hxxps://www[.]mediafire[.]com/file/bo8vddzhxc5s6an/onefile_756_133675730049968022[.]zip[.]html

Resubmissions

08/08/2024, 06:58

240808-hrlzea1brn 8

08/08/2024, 06:54

240808-hpnefs1bnq 3

08/08/2024, 06:51

240808-hmkksa1bkn 7

Analysis

max time kernel
630s
max time network
632s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/08/2024, 06:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/bo8vddzhxc5s6an/onefile_756_133675730049968022.zip.html

Score

8^/10

defense_evasion discovery evasion persistence privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 30 IoCs

pid	Process
1520	RobloxPlayerInstaller.exe
1408	MicrosoftEdgeWebview2Setup.exe
1176	MicrosoftEdgeUpdate.exe
1296	MicrosoftEdgeUpdate.exe
560	MicrosoftEdgeUpdate.exe
3188	MicrosoftEdgeUpdateComRegisterShell64.exe
3764	MicrosoftEdgeUpdateComRegisterShell64.exe
2308	MicrosoftEdgeUpdateComRegisterShell64.exe
3404	MicrosoftEdgeUpdate.exe
2992	MicrosoftEdgeUpdate.exe
4272	MicrosoftEdgeUpdate.exe
2844	MicrosoftEdgeUpdate.exe
952	MicrosoftEdge_X64_127.0.2651.86.exe
4540	setup.exe
2996	setup.exe
2664	MicrosoftEdgeUpdate.exe
1296	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
2676	MicrosoftEdgeUpdate.exe
5268	MicrosoftEdgeUpdate.exe
3860	RobloxPlayerBeta.exe
4916	MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
5220	MicrosoftEdgeUpdate.exe
1008	MicrosoftEdgeUpdate.exe
2872	MicrosoftEdgeUpdate.exe
5904	MicrosoftEdgeUpdate.exe
5980	MicrosoftEdgeUpdateComRegisterShell64.exe
460	MicrosoftEdgeUpdateComRegisterShell64.exe
2412	MicrosoftEdgeUpdateComRegisterShell64.exe
4500	MicrosoftEdgeUpdate.exe

Loads dropped DLL 34 IoCs

pid	Process
1176	MicrosoftEdgeUpdate.exe
1296	MicrosoftEdgeUpdate.exe
560	MicrosoftEdgeUpdate.exe
3188	MicrosoftEdgeUpdateComRegisterShell64.exe
560	MicrosoftEdgeUpdate.exe
3764	MicrosoftEdgeUpdateComRegisterShell64.exe
560	MicrosoftEdgeUpdate.exe
2308	MicrosoftEdgeUpdateComRegisterShell64.exe
560	MicrosoftEdgeUpdate.exe
3404	MicrosoftEdgeUpdate.exe
2992	MicrosoftEdgeUpdate.exe
4272	MicrosoftEdgeUpdate.exe
4272	MicrosoftEdgeUpdate.exe
2992	MicrosoftEdgeUpdate.exe
2844	MicrosoftEdgeUpdate.exe
2664	MicrosoftEdgeUpdate.exe
1296	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
2676	MicrosoftEdgeUpdate.exe
5268	MicrosoftEdgeUpdate.exe
5268	MicrosoftEdgeUpdate.exe
2676	MicrosoftEdgeUpdate.exe
3860	RobloxPlayerBeta.exe
5220	MicrosoftEdgeUpdate.exe
1008	MicrosoftEdgeUpdate.exe
2872	MicrosoftEdgeUpdate.exe
5904	MicrosoftEdgeUpdate.exe
5980	MicrosoftEdgeUpdateComRegisterShell64.exe
5904	MicrosoftEdgeUpdate.exe
460	MicrosoftEdgeUpdateComRegisterShell64.exe
5904	MicrosoftEdgeUpdate.exe
2412	MicrosoftEdgeUpdateComRegisterShell64.exe
5904	MicrosoftEdgeUpdate.exe
4500	MicrosoftEdgeUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Checks system information in the registry 2 TTPs 18 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs

pid	Process
1296	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 54 IoCs

pid	Process
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\Debugger\Breakpoint.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\DeveloperFramework\StudioTheme\clear_hover.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\GameSettings\zoom.PNG	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\Gallery.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_1x_2.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\dpadRight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\MenuBar\icon__backpack.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VirtualCursor\cursorHover.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\icons\ic-view-details20x20.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\avatar\defaultDynamicHead.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\LegacyRbxGui\Aluminium.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Settings\MenuBarIcons\CaptureTab.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\configs\DateTimeLocaleConfigs\zh-cn.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Settings\Radial\Top.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\graphic\gr-gamealbum-icon-52x52.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\tab.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChatV2\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Locales\sr-Cyrl-BA.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\noise.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AvatarCompatibilityPreviewer\add.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioSharedUI\preview_expand.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\TagEditor\VisibilityOnLightTheme.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\dpadLeft.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\WidevineCdm\manifest.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Locales\gd.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\MaterialManager\Texture_None_Light.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\Voting\thumbs-down-filled.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Settings\MenuBarIcons\PlayersTabIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AvatarImporter\img_light_RthroNarrow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\InGameMenu\TouchControls\backpack_slots.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Locales\sr.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AnimationEditor\image_keyframe_bounce_unselected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Keyboard\close_button_background.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AudioDiscovery\ok.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\SelfView\SelfView_icon_faceToggle_on.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\backspace.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\MicDark\Unmuted80.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\microsoft_shell_integration.dll	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\PlatformContent\pc\textures\water\normal_24.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\icons\ic-add-friends.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_ka.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-ingame.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Trust Protection Lists\Mu\Cryptomining	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\LayeredClothingEditor\Icon_Preview_Animation.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\ErrorPrompt\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\New\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\Controls\DesignSystem\Thumbstick2Directional.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\9-slice\modal.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_10.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\places\Mobile.rbxl	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\fonts\Creepster-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\DeveloperStorybook\Story.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\PlayStationController\PS4\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\XboxController\DPadLeft.png	RobloxPlayerInstaller.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4500	MicrosoftEdgeUpdate.exe
3404	MicrosoftEdgeUpdate.exe
2844	MicrosoftEdgeUpdate.exe
2664	MicrosoftEdgeUpdate.exe
5220	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ = "IJobObserver"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CurVer\ = "MicrosoftEdgeUpdate.CoreMachineClass.1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\APPID\{A6B716CB-028B-404D-B72C-50E153DD68DA}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0E8770A1-043A-4818-BB5C-41862B93EEFF}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\""	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.15\\psmachine.dll"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CurVer	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.15\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe\AppID = "{CECDDD22-2E72-4832-9606-A9B0E5E344B2}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.15\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\onefile_756_133675730049968022.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 470707.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 47 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
1944	msedge.exe
1944	msedge.exe
4704	msedge.exe
4704	msedge.exe
1396	identity_helper.exe
1396	identity_helper.exe
2900	msedge.exe
2900	msedge.exe
2856	msedge.exe
3208	msedge.exe
3208	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
1340	msedge.exe
1340	msedge.exe
1520	RobloxPlayerInstaller.exe
1520	RobloxPlayerInstaller.exe
1176	MicrosoftEdgeUpdate.exe
1176	MicrosoftEdgeUpdate.exe
1176	MicrosoftEdgeUpdate.exe
1176	MicrosoftEdgeUpdate.exe
1176	MicrosoftEdgeUpdate.exe
1176	MicrosoftEdgeUpdate.exe
1296	RobloxPlayerBeta.exe
1296	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
4700	chrome.exe
4700	chrome.exe
2676	MicrosoftEdgeUpdate.exe
2676	MicrosoftEdgeUpdate.exe
2676	MicrosoftEdgeUpdate.exe
2676	MicrosoftEdgeUpdate.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
3860	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe
5268	MicrosoftEdgeUpdate.exe
5268	MicrosoftEdgeUpdate.exe
1008	MicrosoftEdgeUpdate.exe
1008	MicrosoftEdgeUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1176	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	1176	MicrosoftEdgeUpdate.exe
Token: SeShutdownPrivilege	1524	control.exe
Token: SeCreatePagefilePrivilege	1524	control.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe
Token: SeShutdownPrivilege	4700	chrome.exe
Token: SeCreatePagefilePrivilege	4700	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe
4700	chrome.exe

Suspicious use of UnmapMainImage 3 IoCs

pid	Process
1296	RobloxPlayerBeta.exe
1444	RobloxPlayerBeta.exe
3860	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 3988	1944	msedge.exe	78
PID 1944 wrote to memory of 3988	1944	msedge.exe	78
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 3716	1944	msedge.exe	79
PID 1944 wrote to memory of 1792	1944	msedge.exe	80
PID 1944 wrote to memory of 1792	1944	msedge.exe	80
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81
PID 1944 wrote to memory of 3788	1944	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/bo8vddzhxc5s6an/onefile_756_133675730049968022.zip.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9fb063cb8,0x7ff9fb063cc8,0x7ff9fb063cd8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1340
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1520
- - C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:1408
  - - C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1176
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1296
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:560
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3188
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3764
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2308
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEM4OUI0N0EtNzBGNC00MjQwLUJGNUMtRTgzNDMxOUYwQUYxfSIgdXNlcmlkPSJ7QjU1NkMyRTgtRTUwNi00RTc5LUJGRDUtNzNDRkNDODZGNEEwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4QkNFMzlGNy1DMjAzLTQwM0EtOTI2MS01RkJBRUZCNTEyQjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcwNjE0MDY1MjEiIGluc3RhbGxfdGltZV9tcz0iNjQxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3404
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{4C89B47A-70F4-4240-BF5C-E834319F0AF1}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2992
- - C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe" -app -isInstallerLaunch -clientLaunchTimeEpochMs 0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,9149047758656574139,4622415374326066258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:dVr9OP-jzBA36l-WC38lnHtIJ3Z90XrA_jUPEPcHmBJa7ASuIBeoDRp7OsvZbUd9Xyl03yXvwVIgotdeDvuIjpyMyquIqpC8OwW47aNDW8D1hrHpD3YMHS5eq4V00cplA_Vsa9QWebbnlg-i6ZRHGMwKXOvI_mT9gYnu3z4qkvtu27xo_b4BKIjIfoBUns2e3Sh30-EsdJMrYFhqdI1eimCgUZZi006QFIAQFCh6AU0+launchtime:1723100673656+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1723100322269005%26placeId%3D7074772062%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D55332386-e273-4972-8a65-2d3b62e9a4f5%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1723100322269005+robloxLocale:en_us+gameLocale:en_us+channel:zvoicejoinoperationfix+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1144

