60593ced1e78fd4b3fdffcd58bcde989d8e9b031b3ad9132815fdf614e0449d4

Analysis

max time kernel
1050s
max time network
1052s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
01/08/2024, 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CeleryInstaller.exe
Size

822KB
MD5

0bd82e264be214414d6dd26bac3e1770
SHA1

5325e64053dcf599a9c5cedec532418716f9d357
SHA256

60593ced1e78fd4b3fdffcd58bcde989d8e9b031b3ad9132815fdf614e0449d4
SHA512

842a80fed2286d06987cd2dde7ae94fc6c7986eb49cc62684f62f148973e5080df7866e1d2f81d53cb5ac95ef9d88489f6765265e29104be0ae349c6a3164592
SSDEEP

12288:c5SsIg0ZvkY29slOLJFbJZXM1Eg/2QAu4NRFNxIg0Z:Ru0ZvkY29+OLfzI2Q0NH10Z

Score

8^/10

defense_evasion discovery evasion persistence privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 51 IoCs

pid	Process
3360	Celery.exe
2320	CefSharp.BrowserSubprocess.exe
2852	CefSharp.BrowserSubprocess.exe
2480	main.exe
2076	CefSharp.BrowserSubprocess.exe
1996	CefSharp.BrowserSubprocess.exe
3872	CefSharp.BrowserSubprocess.exe
3684	luau-lsp.exe
1656	CefSharp.BrowserSubprocess.exe
3152	CefSharp.BrowserSubprocess.exe
6100	RobloxPlayerInstaller.exe
3148	MicrosoftEdgeWebview2Setup.exe
4852	MicrosoftEdgeUpdate.exe
5940	MicrosoftEdgeUpdate.exe
5944	MicrosoftEdgeUpdate.exe
5156	MicrosoftEdgeUpdateComRegisterShell64.exe
1248	MicrosoftEdgeUpdateComRegisterShell64.exe
5132	MicrosoftEdgeUpdateComRegisterShell64.exe
6008	MicrosoftEdgeUpdate.exe
1732	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
5276	MicrosoftEdgeUpdate.exe
5248	MicrosoftEdge_X64_127.0.2651.86.exe
1188	setup.exe
2548	setup.exe
5148	MicrosoftEdgeUpdate.exe
6052	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
948	Celery.exe
3292	CefSharp.BrowserSubprocess.exe
5412	CefSharp.BrowserSubprocess.exe
1664	CefSharp.BrowserSubprocess.exe
5332	CefSharp.BrowserSubprocess.exe
5436	CefSharp.BrowserSubprocess.exe
3576	RobloxPlayerBeta.exe
1180	MicrosoftEdgeUpdate.exe
1388	CefSharp.BrowserSubprocess.exe
3496	MicrosoftEdgeUpdate.exe
5216	MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
5728	MicrosoftEdgeUpdate.exe
4896	MicrosoftEdgeUpdate.exe
3096	MicrosoftEdgeUpdate.exe
5776	MicrosoftEdgeUpdate.exe
3148	MicrosoftEdgeUpdateComRegisterShell64.exe
4996	MicrosoftEdgeUpdateComRegisterShell64.exe
1392	MicrosoftEdgeUpdateComRegisterShell64.exe
3436	MicrosoftEdgeUpdate.exe
1504	MicrosoftEdgeUpdate.exe
5364	MicrosoftEdgeUpdate.exe
3864	MicrosoftEdgeUpdate.exe

Loads dropped DLL 64 IoCs

pid	Process
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
2320	CefSharp.BrowserSubprocess.exe
2320	CefSharp.BrowserSubprocess.exe
2320	CefSharp.BrowserSubprocess.exe
2320	CefSharp.BrowserSubprocess.exe
2320	CefSharp.BrowserSubprocess.exe
2320	CefSharp.BrowserSubprocess.exe
2320	CefSharp.BrowserSubprocess.exe
2320	CefSharp.BrowserSubprocess.exe
2320	CefSharp.BrowserSubprocess.exe
2320	CefSharp.BrowserSubprocess.exe
2320	CefSharp.BrowserSubprocess.exe
2852	CefSharp.BrowserSubprocess.exe
2852	CefSharp.BrowserSubprocess.exe
2852	CefSharp.BrowserSubprocess.exe
2852	CefSharp.BrowserSubprocess.exe
2852	CefSharp.BrowserSubprocess.exe
3360	Celery.exe
1996	CefSharp.BrowserSubprocess.exe
1996	CefSharp.BrowserSubprocess.exe
2076	CefSharp.BrowserSubprocess.exe
1996	CefSharp.BrowserSubprocess.exe
1996	CefSharp.BrowserSubprocess.exe
1996	CefSharp.BrowserSubprocess.exe
2076	CefSharp.BrowserSubprocess.exe
2076	CefSharp.BrowserSubprocess.exe
2076	CefSharp.BrowserSubprocess.exe
2076	CefSharp.BrowserSubprocess.exe
3872	CefSharp.BrowserSubprocess.exe
3872	CefSharp.BrowserSubprocess.exe
3872	CefSharp.BrowserSubprocess.exe
3872	CefSharp.BrowserSubprocess.exe
3872	CefSharp.BrowserSubprocess.exe
1656	CefSharp.BrowserSubprocess.exe
1656	CefSharp.BrowserSubprocess.exe
1656	CefSharp.BrowserSubprocess.exe
1656	CefSharp.BrowserSubprocess.exe
1656	CefSharp.BrowserSubprocess.exe
3152	CefSharp.BrowserSubprocess.exe
3152	CefSharp.BrowserSubprocess.exe
3152	CefSharp.BrowserSubprocess.exe
3152	CefSharp.BrowserSubprocess.exe
3152	CefSharp.BrowserSubprocess.exe
3152	CefSharp.BrowserSubprocess.exe
3152	CefSharp.BrowserSubprocess.exe
3152	CefSharp.BrowserSubprocess.exe
4852	MicrosoftEdgeUpdate.exe
5940	MicrosoftEdgeUpdate.exe
5944	MicrosoftEdgeUpdate.exe
5156	MicrosoftEdgeUpdateComRegisterShell64.exe
5944	MicrosoftEdgeUpdate.exe
1248	MicrosoftEdgeUpdateComRegisterShell64.exe
5944	MicrosoftEdgeUpdate.exe
5132	MicrosoftEdgeUpdateComRegisterShell64.exe
5944	MicrosoftEdgeUpdate.exe
6008	MicrosoftEdgeUpdate.exe
1732	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
924	MicrosoftEdgeUpdate.exe
1732	MicrosoftEdgeUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
2	raw.githubusercontent.com

Network Service Discovery 1 TTPs 13 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
1664	CefSharp.BrowserSubprocess.exe
3292	CefSharp.BrowserSubprocess.exe
5412	CefSharp.BrowserSubprocess.exe
1656	CefSharp.BrowserSubprocess.exe
1388	CefSharp.BrowserSubprocess.exe
2852	CefSharp.BrowserSubprocess.exe
2076	CefSharp.BrowserSubprocess.exe
2320	CefSharp.BrowserSubprocess.exe
1996	CefSharp.BrowserSubprocess.exe
5332	CefSharp.BrowserSubprocess.exe
5436	CefSharp.BrowserSubprocess.exe
3872	CefSharp.BrowserSubprocess.exe
3152	CefSharp.BrowserSubprocess.exe

Checks system information in the registry 2 TTPs 22 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	CefSharp.BrowserSubprocess.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	CefSharp.BrowserSubprocess.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	CefSharp.BrowserSubprocess.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	CefSharp.BrowserSubprocess.exe

Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs

pid	Process
6052	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
3576	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
6052	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
3576	RobloxPlayerBeta.exe
3576	RobloxPlayerBeta.exe
3576	RobloxPlayerBeta.exe
3576	RobloxPlayerBeta.exe
3576	RobloxPlayerBeta.exe
3576	RobloxPlayerBeta.exe
3576	RobloxPlayerBeta.exe
3576	RobloxPlayerBeta.exe
3576	RobloxPlayerBeta.exe
3576	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\AvatarImporter\img_light_custom.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\DeveloperFramework\checkbox_checked_light.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\TerrainTools\radio_button_frame_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\Menu\rectBackground.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\TerrainTools\mtrl_sand.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\NetworkPause\no [email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\ExtraContent\textures\ui\LuaDiscussions\buttonStroke.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Locales\ca.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Locales\vi.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Locales\gu.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\configs\GameControllerConfigs\gamecontrollerdb.txt	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\fonts\SourceSansPro-It.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\GameSettings\Arrow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\TerrainTools\mtrl_rock_2022.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\Controls\DesignSystem\ButtonB.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\Settings\Radial\BottomSelected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Locales\fr.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\avatar\unification\humanoidClassicAnimateDefaultChildren.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\Controls\xboxmenu.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\VoiceChat\RedSpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\VoiceChat\SpeakerNew\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_12.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU57D1.tmp\msedgeupdateres_mr.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\AnimationEditor\button_control_next.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\VoiceChat\New\Unmuted60.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Locales\sr-Cyrl-BA.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\Locales\kn.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\AnimationEditor\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\TerrainTools\mtrl_snow_2022.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\ExtraContent\textures\ui\LuaChat\icons\ic-profile.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\Health-BKG-Left-Cap.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\VoiceChat\SpeakerLight\Unmuted0.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_4.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU57D1.tmp\MicrosoftEdgeUpdateBroker.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\127.0.2651.86.manifest	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\Settings\Players\BlockIcon.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Locales\mt.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\DeveloperFramework\StudioTheme\clear.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\dialog_green.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\Emotes\Editor\Small\OrangeHighlight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\fonts\zekton_rg.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\ScreenshotHud\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\Settings\Help\BButtonDark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\StudioToolbox\announcementConstruction.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\Settings\Players\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\msedge_wer.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\Locales\id.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB6A8.tmp\msedgeupdateres_vi.dll	MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\MaterialFramework\Grid.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\ExtraContent\textures\ui\LuaApp\icons\ic-more-create.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\avatar\heads\headB.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\common\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\AnimationEditor\button_zoom_default_right.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\StudioSharedUI\meshes.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\Lobby\Buttons\scroll_down.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\ui\MenuBar\icon_maximize.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\content\textures\Debugger\callStack.png	RobloxPlayerInstaller.exe

Drops file in Windows directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	Celery.exe
File opened for modification	C:\Windows\SystemTemp	Celery.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3360_1300674032\manifest.json	Celery.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3360_1300674032\_metadata\verified_contents.json	Celery.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3360_1300674032\manifest.fingerprint	Celery.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3360_1300674032\LICENSE	Celery.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3360_1300674032\_platform_specific\win_x64\widevinecdm.dll.sig	Celery.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3360_1300674032\_platform_specific\win_x64\widevinecdm.dll	Celery.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CeleryInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3436	MicrosoftEdgeUpdate.exe
3864	MicrosoftEdgeUpdate.exe
6008	MicrosoftEdgeUpdate.exe
5276	MicrosoftEdgeUpdate.exe
5148	MicrosoftEdgeUpdate.exe
5728	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback"	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1974522869-4251526421-3305193628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	Celery.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\NumMethods\ = "26"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass.1\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0E8770A1-043A-4818-BB5C-41862B93EEFF}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ = "IProgressWndEvents"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "ServiceModule"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ = "IAppVersionWeb"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ProgID\ = "MicrosoftEdgeUpdate.CoreClass.1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService\CurVer\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 423001.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2320	CefSharp.BrowserSubprocess.exe
2320	CefSharp.BrowserSubprocess.exe
3360	Celery.exe
2852	CefSharp.BrowserSubprocess.exe
2852	CefSharp.BrowserSubprocess.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
1996	CefSharp.BrowserSubprocess.exe
1996	CefSharp.BrowserSubprocess.exe
2076	CefSharp.BrowserSubprocess.exe
2076	CefSharp.BrowserSubprocess.exe
3872	CefSharp.BrowserSubprocess.exe
3872	CefSharp.BrowserSubprocess.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe
3360	Celery.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2720	CeleryInstaller.exe
Token: SeDebugPrivilege	2320	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeDebugPrivilege	2852	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeDebugPrivilege	1996	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	2076	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	3872	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe
Token: SeCreatePagefilePrivilege	3360	Celery.exe
Token: SeShutdownPrivilege	3360	Celery.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2720	CeleryInstaller.exe
3360	Celery.exe

