0e271

SHA512
77135be41e42c8ad89d83f7218fadff365b90f6d8ce97a0f80e4a9b0289cd513083a680ddea71eb152663f44b7d8a1f3c34352f9b17c9ea1cd7bd54291184530

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Secure Preferences

Filesize
6KB

MD5
73a660d03afdfda0bd1be3db20999d03

SHA1
c0576c9c3b5aec4a0968e9b53c1058c75bdc618e

SHA256
2edc96c1b96b242ead0ec5c506f551dd2e09caae0214e7982e436b9009229d55

SHA512
74b48dd2c7633425b60e6a9cfef3f9847bdbdf2df75bcc51226ed81f2dde0ae45f4a3d37952ac7bc1c0e3d8c08478c9e6c2f4bec33d5c9526e614e8b60843dfd

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Secure Preferences~RFe5d5576.TMP

Filesize
6KB

MD5
fdf3ab1b387755fe9b6de61498b66bad

SHA1
5ac15f001c060ca6270eff517835ed076dc2447d

SHA256
af003e091aed7a966603d82672e63bb61b1650e62ba17f452e4c41a90adc1051

SHA512
373854cb805f001dd985de6effea7e17554b9c2132a88601ad314bd9721ad4170c359198b15ea8ac0fb01ffdff032604469bd83c882f70457b16b6d56b00b24c

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

Filesize
1KB

MD5
d1aaf54748742dd8ee1a13676f4ba2b5

SHA1
ddd3805165dde0e95eaf001f054c80028bce2201

SHA256
75eca1def7ad4265fff58a456f3c831afb4dd013750e6de3e114a1c407a9f11c

SHA512
c8ab15e66893ff99c75e6df4cdb71063d0e9e60bfc363a9b03651fe6d91bf33c17e5c8c634be02dd45a44561f8aaab7ee9ee1554c7535c88c016d92d4fc5b473

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

Filesize
2KB

MD5
cbfa79c64b210c6f9986a588ac305126

SHA1
3618d31892de30410bc582d2429438d6a81f7a7c

SHA256
d5a0f66b06f8b20ac73293531ff232be478d37a97bd0e0c5f32ac6dde5afbfd3

SHA512
8ce529e5ff48695634247d7b383ea4cb91d22195eb8f0737f33c280eada7846560a0a7ecb12d5015a9ea88d9d57ac876175a7e15a330fccc53e965d36a33a371

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

Filesize
16KB

MD5
df9bfdfc0bea006a8ddaa914d97c2a4e

SHA1
95f394b10dae35e2a471cb3a99a630e8304d1bec

SHA256
b3c52b29f206348ab2ed10f30a8c0796beb4ffb3525aac337bc4f18ea1e7417c

SHA512
a4121df1ee60eeb9effa642eaed11944dfc2fb56e4a25b783050d961465240890e212904091ba4296b1e0fd3470a1b2d0c2831ad46c41faec01731eff7c20a67

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

Filesize
17KB

MD5
2521a2183ae112c28e0041dc9f070942

SHA1
5bb9bac1eac998f260993c61e1b7f3c224d74538

SHA256
03f087780f81b0fa9af45450065a4f10df8fb457b44547c774cd8f17e82f6e1a

SHA512
06fc1ace72b8ac53e07bb0c225f759415a31668db45bd76a85cd7e57f49b93c09db2f8c784f3cb08175d7628475b279bf75269fe25ef7fce16728d6e02fc5e40

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

Filesize
3KB

MD5
7f5e246018c5a8335ebc9a568d727042

SHA1
ffc19333e2d655515cf795c8554d20d9a4ef1f7f

SHA256
fb3bea32130d96a6c22e37ede8f55ad59c7ad8ade177a17c1e734fc5e9a0a74c

SHA512
0113190256f14794e3ad97bc8a9493390bc0ecf6c0a8d16c95d8e745ef548bc3e6b8db7376e26641343c292b092cfdeaf948efeb5309840693c6dedc8d25031b

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State

Filesize
18KB

MD5
ed130da521dea9df1634672d83764ab0

SHA1
5998a92a385cc875d06ee51bb4764d86d0294026

SHA256
346ba53a1d0d4eea5909d8ddbe0307162a835fe264a8df95f62bee9fecec9a5c

SHA512
8e10d0bdaa788f3cd7ed5999b62ccb9b324128b5fce8ac16d8b78907b1edb1c21586395d16d05d44cfc36e22415d2943d3f6bf9b68338eab403170e2a63d173a

Download Submit
C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe5d2c81.TMP

Filesize
1KB

MD5
9034b47f12af6807004dd3ec26a1be24

SHA1
1408bb32a21f7e8d1df179ef8a51cd823420eb4b

SHA256
5ffeccd2622bed4bda16e49511f773827a1c3fe4743810a3bf69435409aaff2e

SHA512
d530c833f05dd4d3d3f9401541ee6360fcbe3401abbdd7b9548fdb981f71a1978f06c3e6b5d6bfb5cd07314d41b0d5c1a8b9adad71b988b5497455ca2d36f953

Download Submit
C:\Users\Admin\AppData\Local\Roblox\logs\crashes\settings.dat

Filesize
40B

MD5
bb374bb717a1cc2cc2283eb6306ecc71

SHA1
1b893449ab5afba1b34308f9ab251f275d04a3e2

SHA256
01952688875ed9e3c934f6396cf21934f773c09ad5e9d0e8a2b84f20d9347c9d

SHA512
41066b6dfd493d16369eba6d87e9d33fba53e795600dfa827cbef107382709b86f972232f1a2bd1718c6b8bfb646ac57fc7d4e58e14c1dc20c92b3194235ee56

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CB0069D6-93C2-4139-A8F4-18BC549333DE}-MicrosoftEdgeUpdateSetup_X86_1.3.187.41.exe

