Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

RobloxStud...er.exe

windows11-21h2-x64

Resubmissions

05/08/2024, 17:22

240805-vxmt4swgpe 8

05/08/2024, 17:10

240805-vpztpswfma 8

05/08/2024, 17:06

240805-vmkl1asepq 8

Analysis

  • max time kernel
    664s
  • max time network
    666s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05/08/2024, 17:10

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    RobloxStudioInstaller.exe

  • Size

    5.4MB

  • MD5

    4fa63f4ccb9b1fca93ab82e51c6d4750

  • SHA1

    1f26018c15ed5e14140ed44c28cf52a7b892fc86

  • SHA256

    685f8b14eb645f892a666cf61cf691d086fe0d3e344a245323f1fe75034869fb

  • SHA512

    a25031fb2afe1baebe9b46266192574c6c73b7fcd8e3e2897873d97b3f6232c5228fa4f633b1df98b9410808d5afe1dd470cd8f3f6dbc0c52526311b769554ab

  • SSDEEP

    98304:CLv+pDLARNKsA+779cNPdtUj5h4tgDueFVQzo+RT4pQP6/h/puvJAV:y+pDERNKuCRoIgDuel+RQQizGJO

Score
8/10
discoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 46 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Network Service Discovery 1 TTPs 1 IoCs

    Attempt to gather information on host's network.

    discovery
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Checks system information in the registry 2 TTPs 20 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 10 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\RobloxStudioInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\RobloxStudioInstaller.exe"
    1⤵
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
      MicrosoftEdgeWebview2Setup.exe /silent /install
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1160
      • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
        3⤵
        • Event Triggered Execution: Image File Execution Options Injection
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks system information in the registry
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2268
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          PID:4904
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:2696
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies registry class
            PID:1252
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies registry class
            PID:2216
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies registry class
            PID:2052
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUZBRDNEM0UtNzg3OS00NERFLTg5RTItQkUzQzJBOEYxNEIxfSIgdXNlcmlkPSJ7RTIyNUE0MUYtRkIxQy00NTAwLTk4RjItMTYwMTQ4NTFBMTlBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCRTAzRjE3Ri1FQkQ4LTRBQzItODIwMS1DODZFNDkxNzA1QjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUwNzQwMDA3NDkiIGluc3RhbGxfdGltZV9tcz0iNjcxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks system information in the registry
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Internet Connection Discovery
          PID:4908
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{AFAD3D3E-7879-44DE-89E2-BE3C2A8F14B1}" /silent
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1856
    • C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\RobloxStudioBeta.exe
      "C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1436
      • C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\RobloxCrashHandler.exe
        "C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.636.0.6360625_20240805T171347Z_Studio_EA1ED_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.636.0.6360625_20240805T171347Z_Studio_EA1ED_last.log --attachment=attachment_log_0.636.0.6360625_20240805T171347Z_Studio_EA1ED_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.636.0.6360625_20240805T171347Z_Studio_EA1ED_csg3.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.636.0.6360625 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=891e83b251fb9b65ea7fc8cb9143473ad746b719 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.636.0.6360625 --annotation=UniqueId=1765315540051884218 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.636.0.6360625 --annotation=host_arch=x86_64 --initial-client-data=0x5b4,0x5b8,0x5bc,0x51c,0x5e4,0x7ff62c0a20e8,0x7ff62c0a2100,0x7ff62c0a2118
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2636
      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=1436.2544.13187366136959215951
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks system information in the registry
        • Drops file in Windows directory
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:756
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=127.0.2651.86 --initial-client-data=0x160,0x164,0x168,0x13c,0x198,0x7ffa901ad198,0x7ffa901ad1a4,0x7ffa901ad1b0
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3276
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1752,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1744 /prefetch:2
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3172
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1828,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1812 /prefetch:11
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2696
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2224,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:13
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4064
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3276,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3292 /prefetch:1
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1708
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4056,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4076
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3408,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3436 /prefetch:1
          4⤵
          • Executes dropped EXE
          PID:3036
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1968,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:14
          4⤵
          • Executes dropped EXE
          PID:2712
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4680,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=752 /prefetch:10
          4⤵
          • Executes dropped EXE
          PID:1176
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4516,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:14
          4⤵
          • Executes dropped EXE
          PID:964
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2196,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4796 /prefetch:14
          4⤵
          • Executes dropped EXE
          PID:4960
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4636,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:14
          4⤵
          • Executes dropped EXE
          PID:2548
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4804,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:14
          4⤵
          • Executes dropped EXE
          PID:1644
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4732,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:14
          4⤵
          • Executes dropped EXE
          PID:2564
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4596,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:14
          4⤵
          • Executes dropped EXE
          PID:1628
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4712,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:14
          4⤵
          • Executes dropped EXE
          PID:652
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.86\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 636, 0, 6360625" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4868,i,14201926528753315685,4640215867720739539,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:1
          4⤵
          • Executes dropped EXE
          PID:4984
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
    1⤵
      PID:4432
    • C:\Windows\System32\oobe\UserOOBEBroker.exe
      C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
      1⤵
      • Drops file in Windows directory
      PID:4320
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
      1⤵
      • System Location Discovery: System Language Discovery
      PID:2860
    • C:\Windows\system32\SystemSettingsAdminFlows.exe
      "C:\Windows\system32\SystemSettingsAdminFlows.exe" RenamePC
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3464
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks system information in the registry
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Suspicious use of WriteProcessMemory
      PID:2620
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUZBRDNEM0UtNzg3OS00NERFLTg5RTItQkUzQzJBOEYxNEIxfSIgdXNlcmlkPSJ7RTIyNUE0MUYtRkIxQy00NTAwLTk4RjItMTYwMTQ4NTFBMTlBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4RTM4OEYxOS00MEZELTQzNUItQTc1NC02RjU1MDM4MDEzQjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTA3OTE1NjkwMCIvPjwvYXBwPjwvcmVxdWVzdD4
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks system information in the registry
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        PID:1488
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4E6CF532-DCE8-47B4-A497-0D965C685697}\MicrosoftEdge_X64_127.0.2651.86.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4E6CF532-DCE8-47B4-A497-0D965C685697}\MicrosoftEdge_X64_127.0.2651.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
        2⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2980
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4E6CF532-DCE8-47B4-A497-0D965C685697}\EDGEMITMP_6831D.tmp\setup.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4E6CF532-DCE8-47B4-A497-0D965C685697}\EDGEMITMP_6831D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4E6CF532-DCE8-47B4-A497-0D965C685697}\MicrosoftEdge_X64_127.0.2651.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
          3⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious use of WriteProcessMemory
          PID:3492
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4E6CF532-DCE8-47B4-A497-0D965C685697}\EDGEMITMP_6831D.tmp\setup.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4E6CF532-DCE8-47B4-A497-0D965C685697}\EDGEMITMP_6831D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4E6CF532-DCE8-47B4-A497-0D965C685697}\EDGEMITMP_6831D.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6dedfb7d0,0x7ff6dedfb7dc,0x7ff6dedfb7e8
            4⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            PID:1060
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUZBRDNEM0UtNzg3OS00NERFLTg5RTItQkUzQzJBOEYxNEIxfSIgdXNlcmlkPSJ7RTIyNUE0MUYtRkIxQy00NTAwLTk4RjItMTYwMTQ4NTFBMTlBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4NUM4RkUyNS1FMTVELTRBOUYtOTUxNS00M0U4RUIxMzhERTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjcuMC4yNjUxLjg2IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDg3OTA2OTIyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTA4NzkwNjkyMiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYwOTI1MjA0OTUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2IyMzVmYzNhLTg2YmYtNDIwZi1iMWJjLTZjNjdhM2E5NTg4OT9QMT0xNzIzNDgyNjgzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUhHRTBVT3lFZGdtTjFad1FFMnNsZ2clMmZpckVjayUyZm5XejQlMmZscjdpJTJiRFMyWEZPTGVTM1FYUnNDaHJNYXRUMWxNbklDb0t6elpRJTJidXRveU9FZ0dmeGJHQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjU2NzEwNCIgdG90YWw9IjE3MjU2NzEwNCIgZG93bmxvYWRfdGltZV9tcz0iOTQyMTEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MDkyNjc2ODYwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjEwNjQyNzEyNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjUzNDM5NTg3NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjQyMSIgZG93bmxvYWRfdGltZV9tcz0iMTAwNDc3IiBkb3dubG9hZGVkPSIxNzI1NjcxMDQiIHRvdGFsPSIxNzI1NjcxMDQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQyNzk3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks system information in the registry
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        PID:1348
    • C:\Windows\system32\SystemSettingsAdminFlows.exe
      "C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4640
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2804
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
      1⤵
      • System Location Discovery: System Language Discovery
      PID:3988
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
      1⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:1752
    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
      1⤵
      • Executes dropped EXE
      • Checks system information in the registry
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:5116
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5C8F5D3A-8718-4643-8553-6BC4F999D9EC}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5C8F5D3A-8718-4643-8553-6BC4F999D9EC}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe" /update /sessionid "{DAC364FF-66BE-4032-A0A6-0EC4361F1365}"
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1412
        • C:\Program Files (x86)\Microsoft\Temp\EUBA1B.tmp\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\Temp\EUBA1B.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{DAC364FF-66BE-4032-A0A6-0EC4361F1365}"
          3⤵
          • Event Triggered Execution: Image File Execution Options Injection
          • Executes dropped EXE
          • Checks system information in the registry
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:1460
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:2372
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:3440
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
              5⤵
              • Executes dropped EXE
              • Modifies registry class
              PID:3964
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
              5⤵
              • Executes dropped EXE
              • Modifies registry class
              PID:420
            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
              5⤵
              • Executes dropped EXE
              • Modifies registry class
              PID:2108
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REFDMzY0RkYtNjZCRS00MDMyLUEwQTYtMEVDNDM2MUYxMzY1fSIgdXNlcmlkPSJ7RTIyNUE0MUYtRkIxQy00NTAwLTk4RjItMTYwMTQ4NTFBMTlBfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7Q0IwQzM1RkEtMjNENi00OUU3LTg1MTMtNjZENUYxMUFEODlEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjI4Nzc4ODAiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2ODYyNDQ0NjYiLz48L2FwcD48L3JlcXVlc3Q-
            4⤵
            • Executes dropped EXE
            • Checks system information in the registry
            • System Location Discovery: System Language Discovery
            • System Network Configuration Discovery: Internet Connection Discovery
            PID:888
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7REFDMzY0RkYtNjZCRS00MDMyLUEwQTYtMEVDNDM2MUYxMzY1fSIgdXNlcmlkPSJ7RTIyNUE0MUYtRkIxQy00NTAwLTk4RjItMTYwMTQ4NTFBMTlBfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntFQTI5OEQxQi0zNEE1LTQ1NjgtOTQyNC00OUUxREVDMDJDQTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2NjIwMjIyMDgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODY2MjE0MTk0MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODY3MTY3NDUxNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyM2ZhN2Y3LTQ0NDUtNDEzNy04MmVjLTcxNTI4OTQ5MTgyYT9QMT0xNzIzNDgzMDQwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWNIbDBidW1PJTJiRmJ3ZVpYWkVXblhPRUpubHhTaGphUVdoRnhKUlZpcXhzS0hFWTJZWGRiZXhVaUtVMmc5JTJiNjhBYWtxcXR3Wmc4R0ljSmZ6SnhKTnFiUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2NzE2NzQ1MTYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyM2ZhN2Y3LTQ0NDUtNDEzNy04MmVjLTcxNTI4OTQ5MTgyYT9QMT0xNzIzNDgzMDQwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWNIbDBidW1PJTJiRmJ3ZVpYWkVXblhPRUpubHhTaGphUVdoRnhKUlZpcXhzS0hFWTJZWGRiZXhVaUtVMmc5JTJiNjhBYWtxcXR3Wmc4R0ljSmZ6SnhKTnFiUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2NDUxMTIiIHRvdGFsPSIxNjQ1MTEyIiBkb3dubG9hZF90aW1lX21zPSI4NDkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODY3MTg0NDIxOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4Njc2OTQ5MjI3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2NzA4Njc5MzYyMjAzODAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNy4wLjI2NTEuODYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgdXBkYXRlX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2NzM1MTYzMjgyNDAyNjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0E2N0U4OTcyLTRBNDctNEMwQy1BQ0NCLUU4MkExNjc2NjM1RH0iLz48L2FwcD48L3JlcXVlc3Q-
        2⤵
        • Executes dropped EXE
        • Checks system information in the registry
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        PID:432
    • C:\Windows\System32\GameBarPresenceWriter.exe
      "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
      1⤵
      • Network Service Discovery
      PID:3624
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3380
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
      1⤵
      • Checks processor information in registry
      PID:444
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
      1⤵
        PID:2576
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
        1⤵
          PID:2852
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe"
          1⤵
          • Drops file in Windows directory
          • Enumerates system info in registry
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:4372
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9374cc40,0x7ffa9374cc4c,0x7ffa9374cc58
            2⤵
              PID:2456
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1720,i,16676808093011078500,10006529115036608873,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1736 /prefetch:2
              2⤵
                PID:1892
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,16676808093011078500,10006529115036608873,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2104 /prefetch:3
                2⤵
                  PID:2216
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,16676808093011078500,10006529115036608873,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2180 /prefetch:8
                  2⤵
                    PID:4088
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3040,i,16676808093011078500,10006529115036608873,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3076 /prefetch:1
                    2⤵
                      PID:1636
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3304,i,16676808093011078500,10006529115036608873,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3324 /prefetch:1
                      2⤵
                        PID:2408
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2692,i,16676808093011078500,10006529115036608873,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4316 /prefetch:1
                        2⤵
                          PID:408
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4632,i,16676808093011078500,10006529115036608873,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4652 /prefetch:8
                          2⤵
                            PID:2892
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,16676808093011078500,10006529115036608873,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4836 /prefetch:8
                            2⤵
                              PID:4644
                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                            1⤵
                              PID:1888
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                              1⤵
                                PID:3796
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                1⤵
                                  PID:4552
                                • C:\Windows\system32\LogonUI.exe
                                  "LogonUI.exe" /flags:0x0 /state0:0xa3996055 /state1:0x41c64e6d
                                  1⤵
                                  • Modifies data under HKEY_USERS
                                  • Suspicious use of SetWindowsHookEx
                                  PID:1944