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4272
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEM4OUI0N0EtNzBGNC00MjQwLUJGNUMtRTgzNDMxOUYwQUYxfSIgdXNlcmlkPSJ7QjU1NkMyRTgtRTUwNi00RTc5LUJGRDUtNzNDRkNDODZGNEEwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBQTQzMUZFMC0yMDQxLTQyOTQtQjBGQy00NkJGMDcwRTBEQzR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzA2NTk1MjUxMiIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2844
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DDB2200-1703-4372-A808-8176EACC2E10}\MicrosoftEdge_X64_127.0.2651.86.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DDB2200-1703-4372-A808-8176EACC2E10}\MicrosoftEdge_X64_127.0.2651.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:952
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DDB2200-1703-4372-A808-8176EACC2E10}\EDGEMITMP_11D78.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DDB2200-1703-4372-A808-8176EACC2E10}\EDGEMITMP_11D78.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DDB2200-1703-4372-A808-8176EACC2E10}\MicrosoftEdge_X64_127.0.2651.86.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:4540
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DDB2200-1703-4372-A808-8176EACC2E10}\EDGEMITMP_11D78.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DDB2200-1703-4372-A808-8176EACC2E10}\EDGEMITMP_11D78.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8DDB2200-1703-4372-A808-8176EACC2E10}\EDGEMITMP_11D78.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7dfe7b7d0,0x7ff7dfe7b7dc,0x7ff7dfe7b7e8
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:2996
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NEM4OUI0N0EtNzBGNC00MjQwLUJGNUMtRTgzNDMxOUYwQUYxfSIgdXNlcmlkPSJ7QjU1NkMyRTgtRTUwNi00RTc5LUJGRDUtNzNDRkNDODZGNEEwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2Qjk0RjQ2RC0yMjZGLTREOTUtQUExQy05QjVDMkY1RUQzOUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjcuMC4yNjUxLjg2IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MDc3ODI5MTUzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzA3Nzk4NTY0MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2MjE1NTY0ODkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2IyMzVmYzNhLTg2YmYtNDIwZi1iMWJjLTZjNjdhM2E5NTg4OT9QMT0xNzIzNzA1MzQ2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWJLSFRVR1hOQUlTRDRWUGdIbSUyYmttanU4ZnB4N29xY2IzT3RNRFQ2ZFRiSHd5clQ0c3JNYWV6d2hPcXhHZlNmWDUxSE5GeExuMEs4WXJnM2NCZXlEekElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI1NjcxMDQiIHRvdGFsPSIxNzI1NjcxMDQiIGRvd25sb2FkX3RpbWVfbXM9IjQ3NzY4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzYyMTY0NjQ3NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2MzQ5MDY0MjciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwNzY0NTY2MjIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI4NDAiIGRvd25sb2FkX3RpbWVfbXM9IjU0MzM0IiBkb3dubG9hZGVkPSIxNzI1NjcxMDQiIHRvdGFsPSIxNzI1NjcxMDQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQ0MTUwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4972

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" SYSTEM
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1524

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:1184

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e5fdcc40,0x7ff9e5fdcc4c,0x7ff9e5fdcc58
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2236 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3584,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3608 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4612,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4568,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4980,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5016,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4732,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4564,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4652,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3324,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3960,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3480,i,4090442500754371997,14052750167655576023,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:9aUXPRGFL_gTQGR8hUqmexVjtrgqXHba3eS8vaOo77r4xLJ8QfKIM0pPcELiWPP136pZnvCR5ZWRNFgR9nPE5iOrDtaRWbzhn8_JKLFN5pNLQgCvSEujrT1JzRScxfXvjFfNsX_9nrxp2OJU9H7549pXuLpM1L47KfMc2mS8kntMRE1diCXsfzK0zciDZpk2xvtOjZ0POi29cPd50Ku5IPboj-kLDNiuuB-mFS0w7CY+launchtime:1723100863132+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1723100743080002%26placeId%3D6560363541%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dd991c3e2-d667-444b-8e0f-87414a937ed6%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1723100743080002+robloxLocale:en_us+gameLocale:en_us+channel:zqqiu-telemetry-tiger-1+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:3860

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1796

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:2116

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2676

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:5268
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{46066C45-FBC6-4B75-9E07-7827BFC258C7}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{46066C45-FBC6-4B75-9E07-7827BFC258C7}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe" /update /sessionid "{B2C80DE1-55E1-4DC0-A0D9-84A3126A6C62}"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4916
- - C:\Program Files (x86)\Microsoft\Temp\EU646B.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EU646B.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{B2C80DE1-55E1-4DC0-A0D9-84A3126A6C62}"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1008
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2872
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5904
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5980
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:460
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2412
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjJDODBERTEtNTVFMS00REMwLUEwRDktODRBMzEyNkE2QzYyfSIgdXNlcmlkPSJ7QjU1NkMyRTgtRTUwNi00RTc5LUJGRDUtNzNDRkNDODZGNEEwfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7OUYzQThFOTEtMTU1Qy00Qzk2LUE4MzUtNzcxQjFDQ0Y5ODBBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjMxMDA1NDMiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDA4Mzk5MjU3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4500
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjJDODBERTEtNTVFMS00REMwLUEwRDktODRBMzEyNkE2QzYyfSIgdXNlcmlkPSJ7QjU1NkMyRTgtRTUwNi00RTc5LUJGRDUtNzNDRkNDODZGNEEwfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4RTIyMjE5QS1FMUU4LTRBQUQtOUE0MC04QjgxMEY4Q0VFNzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMTY4MDYwNTMyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMTY4MTQwMzE4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDM5NDQ5MzA0MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyM2ZhN2Y3LTQ0NDUtNDEzNy04MmVjLTcxNTI4OTQ5MTgyYT9QMT0xNzIzNzA1NjU1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUNkJTJiNm1pTXhMYWFxZEpPS2toN0dka1RZNDFyS2o0bm05MzdUU2lMNVg4cXNjJTJiSVBRTzhlcms0U2NnOXBxd01sdlpHJTJiWkZTTzhhcjJnTjFMZUoxUFRnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAzOTQ0OTMwNDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyM2ZhN2Y3LTQ0NDUtNDEzNy04MmVjLTcxNTI4OTQ5MTgyYT9QMT0xNzIzNzA1NjU1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUNkJTJiNm1pTXhMYWFxZEpPS2toN0dka1RZNDFyS2o0bm05MzdUU2lMNVg4cXNjJTJiSVBRTzhlcms0U2NnOXBxd01sdlpHJTJiWkZTTzhhcjJnTjFMZUoxUFRnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTY0NTExMiIgdG90YWw9IjE2NDUxMTIiIGRvd25sb2FkX3RpbWVfbXM9IjE4Mjg4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzk0NjQ5MzcxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzk5ODA1NTU1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2NzU3MzkwMjcxMzQxNDAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNy4wLjI2NTEuODYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9IntBMzAxMTFDRi1CRjA2LTQyQTAtOUJCQi1GRkRCQ0U5MUI4RkN9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5220