Suspicious use of UnmapMainImage 4 IoCs

pid	Process
6052	RobloxPlayerBeta.exe
5696	RobloxPlayerBeta.exe
5148	RobloxPlayerBeta.exe
3576	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 3360	2720	CeleryInstaller.exe	80
PID 2720 wrote to memory of 3360	2720	CeleryInstaller.exe	80
PID 3360 wrote to memory of 2320	3360	Celery.exe	81
PID 3360 wrote to memory of 2320	3360	Celery.exe	81
PID 3360 wrote to memory of 2852	3360	Celery.exe	82
PID 3360 wrote to memory of 2852	3360	Celery.exe	82
PID 3360 wrote to memory of 2480	3360	Celery.exe	83
PID 3360 wrote to memory of 2480	3360	Celery.exe	83
PID 3360 wrote to memory of 2076	3360	Celery.exe	85
PID 3360 wrote to memory of 2076	3360	Celery.exe	85
PID 3360 wrote to memory of 3872	3360	Celery.exe	86
PID 3360 wrote to memory of 3872	3360	Celery.exe	86
PID 3360 wrote to memory of 1996	3360	Celery.exe	87
PID 3360 wrote to memory of 1996	3360	Celery.exe	87
PID 2480 wrote to memory of 3684	2480	main.exe	88
PID 2480 wrote to memory of 3684	2480	main.exe	88
PID 3892 wrote to memory of 2976	3892	msedge.exe	95
PID 3892 wrote to memory of 2976	3892	msedge.exe	95
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3348	3892	msedge.exe	96
PID 3892 wrote to memory of 3844	3892	msedge.exe	97
PID 3892 wrote to memory of 3844	3892	msedge.exe	97
PID 3892 wrote to memory of 3500	3892	msedge.exe	98
PID 3892 wrote to memory of 3500	3892	msedge.exe	98
PID 3892 wrote to memory of 3500	3892	msedge.exe	98
PID 3892 wrote to memory of 3500	3892	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\CeleryInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\CeleryInstaller.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Users\Admin\Desktop\Celery\Celery.exe
  "C:\Users\Admin\Desktop\Celery\Celery.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3360
- - C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe
    "C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\Desktop\Celery\cache" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\Desktop\Celery\debug.log" --field-trial-handle=1932,i,6494452169782550947,4247892980884422101,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=1924 /prefetch:2 --host-process-id=3360
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Network Service Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2320
- - C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe
    "C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\Desktop\Celery\cache" --cefsharpexitsub --log-file="C:\Users\Admin\Desktop\Celery\debug.log" --field-trial-handle=2792,i,6494452169782550947,4247892980884422101,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=2788 /prefetch:3 --host-process-id=3360
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Network Service Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2852
- - C:\Users\Admin\Desktop\Celery\bin\lsp\main.exe
    "C:\Users\Admin\Desktop\Celery\bin\lsp\main.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2480
  - - C:\Users\Admin\Desktop\Celery\bin\lsp\luau-lsp.exe
      C:\Users\Admin\Desktop\Celery\bin\lsp\luau-lsp.exe lsp --docs=./en-us.json --definitions=./globalTypes.d.lua --base-luaurc=./.luaurc
      4⤵
      Executes dropped EXE
      PID:3684
- - C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe
    "C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\Desktop\Celery\cache" --cefsharpexitsub --log-file="C:\Users\Admin\Desktop\Celery\debug.log" --field-trial-handle=4444,i,6494452169782550947,4247892980884422101,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8 --host-process-id=3360
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Network Service Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2076
- - C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe
    "C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\Desktop\Celery\cache" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\Desktop\Celery\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=4128,i,6494452169782550947,4247892980884422101,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=4124 --host-process-id=3360 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Network Service Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3872
- - C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe
    "C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\Desktop\Celery\cache" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\Desktop\Celery\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=4148,i,6494452169782550947,4247892980884422101,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=4144 --host-process-id=3360 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Network Service Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1996
- - C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe
    "C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\Desktop\Celery\cache" --cefsharpexitsub --log-file="C:\Users\Admin\Desktop\Celery\debug.log" --field-trial-handle=4348,i,6494452169782550947,4247892980884422101,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3320 /prefetch:8 --host-process-id=3360
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Network Service Discovery
    PID:1656
- - C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe
    "C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\Desktop\Celery\cache" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\Desktop\Celery\debug.log" --field-trial-handle=5084,i,6494452169782550947,4247892980884422101,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:8 --host-process-id=3360
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Network Service Discovery
    - Drops file in System32 directory
    PID:3152
- - C:\Users\Admin\Desktop\Celery\Celery.exe
    "C:\Users\Admin\Desktop\Celery\Celery.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:948
  - - C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\Desktop\Celery\cache" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\Desktop\Celery\debug.log" --field-trial-handle=1928,i,11131579676719195562,13663207966639121380,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=1920 /prefetch:2 --host-process-id=948
      4⤵
      Executes dropped EXE
      Network Service Discovery
      PID:3292
  - - C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\Desktop\Celery\cache" --cefsharpexitsub --log-file="C:\Users\Admin\Desktop\Celery\debug.log" --field-trial-handle=2592,i,11131579676719195562,13663207966639121380,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=1720 /prefetch:3 --host-process-id=948
      4⤵
      Executes dropped EXE
      Network Service Discovery
      PID:5412
  - - C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\Desktop\Celery\cache" --cefsharpexitsub --log-file="C:\Users\Admin\Desktop\Celery\debug.log" --field-trial-handle=4024,i,11131579676719195562,13663207966639121380,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=4012 /prefetch:8 --host-process-id=948
      4⤵
      Executes dropped EXE
      Network Service Discovery
      PID:1664
  - - C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\Desktop\Celery\cache" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\Desktop\Celery\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=4092,i,11131579676719195562,13663207966639121380,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=4088 --host-process-id=948 /prefetch:1
      4⤵
      Executes dropped EXE
      Network Service Discovery
      PID:5436
  - - C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe" --type=renderer --user-data-dir="C:\Users\Admin\Desktop\Celery\cache" --cefsharpexitsub --no-sandbox --log-file="C:\Users\Admin\Desktop\Celery\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=4056,i,11131579676719195562,13663207966639121380,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=4052 --host-process-id=948 /prefetch:1
      4⤵
      Executes dropped EXE
      Network Service Discovery
      PID:5332
  - - C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe
      "C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\Desktop\Celery\cache" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\Desktop\Celery\debug.log" --field-trial-handle=4748,i,11131579676719195562,13663207966639121380,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=616 /prefetch:8 --host-process-id=948
      4⤵
      Executes dropped EXE
      Network Service Discovery
      Drops file in System32 directory
      PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeb8383cb8,0x7ffeb8383cc8,0x7ffeb8383cd8
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1100 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6772 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5152
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  PID:6100
- - C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:3148
  - - C:\Program Files (x86)\Microsoft\Temp\EU57D1.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU57D1.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      PID:4852
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5940
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5944
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5156
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1248
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5132
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDBENDE0RjQtOUEyOC00REVGLUEwNDgtRjBCMjU5Njc5NEQyfSIgdXNlcmlkPSJ7NEI5MEQ0MkUtN0VFMy00QTIyLUI2MDEtM0RFNUIzNzhGNUMwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2NEI0RUM1NS02NDFDLTQ2QTQtODkxRC1GNzA4QUU0REEwRjh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcyMTM0ODQ0NzgiIGluc3RhbGxfdGltZV9tcz0iNTY4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:6008
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{40D414F4-9A28-4DEF-A048-F0B2596794D2}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1732
- - C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\RobloxPlayerBeta.exe" -app -isInstallerLaunch -clientLaunchTimeEpochMs 0
    3⤵
    - Executes dropped EXE
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of UnmapMainImage
    PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15282243477673912255,16447496278919679861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:rRhI-p6B5BHSDaTUeRkbLIFfaWBMpeLwmOVvtNCR_4oOhMk6Ejm5YwDHurIkxsSdX3BtuVX8zp87gkfQy4pOUQSo0fnR91EF39yHrsvzDF8db13RQoJPUujMxwaa6w0bQ0ycPccb8IoKlltokSRwdLShULO79CDNxg3dMkyPEkgBN0UxzWU2ZvUFmjVZwZhpEjRlHkhAPJuxPjTuOntS54J3AF2WLqmiw1dZmzeZYzQ+launchtime:1722554498521+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1722554296054008%26placeId%3D18758493403%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D54f870a9-5677-42a0-9a8a-44607876ddca%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1722554296054008+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:5696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2228

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:924
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDBENDE0RjQtOUEyOC00REVGLUEwNDgtRjBCMjU5Njc5NEQyfSIgdXNlcmlkPSJ7NEI5MEQ0MkUtN0VFMy00QTIyLUI2MDEtM0RFNUIzNzhGNUMwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyREUwNzE5Qi1DODBFLTRFOTYtQjMwMS0wMzNBNUY3RDc5NTR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMDYiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEwNiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcyMTY3MDQ0ODgiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5276
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{603BBF87-6953-4225-B478-D744C0060E68}\MicrosoftEdge_X64_127.0.2651.86.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{603BBF87-6953-4225-B478-D744C0060E68}\MicrosoftEdge_X64_127.0.2651.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:5248
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{603BBF87-6953-4225-B478-D744C0060E68}\EDGEMITMP_C673C.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{603BBF87-6953-4225-B478-D744C0060E68}\EDGEMITMP_C673C.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{603BBF87-6953-4225-B478-D744C0060E68}\MicrosoftEdge_X64_127.0.2651.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:1188
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{603BBF87-6953-4225-B478-D744C0060E68}\EDGEMITMP_C673C.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{603BBF87-6953-4225-B478-D744C0060E68}\EDGEMITMP_C673C.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{603BBF87-6953-4225-B478-D744C0060E68}\EDGEMITMP_C673C.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff76652b7d0,0x7ff76652b7dc,0x7ff76652b7e8
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:2548
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDBENDE0RjQtOUEyOC00REVGLUEwNDgtRjBCMjU5Njc5NEQyfSIgdXNlcmlkPSJ7NEI5MEQ0MkUtN0VFMy00QTIyLUI2MDEtM0RFNUIzNzhGNUMwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyRjA0ODJBNy1EOUNELTQyRkItODU5Ny0xRUQ4NzdEMzIzM0J9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjcuMC4yNjUxLjg2IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MjI5NTY0NTYxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzIyOTYzNDQ1MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0MDQ5NTY1OTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2IyMzVmYzNhLTg2YmYtNDIwZi1iMWJjLTZjNjdhM2E5NTg4OT9QMT0xNzIzMTU5MTkyJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVA5UnJSVloyMmU1RmxzQkFBNXJLNFpvU1p3JTJmSW9qN2dHOFFzZFRNN2h1S0p4RnpUUnVMVTNqMkZSS1ZyNjFVQWdjTklubUhHSU56OE8xOFlZOGZyS2clM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI1NjcxMDQiIHRvdGFsPSIxNzI1NjcxMDQiIGRvd25sb2FkX3RpbWVfbXM9IjE1NDI4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzQwNTA2NjY1MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0MTg4OTY2ODgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4NTY4MTY1NTUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI4MjIiIGRvd25sb2FkX3RpbWVfbXM9IjE3NTI2IiBkb3dubG9hZGVkPSIxNzI1NjcxMDQiIHRvdGFsPSIxNzI1NjcxMDQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQzNzg5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5148

C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:5148

C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-ddeff41b4db0441b\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:3576

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1180

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:3496
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6DEF83AB-3885-4BC0-B886-8AF1040747E2}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6DEF83AB-3885-4BC0-B886-8AF1040747E2}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe" /update /sessionid "{14F402AC-7943-4AA6-AC24-BEE43E96B0B4}"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5216
- - C:\Program Files (x86)\Microsoft\Temp\EUB6A8.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUB6A8.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{14F402AC-7943-4AA6-AC24-BEE43E96B0B4}"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    PID:4896
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:3096
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5776
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3148
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4996
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1392
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTRGNDAyQUMtNzk0My00QUE2LUFDMjQtQkVFNDNFOTZCMEI0fSIgdXNlcmlkPSJ7NEI5MEQ0MkUtN0VFMy00QTIyLUI2MDEtM0RFNUIzNzhGNUMwfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7RjM4MDZDM0MtREQ2OC00MjgyLUJDQjEtRTNFNDMzMTExMkUwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjI1NTQzODkiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMDQ2NDczMDIxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Executes dropped EXE
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3436
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTRGNDAyQUMtNzk0My00QUE2LUFDMjQtQkVFNDNFOTZCMEI0fSIgdXNlcmlkPSJ7NEI5MEQ0MkUtN0VFMy00QTIyLUI2MDEtM0RFNUIzNzhGNUMwfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0ODc4QzdFQi1DNUY5LTQyMUItQUI4Ri01NzgzREJCN0UyRjN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNzkzMTg2Mjk1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNzkzMTg2Mjk1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjAyODM0ODE5OCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyM2ZhN2Y3LTQ0NDUtNDEzNy04MmVjLTcxNTI4OTQ5MTgyYT9QMT0xNzIzMTU5NTQ5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUwxS1ZjOSUyYlBYazkxc2hEQWhQdWwyU2tNM21RU0NIVnVEaWZsZkk0YWlxQ1AlMmYxY3hKSTNuMTlHaklMV0ZVcVhXa3p3biUyYmI3YmNIbE0yZTJkTSUyZlJzeVElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjAyODUwNDE1MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMzIzZmE3ZjctNDQ0NS00MTM3LTgyZWMtNzE1Mjg5NDkxODJhP1AxPTE3MjMxNTk1NDkmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9TDFLVmM5JTJiUFhrOTFzaERBaFB1bDJTa00zbVFTQ0hWdURpZmxmSTRhaXFDUCUyZjFjeEpJM24xOUdqSUxXRlVxWFdrenduJTJiYjdiY0hsTTJlMmRNJTJmUnN5USUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2NDUxMTIiIHRvdGFsPSIxNjQ1MTEyIiBkb3dubG9hZF90aW1lX21zPSIxMTkyMzUiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTIwMjg1MDQxNTMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTIwMzM4MTY2NjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzY3MDI3ODg3NzU3NTIwMCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI3LjAuMjY1MS44NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0ExNDI5Q0FBLThGMkUtNEQ3RC1CMjQ5LTMyNzIzNzVCM0EzRX0iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5728