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Installer\setup.exe
                                  Filesize

                                  6.6MB

                                  MD5

                                  71bf4a76d1762959b49eda173f57656e

                                  SHA1

                                  2ead7f36b7ef2790d83d10d96b20959bf73d061d

                                  SHA256

                                  0121c1dde7daaacfd974fc8545a029e970ad7769af84646feff41b7c8c2de33e

                                  SHA512

                                  05ea34097e98e4df5358a2968e4af9c7157c1946b15787d5c3cb1c841d47db6cacda4135a0fc662c2dae0b8ad03bdcfa1015db745c39bb16068df0108bda717e

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.15\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
                                  Filesize

                                  1.6MB

                                  MD5

                                  90decc230b529e4fd7e5fa709e575e76

                                  SHA1

                                  aa48b58cf2293dad5854431448385e583b53652c

                                  SHA256

                                  91f0deec7d7319e57477b74a7a5f4d17c15eb2924b53e05a5998d67ecc8201f2

                                  SHA512

                                  15c0c5ef077d5aca08c067afbc8865ad267abd7b82049655276724bce7f09c16f52d13d69d1449888d8075e13125ff8f880a0d92adc9b65a5171740a7c72df03

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\EdgeUpdate.dat
                                  Filesize

                                  12KB

                                  MD5

                                  369bbc37cff290adb8963dc5e518b9b8

                                  SHA1

                                  de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                  SHA256

                                  3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                  SHA512

                                  4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                  Filesize

                                  179KB

                                  MD5

                                  7a160c6016922713345454265807f08d

                                  SHA1

                                  e36ee184edd449252eb2dfd3016d5b0d2edad3c6

                                  SHA256

                                  35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

                                  SHA512

                                  c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\MicrosoftEdgeUpdate.exe
                                  Filesize

                                  201KB

                                  MD5

                                  4dc57ab56e37cd05e81f0d8aaafc5179

                                  SHA1

                                  494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                  SHA256

                                  87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                  SHA512

                                  320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                  Filesize

                                  212KB

                                  MD5

                                  60dba9b06b56e58f5aea1a4149c743d2

                                  SHA1

                                  a7e456acf64dd99ca30259cf45b88cf2515a69b3

                                  SHA256

                                  4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

                                  SHA512

                                  e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\MicrosoftEdgeUpdateCore.exe
                                  Filesize

                                  257KB

                                  MD5

                                  c044dcfa4d518df8fc9d4a161d49cece

                                  SHA1

                                  91bd4e933b22c010454fd6d3e3b042ab6e8b2149

                                  SHA256

                                  9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

                                  SHA512

                                  f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\NOTICE.TXT
                                  Filesize

                                  4KB

                                  MD5

                                  6dd5bf0743f2366a0bdd37e302783bcd

                                  SHA1

                                  e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                  SHA256

                                  91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                  SHA512

                                  f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdate.dll
                                  Filesize

                                  2.0MB

                                  MD5

                                  965b3af7886e7bf6584488658c050ca2

                                  SHA1

                                  72daabdde7cd500c483d0eeecb1bd19708f8e4a5

                                  SHA256

                                  d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

                                  SHA512

                                  1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_af.dll
                                  Filesize

                                  28KB

                                  MD5

                                  567aec2d42d02675eb515bbd852be7db

                                  SHA1

                                  66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

                                  SHA256

                                  a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

                                  SHA512

                                  3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_am.dll
                                  Filesize