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4000

C:\Users\Admin\Desktop\onefile_756_133675730049968022\test.exe
"C:\Users\Admin\Desktop\onefile_756_133675730049968022\test.exe"
1⤵
PID:5904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c title Incognito v1.0.0b - public
  2⤵
  PID:5420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\Installer\setup.exe

Filesize
6.6MB

MD5
71bf4a76d1762959b49eda173f57656e

SHA1
2ead7f36b7ef2790d83d10d96b20959bf73d061d

SHA256
0121c1dde7daaacfd974fc8545a029e970ad7769af84646feff41b7c8c2de33e

SHA512
05ea34097e98e4df5358a2968e4af9c7157c1946b15787d5c3cb1c841d47db6cacda4135a0fc662c2dae0b8ad03bdcfa1015db745c39bb16068df0108bda717e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.15\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe

Filesize
1.6MB

MD5
90decc230b529e4fd7e5fa709e575e76

SHA1
aa48b58cf2293dad5854431448385e583b53652c

SHA256
91f0deec7d7319e57477b74a7a5f4d17c15eb2924b53e05a5998d67ecc8201f2

SHA512
15c0c5ef077d5aca08c067afbc8865ad267abd7b82049655276724bce7f09c16f52d13d69d1449888d8075e13125ff8f880a0d92adc9b65a5171740a7c72df03

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4812.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
5.5MB

MD5
9f1edaf7fec140c4fbf752bceb8faee9

SHA1
446e908ae656e01c864606d2cef06ed8abd96fb3

SHA256
810a386924e8aeb9ad6a432067a96b9af05b2070b4a034b28c6d715d99740666

SHA512
2a97bdf30878cabc8460b26baa810fce2f06e649a98937c4112e674ddec24a3cab259b820fd6a382a11cb7d8167b33ebe28ae7e10338a283b299b9c5a4951f0e

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
14KB

MD5
f1ad636188a86792e4f43fae6ab9e2b9

SHA1
30a20dc4b7066efc72be6719ef733cbb5aadc4d0

SHA256
25bdc714a4f8996775805a43b07c5292430ebde6df4d6c33070dc1e944a1d7cd

SHA512
25eb40445c2a3fb4037c841bfb9e1e01a0625a61d0b7544af73502464784662d4dcef34e2ab5cec59e08cb3375e61556a9a541e8b4e8ea29489346ffe29902ae

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
43KB

MD5
34b84a5f5fffbd87e032fabd53e069b0

SHA1
3b72db743cf7d6c77890ad72659fa5581e696e3c

SHA256
cc2b698f436c2cd413ee64cdc5ceca617473e7a8cdf90844a9778bd65fb08d67

SHA512
b3b50774dd9dcca826206144cf52eeb5a9ff196f4447cb32e77dc595141ca0cacae31dfa1681d67013541ee14097280fbb304ccf956d42389363ff896f9dc17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
24KB

MD5
e0210d118b3139c5c77b0a3cdf07240c

SHA1
520912218ff8fb26d188dafe6eb7d53e4a1347b8

SHA256
09afbb320f0230e85ca0b2ad49ca106b3cc9bbacd2e45bb4e8faed3a3fe93444

SHA512
dd11395f2f830af1571beb0293e78a4ef01c252371194bf0e8154d6494d951e44b0e34219ab52ec8cc8ed47eed88b99592e9fbfe2c8d4cd65e26faa257a64550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
44KB

MD5
4829199e6a5f896653a07f378f420e20

SHA1
ea33810361856e36459b0da1d93267c6252b25fc

SHA256
f5d8f9bc07f91b59566bbcfa3c572d6d2ba2f35432b9ab89bcd7ad343cc61ebc

SHA512
83ba69988097dd4a39a19136ca5e68d0116305cc1d04fc519f59cb208ec0e8e5e592abe8fc9badffc701fc56bb6aa293c4089261f4d4a9b3d616026f000f48b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
29KB