Filesize
1.6MB

MD5
a9ad77a4111f44c157a1a37bb29fd2b9

SHA1
f1348bcbc950532ac2b48b18acd91533f3ac0be2

SHA256
200a59abdeb32cc4d2cec4079be205f18b5f45bae42acb7940151f9780569889

SHA512
68f58a15ef5ba5d49d8476bee4a488e9a721f703a645ddd29148915d555ca2eb451635c3b762e5a0f786d69bb5cba9bffac3eeee196f1ec7ad669e2d729fe898

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
16KB

MD5
8f84e49b7a0c62034d23133ea454b055

SHA1
9bd5ef6ccec5b74b3df0c00ee585c3689e980f7f

SHA256
ded92c2c67526b9e962db9e138e93ffabe5a6dcad5c2d0c23b54e47c1d82d4cc

SHA512
3bd38fa9e5812ca9eb6ae6d34b68f9062c5a485f6d2a391856f76d1a56a3e0cad02698c1ede0527464b57eece10d342cf7586b9b8e3874b6dfe381b6e468f436

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
24eb203c2ef4061e5842fdec8741e170

SHA1
91e01bbac15a7c7116b04f6b5af3c49e2d25462c

SHA256
9cf8159935afa8beff5761bf1e9ffbb315cfd19f3d98d4578678b7867d9db05c

SHA512
4a9776319235fac07a2568c6e6bc17560bbaa774ac3c93589c8d8bab4ad3c243fbbfe153117403dd350d709926d9c23a00441069cb9b31a183c756e4cbb95464

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\AlternateServices.bin

Filesize
28KB

MD5
cf93cb8a951df209769ddc7ddddf3ea3

SHA1
aa4c461a00c071675ea9bf4796dce3f82fcc32c8

SHA256
210498ca30a7b9790f745de852b7ff2049454c0261acd76c4ee507a1f2ae1356

SHA512
1aebfeda516dde5f1d2d91914dab755e4eddf8df13a6a13b3090ccf62bb96acc1fd76e48486448a8bd4e223fa3920a8c63a1dd828f2b0eb02f30e2be5b32f943

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\AlternateServices.bin

Filesize
8KB

MD5
a15febcb12a183e03121f0c0b169952d

SHA1
672d43694055a8f1ab7e63714d952e5d2794aebe

SHA256
a5626c2823436866dd45b7e3eb6a66b06fef4c87477caa74aabd46f46082e5b7

SHA512
5e58bdee6de1c1e3faebcc758157c87b485f3d756eb31e3ba18bdb95affe779c0ee6b5b52b83963b43369a4ea572d44588f9a3d918ade11c245f2ee032776cd2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\AlternateServices.bin

Filesize
75KB

MD5
be9b6c1843f493c56c22f82a4fd6ea83

SHA1
ba0a58d004a53ebb1dd3c9fe8cc8ddb9cd2f17fa

SHA256
1870a03c764a82a7f640ecb564977d7fc01065b2f0ec3162ef238b36a7c79731

SHA512
135330db3a7acad25be0584cdf6e01d6738ba2073c8efc85e22300023c5f119ff9bd9140a6c89eb0ac5cc59380cd42e013bc06e83bb3c4835566fcada91747a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\AlternateServices.bin

Filesize
27KB

MD5
6dbd8cd7412657a92335a63fdc2b90c4

SHA1
20e8c237d549b46d79af92ad27db7030ed31f608

SHA256
e2f95d73ab901502f9be11056a15cbca98354263382517dd62d8f11ee949bfae

SHA512
4f913c059cb3c39967119e2b716358f3c81241cae8c74bc781732d320a27947304e8d63fdc60bfd9d737f1d5bb4de2e290cba04e6e1eeac12130f777b8d06fdc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\SiteSecurityServiceState.bin

Filesize
5KB

MD5
7f34e187ab48ca28a701cc00f958c459

SHA1
db5291c7ea0aa98aef2b9c1914ab90ed7ae2994e

SHA256
8d3421394859a101f0bba9ee75eeec7a6975b399d5b44ec38feb467d62f71e06

SHA512
b53c71b901df5ba90626ab29c12415b5fc45096cc1e6c2454cc7e6dfe3c6227bb5c360da5d357f648d347dd985fdc11b73d7abb4f6908b29bed732eff5641503

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
1c67aa0cbe4c3c3bedf942d953777678

SHA1
33a554aba4dee1c15aae11f4bbefcef27260554f

SHA256
3f23baa0dfb6922087a9e31c19e26c3f623ce7a895480d7b81bba4122b8a8204

SHA512
407063467b311c7f3b6e2d9ece3918712c1b1a9e454e5b8a99130557247559095bcbf20c3e7079f667fa6198978ea07fcb1b6df77585530450c632debe3573d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
f5782ccb2408a8a5d59f276d90ef61a0

SHA1
abe7ebc6ea5011a556ee9d338a1864f625af6a3c

SHA256
2b6d1c0badf1ae754e2a33c34994b55e48e948a16de3b89b1ee7d922e2def21a

SHA512
323c8d02efe242d3491c883569b2bd237f93945aca33927b961f76bd758a4daa42a0e2ced03aa344637c462d9ce5a9a8dffda88faca6d82f8401428058aff7a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cert9.db

Filesize
288KB

MD5
12a133b76063a71806c03b9f69e96e05

SHA1
dea9c6657f82bf7e9922c26707ee796407ac067f

SHA256
a7340463cbd23699eba6047391129fa6640d1ed08890357e9c4a6399f1233cd8

SHA512
bfb757706fb391e5bd1a8fd5f7bbcd0a67b21df87c0ba30f3aee839de6143148c54710d113cb4954a19794a0c8dfa15dc8131a45bd7b91b439955cdd7761dd61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cookies.sqlite

Filesize
512KB

MD5
e59873f46781ad542eb269cb84acec88

SHA1
d377c849dadb801e18f036546cff2075a517cd21

SHA256
bee424ec634f0197e5fd6861affa7a3858661968480e383e30acdef69304ae19

SHA512
0f14560f38887586ac3449fe8b6f602b560f2743fc6c64aa1bc97c39c0190a575fb57c2a2459bb90e687c2e7958be63c6c69b80a3086a2814a3855b04c910242