                                  24KB

                                  MD5

                                  f6c1324070b6c4e2a8f8921652bfbdfa

                                  SHA1

                                  988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

                                  SHA256

                                  986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

                                  SHA512

                                  63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_ar.dll
                                  Filesize

                                  26KB

                                  MD5

                                  570efe7aa117a1f98c7a682f8112cb6d

                                  SHA1

                                  536e7c49e24e9aa068a021a8f258e3e4e69fa64f

                                  SHA256

                                  e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

                                  SHA512

                                  5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_as.dll
                                  Filesize

                                  28KB

                                  MD5

                                  a8d3210e34bf6f63a35590245c16bc1b

                                  SHA1

                                  f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

                                  SHA256

                                  3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

                                  SHA512

                                  6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_az.dll
                                  Filesize

                                  29KB

                                  MD5

                                  7937c407ebe21170daf0975779f1aa49

                                  SHA1

                                  4c2a40e76209abd2492dfaaf65ef24de72291346

                                  SHA256

                                  5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

                                  SHA512

                                  8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_bg.dll
                                  Filesize

                                  29KB

                                  MD5

                                  8375b1b756b2a74a12def575351e6bbd

                                  SHA1

                                  802ec096425dc1cab723d4cf2fd1a868315d3727

                                  SHA256

                                  a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

                                  SHA512

                                  aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_bn-IN.dll
                                  Filesize

                                  29KB

                                  MD5

                                  a94cf5e8b1708a43393263a33e739edd

                                  SHA1

                                  1068868bdc271a52aaae6f749028ed3170b09cce

                                  SHA256

                                  5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

                                  SHA512

                                  920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_bn.dll
                                  Filesize

                                  29KB

                                  MD5

                                  7dc58c4e27eaf84ae9984cff2cc16235

                                  SHA1

                                  3f53499ddc487658932a8c2bcf562ba32afd3bda

                                  SHA256

                                  e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

                                  SHA512

                                  bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_bs.dll
                                  Filesize

                                  28KB

                                  MD5

                                  e338dccaa43962697db9f67e0265a3fc

                                  SHA1

                                  4c6c327efc12d21c4299df7b97bf2c45840e0d83

                                  SHA256

                                  99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

                                  SHA512

                                  e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                                  Filesize

                                  29KB

                                  MD5

                                  2929e8d496d95739f207b9f59b13f925

                                  SHA1

                                  7c1c574194d9e31ca91e2a21a5c671e5e95c734c

                                  SHA256

                                  2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

                                  SHA512

                                  ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_ca.dll
                                  Filesize

                                  30KB

                                  MD5

                                  39551d8d284c108a17dc5f74a7084bb5

                                  SHA1

                                  6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

                                  SHA256

                                  8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

                                  SHA512

                                  6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_cs.dll
                                  Filesize

                                  28KB

                                  MD5

                                  16c84ad1222284f40968a851f541d6bb

                                  SHA1

                                  bc26d50e15ccaed6a5fbe801943117269b3b8e6b

                                  SHA256

                                  e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

                                  SHA512

                                  d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_cy.dll
                                  Filesize

                                  28KB

                                  MD5

                                  34d991980016595b803d212dc356d765

                                  SHA1

                                  e3a35df6488c3463c2a7adf89029e1dd8308f816

                                  SHA256

                                  252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

                                  SHA512

                                  8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_da.dll
                                  Filesize

                                  28KB

                                  MD5

                                  d34380d302b16eab40d5b63cfb4ed0fe

                                  SHA1

                                  1d3047119e353a55dc215666f2b7b69f0ede775b

                                  SHA256

                                  fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

                                  SHA512

                                  45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_de.dll
                                  Filesize

                                  30KB

                                  MD5

                                  aab01f0d7bdc51b190f27ce58701c1da

                                  SHA1

                                  1a21aabab0875651efd974100a81cda52c462997

                                  SHA256

                                  061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

                                  SHA512

                                  5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_el.dll
                                  Filesize

                                  30KB

                                  MD5

                                  ac275b6e825c3bd87d96b52eac36c0f6

                                  SHA1

                                  29e537d81f5d997285b62cd2efea088c3284d18f

                                  SHA256

                                  223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

                                  SHA512

                                  bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_en-GB.dll
                                  Filesize

                                  27KB

                                  MD5

                                  d749e093f263244d276b6ffcf4ef4b42

                                  SHA1

                                  69f024c769632cdbb019943552bac5281d4cbe05

                                  SHA256

                                  fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

                                  SHA512

                                  48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_en.dll
                                  Filesize

                                  27KB

                                  MD5

                                  4a1e3cf488e998ef4d22ac25ccc520a5

                                  SHA1

                                  dc568a6e3c9465474ef0d761581c733b3371b1cd

                                  SHA256

                                  9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

                                  SHA512

                                  ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_es-419.dll
                                  Filesize

                                  29KB

                                  MD5

                                  28fefc59008ef0325682a0611f8dba70

                                  SHA1

                                  f528803c731c11d8d92c5660cb4125c26bb75265

                                  SHA256

                                  55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

                                  SHA512

                                  2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_es.dll
                                  Filesize

                                  28KB

                                  MD5

                                  9db7f66f9dc417ebba021bc45af5d34b

                                  SHA1

                                  6815318b05019f521d65f6046cf340ad88e40971

                                  SHA256

                                  e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

                                  SHA512

                                  943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_et.dll
                                  Filesize

                                  28KB

                                  MD5

                                  b78cba3088ecdc571412955742ea560b

                                  SHA1

                                  bc04cf9014cec5b9f240235b5ff0f29dbdb22926

                                  SHA256

                                  f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

                                  SHA512

                                  04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_eu.dll
                                  Filesize

                                  28KB

                                  MD5

                                  a7e1f4f482522a647311735699bec186

                                  SHA1

                                  3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

                                  SHA256

                                  e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

                                  SHA512

                                  22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_fa.dll
                                  Filesize

                                  27KB

                                  MD5

                                  cbe3454843ce2f36201460e316af1404

                                  SHA1

                                  0883394c28cb60be8276cb690496318fcabea424

                                  SHA256

                                  c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

                                  SHA512

                                  f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_fi.dll
                                  Filesize

                                  28KB

                                  MD5

                                  d45f2d476ed78fa3e30f16e11c1c61ea

                                  SHA1

                                  8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

                                  SHA256

                                  acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

                                  SHA512

                                  2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_fil.dll
                                  Filesize

                                  29KB

                                  MD5

                                  7c66526dc65de144f3444556c3dba7b8

                                  SHA1

                                  6721a1f45ac779e82eecc9a584bcf4bcee365940

                                  SHA256

                                  e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

                                  SHA512

                                  dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_fr-CA.dll
                                  Filesize

                                  30KB

                                  MD5

                                  b534e068001e8729faf212ad3c0da16c

                                  SHA1

                                  999fa33c5ea856d305cc359c18ea8e994a83f7a9

                                  SHA256

                                  445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511

                                  SHA512

                                  e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_fr.dll
                                  Filesize

                                  30KB

                                  MD5

                                  64c47a66830992f0bdfd05036a290498

                                  SHA1

                                  88b1b8faa511ee9f4a0e944a0289db48a8680640

                                  SHA256

                                  a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961

                                  SHA512

                                  426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_ga.dll
                                  Filesize

                                  28KB

                                  MD5

                                  3b8a5301c4cf21b439953c97bd3c441c

                                  SHA1

                                  8a7b48bb3d75279de5f5eb88b5a83437c9a2014a

                                  SHA256

                                  abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0

                                  SHA512

                                  068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_gd.dll
                                  Filesize

                                  30KB

                                  MD5

                                  c90f33303c5bd706776e90c12aefabee

                                  SHA1

                                  1965550fe34b68ea37a24c8708eef1a0d561fb11

                                  SHA256

                                  e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c

                                  SHA512

                                  b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_gl.dll
                                  Filesize

                                  28KB

                                  MD5

                                  84a1cea9a31be831155aa1e12518e446

                                  SHA1

                                  670f4edd4dc8df97af8925f56241375757afb3da

                                  SHA256

                                  e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57

                                  SHA512

                                  5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_gu.dll
                                  Filesize

                                  28KB

                                  MD5

                                  f9646357cf6ce93d7ba9cfb3fa362928

                                  SHA1

                                  a072cc350ea8ea6d8a01af335691057132b04025

                                  SHA256

                                  838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150

                                  SHA512

                                  654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_hi.dll
                                  Filesize

                                  28KB

                                  MD5

                                  34cbaeb5ec7984362a3dabe5c14a08ec

                                  SHA1

                                  d88ec7ac1997b7355e81226444ec4740b69670d7

                                  SHA256

                                  024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9

                                  SHA512

                                  008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_hr.dll
                                  Filesize

                                  29KB

                                  MD5

                                  0b475965c311203bf3a592be2f5d5e00

                                  SHA1

                                  b5ff1957c0903a93737666dee0920b1043ddaf70

                                  SHA256

                                  65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0

                                  SHA512

                                  bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_hu.dll
                                  Filesize