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1504

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
PID:5364
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUZDRUM5NjctODZDMi00RkI2LUFDNEYtNUU3QjBBMTE1MkNEfSIgdXNlcmlkPSJ7NEI5MEQ0MkUtN0VFMy00QTIyLUI2MDEtM0RFNUIzNzhGNUMwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NDkxOEREMUEtQTI0Qy00Q0Y2LUEwNUYtQTI5OEMyRTZBQTUxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMDYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjIiIGluc3RhbGxkYXRldGltZT0iMTcyMjM2MjU1NCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzY2ODM1MjM0MjE4ODE4OCIgZmlyc3RfZnJlX3NlZW5fdGltZT0iMTMzNjcwMjc5MjQxMzA5NzQ3Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjMxMTE4OSIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTUwNjMxOTE4NzEiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Installer\setup.exe

Filesize
6.6MB

MD5
71bf4a76d1762959b49eda173f57656e

SHA1
2ead7f36b7ef2790d83d10d96b20959bf73d061d

SHA256
0121c1dde7daaacfd974fc8545a029e970ad7769af84646feff41b7c8c2de33e

SHA512
05ea34097e98e4df5358a2968e4af9c7157c1946b15787d5c3cb1c841d47db6cacda4135a0fc662c2dae0b8ad03bdcfa1015db745c39bb16068df0108bda717e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.15\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe

Filesize
1.6MB

MD5
90decc230b529e4fd7e5fa709e575e76

SHA1
aa48b58cf2293dad5854431448385e583b53652c

SHA256
91f0deec7d7319e57477b74a7a5f4d17c15eb2924b53e05a5998d67ecc8201f2

SHA512
15c0c5ef077d5aca08c067afbc8865ad267abd7b82049655276724bce7f09c16f52d13d69d1449888d8075e13125ff8f880a0d92adc9b65a5171740a7c72df03

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
5.5MB

MD5
24591f85e9569269a3b822d0da2e0626

SHA1
62641ade4943b93983b4e59ffd6ee4dcbd77c17e

SHA256
d29bcf294dd77568fd173adac8c705d991482d645127baccb7efca20f560a5a2

SHA512
d0bfe43ece2c598a12fe7d3f2cd12e0685b639aec0fc7a1bbdf0829b886c22208e4236500d8e6540d7faef1514769b87bbdc666602c5548649e50aa61f2077de

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
14KB

MD5
fd1ac1642cfeaaaa1d060ee81679ceff

SHA1
ee027467b2554ab03539da5bbc6dd486f3bc56d1

SHA256
a79515a6cf80218d9ea0deaacb9e77af487300b6457c28fee2a35262df4eeee6

SHA512
391062d5ef528d757cf43d90f5d8dbb11e1b81dec37d063297ad286a1279dfe26e1c006624e48aee7a6bb2f574ab5b7ab4a365fa2802396dc7f2fb3aa9fa05d6

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\2a576a8f9f048d67\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
9dbcd98408187b1d8ee2757b100f60c8

SHA1
535908e2dc9ee5140072ef0e890dcd450aea8a46

SHA256
145f7abf59934edc3901e3db97e48425b8db111a42dba26e0d99ef56bd021be3

SHA512
2a4190cf8b4edee2110d50f95d2a6d6e30fc71ee19fd349045289767fd31a80662b34c65924873bbf7322a941f107e670404c165ac5b49fcdb7f22c5ee8441d4

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\2a576a8f9f048d67\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\2a576a8f9f048d67\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1024B

MD5
231e3147db8bc421b1005900f97776af

SHA1
e6f45fe00383222bf0da14040e279e746c9e9550

SHA256
f7948a1bd75c782bf169d57129a8341f86e8b723b211361894fe0068ee03f508

SHA512
79d61c5d623d53947b107d965098ba1cd9f503a937452bd166f7b39291aba372ccd401685e16da6b2acfb263b19e8499f551bf332ef9336d640ef856d19da0fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e35616ead296dfc20451e3f2ef0f1a6a

SHA1
cf5d4de230b9631f31e311ed196483af8d39f70b

SHA256
79e0d13391c5a17de396de145490cf013b2d21b35bbd02cbedff4f9c069fb0cc

SHA512
3395980a57ae64d74354c8fb86f6d373ee7ff00fbb6692ce1a0d2f108c3e8ed55e8eefbc986dff90fee28d808fe8ad47428c837a30ce38e6fc70c6743a63a911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3b955e722604701611f125fb68f961ac

SHA1
cd0229bdf7a707e61b68c076be78554e293be793

SHA256
cf96dc0a7769526dd103f80138f017ddd6dc6a30d1160e46085a59cab5ced215

SHA512
7c9ccdfa973bac36d0ff115d1a747762a019b01b3f21d48462e68313efef1aa6cb2f50e40ef211e12b2297d364090227953a7e924ee249a1e5d083e2f72ed53b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
100KB

MD5
fdf09c3c067041ffdefcc9e1bdea9718

SHA1
e31cf28187466b23af697eedc92c542589b6c148

SHA256
144754d90b3eaad27d8a11c86faadb24da4ddc251bead8e43b9ed515fafb84da

SHA512
9e32b294cfc17fd52fbdd62732571f4ee57dc0308d62af476331887d0e2446b483ceac06ba4617cfbb1c347d771c0f7ea12108bc384e93f69b180c7ca1a92268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
51KB

MD5
0a7c0eb14fb4f288d5c61cba111e3dc3

SHA1
48f6448938e1b8df723a9f7c6490a78887f240c6

SHA256
8bef2cb55b40f46f7e2fadfe280e4c41b71a657081858a8224c6fb639d910e4e

SHA512
a63a2651e36b03846d5818a4e03f7582ce95a34d9b4d4be9a5ee152ce22c305a14fec2618aa3f904495bed4c94a3256951ba75dbb0fd0386b3f570096ad4226b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0f8c0acfddf7bd5016018d7112176cb0

SHA1
31db79971baf932aa3e38ee82f81d8e462f4bf69

SHA256
91c9af078a0d08d95f1bbec4b00d805f99f3bee182d323f7d6c8ed1af3cfc7a2

SHA512
b06829e6337993ebd75396f29aa625088a9eca98628e7f8469236c6c589ceeb0fb0f60e2d8608b4b4f9e1ecaf57d889af24bc5bd8ba8434c2d73b706d2157dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
af79619a8b01a32b95556212b2f4676d

SHA1
3beefde92055c8a357c0f1c56e48bf316dc8acec

SHA256
50d61c7557a84533d1407f488fad9ebea4cfe4b6fd01a1a3aad08acaa2fef6f7

SHA512
12e9d31b60b9de9fdab316eea40616910b2e5516a5a1edcfc48c55695c49714c13c45dcdd68fa69cba606d569f384c1efb51d1b8edddd4bc8b1a3f0d99d6d27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
743B

MD5
5e990b229a1d4c92e2f950ab0bfb7c05

SHA1
f2892d8f9ebb0fa493c27a54c9d568dacaac45c4

SHA256
09a0b1fab817aa58e58fde30405a96d9403a0f0f551123ab9752f48b020b1c40

SHA512
2001b4ead321b7cf6315f737718dc482aeb70fe9c0277376f561570b40334677be142fc2ab34f4c2555e86d7035478156423996d54fc85b0688e56dcab7c46b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5acbfc.TMP

Filesize
770B

MD5
0df95d0773a165e1095831b47cd3de71

SHA1
5a3c8a417cb3db6ed5ba116d241583c6b06ba073

SHA256
9dcc0fb21747a984af9ace49d33eaae7c0b9d9798558f2800b29c56f66769336

SHA512
ea4fdd36cdf766240bc6df3f9f71aa31078b95bfb86a72729463336703a4cf67f886cd9b00e9ab3078e45715d92c2e481b8eca3fd292b237b4cc4a30add7e437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
e09ccf341b280957f6bd3e25aa0c8bb8

SHA1
229b722d31b99eebe097dc89ced919ef4fb68abc

SHA256
4660226205e9abedef01f72f552fe60bd20ac27b32426a015e3bc2e40f3043c8

SHA512
80e614f033c4c86c9a0243cf5d764cf76dd3eb2aecd2679f1687fd25f7a6398a1aadd84832c28bba81153db926d92e5a357a82e8a508ae0ebb56b49608e5ed0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
13f5bd5215431c4fc09d8c25bd5342b6

SHA1
4bcd38660c056b7d7ca2a9873ff7ee1d1bc8b045

SHA256
2af9f718195de1453fb2ffe8064ce756a49edf91a13100b9158a2df504157fce

SHA512
85a98b0669bfd82ee3b9f4dd98f946fc713a6f8cd7d6bb347c1cf7cd6313de6ff1cf161db1e67aa3ba651c4f5d041dcccdf8c89ebe3b2a6eb6be8969585898b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
d53862b99e57dfddfdc95c74d407ce8e

SHA1
5b2c03908e09a0eac764957287ffdc73e77a4d6f

SHA256
3118c0f224c3113da43e3209c3fc66aa9e09cdd035db68f46b81885359fcf860

SHA512
65e6b1734a0a414e173946a6fe003b3ce0ce789cf58168a905359788b411c5904710e1382b7d013df66e1586c66746e76d38548ff4bedc084a998be8de07c05d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
46657d7f9712297106b04b22617a9210

SHA1
333da673e13c63693a2ba4dd78f40428c3326eed

SHA256
ec2b03d85220f3403b4b7ac913c9a0cd1b40ac8d73e91a26b38068ff2138fdad

SHA512
98f66f80bef18b32ddd0b75802a4177fdb63a3a55f1e9a3d5fc27c26d2600c0056ee2e20d82debf2d2e937ce5d900bd403656c512732f7578c10fa21162ab858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bb746315c9f88eb8bde0a40ac334beba

SHA1
54309b169f129a10384e4e1aa4dbde80dda1e8c1

SHA256
02404646ab3c7d998a73f5df33b201b985557e9ad9f967c72e563241ba385be8

SHA512
290f0275efba781bf66534f4e1093d186e91c50f3b128cae6f50df4669fab4c162a412351a157402d9697929ca83a85bde84e998d05e919622dde798990b4a2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1608f8b9553a4bd128e0dab36281e16

SHA1
50e0aa64c911a1309c5495069d76b81171c72551

SHA256
8ccc06fa2c49ef978e20dc3d3576f1c239b27958285d3f22dbbd92009e1ef3b4

SHA512
434a4e3d1b495841035f77981ec15923659cd39fafecad4c7d40021b70d6a08104fa0d29f364dae723bdc2802abbe6e31e152bcdc1cdeba9547156e4e909fcf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0dce785ec3e5b6ab3185cf5b40086457

SHA1
f494c86b7b01ca33f47573137173ac2618e3fa99

SHA256
db0b5b2b1a528f9e3246e89d415ce355fb0515048c04cf735a0abbca47a32f17

SHA512
c2766d54bf3c4a009ec3039361816c001a51208af2197652ccd8c7a87b1281125361e18fa90cc11ae5d8fea540837b98e0d0791627dca087ab70486634e03184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ad3a2865c15105765aeae893d730134

SHA1
73291d80ed08b9a80668404edfa841a7da5dc3c0

SHA256
597745e25a118e18bba074435338175a82b6ed450be28fbc5d763c60e9382640

SHA512
5e7f74c556245dd82ec219c552c575dc0f91bc96a1e4cbff34ac105d5534e8cd82fcd416ac36f1d9b82cc057360c9c40796142a7452dba19837b6daa28c340de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e6b29cba26b3dad5fd65b9ce8a551b6

SHA1
af8a3cfc5f17a5c32f1a52e851f31182c1320010

SHA256
bb846b8be07907bbb72549fa7865bb8386a7550c6106e8e4dbc275d42646e3c1

SHA512
716e7380cd687dacc104d5408380150011e5dbcc8d679759925689877c78a8a9bc9a1fa78ccda10256066b13f41b35eb0f5114ed1d828f40fe542665fa4f6cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3cdbc4bfb3f9ded9c340067acba27175

SHA1
8b532da74dc8f993c3e48935b9f7d1834fa052c6

SHA256
0e148266ec6e715bd946bef1cb723289afb4349edd1e194adfa7ebd786b0b70e

SHA512
616eee341958b2a2f9e753c50f82c11093e9b9709357f6b42c63e92293599e6233ab2449e57023dd3f559ca2d559258069b6aead8e315ce98a83baaf614cfb7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3ba1197169bbe4f8b0476ba99c5e8cda

SHA1
06ef487ed4ab95c32a018bf9804c699eb560e6bc

SHA256
b921d188bb6f8586e4baccb40cc5f39f49d1ff92e815f55322ebe1f3021b8c9b

SHA512
17a8dee8bc887cde6eda6bfc8c608935400816c6315ccb24870658933c283073a4959b9c9cf9ad3a72eb2f6bc07de067803eb91aa4aa0da8d5ed1ac04e324438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
33fa23e4f4a751023a22e8ffb2cbfa82

SHA1
5bf82ae67af6bd42a30705731be28486cd350678

SHA256
77efa9821be0132a65718c7a6c2f39efd9b375cccba22fbc3a567cb634dc2d64

SHA512
d29f14e6e60d30b6e92469e1505a67e3d5e31f7724277b0a469bef9aa04770f312da09a8c7c44d3421f7f6cbc236cfbd69111661bb7074dfa380043e18ea48f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
09f14ec56570e2278123a20c4a4c64fa

SHA1
593c03f84b6c5a7e63633b6a7374832dd42378d8

SHA256
18909fce90e1860d72b536a25d22a7a253c1e8823c92211615417cadbc461e77

SHA512
490d86f54a113db97700ef13c474ab9ff3e6507c63366ca1ef46eefad8b3e60c8ebdfd90cbde62329f10fd40f321c8ea4018bd2b18bf27971b03d3b66ba04bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
415bbb217867c011f11c1b4d4754a0b1