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\cookies.sqlite-wal

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.bin

Filesize
28KB

MD5
3e132cd233d8e01ba3df4ea62567e23b

SHA1
d3a101b1cf682a8a00046b4e6f5784b566e0818d

SHA256
b80d23965d0753f997ad36482a84ee2708507f2ac5a88db36ef4c58dfb3f48a6

SHA512
9f3b1023fc13c64bba30022edaff33f43b65c144fce3e5de8e4cfc88218f5aa02f1e390c3d2807dc3d896446117f24379bf2363392ef02d6a84bcd1b66d7c558

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
94KB

MD5
02902a0d318fd80d088ace11d57a4251

SHA1
d26866a7c190560e49d802212cb516bdae0861ad

SHA256
31925a62082d22de4a1145939802228cef1f6a0559d3b665226dc28cafdaf332

SHA512
ca7e402c5a7329cc068aab9f54363128f6ab99363ccc1fcbb99cd5cfe935b1711d0d8b68aec4fe76aee284398a75767bfcad435fcda91435e61e04dca70841b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
87KB

MD5
08e50b6a9d02b426a101fedd581b8c70

SHA1
a587d33b86878817e1b6600973b7f3b2a858fd24

SHA256
f958ed6774359247a88a5e905160e14d3e23f61755d0728082c0244ab92d16ac

SHA512
4083d25fbf70f39e44babb4a25363f2d472f2aa30d3791cffeb333f84da11543ff67d8aa9af7e509b8c494136d60c4b709936a9a22eef963f05a718558977682

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
58KB

MD5
4ab54d043c3b5c661f70655b81101741

SHA1
1463cb6bda2e2475d3735cce526ac3779921fde5

SHA256
25580d8f47a4ac55831676e6b076f1e8ff11124ac14a9a70ea7f38e360da5589

SHA512
42dd227afe5504dabdd93e9f41dd3c37f5418df47d9c9ffab5cbd459602021f73c6dd91d326f54d63ea9192f56ae516b3d25ec6772dd11c98da813eed42302b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
9d101a4b97c5d4666b318e97d9d7e13d

SHA1
b8ccc45519c2b63739d53362d1d5e3696d5eeb5b

SHA256
88e5d647bb116a427a0b881abd054bdafb2d08c622f9b8e601b05ca2e87e664b

SHA512
0f3721ea2d6bda58b0c9ec84ab84dc73e7d39c485077d0b32b161c4b33158c85c3aefa8843afca86eabf3774a25996f9ca52410d7fe4efea01a3d3e73edf4369

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
fa88c2bd17112d3b12bc82932d0a7ec0

SHA1
a624700b7715a615990ebd92e984f407abd4a470

SHA256
24083f6f00eeafeb547af03af853880703e15a326b2ac4906bb3091ca430a43c

SHA512
41c0b550f9634f5dbc09caff07cc0a3717f08cfa29c5d9f0101790b3764c1ef861dd97279112f68d4174880385a73de42d385e4bff374c461f5f20c74110c716

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
b6fb786d8c3673aca49afefd3cef59bd

SHA1
ab9be53deadaf2fbbeb5d2abe32295682ea11683

SHA256
192bde492443668964d96eac901926a58cd16346069e83d3ad16e58328a72cc8

SHA512
2fd4b83f4217cd8694ec48239522c87b3385280728d7a2bfa9f592be16dac7f6cc008726e54a0987b43fae376292daebc54d204253e073273766b65a64555d55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b11578a0ece3dbdbcfafc3847900074a

SHA1
53e9fa2df9681c4964eccf4e45b75003e9fb06ae

SHA256
97ca99885c17e49e540191bdd560f93874807fddb6cf5417178541d91fdafcc4

SHA512
6a51099936dacaead3efb95edb748b08b3188cc3692c17c6cc4cc8e259bc962df92bea6dca5ef96e57bba170d3e27a5580c49bad2c9dce097fa574aee3b66186

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
58KB

MD5
c20de5861626e0dafb26424b2b1c361a

SHA1
b21204d1df7a19c4c8f1f60d65c5e07def259b40

SHA256
01d656b3ca4fe9c1cef908e263e69aa22c0621bd32b3947f45ee3318f7c2cee3

SHA512
afe84f1e84f660d48ed9ae07b5341f7a5ea7830f4bf052443501e024d2e62c6833c398e388c80b9c30e42a0e608b3e4ee7f796e46dd6620152174a38f370e691

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8ab1cddcff2545924863ad5be1d933f1

SHA1
2dfc2b2f834e89fe46d03ab5e09b4a977bf44272

SHA256
b13d7ec36506357c504688f8a475b34edbc487aebf68c0e75177c0e94c3f9585

SHA512
0039cf919d989ffe5ba03ef708d237d61fd6237f37ca74b05e67b0104b30482c44147c424c23935250fc05065652c0f903ac504e94d9753b9c5f89f917c1f5b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
59KB

MD5
28334aee9b29b5277030994b10f32750

SHA1
6f7ffb61f8b6ca25a8985ea297c0194d01d2925d

SHA256
b955eda533469a674dcece48456517570324fbb5735e106b8e3067d3b8276b37

SHA512
c650b7980278d706d72b4f3374d830d16a9ea3eca8519fe794073018277bae586ab8b4d4518bd24e614c8c2ce06c0cdd46380be06d73369fe270cd79c555e064

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
58KB

MD5
b6acf674fe8cb4e70fb263be81715449

SHA1
790c6ea112aa86b64ab6427d3182142fbb851085

SHA256
7ec57095d3513c934cf82a3d161f51252a73f74851cd77439b8a41bd66c9dea9

SHA512
642a16e03eb54a56bc2d10a54fe1f8e4b289813200fd0728fbcf806a06f3ae14b1c7e2909822bce45b606bbd99e56ba0bc11ea2fde08880b0d0285cf652eeb3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
94KB