                                  29KB

                                  MD5

                                  f4976c580ba37fc9079693ebf5234fea

                                  SHA1

                                  7326d2aa8f6109084728323d44a7fb975fc1ed3f

                                  SHA256

                                  b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791

                                  SHA512

                                  e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_id.dll
                                  Filesize

                                  27KB

                                  MD5

                                  03d4c35b188204f62fc1c46320e80802

                                  SHA1

                                  07efb737c8b072f71b3892b807df8c895b20868c

                                  SHA256

                                  192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95

                                  SHA512

                                  7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_is.dll
                                  Filesize

                                  28KB

                                  MD5

                                  5664c7a059ceb096d4cdaae6e2b96b8f

                                  SHA1

                                  bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec

                                  SHA256

                                  a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e

                                  SHA512

                                  015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_it.dll
                                  Filesize

                                  30KB

                                  MD5

                                  497ca0a8950ae5c8c31c46eb91819f58

                                  SHA1

                                  01e7e61c04de64d2df73322c22208a87d6331fc8

                                  SHA256

                                  abe2360a585b6671ec3a69d14077b43ae8f9e92b6077b80a147dfe36792bb1b7

                                  SHA512

                                  070398af980f193ff90b4afaecb3822534ef3171eca7228bce395af11ca38364bc47cab7df1e71187ef291f90978bdc37a8611d2992b1800cd1de6aa7fda09d9

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_iw.dll
                                  Filesize

                                  25KB

                                  MD5

                                  45e971cdc476b8ea951613dbd96e8943

                                  SHA1

                                  8d87b4edfce31dfa4eebdcc319268e81c1e01356

                                  SHA256

                                  fd5ba39c8b319c6ba2febf896c6947a0a7bae6aa0b4957bd124d55589f41849d

                                  SHA512

                                  f1c9fccf742fa450be249dbbf7e551a426c050ae4af3d2e909f9750068a2bdc801f618eb77a6a82d13421d27949c9f2a9681a44bcb410ccdeec66b24a70f6a9a

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_ja.dll
                                  Filesize

                                  24KB

                                  MD5

                                  b507a146eb5de3b02271106218223b93

                                  SHA1

                                  0f1faddb06d775bcabbe8c7d83840505e094b8d6

                                  SHA256

                                  5f4234e2b965656e3d6e127660f52e370dc133632d451ef04975f3b70194b2ed

                                  SHA512

                                  54864e9130b91b6fd68b1947968c446f45a582f22714716bfd70b6dc814841fffe939bc2f573a257ec8c62b4ff939643211fb29cabc0c45b78a6cc70eaa3752c

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_ka.dll
                                  Filesize

                                  29KB

                                  MD5

                                  3bc0d9dd2119a72a1dc705d794dc6507

                                  SHA1

                                  5c3947e9783b90805d4d3a305dd2d0f2b2e03461

                                  SHA256

                                  4449ee24c676e34fea4d151b3a752e8d0e7c82f419884e80da60d4d4c1b0f8cb

                                  SHA512

                                  8df01ad484bf2924892129c59317f3da4f79611be2ca29e208114e5ed2cb96a63f753511dc4fe97e281417366246f2fb576cc6ef2618a67803ae7ac01be7b067

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_kk.dll
                                  Filesize

                                  28KB

                                  MD5

                                  bcb1c5f3ef6c633e35603eade528c0f2

                                  SHA1

                                  84fac96d72341dc8238a0aa2b98eb7631b1eaf4e

                                  SHA256

                                  fdd6bffdb9eca4542975f3afe3ac68feac190b8963f0a7244b4b8fa6382381d1

                                  SHA512

                                  ecd79ddd9f3e6db1d0471132c453c324ab55bdead21de77392f418281bc8a2dd43e9009912896ffa3d55d4d3ef17b0aa847a084369b619eb04a2d2313641d520

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_km.dll
                                  Filesize

                                  27KB

                                  MD5

                                  2ea1200fdfb4fcc368cea7d0cdc32bc2

                                  SHA1

                                  4acb60908e6e974c9fa0f19be94cb295494ee989

                                  SHA256

                                  6fd21b94f62ee7474b3c3029590ddf06936105508f9bf3509620c42dc37486c3

                                  SHA512

                                  e63b80a5929200c85c7a30a3054bd51eee2f27e603501f105073868690906f4619a27a52e58c90ac2ab5d5c34a4739dfdd2a511574afeb7d0118de88c5544f42

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_kn.dll
                                  Filesize

                                  29KB

                                  MD5

                                  60dfe673999d07f1a52716c57ba425a8

                                  SHA1

                                  019ce650320f90914e83010f77347351ec9958ab

                                  SHA256

                                  ef749f70e71424d7f548d5c12283be70a6d6c59cffb1c8101b74f37ecacb64af

                                  SHA512

                                  46bfe77a49f14293988863a8e4dd0543202b954b670940d9ad5dc6d2b46e46104d8d6206be08a941f7e02b8ff3e2e2366b7b795d02352cff18971f8d0df5fcdc

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_ko.dll
                                  Filesize

                                  23KB

                                  MD5

                                  cf91a1f111762d2bc01f8a002bd9544d

                                  SHA1

                                  db2603af55b08538a41c51fc0676bc0ed041d284

                                  SHA256

                                  baa9fae4fb8939e0b5fe0c7f393ab1ca40b52534f37bf2158a9a36331a221e75

                                  SHA512

                                  9db864dbd194885b46f7bed9875f1e531e48f7644ce4494b8dc482c7516a6f783cd35129d2565b272dc674491a08c844a6da88bf9fa7843fcf89c96b4e0af799

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_kok.dll
                                  Filesize

                                  28KB

                                  MD5

                                  ca3465347e57624ee2a5dd2299d4f4cd

                                  SHA1

                                  551a151a8d49489c90400e18c34633aa2c2b8a4b

                                  SHA256

                                  5b9509a1ae34d89c89c8e657742495037d28cd03e1cd48aef4dfaa7aeebe29f0

                                  SHA512

                                  a4bdd458a7628a9f0664e1000512e056718cc924510a21704ff8c69b0b251a5a1c7f6f267d66325cadda1536aaee78440348be128d082112c71732e485ac93f3

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_lb.dll
                                  Filesize

                                  30KB

                                  MD5

                                  269e84b82973e7b9ee03a5b2ef475e4d

                                  SHA1

                                  4021af3bfde8c52040ad4f9390eb29ae2a69104b

                                  SHA256

                                  c3fb0cae3dc5cdd86518d60f998c3adec1c0c5804a74ffbb9a346a73d598af07

                                  SHA512

                                  db716e2f6527af2dfeba4c22ff00e159d7cc0b482fc126e87b8b3d35b714bb382676066097352b6ebb87c8dfe7f6144e83100f0c9a9990b0d23c810b6c575c21

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_lo.dll
                                  Filesize

                                  27KB

                                  MD5

                                  864edbc77831a64a3e3ab972291233bb

                                  SHA1

                                  fa1f3eb3320c1b1a329cbe786abecf2a8e625cbe

                                  SHA256

                                  aecab1eb46075d1a1432b3e14537f860a2ded49a13ca82f17fac44b40ad2da51

                                  SHA512

                                  3d54efd01d6317fb4746b55db2c847a506f594cff055f0db84a72ede02dbe3aa03d8e65ea06c5ae365f44312a26cdbc45ad5f9a0de46d2b9c878aeeb24566b89

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_lt.dll
                                  Filesize

                                  27KB

                                  MD5

                                  7071c732cf3e4b3144cf07c49d8eb44f

                                  SHA1

                                  3800bf304b44d9d27ac26bed6ccc899669dc3b4f

                                  SHA256

                                  9c75ef5c3f53c643d7bb8c5907a0cba6ca2d1d64e6bea39ce06b4ad5a20454b6

                                  SHA512

                                  be3a0942e2af843adeb8e9b6acc7cd8adec956b761f71d8eb0a02835ee5be115ac064fda7088b0813d40ec3a24e7bb77816e9b67ef0cbdce1562c36880b15049

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_lv.dll
                                  Filesize

                                  28KB

                                  MD5

                                  30849a9c16061b9a46a66e8e7d42ff81

                                  SHA1

                                  2d0e86535d964acce8912c6bef3cc12346b22a6c

                                  SHA256

                                  b8075c09d33cc6b6ff22fdb29ccc3dd319ce867f4b77a1d165f6f8d8cb4977e9

                                  SHA512

                                  298ee10ff6cab7ff38d31e3a7826dedeab8e9ccc616eae4ca2e5ec333f42e5c6744650857031d8bf35034bd46c7c01a2646362ffbbef1f421995c73ba999ff0b

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_mi.dll
                                  Filesize

                                  28KB

                                  MD5

                                  1866ddadd9397dbf01c82c73496b6bff

                                  SHA1

                                  b210a9df7d6a5e116fe7a9ff8d455b6cbfb5663b

                                  SHA256

                                  9b4bb2ca3366a1935b4869796efc0601f94356b45e8613d28e023dd516f48d17

                                  SHA512

                                  76fa5cade101d79d012e00904bf18692f85967ceea0ed7e81da4df65b85afc125a00127d9e06c8c59ffbfd2dcdc88488157b61922960559fa17d13dedca3ee59