SHA1
89c0511bcdc96bc1a4809fa8be37618a199beb0f

SHA256
ba218211810660acda5277e0d351d48c2370cc569e38ee398cb27b77f922dd66

SHA512
d8162ce4c28ed13094dae6b3aca24c130842dc220290459271dde0da6dc553c1ffead4dd8db67011b6a205c6c971216f6929365350fd704de6e4381c45c952c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c8e99ce2b2f23a9107cf7470127e91e8

SHA1
fd6d96c730ea76a9ac27872e45731593399f9bfd

SHA256
2e120808b0768587d3facbf4f1243e3ce6831e739d5074e3e83f5c702a4197b8

SHA512
574868d03aae2edb795a3c8e96e9bb98719e26b5e3b628c27bb04c91e7849e0e8c7a4019f748c6b27bd5518f382fd1026a22fc2415bda5a16ca27ec06a47ebc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
eb3c113ca67d5388617872f2eea0081e

SHA1
18dfd8a03571e3f0520e08d009a4885bb9857a4a

SHA256
4050c55463be719b6e2be42dc63f6432a1d085032a14ad38db85092036ea86ae

SHA512
0010b382e7ed110333485a1a4ac901354b3d721829f4632cb44028fa7b552327544e3eb308746f1217c525cac91e9c169f0dc453627c3297dd585b69f201dff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2f02117ec3bbfeb386df15aecec603b7

SHA1
7fc621b325b92677e250883fb903bb5fe0737b7c

SHA256
75e86e9467188176f67429a6db1f4f284274fbfd3b000df1e4bdc3d1c22e30ae

SHA512
fb7ded50bbbba316b47f1ee483c20b34c335c1f81c88988b79e29557462d8674410863b32e90108270c5059e1566a568b9fb003530a4f3174350ddfab8fb64bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
18f850edbc02c49fe7d79e688389f9d5

SHA1
74f046c2e2973656ba5161aa615a29ac52409973

SHA256
3b85a30f34ebd8438aa3627bbf0473419fe4e5094a7ac0b20929972f21782b8c

SHA512
282cd480f575a943bb52a1370c2b9a8e6a7672976aeabcd7e23a56decdbb11aed1ba7c03092dda5618809c30ddc56ccabcfb19d551fdfb5a0b95b0604e8ee278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a8f82c7f2609f9198af1056af272b031

SHA1
5b68f167d2f6917a546cdf97daade62a1080ffde

SHA256
6dfe74f4d5b3282566fa37c1d2dee5ba3ef251fe0f903aef63c0e9e0fdc28fa8

SHA512
efd0f2b8c84e05df5afcd981834da6aaf717c78704d067f1a73f312f08e617d269aa2d80540938716e35f03e1843d36f9ec859e0f54b41781e273753215adc2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2af63cbdf88e0f45c624e23006deb291

SHA1
f8628f746044777706e56be8d14e3ef50b9d0d77

SHA256
20b5af97a0274db85b97c05ff29d3b401d7ef81e977c25f60429c7d8fb7302e3

SHA512
37e27e3b4ddbdd0aa5534934d7ce5377890d1d79da2115859ca8b410885b464b555ba5862d7e0d5f77e3d39440b1499712eed30d9a2cc886a5a28b3e43f6d350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e187611892d205506ca7ec46bccb1b5a

SHA1
d91656c9dfde3b6a769f3cf2a8c731e5d37b7605

SHA256
0f37e9fdb870c14aa9a5f98243cc5134b8f2e0296f4c5550546e61f8ffd9da41

SHA512
78f49b37cff858cbc72744d7bb3fc52948fc27438446009dfb1a0bc7db10205853d3a999308f5a8f334ec6210851d7e5a02ad25b20dac0461b6c5e1c578a8be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ad33c90b3539e4350e8f10e5e33de368

SHA1
220f38e241fbfa4cf91c897bd9a25bb383aa65f5

SHA256
a06d622341426fe38c6f166d7c1de7a146fe18d5c6cb8c3ad4becb5e5216c1ce

SHA512
801b56b5c6d1acd6996720a13fcf138adeff2da8f82601fa7babeb002e2ceec4d05347881d8e461896db4958d27a3e2013de0148c67f1e175e7d0d5c9ff44889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
d5a08e7914b9ed355bf211bb16e4a172

SHA1
f33294c0c8760b491fcb8547ac99d442081e999e

SHA256
30da43307729f0022c87bcbe708fe751229502d406d71536d6ebff248433171c

SHA512
1ceca8722fd7c7214fc3ea9c963f4f675bbb285d3384f9116754f137aa027f4513965ab182105d211df8846ee724e800520ce4d86d639f44c460096697e759da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6c94ab1e3fdd38b8ab13ab95008309a7

SHA1
a0cf2d024f2cbe937397b2d9f41431ad842ef88e

SHA256
1708b595aa015678a0f4519a37f1a22717e53320971f5e2e9eacc9942bd16ca1

SHA512
ec81617332b5538f8a245f1ba49ed589f06ce593d583ef0edea9c71bf9c1379a205f31332d7866016165de020feac4404ac5fc5d10762ade413315c8f62190f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
80ae3c93db6e0d3b021f3581db5ab562

SHA1
6db3b50e3709efb653ee9d4798f4c8cc0f2a1373

SHA256
cc2f2eefce7ef16a577e0fd5de71c4ffedcd559ac9dc2edea86cc32134e88661

SHA512
ac1a3ce8902ca283e74b768ae79c7f31e002514252bf43ef693d122acc0b9720973185fa3161093a6ecad7278159090edf3370978ae8c7a38cfafd28fdc56385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a9ee9660f423000ac9885ad552982273

SHA1
69adb7fc834909d64fa375617fa1e7ee4e8a6bfb

SHA256
673d95dce6cb410e470f7e0c8aeef0fe31d8a1a172a76ebcd89aa469832248c8

SHA512
f875a83fdeed3ead2077044704b94c2b9ba159f6342e2abd8f6e1c7560aed8c420327ebda53c159ebfa360397306153eba677a00f6c29c64e833a83f9b3cc117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a7d1b77559bdf9fc3ed3fbabb8be9765

SHA1
bec4c3d1b62412dbebe7bb7c82050ac7d1f85b04

SHA256
c3e7f9f42a7db9ce994ccbe067f6f4c32f1fe8b7c4335210a3e9e02c26eb5dca

SHA512
5364f0330f1bf129cabd8a0f4f14db134f9fe3a8e2f3aa6ed9defaf28cd97ae1ea68f77418c78b9aab1ac5804bd61db4c686d5d61d72a41b468b2a7361477d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e284a447329ec3afcc9fcd5e629735f5

SHA1
0abc51f6bf23d1d5bcec4a899cb54b7709adafa5

SHA256
85b9edaf7d90e5c0015d84683b423aacb8101bf9ecad7b407164f7d3c4d2ab31

SHA512
827b53410e772da200a8da1ef6a408e7add54f735926f64dd15e759ed9094672736dcb6f9530055793878644310aec6b54a25bc4b2736fdeb9210719ec85d6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e49de878072ea0e35186bb3076ae862c

SHA1
c6013c0e7b2407bb916060eb6dd26af1b5acceb6

SHA256
940a9b5ed97f16bab16a1f3d4571e93bc7eb9e1ba596faa2421910c876def56c

SHA512
fe66cec1f2cd2a12a1613068deb3e80a596e0f5f367ba17286490d7b8dcc801f380e06d17d397a3a6fa942dcda6d838fc2d99e7362ef78d08afaf40268479533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
cf79721625cb7fe292453b186feb2b2c

SHA1
37cf4c7ac54db0099af15c21290351a0f4d8253b

SHA256
1a5b9e37771c60a371d448a185250111858227ebf1844d384e3a1f5146bf7e57

SHA512
d5863a964d8f7f2e8f49063240cceb376dcf8b2698b570aac106060d29458bcf5838e33ddded3f268abdbce7a63383a64d239630ba42890cb5b0284b5eba131c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
0194daac76292aa4c40fa373e151b844

SHA1
c9397df6409f38a60e27620046b879d7ce553c00

SHA256
b1d210de5fe0a7e0ab0a87f76bcee565bc06f6b2af98244d337a7050de4fbb58

SHA512
d9471e9129c969d6bd09a550b353f81c182316c3ecbcc81593caceb08f9af229318857234ee2f5a89a9f83be3422a6e9b1ec04dba7dc9672483eb63d8051b0ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d44673ba669f1513249ada5dfe34ddaf

SHA1
891749d9c2b027106dba0298a95908a08ed30194

SHA256
954b7e1a3760d2808e44a13a8dc93b0f62b798788f1b896046f9e34ca192b28d

SHA512
bab2198f57545558d9f3ed1e8882990929305a702c247433de5bce9ebefcfec335e09c588768a0e306b41c4f44d441e23d8c2ea328b07ecc7480724d0d225a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e29d35e0927ec3c01266357c816de084

SHA1
1823084c37b1e91edebe20be3f769eaed548c392

SHA256
d16d2cfe9bd286d180cb0c16600d792de214e58fdf1b126a418736aa4cfe5719

SHA512
06fa868d519d702d6d74a50b9784593fa29564eb41a39f77ebec9b0cb0b4e76bbd44ce18f5eaa436beb70e417bb86988ea0d334e91ca2a8c480976952848d469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9b479b9e657368fee6bddb5c592789e5

SHA1
9940c68d03ed64392e4e878d12e4412494353754

SHA256
60f8535245ae712cafca781f922cf2482c4b868448275787238ea02214939b17

SHA512
a06a711fe7629f1e05bca70c1a2aa60613d08341902b2201325ce4c1df8003c3faff05c494330956dd835ee906c0bb6daebb0c9c9284f2c9362366150b3cf778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
045f8779f934c0700e9fbdc830fe1e4b

SHA1
3311d208a54eadb4389151ce27ca50f696e31175

SHA256
5db195cf0d6aeb16ae499587e1bd77fb60ac3eb3515d9d367d66dc1bdbfed087

SHA512
1e7f9d4d91e8b22ea0cf3b58ce63b8bbbd77de6f49c9685d07d9791e73446e379a2215c63771c5d58c9ab525472b415e7fc394f47e86dd1428a7cb0caecdfe8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
d18dee125fca9625ffd3b7c3f8024257

SHA1
0a838fd44ff012b7f089a6cd536e36e9c223912d

SHA256
935b3471bbb4b5ca35b5fc3e676067c2693e682d314cee72e0564de9a4064d37

SHA512
e1ea2f8060fecec5a6146a6cc54c7dda42033aea05f6532747be1479b1ba1eee0009f8b1a8d0a7a78e9c3ce7a8113e69fdc5bd3d1eb3f7fb8959b6a0a4859496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
454bdde42bf42fe1ef150b24abf66458

SHA1
7b1abe30cd2701507b59769d35d6ea64aef0d6fb

SHA256
ad87ae7552efdd6b39b4f3fa15bf14701b10065adee689aebeac105ba369e275

SHA512
76dbc15e51a781570a3fde16ed3fda110a42257ed25e6dc79fe02c6e4873f18c9a1a625d33dc51229c0f939d7f06cfa55c076ad74eae3e9c00095ae56fd04970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9d62e65918c54e4e11534282d634bf0a

SHA1
20b0e8a5fd8b1781a062184f72c6ffa8d321c13b

SHA256
6335aa46dad8bd3d9abfc1198917276680675c40b3f02405942406c7a250706c

SHA512
9ecb4360a6e9d4f688e9ed09a8828bf40af0e69a31ca741a4612ccda9e07282c586b8b820a3c2fe89986e1cdf5b33bb0a41ab0d66e14dcf4b1bad47c3a57ffa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f086acd067aa9d56014e2d3d5814a478

SHA1
f15d81a71bb2bff0b03152b26694383a20c4a7e2

SHA256
7225d1b7f574af55d7af85f70b029c4bd060ecb129d16910ac71b99cbfe79252

SHA512
9dbd0ed9ff111570546a346a45675509e673cdb80eb3d4d99e802a8f2a39e1b2ea2dd969591d3b107e6a3d582af3084edd5e50b31793ab6094cf4547c78037fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
cb129b9bfc1a13e314adfcc111dff0a6

SHA1
4a6ffdb909c9721d7e487ba69c27e4bd27cbc219

SHA256
a85d27a1ffbac4dcf9d58f1efb849f1d78e43c671a8814789fb453a12cfd3fc1

SHA512
20b8808646ea4d8ae3437418f29e998b6d4a88144752655041c3fb41e9bd3fee754c5d994473402737b93ad1185ac4c160eb81c5341b041b73bb255b512dbe8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ccae0507f8f0abc8713c5d53fc0d359f

SHA1
ec07e13d0d307cb233040246b489da908b0d05d6

SHA256
118f0d8e2aa6b3e026242224dda8cb53327a05cf0bdcc2c15bc3b3d78a163c6c

SHA512
ec102c8e6682bfde890ba154be243e404815399bcc5629eb200e4be0011a8b751c1a908edc5d01367b78086a58ea7a4f9016cf908017118950c2a9c175f23f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ac0414c383249a1ad58aa571ca3c65b4

SHA1
9271483379d5067bd599d9f7ce3c7ffa4c6930aa

SHA256
75ef74392f89983e8670eaca30259de8902bd473bdb6ee582246c33a850b0a70

SHA512
46552c19fba99f3842ac3606a91d2e953f2778d8b1e27844f77d29bcf890f7b3751418989cf6c0004348f9d37b98b48e04c5930c5be202a69bfc12c2d05156ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
311cfab91d9775696709b8899172ca31