MD5
901075363aba43e21c5d86b7792ff6a9

SHA1
af809f74460586de314baa8169490e7e96d094a7

SHA256
bafbd5d24d904fe86a04867403ba839aaf948a93d87f9ffdfcb842a3f1b5c252

SHA512
ff9dc8594d489fcbabdc814a097f4f8d2906c6d2b785c357a42b6582cabd4f89ed3d95a1508edb7fd5f7600bf3e56686812c6fde57b7cada72e456a43b3f29c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6eacd03b80f6847c905575ff004aabb4

SHA1
3ae925732ee462403ade49f31fa9b115db900f6b

SHA256
b1bd4e6bc97fd3728ae50b21bf5f20732067edff5e861afa439f4b7283ae26f2

SHA512
de25f9e72e16d4cf50c26f890a9ab4717d75914e3a16553088cea716c2676decff6cb1ea9032ac944439d433ab76ddf26b7a9b98e85896061c18ec9a2b9b6964

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
19df7eccef2458aec58ea4a430b72be8

SHA1
f61847f03df2ef840e3525f4b2ec9cbf27281277

SHA256
5b98fb25121bfbe53082a1d9535f1be9d9627956eee4fe457f4ed50155615e63

SHA512
3132baf1f58daf23730d1d4f115a8b43e1038f6b88ea00b8c7eb6fb776df0b21d2c3d9c7973ccd80e5b61a6df013e0253901ac70d816fb653207067ec911c7ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
1dbec2d6ba8c3a5de15f306e97bebd93

SHA1
542e5b990cbf8cdca880b419381c120dddd405c7

SHA256
3be3962442328bd0c7795c60165c21058d531fbb75acc05ebb4ab13b9103d30f

SHA512
24b79f6c667613a831fdaf0ae6553c31c5b60a6e6f953018c8d64a6cf9ff1a6ad44ce3f54eb38debfde2b62ef3fa1cc34adb7e3f0a57f7b334e76c330d616b77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
213002e78e86275db82329d1878646c0

SHA1
174a095a6fc498e30e3b6abb750ebe5b3ca2dc68

SHA256
4f6e93eba68109c9f830fc8290a75858e40ff07021c2d49b83de8f5870bd31bc

SHA512
807ecdaa506e86b28e81f27d9e3252772162f6174776b424684383c0a9f5487900cb95aad318a6f446713da0da79a3dfbe2168e037d41e75958bb33adf72fdce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\events\pageload

Filesize
342B

MD5
a38076a2470f6a3375117f4e85837835

SHA1
76147d18245c81ba73e9186b383fb0d1a2dee52f

SHA256
590469165dc7d73706bee00d1d71836fffd64dd73d541ee74ac4215222bf7515

SHA512
110e2e57586153d5fb9bb5eb845e0d89118e918cda6e07d29d20c4cddc5edecb9edda97daf540d99974d52b4ce364ce07603fba7e47c203c7a3b437fabbbf6ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\01569e38-ff1e-403f-9e57-24057bbd2981

Filesize
671B

MD5
5d722ea4c327b7c98278cb3a618a830b

SHA1
9b2beeaa208174706ecb78cb4e0538ca827f667d

SHA256
e4a1254a8cf2760d78c6c789283815101a5323eea36d570504114de947d9bd85

SHA512
725f0a8f40976f03f1c08258243cdf831b343b297275f361b92536b6379a40ec98117f027b9d32abd2124f145ec60c91deacb3f89bf0044dffe832daff8efb94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\14bd5b98-2f6d-40e8-86da-09151234d354

Filesize
1KB

MD5
0dd49bb1cffba6269ca9b0b403d07b36

SHA1
32a249fa1f2fc993ae949b84a78f45fb2733acf9

SHA256
67f5e11e064e26855ff825aeecd19b23e9ed14b19d32029a033fc7f883c1233e

SHA512
aadeea768e4650d791e1d040041252516605b37e810c8865db39e473c82523d16af71ac1deb2dbad98dd4c9526616516c36538c4d6a2c97b0320501f9c601821

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\2dbbe38a-0de5-4f26-9249-36ab4183269c

Filesize
1KB

MD5
955ba895196d6ab06294d9accf1011c1

SHA1
faf6aeddc172443ee8f7830c7b6fa21e3bcf6b84

SHA256
d71be451ab04c2fa1a52fed67fedd092d50f70be40d7d7b921571cdb1624e47f

SHA512
b82680b945490fb772979b2100a4d5a33863e9b8184fbab1fb6a371581d4162e1043c66f8fec154d3519cec1af573f0bb25dc05836b71ca19c1a14fa1cfe61a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\40892660-1eb0-45e6-8479-af0c0c250e33

Filesize
1KB

MD5
e61ef8698a06120d0237c3bdaac023ce

SHA1
5e22841c30759b879f171880bd9905c141b4bad4

SHA256
42124250c668e243d7c7107600b42ccc817d129520edfdec011a3452eb1491fe

SHA512
f28aa7f1de984d6a414c4459dc0572f50bac299c3b752c47464951fd61563635147785a28ae08f637f3a848c32545ca047ab21f49d7deb93840ac83164e38311

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\540f99f5-d563-4a58-8774-a3f624daa6da

Filesize
29KB

MD5
db33406f617e2155055c5a3e9775175c

SHA1
92d19cf7d9f1aacbfa1f1ee1a9ac46ff18810648

SHA256
5b083130b8011bb28c2c0f65b9c5f56f96b91c0378fd25e7edd24c04e66d8982

SHA512
13b8e1f46b250864765281ecf94371fc0ce06548479c28c0da23e783f42ea456344fe3dedbb48cb9f075f09b7d91eecfd3e1ed5a1d03e5a628331485da4c41fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\56ca482e-8b47-4447-831a-4eac461350eb

Filesize
27KB

MD5
a3e1737f49b6d324705a082d624c1778

SHA1
d532fc545f5994b64f4d8cf16b352bc327649330

SHA256
05cd55b26b46055e2519bb1ffa0cdc0fb8cb4f2b9f5a21a3ae1c3d003be0979e

SHA512
7869c231a2b2fd0db49a36dd79dbb6a59dbb8c189b4a4e3502167601cc3ac2ff889d2c8a20807f775862cbea6aeeaa160a3a415193d1540205fa7c8a10518b70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\9249b4e5-e301-4f9b-9fcb-178ce1d8edcc