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_mk.dll
                                  Filesize

                                  29KB

                                  MD5

                                  064035858a1df697913f06c972461901

                                  SHA1

                                  b6be99ae8e55207949076955389bc8fec81937fd

                                  SHA256

                                  4850260d2cbb4b4ff3490eb90ce55a412268ad699f946b1cd686ddf9f0403bd6

                                  SHA512

                                  9459056e919854213117b874e61b526af4ba35c3c3e195b204c5c3e59cc4dfa2b4a45c32551e1de144842844f246f5e0d025cdcc78dbf7265ba5e26e7209cd91

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_ml.dll
                                  Filesize

                                  30KB

                                  MD5

                                  7e90d4306c5768dfd1160ad9e2168a19

                                  SHA1

                                  4f7b17843ad226d51cfb0090235b55a29b5a674a

                                  SHA256

                                  8ebe88477b1493733140f1fced91903276ec69c7302deed3281054b49573eb3c

                                  SHA512

                                  f6d8b538915fa70bfb784ea7e6d4047759d8eecc822e4b76ac9666997a41901c8269a8185f29e5472bcfaa87e4b97483bd544f3fc8f656b60dca71d63b44d291

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_mr.dll
                                  Filesize

                                  28KB

                                  MD5

                                  468a420700d239a0cd90b95896b0d6da

                                  SHA1

                                  ce57e3abf57c7ae13e99546b2a5e19dec03cb9b7

                                  SHA256

                                  24b304bd40f8e63848f8d2a1ca6ac8bc032b7a700161efad61ad445787650c87

                                  SHA512

                                  604c4cc8132c520da70c4870514610364648ec6446afa47128ac3aa8a9157932705da93e8ed4e33d56f5191d611b26b76aeba1514e9dff1a13dd32693cfddb8b

                                  Download Submit

                                • C:\Program Files (x86)\Microsoft\Temp\EU366D.tmp\msedgeupdateres_ms.dll
                                  Filesize

                                  28KB

                                  MD5

                                  51230a1b9ab0dad791e583b7ee57afe4

                                  SHA1

                                  957ba3e5d9b2df16ea3e099aab5b7e74d2055e46

                                  SHA256

                                  a47fc6a9a75875e75f3415f068c357dd499e533849381b875272d5994c163670

                                  SHA512

                                  5a3d754cefa1ab28748cb38021b5cbebd93fe513da0f4a7cbae98c0938acb10cdda939171d0842b09e97cb4c73f19272be665f767642ba1c5b25c709b5417edb

                                  Download Submit

                                • C:\Program Files (x86)\Roblox\Versions\version-aa7aa2777dc64b37\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                  Filesize

                                  1.5MB

                                  MD5

                                  610b1b60dc8729bad759c92f82ee2804

                                  SHA1

                                  9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

                                  SHA256

                                  921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

                                  SHA512

                                  0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

                                  Download Submit

                                • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                  Filesize

                                  14KB

                                  MD5

                                  83b643eeb9062e381f8637783e9ff496

                                  SHA1

                                  f52976fe3b42c85be914aeb87acc01adc1d7c1be

                                  SHA256

                                  4f5d1ea96d36512ef380f6e5a8570eab5e86e4dd6c29a23d8e210d25620266c5

                                  SHA512

                                  17da486a0958b3dacbebce5569b6dfafad151a58fe209d897353f78005af7a64836b6c9fb13d43f0aa2cea09300dedaa7883f840262b8ce9e91c16a499a1c1c0

                                  Download Submit

                                • C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-2842058299-443432012-2465494467-1000\ReadOnly\LockScreen_Z\LockScreen___1280_0720_notdimmed.jpg
                                  Filesize

                                  62KB

                                  MD5

                                  6cb7e9f13c79d1dd975a8aa005ab0256

                                  SHA1

                                  eac7fc28cc13ac1e9c85f828215cd61f0c698ae3

                                  SHA256

                                  af2537d470fddbeda270c965b8dbdf7e9ccf480ed2f525012e2f1035112a6d67

                                  SHA512

                                  3a40359d8e4cc8792be78a022dc04daed5c1cc55d78fe9cf3e061ea5587baa15023ce2152238f5be5cc5124cd468f220cf9dab54344d93edd3dfcd400b24469d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                  Filesize

                                  356B

                                  MD5

                                  3c6ad68afccb06572fbd9dd27ded5566

                                  SHA1

                                  ba3d0397854c7a9db517eed4e6ea3bf5931c4a54

                                  SHA256

                                  0b068c6be1c0971735e7bd46230d2ecc6b7f0657c37e0df63c95643fd0dd1878

                                  SHA512

                                  c5b3b58c33f7b66156e826d4db55e8b5d651d94d601c56a9c2f3b8f1a94da406961e7a3c941fd57832f2be6b2d385174bb95563e7524a796257b7f52c9d328c1

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                  Filesize

                                  8KB

                                  MD5

                                  8827d8817c810238a2752a3b2ca17848

                                  SHA1

                                  da9613920c0fc300ef45c8162e21e8ff0eef62ca

                                  SHA256

                                  3338cab41c5aabd6a6112c6e52cf555089bda592fa670c1849419aa19eab454e

                                  SHA512

                                  f68955aee5cd64f0321eb4e11d8f435c5069b3d1b37cf52aa582ecc6a42c34dffe35fdf48be443d61c025a57b050849541a41a0ce2c3fa50d6a193a500fa72d4

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                  Filesize

                                  8KB

                                  MD5

                                  9c9ec2fb6f680d27c206b3a023d87489

                                  SHA1

                                  677486e50698088cc7f1f8d30642607690d11875

                                  SHA256

                                  e78946c3157f95d4f597c815bd82ab9fb7eec6d165f281ed2c6ac012351e4b28

                                  SHA512

                                  566f5eae2e79c54dddf7c8eb95404848ec355c4debbd98129b5c7a0a9b74080bd44cfeedcc103afd98be3e200bfd97ae624b304abba8dd6d44292614a76b87ec

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                  Filesize

                                  8KB

                                  MD5

                                  c71fe608b41e76e173ffe2981b80da2f

                                  SHA1

                                  b2fe6733b493dbf4923efa71255fc4693af22cd3

                                  SHA256

                                  47033af3bdf52d3159098fca1ba27c9d483af677a1558365122277799640b572

                                  SHA512

                                  3310682bd18571ac430af60e008922bb1506e0d6a6c4969bfc37b0413cbe91d42a7a71322e29e423e5a5d53d3b302ae846c735249668fac4b50a2b6f195d3ce3

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                  Filesize

                                  8KB

                                  MD5

                                  c5555638a88092113f381cbc93c56ea6

                                  SHA1

                                  b6527ec3664f250e2bdc6282eb7de3618ca45639

                                  SHA256

                                  f354ad05b9dcec4d09f94347c5dfda19e1260f2d662313c57c2dd77d45e4c0a6

                                  SHA512

                                  de009f421df1ffb67aff886e5f386399851b33c87ba0975dc57aa56a5d663da4b6d4a6a28aace6040320218b58970be844cbe7e314b1155426ad4bb6bfe286fa

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                  Filesize

                                  8KB

                                  MD5

                                  ed1e88912f174f5b146f06687ab13c6c

                                  SHA1

                                  b9951d2c044d1d631594a9e3ddcc6786f7b0cc6f

                                  SHA256

                                  50fa5690b975f8a0e2979f0a3f66d04a18145ba612c0e1a2d9cdfc6f3d137598

                                  SHA512

                                  0b3d2a656662b780666e66394d6bdd6c4e0007fe8d95f57a14083088fe7b6a025de6a0c50e3b0cbfac2d9ccc50dabceafb6677881d0d334ae59689695be6c94b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                  Filesize

                                  15KB

                                  MD5

                                  ad58b43c69ef0a65fc0580d5b3b6996d

                                  SHA1

                                  36669b0ea2618b2ac04ec5e3866e87bfeb9c5cbd

                                  SHA256

                                  c0d1261ffa9be05df5d3e4a46f733d39a354f0f676511e5b79c0aea414898298

                                  SHA512

                                  7e7b0c4bbe599193d98bf51e4c2a893a1eedc4a3279ad3eadf0827dd0f0ad3fa3ca026bf84555d6d77b2ed0880574dbabe45740835209a4c1b4cae18efe76723

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                  Filesize

                                  195KB

                                  MD5

                                  919e2a1f0413b7968204f2a0aa0fc8d5

                                  SHA1

                                  de9aa0b16a762a4367bfaf211fc7a4086ce3c29a

                                  SHA256

                                  e2c0d518c7c562340e0992e71c27f4d61f32cc588aab08004c291b252e9e4dea

                                  SHA512

                                  f819e58a30b4f5824bf80d20009347c094a808a8ef65bf5a5beb0af180fb7421913c0da4abd041e5cd6d7bf308c2ce888535d8dab313acfa7de30da28abe7c54