SHA1
f708011ba00656c3ce883922d80c70a9bd8654ea

SHA256
5ee4f5509d3e12bcafeec61549f59c855212ed4018e5c3bcfe0b496f10745f06

SHA512
cc276357efe17b297992fe49055e4faf4fe8214db4c79c8a42d25b15b382a0d570262dc7da65ebdcc4a7103c72c91925badd5509f1029ca20866aff32901fcb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8a8a4e0dd453155aada652eac5097974

SHA1
99fc9f93d745b38bf8578a825f2ecbe93189c9e0

SHA256
a0015785333dede7db1bb60a04433542278dc4fc9fdc3d16f31a92bbb1a76f51

SHA512
91384a065a537cbf627ddb7e688ed620c8da598b542cff829d97a0624a59246deaec85c29cf30da0bb857ca872568442059202b712372e69a5216b570a5f499f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a550bdebb6e5a8f42c9356f10f255d58

SHA1
4f59f2a949bc085a75125ddbffbaa3f96f3ee2ae

SHA256
bb340d1b08b62118fe96e8b5d30abf150e604b5c79014c814491728a859606e6

SHA512
2c1bb684ab64518a652035e35879c288e475c796f48a21435b43375f35ddfa7d91a0dde130c9db2cc317d9eea0e684de8799d66db08757f0aacfc864d0ba8132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
fdf60482b84062b0ad13e5f8b0347c4e

SHA1
c06153de2a0eb758f30851035f785e5c9f542a40

SHA256
36a72785e8aeb9fcbf135631b8c3babf0d40ba2ca8ec10d40faaee731c700039

SHA512
c2f9991a81cacb36204f4133588f583820c5d7bebb70695b8671ad9148f8d733b21ea7d496ba32d1941c8f01a8f22a65c1c6f7b5074c9083ec0aba54fe1cbba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
fc79a2591c98019269fde1f9023c95b8

SHA1
74e7a787eaba2d774cd81eec78b5f8223b13bd9c

SHA256
352307f3aca6a532e510b0851212d2dae5be6bfc7c64e7d0ff30a07c813f6f22

SHA512
e9cd2aa75163a8bc00f8a83e5d4fca610e491554b03896c435e52b5e09d13bb44c315686c418aa082d325dbcece82d7af70f003f674b62cf4634eaaaff278c17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3567057731f389f6b1d357310d1c283f

SHA1
a96c209470307495416dafd25da7a33fe86e91db

SHA256
9ddf093659d400795dc768ea5b5678ef71d2f82389f02537ae1c3b1e6f6615e1

SHA512
52ddb7a933b7e60d3b081e339545cff7214c19ab8c764b72890e312da76bf6e5e5a095988b109f751922f6bf788e1db851213722d5ec63f8341f55a48053e6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b8acfb8da7acf0a7f6b6281a91ce3e5f

SHA1
2bdaee266ae0a2d928f7d3286bf6ed170980526d

SHA256
d0924681eb5bd7474f562cb44fe5b70e7effd5da4f46ae2bff5b72d5e6306dcf

SHA512
2f0e4b4c1e6c705d33526db0136f643250310d14b3837ac2533ef58b29cbc4b337f9e856f7ba9412b196d317b58a54999db99cf8ed97c2a6040d8ac0f6e9f931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8490f0c57b15dccf9a3387922caf35a2

SHA1
20b911d61c91aeac6ed710521328e4ca159f5386

SHA256
3228686da733bd917364568470f97279d6e33b77739ee2e9aa53a05e832e94b0

SHA512
5b194c5530570b1e2b5a123796a38d8c69bf208511f394766a9768c1bf35b1f01c8957d400d9afe7d9e48b5284b26c16151e73909ed671a495d461b99fb7eee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
50e8650a094afd55b2f1b16673f87aee

SHA1
2421b87f36baa47d230947b46c0656eb44133444

SHA256
e93c3fb6c3fb9a5de525cf04a5a6898c4611ae7c8d3cb9b0e6e6a1ff214bf9cb

SHA512
9518f1eadf2a0cd02d38adaa9ad04f82e13d00a6f0e712d887dd637154e846533a9c54b09f1112849b90fc509faf932862c9ccbb9fdd384c8db501017d55ee9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
cea01a31014199fa55b376d809616807

SHA1
3763f7b38f93cc8ca05f70687e7c8b58f684ad63

SHA256
5666fe3ba7eeebd6f4120cb7e97ce47d8ac36685544bfd0580848c4f82bf7743

SHA512
021cebd189198c9cc86acd5336e35c139ad2eca5872f95e9be72fd457778cb13d3b2134ccab7b84bf50717b7da3a6ff7dd348ca7a00eddd13d6c8452dd84bc6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3336e2cf27a93fd48bf13f08ac1c085f

SHA1
a0a060925b09d2d546acc1cce9e478c8eea2d00b

SHA256
64de49451e317503c30413dc09ef03357496a73f6d898fcd7c32ab26151e5797

SHA512
e415f436d326b2b3d76415fe88b56e3d6a2b2007df11016f06bf3df3e9fd8c42197936254258d02457a5ed25247c51caf8fdab9cf845a6aa135b8ac5083e67c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e806e493059cfef715a70b20837f1ffd

SHA1
1e1b9e4a1df85791ef724c863895a53c9a19e3ba

SHA256
489b96c18294574b620207a5f3203215358eb6879b1fc989dd2d905a55e986e6

SHA512
7e61c93680f8eb8793c1ae08ed363cf72db8e18a3863145b60fbccb92e42e4c84582ef581eb598acf16170165a3c1e6015666fbb1553ab89aa12d93c3fa1e12a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9523f0e927f8a3ddc2c1df6e3dc5157a

SHA1
d90f66e0dda0a2b846f72d01386c1c4924aa47f7

SHA256
c1c3880eef61d68b29cc164081b662b8417da5e7109c0fd0ff1e949c2a5bf0f4

SHA512
d352d28ba101e3f96b1386290e57ed5d8aedc4425bc7ead14a942bfcf41b8f342ee4f5f0721478089687cbc5cec93f18093aceab7188a8a5cd02488536eb1cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6302ee9011da9f6c98a49c6ec87ea065

SHA1
e400e20a78ff29b221933b08fc15a44176e94605

SHA256
1bae868a679788b2e68ba117cb97905c81cf3b8d2d3ef23300b51bdbecd0a193

SHA512
d2eecf09d8a82785c57eeb1aa76be969acd5d6c99158badf7cfb8de563b12804193e8ccba946600c9cfc44e98bc66fedef9c42e045af9e0070a98247c03aaced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5ca5748a70e7ce8b560a1f3dc5cba9cb

SHA1
81e529028934a4f3be9cfd950068a6d69f7b5966

SHA256
32e0dcf80877ceef839012e8ce06acf9dfac2a7a24ea9f5109adbf0460bc38b6

SHA512
b87a8094f1943aefcbb4cbf6f8150e00bb64b76894fb2c2b6c4a3379c237ba38158081e7b08baf75d52609f77fbac7c9ee11ca058a85f6e1b6848935a9722f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
18724b3b591e2883e5c1822caef87cbc

SHA1
86897181e105136ca20fa182abe1f0cad97d692a

SHA256
ba750ce468f3cc7e63e306ff0a4a1df030076beb90b1522e6ec048709cd37599

SHA512
5e7b4bba86f94a2fa81995d0b9af71f7477657933b6f88b8dc5acfd608b339e2f1e922fb438c81700543b0ebf28e6ad17e32bd7e0150a5fc1a439346c5ff1b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c0826c6468b4b36f2f6833b13050928e

SHA1
0e5c85495aa7c3d38b951aed8a75b45a45db5f33

SHA256
ed9ff11b0aa4648f90a700b495f5341e34840619f38f07ab1479baa1c494580c

SHA512
7fd83d515913fb8ac761359d032814442da5b995fa77f766fdeacef6eacbfbfdcbeccee77599649bcba8734911f90533627161ecaec1724732e1642cc33ef6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
7e5e921b2f69ded02a3a4f66d06440b8

SHA1
80fc3f4a303d678a5405d496f6aa97fbeb188ce5

SHA256
56eae014318a8ad454a9910d11334f1f547b0821b40fdf577af040480011e805

SHA512
c7f0ce305f7de94116d4128f66f7c5ac3d41fe4a4ed8462e32447e0f7ffbf5f0e23ad3b87f342ecf5fa49e377d17f5ca37fef5e7221b07ba7df443ae4524d84c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ba317d532ce61b5cd1e7c3c02644009c

SHA1
d49ff428bc16ac9b59096a2b18a968d97a640100

SHA256
23692856f5cb336299dd353586d93cf1c022fe8e45c68283e47fd5656c5e0863

SHA512
b7c08d637fb9c64c470e8bae16a8cf6120f6fc1d069efeaa4a488e34b30d66d6100af5d36de5c96e4d78f02f5a19e6e1df5df038124eab0174ed77df28f7bddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f8fd26b9e81c2ae45e94e0842dd29ecc

SHA1
2eec2ea917ee51f01d6ce25bd8983278b2af9d9e

SHA256
b75fb96f268e2c64a7d1c6d343af090e61e2180d9bed71094e5c51a23df2d4dc

SHA512
8ef9ec53b72f799674525f4959e3851bb140a971c8415abc785e7b091c1f39eacefcab6908c3d4e050741ca7a995e77729e386d911cfce78d6e8db27665e5f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
4583991933d4456be6d5d53af37424fa

SHA1
da99a0e11752f228e0d6fbc88760829234a2b111

SHA256
cf9a3bacaef8e134567eb2fa982b1b1c1ebbd7f62fe82a1bb80ed1ae148d2893

SHA512
5b3a225786314a5362e76c2d0c3e91f13cbef2cb7507157e70fc7f054d2f34a87765ce6cd9640bc95df00a9f06fb3c0e4729e280b3f8a8aed48760ec2ffac118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
1d84747745158190d783487412408cd2

SHA1
421e6401b83d698a989b02131d96e5e68368b9e2

SHA256
6beb8021e645117311b7b152543d28459c6914169684f2bf0bace0e1ebd067b2

SHA512
4e2c8068450146abfe797b7c1e8616b6306fa6fe4c4c16d42fe5ab315ade592fea4e58d199c3bb696479f53a810c3fa9cee035139f757f7df7c2c0cfbf1d9dd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c1ac7646df1d82fc3765d01e0da77206

SHA1
fc124fdbcfa35833e50433a6e623560b3d5e132a

SHA256
66e348f98102b057ba3763edd28da9043a971ea8ef296fb280cf5eea1546ca2a

SHA512
283235f321a1451a4ff44d53afb02c491b9e70b08f70da0de2e6982739b947985ac0147cc03089724f0ea179ac02918ad62771cd6963b7c64d71ad640fc8e5e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
37028a1ad3036db425e1a2f70e84e04b

SHA1
933c828b8e991e57e21a81a3205138394b644a30

SHA256
84c590191929367637d8f2832f207c3ed83ee35341647695565a023556a4f557

SHA512
316847b87314e4f943c42c583b30ab6365bdf7acfff9eb12e796002e6a74a6cc234263e6ac031ccbefb39912ab17d0e9c1f771f01544e5855563b9ae49806e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
df80624cfa838e00df8088abe34b9a0b

SHA1
37724c2122e1a9a0e128ca48743ed95d112ec7df

SHA256
cdd1435c53edf73d54c12bbbb1daf25399c17e9552d3d177b1a99f892c3ce349

SHA512
8f569e91f866eeef42473d0ce315ba838cc8355644938150b752ec8aef9e3c5058f89ef4911c7e4cd76c80528c304d919d05650a7485c4da353b04b256a03028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a4dcfe9053c836d5c8abcf320ae5b03c

SHA1
420590ba15aaacde7a9f9a8f3e343d584663c6f8

SHA256
4c832d4fc142bd6b822f719d8bd729497faf7f3d7371b1d99e463726dd79b24b

SHA512
08cb658c82bcf3502d38d56450662f0846bc42a837f7394396712e3dec0b6eba029235ceb6bddb8f47d3c03edaf06195492a0ee9d3c8ffd6b3ea9df1d249cef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
126b113160e22e7c3f38e386efe856ce

SHA1
067de3e7b67e194431486c506710984f5c5e75b2

SHA256
0450b87f6e2c1f3a9c919dcdb0dd3ce5a2ee3472a4fe005a07e65a30d0df3193

SHA512
d29e9a0499999246a4a822feb3f87726a042712816432834480aa31190a99918e5650004c304e86a74f77b44cf96b65d63d4a653db069556c6e1ed542ffb9e89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
dea3c88ee17151e40fd146b7960b1f7d

SHA1
a241815dee97059c088a4af921c7672159b3b761

SHA256
a20407bddd22f6748b6fdbaf8f3b174a118c2a9a70b2ad576774015bd64d957e

SHA512
efa58d5a14457bea690870dfdcc6a937bbacd7e3ee7d5eb189d860a38cd7d568661d7495554c5e275b7475fd52798abe2ac03edaff8855f96f182e81817712e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
14b9979c9a523b55e9ecc7d2cf3c8dcd

SHA1
6149e0f054dc075f857e7804c12867e132624026

SHA256
d36704dc260ef879d0f4f47fe3edad6b57f533e0d02226218939b1def4ab7def

SHA512
becd73167560b6664188391f5f366c1e0e166ac9a47fa183bc70f6518199b1774542699540f478c457b24519ceb2746a2bffb4f7e64da718d79c3c9e5161614d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8e3745a876ecebeb5e148aeaa3f57d8f