Filesize
1KB

MD5
cfba19bee08b4d1fc5fbcd0b0cc58464

SHA1
aace1ca32357d2ed21aa10d8684717c1cfb9b856

SHA256
b1330e98597f7d125ecc1f12c38a32346b8b3eedfde815de0d76af7b42688c5d

SHA512
6468e1513af2528b38dffd48abfd9e2fffa2d23b603b34aeb30195c39d6fe9dafc53652dfe0654d6f2dd7661137e0e3278a5377eaa7280d71ae00b279825c497

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\aa0437aa-48f6-4275-8dc3-b47ca208c817

Filesize
735B

MD5
3fbd3eafb3d56b077314cda74151fd3d

SHA1
7f87fb3fd4184023ba0c5b4f49950d39190bb791

SHA256
707a45e22d7651455f7f1bc69ec98e13d8e82a4c210bf496e02a3799abf81c47

SHA512
cd4b7895c86b99388a13a2bb7ba9509db368ae9e0504b4d659765a0f02549a5fb8a1d650f5830480915301a1754312c026a5cb02456cb303c3643317bccf2b95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\aa1eeaad-524e-4147-961e-4159213b577f

Filesize
731B

MD5
fcbe7a7312ab60574b3b81d354b7c2cf

SHA1
b6f5589dda5c4360314752a964b56cd5eda5e7be

SHA256
96abc1e5ec4783cda97b2d87ac9744b1ef5f92a76ed8123a606db94f7b45d83d

SHA512
a434dd9aec1f87ea709fd94b401addbd4012b5d50d263780504a24292bdd412b124b733e7b0f85ac414d26a24bc6871cd79345f6511e3dd57bf63b49ed9a033d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\d6cb57b9-9b2b-4a26-9cb6-8179d71b22bd

Filesize
734B

MD5
e00e4f4a3eecca0ec1cc3cdaa07e525c

SHA1
936091346a750f788eb13d686f45843502c28cbf

SHA256
f63ea4d5c53cbee836243830c9d4c34ea9a0bf74ddab032b11c73f6c53ca879a

SHA512
5281d6ed4bada34a539fdddac5adbcab9edd64bd8ab026b9526120293bb9eac508875849c39f69a65b501679b9da4941be3637a7c2729f3b321f50c32ebb842c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\datareporting\glean\pending_pings\f6b43799-5b91-4561-900a-f978e9d0bac4

Filesize
982B

MD5
8bdfae481d2ca04a4132c10292b21bd2

SHA1
5aa570eb00c2c2726c0a75bb69d15d0d0457ef0a

SHA256
eb189bea3562d0e0f569d04effddd981970ad68113ba0aa4ca925244ded514d4

SHA512
188213a927ca165f315cedc08ae990f02d7fdce0ee4e634eebb38b9d6e78b8e801727aa42badbcea8119f91e5c46c849921c02f15fcdc37d7401497637eb7d7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\extensions.json

Filesize
37KB

MD5
0787b8a355df8c570ebeefe50c89d155

SHA1
720a33ec266f77513c7479a26a0762d5564beeb6

SHA256
92ba5716f5d6cd500f4dc871700259cedeea0834ade9aae70144694c1b228aa8

SHA512
8c5c32635f2a715ce2ca431f6eb2bb451b4189220b559bde7367fac1ff5c34685176527140d4f0e3fd385a94f56b4f9d949d608ea240b0ff044aa6a1a198bd81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\favicons.sqlite

Filesize
5.0MB

MD5
0399eeaa226c0eb06c6d4186a9afc4b0

SHA1
1e4fbac7aa5da5fb61c9bb81eab618c9f9b7d6b4

SHA256
92f35e0776c7fa4c547bc4847cddb368458f4e6ab7c242331bb9023ef6f675a6

SHA512
62e14827567f0073dfc7320625996cd6f61288e46a83e3cb7acc3b0ed0af714b7e53031c767a2eee6fbb517597db60fbfbb5b089f9bd26dcbf4284f45fcd11df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\permissions.sqlite

Filesize
96KB

MD5
e35e520a8fd8b8607fcca66bb418170a

SHA1
2f21320616ba7e48acc376d55c6a55b073e3e919

SHA256
6a8c8e8cead28ce417c0e5c35852419c334f2621b6d2a2d7a2822491bbb5b3a4

SHA512
5e43075eeb6fa0137455dd96dfe481b51a38f7762756a76036dde368fceeba5e70248071520dd24b9ae59cc91c656eb3bb728e03b7ff72e5ced019c4bd60cec6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\places.sqlite

Filesize
5.0MB

MD5
3c61c4520ca98414024ef8941488fd57

SHA1
fc5052f4d1f8a6faa7600c95fbd834ac231d9b76

SHA256
5da063aaea03393f399b515a3ef855f14db7e9d588c87a637b2a8c57be1dc5c3

SHA512
02d290cc6ac84b71dd57f8953e8dddffd9a381dfb84728d8a3474336efc86d189b4b435dff5798364c463bd3c93a81d789da056ee96177f55ceabc9b60b0f13b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\places.sqlite

Filesize
5.0MB

MD5
87512b143e87d0f135a3b1b5e09b3fd9

SHA1
be54b9073c350d48125fbf3a9dba9b788dfb3e32

SHA256
bd03e78925501720651be921ab966aac5f57e4e25f86b2d827ef9a7dd7397756

SHA512
a4eca90f6c6b50805c949559f8a53a19b53ef87e9b25c2904d3b4403a18608d672648a68f43fbe35e49284a4710adc83b6c9d34b4f8f4bc059986c9bef263970

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs-1.js

Filesize
13KB

MD5
d6536e6df324d5ca3ec7691354074085

SHA1
31284392074e8ec9c82ebab515ef00ac7cb85549

SHA256
a9d8ded71ece5a0601bf13c238cf6db5a27e12b30372640e29179871602262c9

SHA512
404e7c35215cf22bc7d0ba7219892c54a70a01120ff0b1e2c1c4a2cd087422cf02a930a3c329d9fbc2d05adeafc2762aa2aece32235d4ad30bd3fac0b2b623f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs-1.js