MD5
ff122ed83c65b35220660f38c2fa26d2

SHA1
f99451f4b2fa18429253c8b80209900bf711e8ca

SHA256
a0b52734f27b7bcdacf0d69789bb34370bfc772019a37ec52a3f62ea60f83dbd

SHA512
482afdf9c42f5277ba8412746ed79d2a9628d1287b53c7ffdf4afa3c71adc3368bdd1731b45104991a3a500451c9f02a29e0d15387fd706ff22ff0dc6869bf1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
28KB

MD5
64d68e070c4b1e4a862624decec986f5

SHA1
7c86818c64bae2c94189cfd6d994644467fe694a

SHA256
7007b134073ab40ddb54aa284af0e490092330f98ce2f426b4efc6a6c07b8e06

SHA512
d0b45b14dc395aacebc4ad3cdb1e6e435d1514334e9a259696c21809b860a951f521682358a8f778de24f9936c1c968f22903aced03adfa5a301a9396d69b5af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
90KB

MD5
2e668cb1e2d4d46bfcdb5b051ae824af

SHA1
7e312eb3cb04b0cd0dfda5a2e8ed880f5c54d281

SHA256
bdb0aa60710cc1760b06eb496bd90352f085c156058b39db16ec45421e07c24e

SHA512
94c2b2579688c6bea2369a9260eb1704f420c67722091be0f1adaa0ad3dbc244690743c13c064b48852780a4cdfa2f8bf1b86b6b5f7153134aba129a3620a9bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
59KB

MD5
99adec199701191fda80529b0506e475

SHA1
ba63a6135825ed9f463762fdb1fe8e4a3cab26e7

SHA256
86301cee42e07c559f6e99eb7e7270015f1b0617d1169feb1310508d4c6e004b

SHA512
c4ae0733870ef45a493685a3871c77dc2f9373d6104b429d38d508b5e6b0263114b0680e46e57ca20dc236cd45a4f6be4a1d1fd54945015f6bcfbd379e911267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
57KB

MD5
af6b71335f9eb323b39655710482a5e9

SHA1
37b3728ec71f0ee823155f89cf402ff616a1be61

SHA256
0f25e4add6c1dc5c498027f8687196a1eb21e07b1e5224397a5b30e09260e6c2

SHA512
30257967bb68487392d0b324163819285053fed93a839a38ec376c44a3bf9648382f9e08c430e4658adfe04a2d34ee16e941e8d09b161e63c5f6a24d31316ba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
88KB

MD5
c729a3930550abc4a7d40fe798093b95

SHA1
b0f3bacaead5515f457850cd8df539d71fe2bd79

SHA256
f300dbc8120410263e239caa74cc4cbf3a99a89dd686f87e256e1e12d0e45cf1

SHA512
0505e70c560696e12b6321e04c98798c4f926afaab948097ebc6854d31a3df1612dce1c53e5ce980a68dc4fd52bf92a30e30911c16bbf7a2ab350b28480729cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
59KB

MD5
85ac3b2331cd854051d65a884d84dd0c

SHA1
6d856f568a9e4ada82f5c8e15df9e4cb161a4cbf

SHA256
8cafcdb1a78991ef3007874523d3abc88bd3ea72abe4cf9f1a5be5ab5ff802f7

SHA512
d9fe681cbe975b054abcd1078ed398bb05e0bc66a59f3fe6ca066bce71297f898c29d6f14e3a06a5b55e36719cea73f811d4cf6a15b939421cfa06d620e471cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
74KB

MD5
c0d78e223c8d38d6fbb96195229e7f18

SHA1
352a850163fab5759dcc09541aa94dbdadf5a557

SHA256
a10c1b84948af26baa7190376711492ff11e5c143933803e6a5b95b64fc833e0

SHA512
a541cf3a09b67f55d526a0bdab1288712067cb5eacd1bdf30a5aafabf44e031fa31257fcc4ed011f2da203c137d250415fe124e55a29bed37084f6c63595b11f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
75KB

MD5
a63c5a6c1312ff4416da91f1ba045f68

SHA1
7785c59c41f2db7641d58f74fdeff80d9010cb00

SHA256
aac290dde49c6eb4506098e67d7bc5fb0ac4ad262c4ae5349621bd5aedbbeaf2

SHA512
f6db9f91b73dcb47410319747dc1db849771ccc0e8dac56c9bf8397288edd28041145e82a9056ef3ebe6f5cadc2bff5b14ffc458fece0258ef47349f56e2531c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
20KB

MD5
e68c49fd30b218d571e5435773c46d89

SHA1
0107595579b3d17c8cc585b8a3b08ca7ad1814b9

SHA256
d1fc73a52c9ee2f44fe2bb46b0dce37af0a9709bb1c1c2992bf435d3aad7bda6

SHA512
ebf8476180427406119f6760919be8983f1fa322df3982a8fd7d81bd0b26ebc4505048d4e4cc281aafeb5046211c458637f11e8911a8fcd277019ab7e1c9e247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
30KB

MD5
b5d230d64ec363aae8f2b15a7100048f

SHA1
0f0b8a1680d3a94dc434266068cc865d19e4140c

SHA256
c1124f3dfca9fd8249da22528ef8d85d930478e6d31e6fdc85d2721077f06e98

SHA512
55711d02fa53cdb8837913c2ef0565d823fb8a3570fd9a34f85c0a35a6c9762c97113aa44233fd6240a33508e8b9bc9475f47161262ab46bbfa535447cb8f1ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
21KB