SHA1
4772702f866fce58b4173e06aa2176c360daf6c6

SHA256
2fc6ae15754b78da1c2d7b46f4925b2e953ca12163f1953773907db15cee7c91

SHA512
2a0c007f7926b0f08c009cafb5e2a70a849419c661b9ee9e20cd59158a32f62aa6eb4378b1f2d046618c96a39513a7b919835596c6f133d5829e2ae1e012af69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e53fc227dfcc396a097e40ddaf53bc04

SHA1
b2bfd907e6ade343584be6612fdb1908502b11d6

SHA256
b9fcef1f1366f72bdccf6c4060f19ecdd84e70673f1ef3aeb776b0990634836e

SHA512
0f0d49554e8e0ec533e3007c96f110838f5068778decb589f3f7821c6ef4d329b71819730165c19d5974a624ffe3af71710b037f3f03b55dae3ca013da413e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ad070c39ac4a154cef06913fcec84ea6

SHA1
b470a39844e7ee41110b31487f8e20ee9ef83f5a

SHA256
67c6d01a50ad41bd4b15bfe3766beea1563a3da0f02039724f05f8e38b39a740

SHA512
5fbcb3df6c662fd588f1ab7bf074954e5e532f4ccd395b0f70719033515ef3e72accb4d4482ae3df29d41e90fd00114b2e138e4492f8e549223cd2845d0822f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
16a9a9091b098f614a8c7b4e3d67f95e

SHA1
62b5b6deddf67259621f98c84665575f01f14ab6

SHA256
5203ade43e3099d24afb02e0c850146d69be4cd1bfc5192caa0853a04ca5696c

SHA512
53f4309e104b90a8e51161027f99be38818729be2b2719e9cbab64833a8491a62e9826a8ba1121397f9dd379898f7cdfdb902cbfcee586bc65c163fa17820b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e184f43d2277d9cd3d72d84dafbc3cd6

SHA1
34d6b03027074b13ffe306da1f7ae5a512662f9e

SHA256
dffb3843da69eac953336b0fb8455e35871314521bb66e31a2778e7134016baf

SHA512
3511bcf740ecdea13af58c987af048dd4c050bc87721f003a7e6dc7ff0f4ddc0590fac4d37eeaec7a13db64af2b3bb122577568b4705bd4f6bf393154d8eb245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
d64f3ac95ba16ed0bd67bd1f7fa9af51

SHA1
8c89c93f6d47285bd66e546894f3eba20ecc96a0

SHA256
08eae9a764c6b4b0094f8352fc182f53eb4a664c723e8d4b80506d29a2327f36

SHA512
6660222078af829c067ad39869ccd3867c0d779b66d9af5d75207d4fe38a100ae8d961f9de3925898774b7a7dfb9dce6cd5c05f4b64974a33db34e4aecb2cd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
86a35db59157d0e3418d86aee1f24322

SHA1
0ef61c1d2a5e51f6194b51501e3a742d77047f5b

SHA256
d532caf6fa22e8a14dcca8a40d9ed6e091d7195e6914ca20ed38800b9c9ed036

SHA512
8c6c91953c268238d393cc8d952499b0f334689246c9bd8c52fc361f20838f68b9b0ea1e7b6af647e5f31e8a3674c91466c9a69da9122fcf87e71a5e1ac6aedc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
857994fee5df3c72eedd6bcccccdccbb

SHA1
d1c5fac2af5460769c0195c7b684d63c5a58c501

SHA256
b7befe238bdc545e3e50b85f9e0fd8b4ab53a90e8b087194b0a3ae0c85c7df4b

SHA512
38ff24788d8f14f3e8ab4b4d53969da59719aa80157a3a3b9d64ecefb5d501661fc12d0cdac4bd7ea9c734493c36cad63f1ceb11973e983d4b936136a11975eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
edddd53f8750852bd26c4c54f3db0052

SHA1
d0422446a323fcd70c6f1ad3c81b30dd858f0942

SHA256
fc6b16632a896edfc082f03ff66a6085f92c728e5991536b6390e3f143187123

SHA512
3b75656abb3baa5a818d190afa1b8e35ca5678f5da96c2ed6fb69ce3204b3289518106625eb13c572dac401779436e50826ac200a49e83e88ae635d344687b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2078c8a7fc213006502216893de580c9

SHA1
3409dcd1423531279026de143af16bf17c991c57

SHA256
5a11553577ad76d9cd1447e90bc42e8128b932ac2d02219ac4b804443b5887af

SHA512
62f5b8048d8ec0458a0f3d9b091efcceba3b69f682e55da6619b4fab302e4c7acfcb1d2bb250adc811858299c5e28e24a3b286e744371de8702fe8b40ca8c15d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3950053bdbb2bdb428d1ad158dcf0449

SHA1
3b452b0f6cbd7ef76edfc39f41e97db679dd9f96

SHA256
a98573bb473144438810dfcfa5399a6d41900f613a9d364ad3b907699be37ab1

SHA512
f370ee46ac6ff53203586aaa1e40d0916d62e47049f16448d3d20ed336e763ebf0cbe64cfc88e1a22149ac51c16c6f0c9492ef065c9978c10d956ed8ff4847d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e8eb15be864a259b34746c808efe38e6

SHA1
a6626057a31548854d39843dc648bd65c3e84424

SHA256
abc113fa8dc2ce447ddcea5683d48dae59df442b4a3dd75c4506aa2fc71ebc3a

SHA512
afd6b07cb912fb7e012430c22000430502fce990471744ed8e64a0c5c25f89dc2613231bd08afa1cb53733cc41b7467bfd4c71310b5fa550feff26561b62e5b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a39af.TMP

Filesize
1KB

MD5
27aafd7164014cf31adc19bcaeea53b9

SHA1
d7e51ae8bf247b075c63e5c9cc3a1c3d5af77c8b

SHA256
8d32039d4c739a5fcdcf324248955e84b4f6b779655bd976f2262488f14451e5

SHA512
db3245906489dafd68ebf804d99cc1fc36e25aa8363fa5fe959c3b070fa3bff334ffe5ae32008dbed6e7ced3dd161090293f36f5a561584acfb6e5730234f1e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e845d649-edce-4709-87ca-5d974589e6ea.tmp

Filesize
5KB

MD5
c781edd611ec625b824a0c085cb2dc28

SHA1
e992556ecd58eb56841d1ff87641deff34a3fbc0

SHA256
50be10270f964fa161a017d141917c3d834d7c08aa4d3a402e759bb7a3178737

SHA512
e2563d45ab5d3dfa662fea446a5ec870017de900e56244aec137d075f39c632400417d2a3a133103d0ed4ceab1e0fa8403c6d7a15af48f52c79d73173580ed17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0fe5895d0ca18432b3c2f75a8e4ec71a

SHA1
9b991f4e575d6f00a559b8fd43865798bc1b01d8

SHA256
f396d17a9c484c8072b312e9ae91a79aea9b3d4f9e07917f5d80b569f1d7026a

SHA512
d4ff028dfd6b91d826f91e2200b62be9f5f041ef72a6c2ba26adc3062ee4aaefa388c8af29f47a09a3d65254d7f90c77f973f592d8d6f859c664f3688fcb391b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
666a7456a3cf4064426da2ad12ca7102

SHA1
72ae242f3dd2c7c98fd8d40f1c395bb18db96d30

SHA256
8422d06917efb55c21b5e4e3c8f64620e2edcb27144018190dfd4fb87e4ecccb

SHA512
765d5095075df8f2cf72417473b935e7e475432343e5740a4eef5f62b5a180a86539b295e2d14369b6edbe3c05908415415fa045a9f2a003f451814912197663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d42f9bc6d977d7e0b3d2074a786260d8

SHA1
beec138eda9b3ca231790a14ea732b802c280fc0

SHA256
62918d3d8928bfcd6f2fb8a511a4879a41f2893a438131fc678bcb751d22aa3f

SHA512
060d7be6dfe4c5f2427f350665367105e6c6ba9e910f572c95ac3dcff0f5b51d83ec1fe19569601d0b848e259f9c435a8a4039206a399e560f29345331e89f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0d9eb5c8ad0fd90c85e00ce9eab88306

SHA1
ab28c21c5a2387e68cd60285ac59edd8be975dbc

SHA256
6857308853cff155957743760be0fd935526e56958cb5c65a40846a4af6134a2

SHA512
8a631a6c5b17b922828a9b0c3dbacd1e626c5390b6644e0c4f71383d5e87a6e56c245d59ed52c48f8f612ef00a3876d96f8a2447592f4da1b7aa0dd6327f0fc4

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\1a0a9a2c26b7254d4e73fe3c7bb1942a

Filesize
5.5MB

MD5
1a0a9a2c26b7254d4e73fe3c7bb1942a

SHA1
4c0cdc7c6ae6deca21760a61cf06923889127de8

SHA256
8877656edcaee4db453cb99cc9fdc492920a1e506ad86121f13473b14bb39e3a

SHA512
3ecc9f1e58aa91d0ef73f94806fe1e53fa117426e0bc074db244f4e0704bdb9ddb02acc966a4dbb425a766c519aa6b836c5a5eb2f8a380f700508a4af22b9bbc

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\2a2b9f091d9c4c60ba046912321e89b1

Filesize
5.9MB

MD5
2a2b9f091d9c4c60ba046912321e89b1

SHA1
51aa69bbe3798ca34f5aac44c9f4d9a4fb1f0f49

SHA256
7c8af8389f3beadc9b12066ae963bd380849c9bd8e5170963edeef6c38dcf204

SHA512
605417147ad5c4e0d15c98d4e79a7fa9e511aa9f312187007a0b20dcfdc8602c86462b46e02396258b6f390d95de7aaa7122b4a7739f6a70931bbd73a80f91a0

Download Submit
C:\Users\Admin\AppData\Roaming\Celery\settings.json

Filesize
116B

MD5
53bd3a85ae0f3c6b08b3c6a6fc58c127

SHA1
686e0e83a7b5279d4efb62b0dd3cd7b9a94195cf

SHA256
69b2c2fa52825ccd32572f2a9083388c8a6d799a6ac72c788fb7a63c1a18387a

SHA512
3c2fdfc69977de09b71cc7dd35e3a63c269bccbbc5e065856336ec3f94fa134f57d763a72069ed98e0bea585b590f45922ae8513478e0c711d8429294e56091a

Download Submit
C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.Core.dll

Filesize
1.1MB

MD5
5b745ee879e65f7a47c56265881f16e7

SHA1
e6a90771b8f1bf53beeb7c9e4268756ff07a088d

SHA256
c8944a83938c39fbea72700485db8a61ab82e1c51d8e16d5dd48de4e36a6f264

SHA512
3b4bef98a1f751c3a747de0eb050828bf8474efa68aa7a26d0369f1c3b42829eaab221cb612c005a54ed5b84f19180700e51aab39adb84fe7246d9e91e6899c8

Download Submit
C:\Users\Admin\Desktop\Celery\CefSharp.BrowserSubprocess.exe

Filesize
6KB

MD5
bcd22b9511d5383e23d875e2cf3c339e

SHA1
0ef86afaef536cc4b046ea2866414bb193d60702

SHA256
95dd31f11ac1317559b6eee0479739930d503a4938283f5d831ac8add92ad792

SHA512
c4e6821858720895c0bfae797097e3307bb7ea8f03dde4fefc16cce03b2a50fecfe8ed5c3225136fcd9d74ee0ed8673f795b410cd14890d22df58c1f03b693c6

Download Submit
C:\Users\Admin\Desktop\Celery\CefSharp.Core.Runtime.dll

Filesize
1.7MB

MD5
21719cf581f5cc98b21c748498f1cbfe

SHA1
aaada7a02fadcbd25b836c924e936ce7d7ee0c2a

SHA256
6fd2685e02ef7c92ba5080faadb44f22fee528713f5101e2841c1230cba691e6

SHA512
6394ddabc7ad03895ecddb9943371935e0a2320e933b380a563eaf03d1a039c7180aee763834170c85485416b1af38b55c1dafff7311b25513369b01dce22598

Download Submit
C:\Users\Admin\Desktop\Celery\CefSharp.Core.dll

Filesize
897KB

MD5
16f8a4945f5bdd5c1c6c73541e1ebec3

SHA1
4342762c43f54c4caafaae40f933599a9bb93cb5

SHA256
636f8f865f23f2d47b73f3c16622e10b46437bbf7c89b0a2f70bae6129ab046a

SHA512
04115c425c3015ee4355cde2a6e5e28ec24745ea77761a40c0986b54dc14bc67cb142986988d79df87e75ea54d21ded9384842e01cf0714b84f7378e6a13400d

Download Submit
C:\Users\Admin\Desktop\Celery\CefSharp.Wpf.dll

Filesize
114KB

MD5
36946182df277e84a313c3811adac855

SHA1
bcd21305861e22878271e37604b7b033ec347eb3

SHA256
8507a4662220eca49d7d511183be801cd394f13dc0e9898c55361020fe9a4720

SHA512
80b1e947b1940dccfe5be8a1ba1e8c1d9eacb122d73724a21233164f5b318fa57c249256f621f0f9c1e6a9e4c902eec58827bb899e20f2990f4ade1d685f1abd