Filesize
11KB

MD5
66f1c716f41876ad0a27109cfdf6a150

SHA1
189dff33474a43653bc0bbb941b0f39e5b3bb0f9

SHA256
ca5fda463c6e04eb0aa99b5275bb4e69e64687792e6599e6b6dbfc00fdc6c584

SHA512
8ea5a72c0df5deaaf62844b4573a1b544e777a4581fe27a4b1ee8360fadf71aab2834dd3f757171f424103dc84d693a97f6fef41799d7ae53e16039d4d43e981

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs-1.js

Filesize
11KB

MD5
529ebc55e13dbe0f96e14a73f609c6e0

SHA1
ebd99a160ee1a99b259d9a0ffb4c9566302b280c

SHA256
78e5ee7286e919567e963918df828067534f294e5f2023d0c8dd86a079db7fb3

SHA512
a8404d885bef691be2e166a9ab1a6ed419f8f75ec89e7aea73c31905dc9290d289254b58bcb5a3765c7e533d491a6b3dbc086fb110625ba501e84213c2871122

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs-1.js

Filesize
11KB

MD5
91b5084cde185a47cca307c75ad02f74

SHA1
bdf0c86591f024a3c46a097ca3370e07b956c10f

SHA256
c86ce0b6e1cd6a6b8c8b932fcf7ef359390d919c7c168ac4a03f7ce8e48dc79d

SHA512
911b8426a82ad084a4c2f9f8f857d15f211f56e6fc1c9d9555c8001539c0d2322184ea90f3b5b83aeefff44c68e66e35bec94c38a64e083e27bf7d93aaf1dd78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs-1.js

Filesize
12KB

MD5
c66447594fb37513ec17848e2eef9aa9

SHA1
52ddafeddb218ee7c8cf6664fca3eacef100ad69

SHA256
1d86f8568b661bd2aaf4fbb3f160a9ea622bddef8082721ebba786f9c8f0c4c0

SHA512
9562cc8f6f71f669579e5313cf99be5d9952f636b0eef9ca5da4230b9b2349bf14960605a1e95c02070861d41b69cce4f18212929a579af01c275130f0cb3aea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs-1.js

Filesize
16KB

MD5
b8aace7104fdb0529879d07956067795

SHA1
797577c28cf027c991f15cbedf239294b56772b4

SHA256
62c38668c8aca264b7ab244851d1ea7781ec5c9590f9e554c7a77ba0cf19c881

SHA512
f3354f53c13b8a3c811a70d61661fd26ff940162c33c676c72a742b7e9c4bc449a83fcc70ee6d6e51f13ea193fd5c7ff0682f0a183d8e98667d428211d4f5139

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs-1.js

Filesize
16KB

MD5
f128ff270c73c47595bd1c07878e309f

SHA1
fd874e74bc51dbb99a94506936403aa5af1fa741

SHA256
241ae9b226e4854f25588dbdb126bc819194c71ef21a6a4afde71801a2b6d328

SHA512
69dfac918925649cbe936eadb696c0eae1cd115ec81eb75fe7541b221453a44c601b4a46b4e94fae708ec544ecf4ea7a6205024deb9f94fd51ca9e7c815de0ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs.js

Filesize
8KB

MD5
29b924c4f758628bbb2da4ad133b83bd

SHA1
25e8c344258046261f4dd37b8886c6a419c825bc

SHA256
53b07af663a7e8577ddf06c2d4189ad2c096f1d4440825e5a029ac79c5b5a316

SHA512
01539075c615d62bf938a9b85c1fdd492842b1bdcca6863873e110f0b2f816b1ef32b0041648928089312f44214bfaa8ff64672e3fb06d5adb845985fb583bbb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs.js

Filesize
12KB

MD5
1219a0ec614b4c7c0d4dda85747a221f

SHA1
1edee5ff1c2dfd3758b9c5918f95fd5c331df138

SHA256
1dfff0d6eaab83992b2369ada6664c5fcd7b6a96cf0b8ae4f7a84a702969f6cb

SHA512
962ba3ecb54e16ae4289f9c4bc581f61d1475ec27b2e2ceb1caf8e36e9adb1f09c11cc617fecb981af69d2756558896f84e3e51512ba7edc0a57650df73aa2e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\protections.sqlite

Filesize
64KB

MD5
e41d6dd7279595b6296c16ff6119edfc

SHA1
9f4f37078f842e5d7433aec5ca858212884a62e2

SHA256
b86784f8bce25f0fe90462368a0fe0853935ad8df5f919b7e58d7401831cbd06

SHA512
c8ff4b82da0ebfd864bdd64519eb5b2314f91ec64c86294b47a6fbf7dd69bd64405409a41f407b919b3665000dd518914e8a2776cd79b9695d6c1ab4688a9aeb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionCheckpoints.json

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
a9ce502aacc0b03b958710c7e1e4f990

SHA1
90a5eef8fe6a1832d1e3047a17c28f13ef2f269f

SHA256
6904d755b673b1e6cd617a8888851423f5fa316037b5e9babeabf844aa52c2bf

SHA512
ecbb130917e0df75e8443cc17595dd964735e528790e9ec8e26b60134fa2f01e1afba4e7f16ce5560b8bce8db21ee2c3580164b12b6c0de0dbbbe603fa0c04e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
bbe17afc17756d971ce9f726dbd35512

SHA1
ca1d9b7657a748f67c8ea050180b6526e243a0e5

SHA256
e7b426e2c5f75fc33192983fc07c1e488466aae2a44e9adaa8add90b9ae2aa50

SHA512
5219a87c8adb8e3dda035f9ab45a1c15edf3c3d352742d9aa2e6c3b30a6a8f1ae4033d4e1eaa10cf5718fb14e1cd89e98c63fbba49df005c6574b6853f4fae6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
dfbbcdf0c77deb3280f96d39b520277c