MD5
dfa6ca54c73b7918330744f9461f2772

SHA1
15209ca47ac570763de410665f205fe7ba3d44a8

SHA256
142c67a7c2a92643249d1eb3e1533efcd002b3f43d42a01c42c02e9f0b360ddb

SHA512
cb1bdaa01e52dbe599c44c539d51f949455751005a2e992440bea08e2e2836d4c0da9e12608c8eeedf657b56b990871cc7c23b574e3ebfe5ea44acb1b6d3dbd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
29KB

MD5
52ac8c9553c797f794dd97c6a968cdcc

SHA1
d25931ef85f6e0a3afcc9cae0d8036703d0c75ef

SHA256
adb2481307f49895a3e02a83010ee86aa25fb16e8e18f0207676e5f5d6307453

SHA512
85db53a54107ac1e52b469a1e92b4fa3d2dcdd49d748ddf5725b846026634af2c6e296dcd3940433520317c4f57ff8fc81505907f340ec69bd42dd046066f6f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
51KB

MD5
39b81d65634260b15593cfb1f361e410

SHA1
a5e6654e7109c8f410a973ab8dd40a9d4edc533c

SHA256
d8f023e34ad28c370d0185dfaf17ecb5ab67037885a1651199e4c735c6852437

SHA512
4c7d23ef62006d3c0f9a6b1f3eff7d81b9d3b80d7b002b2665d76f3156ef122ae9cb8f4189e31ce43225742c16527d690e637a97f5e6a9a3faa8d860cbc86dea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
16KB

MD5
b3d552f34984af4bed9376f4b3cc6d93

SHA1
98b46d847cf12568a948b524264c586b9cb1d1e8

SHA256
835b152b6880f109d1f5ec5d74b568ec6bccdc0e253499e359311904c614632a

SHA512
7a3172cfb83c17ead6b37a7dcad6da0b5d44ca41f8038a837ba0ac71502a2c3709fd6a5811191ffc59452f3d81f6d61b04df78700f4d58ce52f0a82694e67f04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
20KB

MD5
584f52a96aab6de9f2eec20e433cafea

SHA1
06cf2045e966787f71b070c8829eb3b206485b3e

SHA256
5ad1ff39ed7ac284a9c7769b0e0bb4fd76c8000e4fda8e783facb55d31ff00bd

SHA512
83a70686c5b26791b7dc8ac517480c9c4e9aadf3c7172d73f6a80b39bbc30954da0c2c6c9f3b0ffc6dfd6f289e0414109235acd3b38db21c03b564640a2693c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
39KB

MD5
e1f6e032096b2924e561c3928b9dc73d

SHA1
f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad

SHA256
fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8

SHA512
b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
42KB

MD5
cc7ad65e0558327d8fbe8ade40ab94e8

SHA1
6c153e9bf971f196db25cb2cb3b62f77f0a1299a

SHA256
956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30

SHA512
0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
41KB

MD5
60df02cbc9b6a531c2d3cf32025a4dc8

SHA1
71ce31d6e0f59f98855a01b3eb9a37a86352189f

SHA256
2d73eefd868f115745117f76888a9b0124453918522046796a55c3621ad2c15d

SHA512
cfc2d4bc147bc757054c07a7e347091922d4ff9b7a0f856d0a3c278f5a98fac1a539d05ea5c375868b372f006a530d14558ac7027723f83f3b22087bd12992dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
40KB

MD5
f1cad4800853bba09a023250de102801

SHA1
76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6

SHA256
e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b

SHA512
4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
37KB

MD5
f10eb50991afc76e3e482a46ca3b07ad

SHA1
b9f59d6c48973c38c8a0ce6bddf5f20f933daef1

SHA256
c55c0fb0cf4fb41ad04c532a58dd2dda2ff2f614f12235ef5d35204ad7667252

SHA512
cb10e9e9174713d5d71532d9434e8fb9bde3feb62c7feac9c215c412b14475988207f187811d3a541e34aca8b4c639ba1ae29b67582ac2d176eb21a30284c88d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
42KB

MD5
ce292c14ea364545c492882bcc6e47b8

SHA1
726831fba9baac87e2253fa7094e1882053bde8e

SHA256
6ed7168025fa8e7819ccc6a5e596a78ed5ecec94e637575fcedf2e68c257ba1f

SHA512
2162484cff45533dd6e62d0a459ba418a1fbcf309042064657f3b34446b68e2db09543e427b9cde5b9e702a1fc24982db52eba1f248bfa8d42a97c5d7fb68b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
73KB

MD5
27134070249eb78e61922e089cb41464

SHA1
4af2ceb19603088d207eaf0da5a2b281b1cb93a4

SHA256
42d3fb202ad75b27bc4eba2cb283c38132034448144dd4c0d76601b7063fe458

SHA512
a4d3a10ae1d6c92c15e134aad39e2fbd9e47ce9a7d5f5a1c7c247bfb1020dda591fa23a56f8e5809726875d1fa9649451e816729017d35dcf8dbecdb3ae132ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
18KB

MD5
2ea0e07488a2e198076339885f3effaf

SHA1
c31275609584403814a754b317d3bac32e28391a

SHA256
e29535cd353dff54e1259ab75b9c2db1f19c05bd92d2553804c2301dba55668e

SHA512
beae64b7383b29b755626988776c83134fe28c94d1ca567a53682e387cc31bbcd16224612ae629da9cc4ac4835e32ccfe723d3fec2f60e3093a08dea080893d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
71KB

MD5
8b13c1d5090d746bdc97d44120affc40

SHA1
0f8df4f1ca30edebc017d59baa98ca9539ec90d6

SHA256
ea489f09f2bfa3d845caad25b6cec6a5892f4ea4c8982744bcea1ff4c627e3c0

SHA512
c664552760bfde5ac265ed332be82319ea1b136bd44ae8aaa3ca5f587a6c17f5dd53ac63749d864fa0da47189eb739e1a07cee5557551fa08ddfce697dc9d079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
41KB