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                  Filesize

                                  195KB

                                  MD5

                                  ab83f482a43ed4b330814a6e8eed8565

                                  SHA1

                                  b7b82b15bf3f01e03abeca86b4c3285e2bab8a03

                                  SHA256

                                  dd3f687443c6072724a36bfee89a89a5e29bc24968a1c0dcca76ae8592c96b38

                                  SHA512

                                  77134feb02a75962099c3262cceb8530cbadbc4e8c76f74a097a3bc136e768fe9c5f830348934e7c2197678f58c2632905352150e03784cabdbebc8731334377

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                  Filesize

                                  195KB

                                  MD5

                                  2f9fe6ad819e8046b8658a46f7f318f7

                                  SHA1

                                  b86a8a3ff13f9f7d1207cfc03c8c6a98416e093b

                                  SHA256

                                  645f239064976920fe21eea8484296ad8e6773f0a6b53f6d2ea2956ba217402f

                                  SHA512

                                  ca33ae3514c4dd67bde0edbee059037dc9c2cb29e08ef6d6655462b12e868e6c1c16386d8be4b07a622330130dd35a2efd68ae504b7274fad681bfe655f82cf4

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-studio\24591f85e9569269a3b822d0da2e0626
                                  Filesize

                                  5.5MB

                                  MD5

                                  24591f85e9569269a3b822d0da2e0626

                                  SHA1

                                  62641ade4943b93983b4e59ffd6ee4dcbd77c17e

                                  SHA256

                                  d29bcf294dd77568fd173adac8c705d991482d645127baccb7efca20f560a5a2

                                  SHA512

                                  d0bfe43ece2c598a12fe7d3f2cd12e0685b639aec0fc7a1bbdf0829b886c22208e4236500d8e6540d7faef1514769b87bbdc666602c5548649e50aa61f2077de

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json
                                  Filesize

                                  3KB

                                  MD5

                                  6bbb18bb210b0af189f5d76a65f7ad80

                                  SHA1

                                  87b804075e78af64293611a637504273fadfe718

                                  SHA256

                                  01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

                                  SHA512

                                  4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\crl-set
                                  Filesize

                                  21KB

                                  MD5

                                  d246e8dc614619ad838c649e09969503

                                  SHA1

                                  70b7cf937136e17d8cf325b7212f58cba5975b53

                                  SHA256

                                  9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1

                                  SHA512

                                  736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat
                                  Filesize

                                  280B

                                  MD5

                                  80d69f701dfb2c928f7bee4faaeacd23

                                  SHA1

                                  11d11fd0bc5a4c384257992a0ebc9262ef243e4e

                                  SHA256

                                  c44793f4b968229346bca4d55ff816f40e08d3882901a10ac06856853d18d065

                                  SHA512

                                  2906eef542f1dc3d47b23dbb2f0e72d8344a918a99110f8d803ed9d8b1ea37348d5ebdebc78a6185b411a546a3e735b5d33e7ea1f1cd1537a41f6fd9e5eed969

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat
                                  Filesize

                                  280B

                                  MD5

                                  6fe5ff57323309d2a8a84420f500791b

                                  SHA1

                                  ad6eda28d3eea8c3854feff40f85971cfa785b6e

                                  SHA256

                                  0a2a0b31cc53391d0bef7f77f446ed57ade4ce4170e27b6694923fd4572a70ef

                                  SHA512

                                  c3b6edc7e78f11e0aa42c760cd64be733bb8f95e677e24b5b71143beca23d52165ccf8b4d538fe8e2b075e567c97f1e234fcc3a89312b1931249b83bf2333e7c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\67ce8766-b2ff-4153-80b2-27bfc80997b8.tmp
                                  Filesize

                                  6KB

                                  MD5

                                  95911ba071478879c1eb6223f84915de

                                  SHA1

                                  c9df1ca65d29e41559f9342e1bb0aa5d115afa0f

                                  SHA256

                                  431290b63827ff3e21b954d1b9ca1e217d3f5873d2093c22d62bbc37fe1fe779

                                  SHA512

                                  9eac08fca711d2bb779e625199ae875e62850c8c3aed49710ce236c7f2ed64adff619ca0f9cc0a810e7bba6a5197122f4d77933a2426380b9f52dd70ab7b4e0b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  2KB

                                  MD5

                                  afe606b15d9113204b50719a31532e91

                                  SHA1

                                  98f533d934416b539f7aff21b8ed6dc519afa9c1

                                  SHA256

                                  9d3cbfc65660ace7056e84979c5ea030541a96b8db354bd70ae13a7de855c38f

                                  SHA512

                                  0047d5ad8d4aa37916fd36bfd3d6981c8c2d2377150258dc3cee5e9e28ea5913d7cabd9602897c161dd9e682f03c16609d6b6222c7f079c4209e43d39ab7c7ba

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5ae2ff.TMP
                                  Filesize

                                  48B

                                  MD5

                                  73cbe2390ea4cff8781e2d13dcd4fd91

                                  SHA1

                                  f24369afbd1b673c7d6a7ba91baba2e1b4daf661

                                  SHA256

                                  b4d84d258cb56155c34e05ac01a07fb6d136c49f4a8bd01c96d19877aaace4d1

                                  SHA512

                                  863caf8ef343f89b13ce00ef51e15db8bdf086c6643c1657b333f9ae85eb4ccd41a24d8fc7e528ca17aebbb19148bc848e8161ad3456b8be4f0ba123e486d471

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Rules\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  46295cac801e5d4857d09837238a6394

                                  SHA1

                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                  SHA256

                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                  SHA512

                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
                                  Filesize

                                  41B

                                  MD5

                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                  SHA1

                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                  SHA256

                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                  SHA512

                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                  Filesize

                                  2KB

                                  MD5

                                  1779f3d543aff9fb89568d78a7630b25

                                  SHA1

                                  7c329f5df025e459602ebb22102c49bc10492967

                                  SHA256

                                  13768b64b78bd9a42658dfc4aa72809be57cd963667ecf845702c39e5b78bcbf

                                  SHA512

                                  998730172996a868c7fe93de84750b36a76531da47c8ad2c7267f43ea4d0d70ebe33ee182e1f13dc284da75240751b5b07b8fc17b54e312264293de23fe4027a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                  Filesize

                                  2KB

                                  MD5

                                  662071728f15e0e0d8d0e83c39f90d86

                                  SHA1

                                  3fee0cb80575114723d10dfdc9a10f608643a56c

                                  SHA256

                                  a552ed0873d56ce1093b7c8b2bef807518a7093ffd29f490d69a08561d8bfcf9

                                  SHA512

                                  2a1f654888e04fa1da140eb9b913895b7cbfcfe13840b48715beff423baae9a7656bfb8c58e370bd8150d5695e7af2ce77ad0806c6624cb474b7910b71fbddba

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State~RFe5ba12e.TMP
                                  Filesize

                                  59B

                                  MD5

                                  2800881c775077e1c4b6e06bf4676de4

                                  SHA1

                                  2873631068c8b3b9495638c865915be822442c8b

                                  SHA256

                                  226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                  SHA512

                                  e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
                                  Filesize

                                  2B

                                  MD5

                                  d751713988987e9331980363e24189ce

                                  SHA1

                                  97d170e1550eee4afc0af065b78cda302a97674c

                                  SHA256

                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                  SHA512

                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                  Filesize

                                  1KB

                                  MD5

                                  2c53bce825ef2111d3a115ed916c1167

                                  SHA1

                                  200d79651de9667331e8e4659f491d033f42d90b

                                  SHA256

                                  8b56cac959c3437f7274690338a52a7ddcc33bd5e1298dda2fabbe7f927a4f01

                                  SHA512

                                  4b60aaac914751dd5fc82544ee744cf220c27535e147caf9c801de45bb4d2964387a141633709cf23bfecf94e7d72706fdcb9ea48d8a3fc334fb0f0104b9ee78

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                  Filesize

                                  1KB

                                  MD5

                                  e1af42f8f444be6c1171a64c5708f8d4

                                  SHA1

                                  d09f7c402b8776451acb6d7b7e27fedf86b9d9c7

                                  SHA256

                                  32649e344cf1ec42e64f7f370a43fe5e43b160db8d9b58d4f03724ba30cd4a61

                                  SHA512

                                  83d82a38790078673008106346e059e2fa233bbbc9a8d0b8cee56c93b37d5661a1becbde548c40bec07d73379904ec31bd35891cc45bddef45563948e0999394

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                  Filesize

                                  1KB

                                  MD5

                                  6d846bfcf859c4ef65845e2919e6cf29

                                  SHA1

                                  367505b67925c89f43132665f61099df84a5947e

                                  SHA256

                                  2959f5ff6916e1c4db809b6d4c74ea71d97abfe843686546af7c292ee75f7ff4

                                  SHA512

                                  4eec0011a525a52f0d5d10dc1cfd73c413590269f4c0b4dd20cece1fa52cd9dafe4976e6f45efc4911cffaa430498cd62ae96dd22d52377f1d8b342bbc81392e