Download Submit
C:\Users\Admin\Desktop\Celery\CefSharp.dll

Filesize
272KB

MD5
715c534060757613f0286e1012e0c34a

SHA1
8bf44c4d87b24589c6f08846173015407170b75d

SHA256
f7ad2bbbeb43f166bbbf986bdb2b08c462603c240c605f1c6a7749c643dff3fe

SHA512
fcaec0c107a8703a8263ce5ccc64c2f5bfc01628756b2319fde21b0842652fbeee04c9f8f6d93f7200412d9bd9fad01494bc902501fb92e7d6b319f8d9db78d7

Download Submit
C:\Users\Admin\Desktop\Celery\Celery.exe

Filesize
17.3MB

MD5
eeaa7f07f411869b721077bc9f998d5d

SHA1
af4890e4866990a8cab38c65f51579341d09f5c2

SHA256
7182d622a275b9cdabfd50a5431469c48acb8d8543bf5d5b182dd68326d64f62

SHA512
91c478721a58fbf9ec23e425af114d57b5e342aa1d58b3d30242fad79188f4127514a0ca52773a624e7b54281bf219bd703549e85cfa4c2409d26a822f6a9e1a

Download Submit
C:\Users\Admin\Desktop\Celery\Celery.exe.config

Filesize
189B

MD5
9dbad5517b46f41dbb0d8780b20ab87e

SHA1
ef6aef0b1ea5d01b6e088a8bf2f429773c04ba5e

SHA256
47e5a0f101af4151d7f13d2d6bfa9b847d5b5e4a98d1f4674b7c015772746cdf

SHA512
43825f5c26c54e1fc5bffcce30caad1449a28c0c9a9432e9ce17d255f8bf6057c1a1002d9471e5b654ab1de08fb6eabf96302cdb3e0fb4b63ba0ff186e903be8

Download Submit
C:\Users\Admin\Desktop\Celery\D3DCompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\Desktop\Celery\Microsoft.Bcl.AsyncInterfaces.dll

Filesize
26KB

MD5
ff34978b62d5e0be84a895d9c30f99ae

SHA1
74dc07a8cccee0ca3bf5cf64320230ca1a37ad85

SHA256
80678203bd0203a6594f4e330b22543c0de5059382bb1c9334b7868b8f31b1bc

SHA512
7f207f2e3f9f371b465bca5402db0e5cec3cb842a1f943d3e3dcedc8e5d134f58c7c4df99303c24501c103494b4f16160f86db80893779ce41b287a23574ee28

Download Submit
C:\Users\Admin\Desktop\Celery\Microsoft.Extensions.DependencyInjection.Abstractions.dll

Filesize
62KB

MD5
00053ff3b5744853b9ebf90af4fdd816

SHA1
13c0a343f38b1bb21a3d90146ed92736a8166fe6

SHA256
c5a119ec89471194b505140fba13001fa05f81c4b4725b80bb63ccb4e1408c1e

SHA512
c99fcda5165f8dc7984fb97ce45d00f8b00ca9813b8c591ad86691bd65104bbb86c36b49bb6c638f3b1e9b2642ec9ac830003e894df338acfca2d11296ff9da4

Download Submit
C:\Users\Admin\Desktop\Celery\Microsoft.Extensions.DependencyInjection.dll

Filesize
94KB

MD5
3452007cab829c2ba196f72b261f7dec

SHA1
c5e7cfd490839f2b34252bd26020d7f8961b221b

SHA256
18b39777ee45220217459641991ab700bc9253acaf0940cf6e017e9392b43698

SHA512
a8b83a8582dfee144925a821d09c40f5730f6337b29446c3bce8b225659bdc57a48778081fa866c092d59b4108c1d992e33f9543ae2b4c7554b8ff27b5332cdf

Download Submit
C:\Users\Admin\Desktop\Celery\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Desktop\Celery\System.Threading.Tasks.Extensions.dll

Filesize
25KB

MD5
e1e9d7d46e5cd9525c5927dc98d9ecc7

SHA1
2242627282f9e07e37b274ea36fac2d3cd9c9110

SHA256
4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6

SHA512
da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

Download Submit
C:\Users\Admin\Desktop\Celery\System.Windows.Interactivity.dll

Filesize
39KB

MD5
3ab57a33a6e3a1476695d5a6e856c06a

SHA1
dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7

SHA256
4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876

SHA512
58dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92

Download Submit
C:\Users\Admin\Desktop\Celery\bin\Monaco\assets\theme.json

Filesize
390B

MD5
53140e18fb33e7e9a25e13f57a4190aa

SHA1
dd72190319ae2b7ddb12a137f50fad2579fcc897

SHA256
1cbd08945e5e8612b690e1eb663917cfb4f84f0083bf7d2c2a61f43e6c455e9b

SHA512
fb9b0456c7c9d468b14db242659d2cda36f7457f9035628d92538850a509e78116972e9890edc3b69d4379aaafb6da76ff2876b446b6953e14914cdfe7dc7b94

Download Submit
C:\Users\Admin\Desktop\Celery\bin\lsp\main.exe

Filesize
36.1MB

MD5
43ad962c7acda3e30300e7d0f1add3fb

SHA1
362c217d315f288f375fec7289a2606ed6d4f432

SHA256
534e6212f155fba25a38fba248ce7970e69335492d57443d04037b617260dd9b

SHA512
3822b6b426c85a61c4d754de7c33fdfbca45c9e80f2ba52f4c6ac98ad726109e276851af3612ebb39a6cefa4de9589d412e2805a3bacf7845d2aa22189396e4b

Download Submit
C:\Users\Admin\Desktop\Celery\cache\Cache\Cache_Data\f_000001

Filesize
71KB

MD5
087af31b8c6c0f68955606330dec1978

SHA1
f53303c5d6af590a07ec2c68631c99c7f6826d46

SHA256
b42be6619361f192bb431c920054a7cc8dc0ef0d33fa88607f5e33a3f8d1324c

SHA512
777a90e456a2fd8453a83768d21df5ee9fbb97c6caabaf566040563b5581f5b77a6e6f908630b9141da5f0df50c6f2a7172519f0f88c58df28cd9292a5607a5d

Download Submit
C:\Users\Admin\Desktop\Celery\cache\Cache\Cache_Data\f_000002

Filesize
2.7MB

MD5
ab893b85fbcaf2dc4eb2a733e34fe4cf

SHA1
1f87c9c2cabf5d1f1c370da51ac063d4bdb41ba2

SHA256
700fca0fa8bac6ce8cf057f7f1f96f282d390657cbe08b22b624906686ef2174

SHA512
eefc85d4b2d7269c1eec54d125e06690a1d98ac59fe42f4c1850b58bc52f0c8ec07ae8a29cbfe306045dd336559e22dfcca27020fd688f9cd0af67a115468d41

Download Submit
C:\Users\Admin\Desktop\Celery\cache\Cache\Cache_Data\f_000003

Filesize
100KB

MD5
37090d2c2e06526925cc97eed4632cad

SHA1
e6896d6d20258c8297b91125fe85a5a0e607023e

SHA256
3080eea898d0f4b8b1a5eaeac18af7a429723636abda80da5911b57a544a8370

SHA512
b51edbca2e45749b067cf9d06dbbf2afe5fb1a7209609a97c9b2356d3a41044ff57cb3ac6771c62c422212cb7eaf97d9c91fb0f6051601790d0a02aab656ad67

Download Submit
C:\Users\Admin\Desktop\Celery\cache\Cache\Cache_Data\f_000004

Filesize
66KB

MD5
805fb6ad1751ed8b849b5bf9be742ab5

SHA1
187e9b97fa37481fa9313b4843480c5a533a41ac

SHA256
ff6b888d65cfd8077d49c6c704c1bfc8f2ce1ed71db9c583c63e0a49f046c79c

SHA512
4f240d853d2aa008977c22427a81fa657b8e7d4035dc66123441392bf8525ad6fea6167a6aa40eba42f9308abc23cb2abdcb6bf1f873972618652a93efcfaf01

Download Submit
C:\Users\Admin\Desktop\Celery\cache\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
f6d6901afea4e9fe8d6b6830896d345b

SHA1
c0aeec5991059c6e7dcd9befd6d43d6415d7855d

SHA256
10d8473afd971c9ad79982d98c2d38c3a1815afab811e89201ea342b3c03cf01

SHA512
e5dfeaa9f5f048d847a9b44f03ffa63d17ca83da18be8e2d7004eab8e09c8e546f4ca8e979347b56bbff6cb78e377fe24ba115275cce88855acefcfa60855901

Download Submit
C:\Users\Admin\Desktop\Celery\cache\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b2221e2050486f8b2761d3d969793f85

SHA1
832c165878aeae311c92735ec6e28091184d13dd

SHA256
8a840876af701ae310f8d7e24e17771590ec59d51fae2a04f49c5eec1bc0aef9

SHA512
c140c07f4cc84ee1252552d0239b6c6773370e39b4475bb31f5de6e598acfd1121a37ec57f84bc49ce9ce66c030c3297ae2f8d6bc3ef3fb155099216a4d04c5e

Download Submit
C:\Users\Admin\Desktop\Celery\cache\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Desktop\Celery\cache\DawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\Desktop\Celery\cache\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Desktop\Celery\cache\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Desktop\Celery\cache\LocalPrefs.json

Filesize
529B

MD5
803df3b3f1a019a802dc6f7cef22e4b7

SHA1
fad45efad4da1fa78e7646d735dbb4382145240c

SHA256
f75bac9de1b744311b5e86617469fa55ccaa9d4f19c8f82093090f6b0fea2873

SHA512
3569a6da8fcf8f8c95f072a61f05328bcbff55f149d698332667a8800a56b580553d1ec61882f9e963e4b5d65aec5c0e46285f08763b1f905b687a4df6a1a58c

Download Submit
C:\Users\Admin\Desktop\Celery\cache\LocalPrefs.json

Filesize
738B

MD5
99559bf39c4c4be4fcc7fde64e145fc7

SHA1
787685032b7a4a11ed05672ca691b4f50ca79473

SHA256
53df07eb372d0f43254cb009fd66bdda2c2147269eefc4b285bc018d2cbc64ca

SHA512
7a8a465b707907715802f059c40960df9a399e2da326bf1c6368f6b8ce04ce0d9afcdeb4ec9976b061095ea845c6d5693f52d4596bff700e7df950dcc8a01950

Download Submit
C:\Users\Admin\Desktop\Celery\cache\LocalPrefs.json

Filesize
850B

MD5
663e207fbaa82df19fdb713634d909ab

SHA1
4966f2c321c0e0397f4ceb76a41f91be90d033c8

SHA256
b7e44ed1dd9aa3a8df851e307986989a59638956c3348f585f6f78682321eb53

SHA512
fa31b180b2a9e634ad836fb7ba26aaf893e1de769fbbbbc1250a73e2ea2fbc7cfd3cfc4ed42e8b596221bcd41e3254629ccff03cd5ad0ad94bb4907360343cdb

Download Submit
C:\Users\Admin\Desktop\Celery\cache\LocalPrefs.json

Filesize
850B

MD5
20801fd57d6df07dc38a4f43576f1d64

SHA1
2c7cd4a128b6323fff35a0b671ca31b3f304acba

SHA256
349efb94a4043a4a5d861349a90acdbbe14edca5eaed5ed92a0a161b73ea3527

SHA512
0e78dab1aaa9ec8318a0c00c5e815acfe5d9e7c03b4f7eff9af63fdedf1d8a8f8f0180a6dffbca8ebc6ae1bba1fbb261229e9926c4fcab2c01b0dab583ea022d

Download Submit
C:\Users\Admin\Desktop\Celery\cache\LocalPrefs.json~RFe591265.TMP

Filesize
434B

MD5
762723acab690b7a0deb6d7708f328f1

SHA1
a49b6afd81926fd80ff24188481d92090cd2ca66

SHA256
5d9d588d9554db2f0fad53c3a4ed0bcbc64dc10ab4e4a0a570d53d55dec61011

SHA512
321450ca3cf2b4ee1da50908c7af0e0c35ac4caa92aa53f734149192e404969f2fdcea739ba075acb2e1a3044fbd0d759154829b77daacbc75abddbac9c866a5

Download Submit
C:\Users\Admin\Desktop\Celery\cache\Network\4deab77d-17d1-464d-9114-434c459b9695.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\Desktop\Celery\cache\Network\Network Persistent State

Filesize
300B

MD5
122ab6b1ec79a185003f8793572327db

SHA1
fd7273e1967f841e909b902990666cc96b357fd1

SHA256
6b984f6f38bc2b444fcb2327d74fb1b091d04064e0e827555c978e177f65d9ae

SHA512
8c41fa856ef925fe8e662b1f447d95f6874cf1ced061694252eb06b93817d8e555eda875b19ef6cc85d233edf917fe719c5c2c4b78648a30ec6445440672bf93

Download Submit
C:\Users\Admin\Desktop\Celery\cache\Network\Network Persistent State

Filesize
390B

MD5
72c139a587c2ca33b79637fdee5694c1

SHA1
7e7317e56cf6f10be8ce6f472be6515088b66671

SHA256
e4323e98b592ec0657be7bec999f90bfac7a38bdd3c7f8bc2188bbe4a25cdb5a

SHA512
0ab6a3bf500c9751b5020aa01006d902ba66455e412db41f221b0844392cfecbd17d7b430ca6bea9ae953b7439b735be071241039251db559d8125c925643579

Download Submit
C:\Users\Admin\Desktop\Celery\cache\Network\Network Persistent State~RFe59fee8.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\Desktop\Celery\cache\Network\TransportSecurity