SHA1
763a69810559fb85282049f293965c0295f36f52

SHA256
9ffe136270b8e24bc2b760b9582468ac76492311075635fcf3926f8a92d4eb41

SHA512
58b7cec9fe29eabbbe4ee1522d255ef51e0e4578704cb0aa855d8b563f4e51037bfc364b48e5095d801238645ed4d93a1cb2fd832216ecdb3bd4828e6b040333

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
b05bf5b06f4f40499bfc559340ed1b66

SHA1
d626f61c501ae891b5f20cdaace9812664a28c9d

SHA256
a1307fbfccf04739809b1461814bcb22b6bef06d0315d45ed8c8ee4a9581fafc

SHA512
e5804663fea41173b7edd4c489a81c2de0df12f80a571caaceaa9b1f571ce7a162710d99d8887abb83f67ae44bacea536bfa5f47bbf18ce19e73de3b78ecbd05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionstore-backups\recovery.baklz4

Filesize
16KB

MD5
48f11c66abd94426aeae915b229731a3

SHA1
81b9e0e7a6d8119a7cb097f61cd62f62970c969f

SHA256
29cf7baa247e43e5dab26fd84d33886add008166973eb65148d01ae366d63ece

SHA512
67cb46d4d2e5f39a2e55c1144f0e627bd501bf8193b2faac2de38414e85af2ea4a183e144005b024b33df661918a0ef2f17d3ca00dd55e5febe1ca1c4b3ee085

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
cac1ac67f68bdc52f579fb69da0222c3

SHA1
c85c7fa3176006e2677cb9c2e07d1a46c3c7925f

SHA256
f5668fc22a4eb1918c9a61270541a0349c0029cd96d5264307f17ed64b958bf6

SHA512
ff6ca3e3bf8d1c7b3df578e4cab536e60e4c9fd6d229edb078aa3faa3dda18bf14554c85f8dbfba8d68a565009071db28f59419fe8ebad8273c5862dc101d61f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
18870d328378af7dc5033ab719f1efa8

SHA1
5357b3014dd664b86691bb7c335d117c6dceb2b5

SHA256
af23f4a2bfd51448eb3b7599195ce4277da54d45f1a322d7099242711942832d

SHA512
e4e5820d2150df278957bfe2b1f1aaaa1704fae4fd4cf22d980d52e417403f352464d0ee49658a76c1cc9f3783cc4bcce8045abc3e19e060232a3c745d048b89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\storage.sqlite

Filesize
4KB

MD5
a40b9920d47f22b1055a4a171c499c56

SHA1
e890a2b21701896acd51c50b94b9ebfd8b5eaeac

SHA256
05aacbc1f86acbe34c5a5b7a79b0c31bb91375f19d660ad932a036e88f4c952d

SHA512
ebcc2d8286f00df96a24ced294c1ea29d0f0c8fcf2096da6afa4814f5b802e8546bbd2dcf75bd670a43ad070d4af39890dacfe17474c3e485755e4d2e1576669

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\storage\default\https+++www.file.io\.metadata-v2

Filesize
49B

MD5
67b720f5e57b30c5f807c32bc2c86973

SHA1
1029b5e20a3638b7ca9385ffb933574f7d41d7c9

SHA256
3125d8a40c30f1f02b4a085e61cbd98433f853c49f9ccab12126ed99ac0a844e

SHA512
eb3c6d132d5d50d00e82e44dd5436a5382c2762dfd76a78f6df4c45b3afa46d8bdb98f89e389f765257424b1e465282487b5ca5dc4f2cf336403b0b7e86392ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\storage\default\https+++www.file.io\ls\usage

Filesize
12B

MD5
2b9eeaef000916b5bcdfd130a377f1b1

SHA1
aa3c40fbad33e864f3200c71c9b7d3448dca98a4

SHA256
a2716070f808062eeb01e3ce25a004cc97d5d80f1e6608d4801e94de42969b9b

SHA512
e6580aa43a412341630ba84cd254a161971b590002dc2034a4b8b8682285676030f5e2c39d857db5bcd6388d1a2e2d81e63831176f734980aeb178ad0c4d8cd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite

Filesize
48KB

MD5
2aea983979d7bf0c0fff20eb412fb3b7

SHA1
f2e56baec3a441ecb29b845571c6924a8b7914c2

SHA256
3179534c631d08b04868a68f66e83dd88817092ae70a59ab9db01658dcf9f667

SHA512
b2d261324c6d3166222de702610626594537eb99f101afa645daeaf1f053f7b49c8a0251b766df2e3a6c9eab32048a077a2678b72b4d28c5eb12b52e20c09771

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\storage\default\https+++www.roblox.com\ls\usage

Filesize
12B

MD5
0cd08e4fbd0b633f6229d3457f4c0809

SHA1
d075cfe3cc035aefbba10bf625857e4fbb7ff486

SHA256
75b8d19fc8d9799bf1a675469bee5ce9e2f36b3cf8a69148944a2fafc42a9b9b

SHA512
3fc3cf6b14c486cc2b515152186ece428bea27e724f849fd08db923578ad7c8cd3dd23d6f2b6d72a2694cdb711f67a803b0696fefacd07305312281e2e01adce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
e7067c9f6cb3498338d67acb0b654404

SHA1
b1d9a33c07ba5961c46b6fa33f8fe3ceb33e7f46

SHA256
f65440e914dcd8f4437bb811b530b9c01d1fd129d24cb5e5f3f62028cf608066

SHA512
1d9c8ffab3f3e1f3314a59a62f87c7a4a6e9f909a9a48fe272bd9e03501e6be1f89ddb8a75b2f6027266fc1a82d66a1549f63657553a78bea112b38501382978

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
a48f05f5284faa0ea7db2f2b5156d31d

SHA1
4c494927c360e4612b70f28929dd60abd1141533

SHA256
a0ac875ad0743318eb337924b126fc716b3dc81724f00d93d9998bf0cd53e857

SHA512
868c39bd80663e9e1a89df82e9037ca472a24b72d4ceafed87e59175be7dbe219ddea43422fe463a43c0cd0b7af8aad65c3eea9525742f1f63045d44237ba471