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe5ae1c6.TMP
                                  Filesize

                                  1KB

                                  MD5

                                  61d120542786d1c5d0321201160eedc5

                                  SHA1

                                  b311519602eb919a4950448c3e8ba891ae4f23e7

                                  SHA256

                                  c68ed9f02e7579abae17e2c5a8a9fbe61ed53b0cae3487fa1782b828003c18d8

                                  SHA512

                                  25aaddaf37876faec33d32dd6e3059d50f63c78da62bf18a40c0534484c751a4354a437239676bc49c121c0859dfa3407f490ceed38b49a481f7972825241bc8

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  843a6709e6d7cefec68c912b68ed2949

                                  SHA1

                                  ebc75ee5e3f465566e1cc0a72124645d067540c2

                                  SHA256

                                  c202f82f7ee194f682c47224e3dd58b6fc0da641609aa13449eeddf36c5c6d70

                                  SHA512

                                  5758404009841579c17587e47bd59f749313db54daefc62369e1914a97abb21e5b81bca7c310cbe5bb54f97977f91c720bf4f56864200211b3f2d192b3afebb1

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  9cf8030519e066f707a48d86804bcc3f

                                  SHA1

                                  ed085fd462c868eb0af15243b6c77c918c786d50

                                  SHA256

                                  833cfc2811cfae6eb12b6c7d4dde76c236becab07b341bf05ed8d881b512f46d

                                  SHA512

                                  4df4aafea9d0bc581289ff7a36e6d08d4c22987a0ac2bf2400ce55ee7e0f4376a3cf7480c6e1328abf6462c339d9b37d648e8538a06667b7bcfb148e40faef0e

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_0
                                  Filesize

                                  44KB

                                  MD5

                                  ad4b356d8249501da5eed8c1e274937f

                                  SHA1

                                  03a760322e95236b250a598eae3b8e0d47231fbf

                                  SHA256

                                  52d814dc6b8e1a10ee1ec1bae8a1c49609a0858d0ec4bd2959564be735c79047

                                  SHA512

                                  d534275de512c96b976fb67a4c000db4c8bbcedc6bdaffdc6075662c89be69e2ba21da9e78ebea94f30b0c5190d1f88dbbdeebbc5bc270eff21e9dcd75078d3b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_1
                                  Filesize

                                  264KB

                                  MD5

                                  78fe38314fded67d36af05115d714387

                                  SHA1

                                  44ba150b546f9b25cc43f855cb2abac9eae8307b

                                  SHA256

                                  e14a1c7b8c3945959416d69fe2bc10b1e8c5280de349cdce0fafd64845d90272

                                  SHA512

                                  b86713869b7a200ca4af07f7621302e0fd03c028849a2f60ec7bb68e5c6eb24585dcb83e6433c6f4f820b6bd81e681a12a0b5aa6f9c3116fd51ce578c3ad977d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_2
                                  Filesize

                                  8KB

                                  MD5

                                  0962291d6d367570bee5454721c17e11

                                  SHA1

                                  59d10a893ef321a706a9255176761366115bedcb

                                  SHA256

                                  ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                  SHA512

                                  f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_3
                                  Filesize

                                  4.0MB

                                  MD5

                                  644010a13356fe6afa8e94356ad3f56a

                                  SHA1

                                  c9897b835bb2e50957e9154f02f386ed105e97ec

                                  SHA256

                                  d761e7a66fa5acb3016d27f7c4342ef50e5e59fe7063d7b9ccdc68f1977fe9d3

                                  SHA512

                                  118d7d5c9b9e64521af663c8db87a544b9d930329e4893fdc2015c2705990a4d416ae80d784ea595a4e2df9517ae497d84b340dc3bcb57092c85468c151e6dca

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                  Filesize

                                  2KB

                                  MD5

                                  bf8cf2c9d24bc3f68fad75b7944e00f4

                                  SHA1

                                  1cfff875003a814cd99c7224dcfe14f7bf2fb1b4

                                  SHA256

                                  e151bac0b01d336e18bd796b8d0bcd0a02a21546084b3892fc1caab5fcc7eb89

                                  SHA512

                                  846d33ce7a755fbfa62bf9d3ab12e4605845d13f344f6f2a355e918cc1bdcfd6f6bf2ba9ce024931080d407b4277460bcd3c79e7385107c34edc8ea217c3ddb3

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                  Filesize

                                  3KB

                                  MD5

                                  e47fdeb77a2ecdc0b552240bf3b43297

                                  SHA1

                                  9b46c2ca2f4f1322396c2e4ae5c64283b14df93a

                                  SHA256

                                  86888eda43b99bee469c3d31f7697c2605ea900636d322bcc3687323f4217a11

                                  SHA512

                                  6c10cdf86857b076888b84cd2df5e9f39a22aa87eccfbcdd2e6e401166645bb7fac313429d3c036c44985783020d134c3ed052b18be5597b6a2ddd34095ef2d2

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                  Filesize

                                  16KB

                                  MD5

                                  47e0ae225dc0a459bec7d1df30bfaa2a

                                  SHA1

                                  3c9cc85672e7c23e60ec48326779292445dfc80d

                                  SHA256

                                  ab9af8faf5cfeba3e471887ee56ec119935d7857de716ab2604a0c9e87172c10

                                  SHA512

                                  0a93254fe849febb9587cedd715c7ebc7e150e9fa7f99aac31c8a344bd2fdad1ad8f53f38b143b16d6a9fa594294d68dc0fac395671d155a45e438150115cefc

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                  Filesize

                                  1KB

                                  MD5

                                  a17bbb55c419286ebb52e563a7cc9a2b

                                  SHA1

                                  379af2b12ff161acd3e7cd3df35e7ff6f51b0f80

                                  SHA256

                                  2a51f5b1d17c956fb36b42ff0c7334ffeafb0a6707c2aff38876cce4a21a5e2d

                                  SHA512

                                  0f3d9d9d29029546ee662c344014702d7a932442ddd42d61e3913279e4211116d6c8a694471bf76ec7414b032e6124149aafd3a4ddd02d3f1dd724387a3ad9da

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                  Filesize

                                  17KB

                                  MD5

                                  01a271b6d3b8a5adb9af4ef8f95a3799

                                  SHA1

                                  6ac5323a7bc157f1f4ed3dbf873242b5b99e5c51

                                  SHA256

                                  8c3285aa968c7584461ebe0ae06e1a4dfe8fd0902f5d30cc02e019d8420a124f

                                  SHA512

                                  60a14eadc09854953c869dc5f3922e613581ef9cc4548ba210a541af46c0ea737d68cfb57e52e506ea9517313d161fa2ad2b4b89cae94e6ca47e0ab6b6b1c322

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe5a8d3d.TMP
                                  Filesize

                                  1KB

                                  MD5

                                  2e915edec6776d4a4eeee98b797343f6

                                  SHA1

                                  feb1db80bf6e9842c9a3aa0f800cd194363d3ad8

                                  SHA256

                                  90a2721f032c66643187ea95585e9077dc313df62548d34ee0be3eab9d015d6c

                                  SHA512

                                  9cb2680c9e500486ed74ce6f8ca2e4063a118808901030a82edab5864d9ca1d3bfb5a1eca944ca2ee1830a57f263a37cba62c8ee051335eeaa87c9d4fd5a47a3

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\crs.pb
                                  Filesize

                                  278KB

                                  MD5

                                  981a9155cad975103b6a26acef33a866

                                  SHA1

                                  1965290a94d172c4def1ac7199736c26dccca33e

                                  SHA256

                                  971393390616fbe53c63865274a40a0b4a8e731c529664275bdc764f09a28e2d

                                  SHA512

                                  2d75ce25cb3a78f69f90fbd23f6e5c9f1a6ed92025f83ce0ab3e0320b64130d586fc2cd960f763e1ab2c82d35ef9650ebd7ff2a42a928a293e0e7428cc669119

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\ct_config.pb
                                  Filesize

                                  7KB

                                  MD5

                                  df3d937079b894c891f9b0b741874928

                                  SHA1

                                  ed93fc386807b3a28fcc7988a88ae4741bfe1b15

                                  SHA256

                                  c7cbb0db6e924cbfccf4a6e8223e3fed4d93f5d78a3122c30213b6e38ee195f4

                                  SHA512

                                  5728bdd930283a4906e7e07acd3eadecb813a3154ffb41729738444bf13aab27dceb01e05a27c77bb13cc498c1d5c2d492ac653ddbfe4b14004b1c7a5bc54f1b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\kp_pinslist.pb
                                  Filesize

                                  11KB

                                  MD5

                                  d43d041e531dc757a69a90cb657ef437

                                  SHA1

                                  09138b427565bc276cfd3ba9f59b0c8bad78e91d

                                  SHA256

                                  9431360a5534ad2f8eddde157cce39704b99da035fcb6d2cca11220700b11ccb

                                  SHA512

                                  476a98122059b9cc19492b7ae557c61381842c8c347f85c686e0a493bfd0e8707ce3491b690e7978b3fb7d7d2a4daa2767e4a590398a50562519bf32e8d12ec6