MD5
1e1210dcf639992688fb1e4e4180992b

SHA1
c69bdc9599fb5c7c955de7a8cd575dd094b90fa1

SHA256
49de1702c8675ea73055b5eec4c4baad7041c2828b4b7d3dab430673fecbf71b

SHA512
889b4242b99f13ed17918d3ed7f72b58099085af3610bf69a34d696bb2e37059ce59c1bbd4238e767dbe6b3883fe00c45fc28fa04449b55dc32a58265db115a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
212KB

MD5
c343f87e315da7537604e45fe3e50d23

SHA1
314d6a7ef3c71ab88df15bbd8856c75831ae82fd

SHA256
cd1c2faa1e63a3410a5228ffdc9d351b8a15f6845097479ef55a13b8cf4a1f66

SHA512
f2014cef84c36bc6d7be436fe39e73c71f73823831898cdc861c1da2031104a91f0c824eb980aa4e677b28d489068c5f95c7327874063d80bcb7e43c96dedd0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
42KB

MD5
b715a5dd019d1b8771a3031ff85c972b

SHA1
5768744eb85d3137d094458e4b7842c1c5c526cd

SHA256
e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a

SHA512
22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
807d3e50c7ada611075a0d00b2fb65cb

SHA1
bf01a05ac3654b172f6d5669aec2ccee97144914

SHA256
ad44b6a99b7f472e4fa6200b4eff2b9c722337d9e64e67b4ed65f8decfd0effc

SHA512
4dd70b255e0c3bd1792ee6d964e0f537970df957f4d0177e46e6b9edf2d1c4c450b49232d9b9480f84ca3cd1eeb2b67eb7917bb8b2a42efe70fc065568f5ae94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7144a0c72de0dae062609dcd676d8c18

SHA1
d6af25f3b04c069fe72eab82ec77e42527b9eb37

SHA256
fb448fbed289eff4ee5ac1b034c7a8f39f6e595d0e167fcbc93d103d7c04d235

SHA512
21630c9010bfde6c2f01b7347f839eaca3376b3262fc3381251f918bcb399cc3446621cfbb574cde409583508e5a98d4fa9a2cc54fe0c99c6de0bebb16832c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
375050239b49162c303dbb2aa9c9492a

SHA1
c61300846cdb18a9e55628eefa55105cce2d61df

SHA256
72f4e79a0b726d4caccd09e7d9ebd56cb5418be0bc7c7ee8242232638b8a0e9e

SHA512
886441a79fd32fa49116d7c8fabc7ca1df6ddbed734b5f77e6c04cb98c64af991cc42424f303964be4fd86b0abc022fcaa8bc08c3e178f5794344ad296921c15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000005.ldb

Filesize
1KB

MD5
b3ec210b162a2e12643d5c4fd1ce5913

SHA1
06de7d9e24a154f83518db1859dbf4f0106697af

SHA256
a602cd70b283f8d578b176622e250488c5087b53266b6104f34ba1851c63d10d

SHA512
a3aae09a77aae3d89758db11edd14b130759c01a77f6ad5c734f55311a44ac90cd4bc13156fc081b3762249022f9f14e26ed1d56a125f78149bfda04120c577b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
8828a4153be0ff8694bbd5c497cf61f5

SHA1
ae3524452bc8d1d9722e5e43c5936f0b27d868c0

SHA256
a41257b03889d0af194850e7c4b85cceeb7c725af7cfe58a237224ca90dafa83

SHA512
1896912e1c59578125a374099deabcad00e00153f2b5b2a74e7f53a86819561c3d89840a3b7ab4c4fb5aea76f330d1ca7f61b0f1e044b395d6fc49db1998e9ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
780b77ae55a72e2a1a15cd7c53073ebe

SHA1
8e6c903b2b7a47dd7d757239ca6607094d9201f1

SHA256
30e02490a0b10e0109cf563de31a09618508798f3c6f42919ab19cf9ef0045e3

SHA512
cc68b84654712bd12e4cd04f9394f01b7821091242b4fe90262ed9cc7b52b81440dd66c1a566db4140851eec50f46705b34ee10f940dc830766b7336d0d9b60e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
9aca41627f79d5335ca7818826c178f6

SHA1
b255022ba7f37e0d3a76c681ffd8e81e2825e71b

SHA256
631d91972f923cf0807b56f19bf55051fe858f3a0485b1d84331282f88b09f4b

SHA512
48818a96c4723c160d61384b7a2780bc11ce0c1e7642dac666fd0242fad5cfb5eae66f58184f74888156767952e1f0a8fb8472b2b5fde5500deddac9199853b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5fddb7.TMP

Filesize
669B

MD5
2a00c3c8431d898622bdaafe9d3622d6

SHA1
4ff6883b18c354c08f7b732d71607a7716ac5ad2

SHA256
ba8426dc411b15bf4ddc726609232f2eccc469f740ebee3bc3b45445d43368db

SHA512
b38ae948889e34b078376d072435ae6018067ae043e1c00edc5e2e381356df9692f23e76ed68165098e049fdab5f5fa7405c5c7b0275f91937f77706259cd543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
fb3b539ba3a337683cf42ad36bfa3594