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\xulstore.json

Filesize
217B

MD5
3c7edbdeecdb47fba617e3d03c36b0d3

SHA1
53628ce8c5170810fabafab8e001bfd971d47825

SHA256
c3db6f2519b071b7441022f9ed508b0da5ba40295be0ee449a27bd6146595d04

SHA512
bbf56ea374114173f7de198cd71ac6e75276b0f30926c6690db512f45ac2e54d099d990c285578f702696494d2884d8550e5dddadeee01077933034ac3817842

Download Submit
C:\Users\Admin\Downloads\RobloxStudioInstaller.cgCMudRd.exe.part

Filesize
5.4MB

MD5
4fa63f4ccb9b1fca93ab82e51c6d4750

SHA1
1f26018c15ed5e14140ed44c28cf52a7b892fc86

SHA256
685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb

SHA512
a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab

Download Submit
C:\Users\Admin\Downloads\SecureAdonisFixed3.rIJ1x-T_.rbxm.part

Filesize
259KB

MD5
65750f84b1e8324625ce2cf026a1f129

SHA1
4178b6d047cbaa097fd8eddb4296fdf5344e59e1

SHA256
36c8cef91fcd3a50420beff06b9b02b32609d979b92854b91a53affbcbe163fb

SHA512
a80073fd61395e68fb11c2a406481df362e6978eee3e1b91e567b3b352322938f8c0fe5d16b25d80e16ff59308d07d08a0f4eaa6703310c061365cb5b02696de

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/968-6504-0x00007FFA41980000-0x00007FFA41ECC000-memory.dmp

Filesize
5.3MB

Download
memory/968-6752-0x00000165A3A10000-0x00000165A3A11000-memory.dmp

Filesize
4KB

Download
memory/968-6751-0x00000165A3A10000-0x00000165A3A11000-memory.dmp

Filesize
4KB

Download
memory/968-6736-0x000001659FB50000-0x000001659FD50000-memory.dmp

Filesize
2.0MB

Download
memory/968-6734-0x000001659F710000-0x000001659FB50000-memory.dmp

Filesize
4.2MB

Download
memory/968-6741-0x000001659FE40000-0x000001659FE41000-memory.dmp

Filesize
4KB

Download
memory/968-6753-0x00000165A3A10000-0x00000165A3A11000-memory.dmp

Filesize
4KB

Download
memory/968-6743-0x000001659FE50000-0x000001659FE51000-memory.dmp

Filesize
4KB

Download
memory/968-6740-0x000001659FE40000-0x000001659FE41000-memory.dmp

Filesize
4KB

Download
memory/968-6506-0x00007FFA42570000-0x00007FFA42972000-memory.dmp

Filesize
4.0MB

Download
memory/968-6744-0x000001659FE40000-0x000001659FE41000-memory.dmp

Filesize
4KB

Download
memory/968-6507-0x00007FFA42570000-0x00007FFA42972000-memory.dmp

Filesize
4.0MB

Download
memory/968-6745-0x000001659FE50000-0x000001659FE51000-memory.dmp

Filesize
4KB

Download
memory/968-6747-0x000001659FE50000-0x000001659FE51000-memory.dmp

Filesize
4KB

Download
memory/968-6746-0x000001659FE50000-0x000001659FE51000-memory.dmp

Filesize
4KB

Download
memory/968-6749-0x00000165A3A10000-0x00000165A3A11000-memory.dmp

Filesize
4KB

Download
memory/968-6750-0x000001659FE50000-0x000001659FE51000-memory.dmp

Filesize
4KB

Download
memory/1996-6529-0x0000018AB5B40000-0x0000018AB5BEC000-memory.dmp

Filesize
688KB

Download
memory/1996-5661-0x0000018AB5B40000-0x0000018AB5BEC000-memory.dmp

Filesize
688KB

Download
memory/2496-4746-0x0000000072F70000-0x0000000073180000-memory.dmp

Filesize
2.1MB

Download
memory/2496-4745-0x00000000005B0000-0x00000000005E5000-memory.dmp

Filesize
212KB

Download
memory/2496-4788-0x0000000072F70000-0x0000000073180000-memory.dmp

Filesize
2.1MB

Download
memory/2496-4848-0x00000000005B0000-0x00000000005E5000-memory.dmp

Filesize
212KB

Download
memory/5200-4855-0x00007FF661B70000-0x00007FF662B70000-memory.dmp

Filesize
16.0MB

Download
memory/5200-4853-0x00007FFA41980000-0x00007FFA41ECC000-memory.dmp

Filesize
5.3MB

Download
memory/5200-4854-0x00007FFA42570000-0x00007FFA42972000-memory.dmp

Filesize
4.0MB

Download
memory/5200-4856-0x00007FFA42570000-0x00007FFA42972000-memory.dmp

Filesize
4.0MB

Download
memory/5500-6707-0x00007FFA41980000-0x00007FFA41ECC000-memory.dmp

Filesize
5.3MB

Download
memory/5500-6706-0x00007FFA42570000-0x00007FFA42972000-memory.dmp

Filesize
4.0MB

Download
memory/5668-4988-0x00007FFA63180000-0x00007FFA63181000-memory.dmp

Filesize
4KB

Download
memory/5668-5166-0x000002A593480000-0x000002A59352C000-memory.dmp

Filesize
688KB

Download
memory/6044-5660-0x000001D693050000-0x000001D6930FC000-memory.dmp

Filesize
688KB

Download
memory/6044-4904-0x00007FFA63180000-0x00007FFA63181000-memory.dmp

Filesize
4KB

Download
memory/6068-4989-0x00007FFA633E0000-0x00007FFA633E1000-memory.dmp

Filesize
4KB

Download
memory/6068-4990-0x00007FFA63480000-0x00007FFA63481000-memory.dmp

Filesize
4KB

Download
memory/6140-5204-0x0000020225540000-0x00000202255EC000-memory.dmp

Filesize
688KB

Download