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Subresource Filter\Indexed Rules\36\10.34.0.54\Ruleset Data
                                  Filesize

                                  2.8MB

                                  MD5

                                  16176aa639f8d0bf6c1a823f9d973d8c

                                  SHA1

                                  f1f365a4705a3fcab04bc4aa8f080ed7ae2f372c

                                  SHA256

                                  75da3c6add63a83efb735ae0f1f4e6578607ea33187753b0f65f750a1ab0ab34

                                  SHA512

                                  d8711e8a2d417f1f9b81a13d04951420460d1be2dd0459916a3226f364b65cd77fc0feb4be22412df3da0a2433cd924df7d0684fab04a2c6cf3a6e9715ea9f84

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\TrustTokenKeyCommitments\2024.8.5.2\keys.json
                                  Filesize

                                  6KB

                                  MD5

                                  d5d1808de2355daddc22b25fe38167bc

                                  SHA1

                                  aea5924b90299e66e41f4036d580582629bc6b75

                                  SHA256

                                  f07891f79abaf581a8aa3c95fa45829215721d4e70a811db4ae012dfb1da5b13

                                  SHA512

                                  31225416a845902e19f4837a5843d49921893ca1e29dc68add792d5506f497799d5078a28b26058834a09a0df12bc836ac8cae099372173daadcc8d834cb3163

                                  Download Submit

                                • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
                                  Filesize

                                  280B

                                  MD5

                                  2b3b30d20b20771a7baa8fb60a5f676e

                                  SHA1

                                  8e42f6f4531cb9b72ac95773879a3eed9c3412e6

                                  SHA256

                                  4d05e0f548c5d797c694db03c1409306a23651cdc572c8168fa94bed4c7577f1

                                  SHA512

                                  a0c5061fde3b509033b8ef2310d8b5f9adceadeda55f0ca726b3f0988469447ef1808df0103a66fee76523fd1246ee305047e2f1ec81e73d1282fa6a1f61a618

                                  Download Submit

                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping756_1571071750\manifest.json
                                  Filesize

                                  102B

                                  MD5

                                  8062e1b9705b274fd46fcd2dd53efc81

                                  SHA1

                                  61912082d21780e22403555a43408c9a6cafc59a

                                  SHA256

                                  2f0e67d8b541936adc77ac9766c15a98e9b5de67477905b38624765e447fcd35

                                  SHA512

                                  98609cf9b126c7c2ad29a6ec92f617659d35251d5f6e226fff78fd9f660f7984e4c188e890495ab05ae6cf3fbe9bf712c81d814fbd94d9f62cf4ff13bbd9521a

                                  Download Submit

                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping756_1717926335\manifest.json
                                  Filesize

                                  113B

                                  MD5

                                  b6911958067e8d96526537faed1bb9ef

                                  SHA1

                                  a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

                                  SHA256

                                  341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

                                  SHA512

                                  62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

                                  Download Submit

                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping756_235250313\manifest.json
                                  Filesize

                                  78B

                                  MD5

                                  f4f9d2acf4e1807cda92408d8415eb8c

                                  SHA1

                                  2f1aa7438ec41d8b7a46bdd782144774220dd279

                                  SHA256

                                  44169f2af54a9870a74a67ac3e3714f1e31fc090c99215bfdf59e56b56d4a5ef

                                  SHA512

                                  2cc2e0dccfcff882dcfc8aa20a33f0d1dae697e5f87395562a55a9d42f2c8dfe457156554214e185e0406e376eb7a99854d40227d5f7d513bde3d10d6c10829a

                                  Download Submit

                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping756_243966439\manifest.fingerprint
                                  Filesize

                                  66B

                                  MD5

                                  7ce55ac0d7683657fd051e573ad06e30

                                  SHA1

                                  3bc51fbc6155c4e9d1439587e1c739995054cc52

                                  SHA256

                                  138e2b36e4c8bec8b00180558843355037d7de99c389f46e6183c4fc5a34c790

                                  SHA512

                                  f269c5c2ee53ed836bfd1b928b40e1ddb2aaea00e5585c85fecfcb1add71130d4ecfe91d2f2527934ac472c8b432d3475ca02b8f808e7e6014cd49155529d9a2

                                  Download Submit

                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping756_243966439\manifest.json
                                  Filesize

                                  43B

                                  MD5

                                  55cf847309615667a4165f3796268958

                                  SHA1

                                  097d7d123cb0658c6de187e42c653ad7d5bbf527

                                  SHA256

                                  54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877

                                  SHA512

                                  53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

                                  Download Submit

                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping756_648634231\hyph-as.hyb
                                  Filesize

                                  703B

                                  MD5

                                  8961fdd3db036dd43002659a4e4a7365

                                  SHA1

                                  7b2fa321d50d5417e6c8d48145e86d15b7ff8321

                                  SHA256

                                  c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

                                  SHA512

                                  531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

                                  Download Submit

                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping756_648634231\hyph-hi.hyb
                                  Filesize

                                  687B

                                  MD5

                                  0807cf29fc4c5d7d87c1689eb2e0baaa

                                  SHA1

                                  d0914fb069469d47a36d339ca70164253fccf022

                                  SHA256

                                  f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

                                  SHA512

                                  5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

                                  Download Submit

                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping756_648634231\hyph-nb.hyb
                                  Filesize

                                  141KB

                                  MD5

                                  677edd1a17d50f0bd11783f58725d0e7

                                  SHA1

                                  98fedc5862c78f3b03daed1ff9efbe5e31c205ee

                                  SHA256

                                  c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

                                  SHA512

                                  c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

                                  Download Submit

                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping756_648634231\manifest.json
                                  Filesize

                                  179B

                                  MD5

                                  273755bb7d5cc315c91f47cab6d88db9

                                  SHA1

                                  c933c95cc07b91294c65016d76b5fa0fa25b323b

                                  SHA256

                                  0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902

                                  SHA512

                                  0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

                                  Download Submit

                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping756_858951778\manifest.json
                                  Filesize

                                  134B

                                  MD5

                                  58d3ca1189df439d0538a75912496bcf

                                  SHA1

                                  99af5b6a006a6929cc08744d1b54e3623fec2f36

                                  SHA256

                                  a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

                                  SHA512

                                  afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

                                  Download Submit

                                • memory/1176-886-0x00000197D2570000-0x00000197D2571000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/1176-874-0x00000197D2570000-0x00000197D2571000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/1176-882-0x00000197D2570000-0x00000197D2571000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/1176-883-0x00000197D2570000-0x00000197D2571000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/1176-884-0x00000197D2570000-0x00000197D2571000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/1176-885-0x00000197D2570000-0x00000197D2571000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/1176-880-0x00000197D2570000-0x00000197D2571000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/1176-881-0x00000197D2570000-0x00000197D2571000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/1176-875-0x00000197D2570000-0x00000197D2571000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/1176-876-0x00000197D2570000-0x00000197D2571000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/1436-360-0x00007FFA92580000-0x00007FFA92982000-memory.dmp

                                  Filesize

                                  4.0MB

                                  Download

                                • memory/1436-358-0x00007FFA91CB0000-0x00007FFA921FC000-memory.dmp

                                  Filesize

                                  5.3MB

                                  Download

                                • memory/1436-359-0x00007FF623450000-0x00007FF624450000-memory.dmp

                                  Filesize

                                  16.0MB

                                  Download

                                • memory/1460-1398-0x0000000000EE0000-0x0000000000F15000-memory.dmp

                                  Filesize

                                  212KB

                                  Download

                                • memory/1708-492-0x00007FFAB4EA0000-0x00007FFAB4EA1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/2268-353-0x00000000002D0000-0x0000000000305000-memory.dmp

                                  Filesize

                                  212KB

                                  Download

                                • memory/2268-348-0x0000000073310000-0x0000000073520000-memory.dmp

                                  Filesize

                                  2.1MB

                                  Download

                                • memory/2268-287-0x0000000073310000-0x0000000073520000-memory.dmp

                                  Filesize

                                  2.1MB

                                  Download

                                • memory/2268-278-0x0000000073310000-0x0000000073520000-memory.dmp

                                  Filesize

                                  2.1MB

                                  Download

                                • memory/2268-277-0x00000000002D0000-0x0000000000305000-memory.dmp

                                  Filesize

                                  212KB

                                  Download

                                • memory/3172-437-0x00007FFAB4EA0000-0x00007FFAB4EA1000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4640-285-0x000001FB27940000-0x000001FB27950000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/4640-284-0x000001FB27940000-0x000001FB27950000-memory.dmp

                                  Filesize

                                  64KB

                                  Download

                                • memory/4640-283-0x000001FB27940000-0x000001FB27950000-memory.dmp

                                  Filesize

                                  64KB

                                  Download