Filesize
186B

MD5
7f09e58842e5e79c57f8a70d3e1b8802

SHA1
2bc09289cfddc47d7c294a95a1b405e80def64ba

SHA256
9e8fa7203f4711195810164d85f59abb66a3fe9f8b6dc70ecf0de0c22a034534

SHA512
26899e913f6af3c8126ed780dedf06ebdf8c5828829a99a48b293f1d5b860c5ae979cd523da62b45e36caac96c01b8bf53a0f3e011a76294bbabfb427693c03d

Download Submit
C:\Users\Admin\Desktop\Celery\cache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Desktop\Celery\cache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Desktop\Celery\chrome_100_percent.pak

Filesize
682KB

MD5
d3e06f624bf92e9d8aecb16da9731c52

SHA1
565bdcbfcbfcd206561080c2000d93470417d142

SHA256
4ee67f0b0b9ad2898e0d70ddfad3541fbd37520686f9e827a845d1930a590362

SHA512
497126af59961054155fbb8c3789d6278a1f5426000342f25f54115429ff024e629783f50f0c5350500007854712b07f7d8174ecfe60d59c4fdd5f3d72dac262

Download Submit
C:\Users\Admin\Desktop\Celery\chrome_200_percent.pak

Filesize
1.1MB

MD5
34572fb491298ed95ad592351fb1f172

SHA1
4590080451f11ff4796d0774de3ff638410abdba

SHA256
c4363d6ecfa5770b021ce72cc7d2ab9be56b0ce88075ec051ad1de99b736dbbd

SHA512
e0e7deccb26b7df78d6193750bfb9aad575b807424a0a5d124bd944e568c1bb1ae29f584246f753d619081a48d2897815145028ffedd9488e9a8f102cdc67e2f

Download Submit
C:\Users\Admin\Desktop\Celery\chrome_elf.dll

Filesize
1.3MB

MD5
5b3802f150c42ad6d24674ae78f9d3e8

SHA1
428139f0a862128e55e5231798f7c8e2df34a92a

SHA256
9f455612e32e5da431c7636773e34bd08dae79403cc8cf5b782b0ea4f1955799

SHA512
07afbd49e17d67957c65929ca7bdfe03b33b299c66c48aa738262da480ed945712d891be83d35bd42833d5465ef60e09c7a5956df0a369ec92d3bc2d25a09007

Download Submit
C:\Users\Admin\Desktop\Celery\dxcompiler.dll

Filesize
20.8MB

MD5
141f621285ed586f9423844a83e8a03f

SHA1
9c58feee992c3d42383bde55f0ff7688bc3bd579

SHA256
5592056f52768ba41aad10785d21c1b18baf850a7e6a9e35526f43a55e6ada6d

SHA512
951a55bbe86a7ebecfc946bf1c9a8c629f0e09510089a79a352cd6d89b7c42e0e23fd4f26232b0e73bd6d4ec158b86728cda2ab25745abcabfafadd964b55896

Download Submit
C:\Users\Admin\Desktop\Celery\dxil.dll

Filesize
1.4MB

MD5
cb72bef6ce55aa7c9e3a09bd105dca33

SHA1
d48336e1c8215ccf71a758f2ff7e5913342ea229

SHA256
47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

SHA512
c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

Download Submit
C:\Users\Admin\Desktop\Celery\icudtl.dat

Filesize
10.2MB

MD5
74bded81ce10a426df54da39cfa132ff

SHA1
eb26bcc7d24be42bd8cfbded53bd62d605989bbf

SHA256
7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9

SHA512
bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a

Download Submit
C:\Users\Admin\Desktop\Celery\libEGL.dll

Filesize
459KB

MD5
ce2c45983f63a6cf0cddce68778124e9

SHA1
6553dc5b4bc68dcb1e9628a718be9c5b481a6677

SHA256
9ca8840bbb5f587848e66d08d36cb5eb30c1c448ef49ce504961ff4ac810c605

SHA512
df81a3356168e78d9810f5e87ca86eb4f56e5f0cb6afdb13408b50778a2d8b18c70b02c6348cd7ba59609ab2956d28eed324706eb65d04bce1159a2d8f1e0e8f

Download Submit
C:\Users\Admin\Desktop\Celery\libglesv2.dll

Filesize
7.3MB

MD5
c9b090ed25f61aa311a6d03fd8839433

SHA1
f1567aa2fb1fcad3cde1e181a62f5e2bccadaf68

SHA256
c7a7a59cf3c26d6c8b2505996065d49f339764f5718e6f53a9ecec8686c489db

SHA512
21cd4618b6ad011afa78abe8fbc42ecafbb992322912c4a77e5f193a04aeb97a5655dedfc513e1a7667db55b92a322e3d9a6dfe7e845af25f37a6666a1798470

Download Submit
C:\Users\Admin\Desktop\Celery\locales\en-US.pak

Filesize
455KB

MD5
a8d060aa17ed42b6b2c4a9fcbab8a7e1

SHA1
16e4e544eca024f8b5a70b4f3ca339a7a0a51ebf

SHA256
55e4ae861aa1cacb09db070a4be0e9dd9a24d2d45e4168824364307120a906b2

SHA512
8f3820e3c5aca560344a253d068936bdb797d07eb22711020d287a949c97d7a98879ff9ff5a4fb2f3fe804bf502300b6f4c92918d973bef351d587483bc43723

Download Submit
C:\Users\Admin\Desktop\Celery\resources.pak

Filesize
7.9MB

MD5
5955471c84eaad269c23f8a22b71f781

SHA1
d625fb0b12d132fec9f91cbc7db54887589f202e

SHA256
b8ae091d95e927a75a9b0a367a8ee9bc5fae0a10427eb77cb3c3460097cd4f5e

SHA512
537fa6f414c7759e70ad6e70350571221ba69afaf89427c7450acf117e58a97fc7beb2a1758cf05b2ef76a14ad50e762f01b1c65d1ccbc63e4d714af445988df

Download Submit
C:\Users\Admin\Desktop\Celery\v8_context_snapshot.bin

Filesize
672KB

MD5
12c20b1ea7dccafb8250e13e46bc9914

SHA1
6ed3625dffea1ad3e1aceae4c55caaf195fd7c18

SHA256
5591258720aed178de57b4e61eb59b2c4af2566caa1d18a7157cf8d0feca11d7

SHA512
e520e67eba1dcf236a0daf43ec57182821b1e9142592ef471c724caf74292ed85291bd3b84fef6107ee2c258f93ea4fff2df18485537d73ddfd973b863c76727

Download Submit
C:\Users\Admin\Desktop\Celery\vk_swiftshader.dll

Filesize
4.9MB

MD5
3262e23f3fef8b021b93c801f5649c92

SHA1
de49b94cfc981a0af5a4e134854f69620e7ba566

SHA256
1c9098e8a6f21462864a91e74555f299ebc41d3bc79d6ee1b9c577c929957285

SHA512
54b0b26b95f6fc799b3e24863a65ef3896786811be3cc9fffa2a06e95e98daf32b16f0ede6b8a87acc319ea17650cdd089c56798236476b894054195738e1797

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
ae48a39475c639c5847dbd5750b83a42

SHA1
cad64b26055e45893d75cf14f50f3f0bf5ce34bc

SHA256
9cf6db7f01c02de07d89036f7ca86a15e848c73a0b411b7db03a95fb4183ffe5

SHA512
60b85bbd116fde5b3e6c0cac1131ae57664fab7c052fbb68eb8b0cb890d67ff3d9a2322de7d6fdcdc43a53a13e1837a10655189ec4f1ce2dff5289e5806400cd

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3360_1300674032\manifest.json

Filesize
1001B

MD5
2648d437c53db54b3ebd00e64852687e

SHA1
66cfe157f4c8e17bfda15325abfef40ec6d49608

SHA256
68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806

SHA512
86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

Download Submit
memory/2320-252-0x0000029DC1A30000-0x0000029DC1B4E000-memory.dmp

Filesize
1.1MB

Download
memory/2320-248-0x0000029DA7580000-0x0000029DA7586000-memory.dmp

Filesize
24KB

Download
memory/2720-9-0x000000007433E000-0x000000007433F000-memory.dmp

Filesize
4KB

Download
memory/2720-3-0x0000000074330000-0x0000000074AE1000-memory.dmp

Filesize
7.7MB

Download
memory/2720-5-0x0000000008EA0000-0x0000000008ED8000-memory.dmp

Filesize
224KB

Download
memory/2720-6-0x0000000008E60000-0x0000000008E6E000-memory.dmp

Filesize
56KB

Download
memory/2720-7-0x0000000074330000-0x0000000074AE1000-memory.dmp

Filesize
7.7MB

Download
memory/2720-8-0x000000000A340000-0x000000000A4C8000-memory.dmp

Filesize
1.5MB

Download
memory/2720-0-0x000000007433E000-0x000000007433F000-memory.dmp

Filesize
4KB

Download
memory/2720-10-0x0000000074330000-0x0000000074AE1000-memory.dmp

Filesize
7.7MB

Download
memory/2720-11-0x0000000074330000-0x0000000074AE1000-memory.dmp

Filesize
7.7MB

Download
memory/2720-4-0x0000000008620000-0x0000000008628000-memory.dmp

Filesize
32KB

Download
memory/2720-12-0x000000000B520000-0x000000000BAC6000-memory.dmp

Filesize
5.6MB

Download
memory/2720-13-0x000000000AEB0000-0x000000000AF42000-memory.dmp

Filesize
584KB

Download
memory/2720-14-0x0000000009FA0000-0x0000000009FB2000-memory.dmp

Filesize
72KB

Download
memory/2720-15-0x0000000003460000-0x000000000346A000-memory.dmp

Filesize
40KB

Download
memory/2720-210-0x0000000074330000-0x0000000074AE1000-memory.dmp

Filesize
7.7MB

Download
memory/2720-2-0x0000000074330000-0x0000000074AE1000-memory.dmp

Filesize
7.7MB

Download
memory/2720-1-0x0000000000EB0000-0x0000000000F82000-memory.dmp

Filesize
840KB

Download
memory/3152-1395-0x000001CCA8570000-0x000001CCA8571000-memory.dmp

Filesize
4KB

Download
memory/3152-1399-0x000001CCA8570000-0x000001CCA8571000-memory.dmp

Filesize
4KB

Download
memory/3152-1400-0x000001CCA8570000-0x000001CCA8571000-memory.dmp

Filesize
4KB

Download
memory/3152-1401-0x000001CCA8570000-0x000001CCA8571000-memory.dmp

Filesize
4KB

Download
memory/3152-1402-0x000001CCA8570000-0x000001CCA8571000-memory.dmp

Filesize
4KB

Download
memory/3152-1404-0x000001CCA8570000-0x000001CCA8571000-memory.dmp

Filesize
4KB

Download
memory/3152-1405-0x000001CCA8570000-0x000001CCA8571000-memory.dmp

Filesize
4KB

Download
memory/3152-1403-0x000001CCA8570000-0x000001CCA8571000-memory.dmp

Filesize
4KB

Download
memory/3152-1393-0x000001CCA8570000-0x000001CCA8571000-memory.dmp

Filesize
4KB

Download
memory/3152-1394-0x000001CCA8570000-0x000001CCA8571000-memory.dmp

Filesize
4KB

Download
memory/3292-2663-0x0000022FF88D0000-0x0000022FF89EE000-memory.dmp

Filesize
1.1MB

Download
memory/3360-223-0x000001896B770000-0x000001896B77A000-memory.dmp

Filesize
40KB

Download
memory/3360-213-0x000001896B790000-0x000001896B7B4000-memory.dmp

Filesize
144KB

Download
memory/3360-211-0x000001896A1E0000-0x000001896B32E000-memory.dmp

Filesize
17.3MB

Download
memory/3360-429-0x0000018970430000-0x0000018970438000-memory.dmp

Filesize
32KB

Download
memory/3360-207-0x00007FFEB68F3000-0x00007FFEB68F5000-memory.dmp

Filesize
8KB

Download
memory/3360-431-0x0000018970460000-0x0000018970470000-memory.dmp

Filesize
64KB

Download
memory/3360-433-0x0000018970470000-0x000001897047E000-memory.dmp

Filesize
56KB

Download
memory/3360-432-0x00000189704B0000-0x00000189704E8000-memory.dmp

Filesize
224KB

Download
memory/3360-521-0x00007FFEB68F3000-0x00007FFEB68F5000-memory.dmp

Filesize
8KB

Download
memory/3360-215-0x000001896DA50000-0x000001896DB36000-memory.dmp

Filesize
920KB

Download
memory/3360-217-0x000001896D8E0000-0x000001896D8F4000-memory.dmp

Filesize
80KB

Download
memory/3360-227-0x000001896DB40000-0x000001896DD01000-memory.dmp

Filesize
1.8MB

Download
memory/3360-261-0x000001896FBC0000-0x000001896FBD2000-memory.dmp

Filesize
72KB

Download
memory/3360-221-0x000001896B760000-0x000001896B76A000-memory.dmp

Filesize
40KB

Download
memory/3360-219-0x000001896D900000-0x000001896D91C000-memory.dmp

Filesize
112KB

Download
memory/3360-234-0x000001896DA00000-0x000001896DA4A000-memory.dmp

Filesize
296KB

Download
memory/3360-413-0x0000018970200000-0x0000018970222000-memory.dmp

Filesize
136KB

Download
memory/3360-383-0x000001896FD00000-0x000001896FDB2000-memory.dmp

Filesize
712KB

Download
memory/3360-262-0x000001896FBA0000-0x000001896FBAA000-memory.dmp

Filesize
40KB

Download
memory/3360-2564-0x0000018975570000-0x0000018975578000-memory.dmp

Filesize
32KB

Download