SHA1
38303cb82fb427463d8c45f4f82320fbe07cfd55

SHA256
484e3d2017053ee589edc117e28700f468e8c57d19c6a693d9b0980c3015af7b

SHA512
a0d87c3f5630f5cea74a31a157deca100312e41638ef88cb5e0647e175a6f3040c63dce842293008fa17c0bcea2c829ae0433993a3fa6e1a0ce1be688cb3a732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
9e3724fa166493f432653e07ea8334aa

SHA1
b8207ae9f7a7c09d9fa7b3c8c742ac79f0412cc3

SHA256
71c2de4cae279ca55fb042e386dbdf44c1ed2c0eb2bb75d7ed862c57adbc9ff8

SHA512
68539275fa1b621c4e93d54327168ea9c35106112537c240ccbaa5fd41adcf3f8767737c75ad5fa710a47d39f9b521b6c70928a92b48b30db91b74b77837418d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
ea7521866dc70c3c9ea3673f6c718f20

SHA1
0dd134c2545cd5c2a7097cc7bd3ebe89d70ae3a9

SHA256
7290832c293ef5bbc4c57315a73ee8c0f7fdcd525d618fa307c3e91c4ab23508

SHA512
cfafa9678cd8d3928a87a860718c3550ed9360c34571d53c08900194d6456f5aa4a5bdaf841013726db516146a5d7fc0b10f548c51786da0a8977e37736fc1e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
235c03041c7317716b0f9c3b7c25daec

SHA1
362038ecb16d9c8017b3e87b4cc89f7360719245

SHA256
602dcf9e0b7763e424513d9b899859f5e57d96006aa3bbd4e3ecc2b8ac7fda9c

SHA512
2a53fa97dcd29319cccf2721b58dde9d5be932e79560b3fbc476662e1173938521dfae5abce7971643cdb2f50bd6004c112e4b1438528822ed4932b1c57d630a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fbe192082a5ac759081ffc4169325868

SHA1
25b2a9c5af9c930197f7dc0179709b75d63ae1c3

SHA256
2075b52ad89694cbe5a5cfe0fec610bedbbff9745ada903809ff8026e47a140f

SHA512
f6b83d6cf0f886222efde386e9511a31bd0b31ce6477f129a7eeffb701effabf0d1869c05dc9e15d50b8e56d0f04881ba577f47ecd9e70d16a27b6ac9c3efc84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3cc7f8a136275d73a916b470f0b2b4f4

SHA1
b4ca8a7c65a9d5c11988a541b794c315575cac20

SHA256
9107c9b4d4cd63ae6acc84cad64b2d33783162348943dbe8d601d39416af2497

SHA512
2cdef39f0292a073c00fb0d152bc1097767f1ec1a8768ae8925cc1c9a07278bb247ab0598b3fa557bef9e342865c025ed503fafe140820a5236a7fe49d4d7e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
170b47eacb498dacafdb2a93b74e8e93

SHA1
14d560be8cdc31995f5eb2a53568ef7abbfcda83

SHA256
56d5cf7080cbe9245526515686241c1dd2edbfb2808249228e5beeed1665715f

SHA512
42fec320131728db754aa32833439b41995a2fb28e7bdc474fcbd8ad94b61f865986913d7a03d9d34334371ddbdf4f0771c707ed08c86ea4bf528a5b1e326b8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1eb124ab6305073ea23a1de30bed0813

SHA1
05ad13a178dcf551210df288a66693304837acb6

SHA256
85dbbcd361c7c0c7e9c476cab98d7a41c187566b7752a03dbd990d238747996d

SHA512
ecb2b7082d7337fbaec77acdc1b26d98c9dd3ccd3a981891e91990552921d830a91d30a71383223c891061c19bc616617510a558c56622c067fbc1f7c9156469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
820ca5a40071fc25bbad0573461dc194

SHA1
7c2ee6ec75d11be281a303b8ab5ed14e968d7d1d

SHA256
394094d6d115a87b2f22f137fb50e610545ff1e78a2b101e8f3570a75cdd9242

SHA512
235a6e324cd7cbe73a55ef82f1fa9ed98cf51f6d9575e32286469be2f6db7a99612cc172bc8781f9ab65e4a515aad2115917f82c4b96ee179fe169b59f0cd332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1ef13158c1a35219629e2bfbe678ae37

SHA1
f0628545d72a958fe5e465febe4611b2be22bc10

SHA256
fb1228d8180d8caacfc7a9465a667d667e4be8974e8c5aed4b9cb420fbc9618a

SHA512
644c1aa1c2e7e0c4ffc17d0f66039fb71b05cf7dfeda1a6180e5ec9c42b9b0e983f69f0773ff129b57f5a8db61f873271823e0114508dfd6f926191b5d57808c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
625d793ea0ff643115bc97a943902e21

SHA1
31f63f0b3c2eb9be84c62163d4211b928f0a7c87

SHA256
36f6df56c245960e1120b630fecef26bbc204b0972cce34e31f7dcf731d1dcaa

SHA512
89d60c3411a27323cc1fe4b020aed3213cee641ab8ec053c00cf69152eb3ae103dbb9b0bb41b6b873183dbcc06f7ce4b35c5c576e499065fecc6f2fe1db50f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7dcc2ec02deec394ec4d8744f94da8d2

SHA1
e0be1f1e4b3ffc8f5907571837788130e65a0598

SHA256
c5ddf75b02c582993efd9dbb758994e9722021ac8e429608b67f83e18043c48f

SHA512
c4f9812f4e023b445ebbfe7379eefa925b185c744adfdcdca4290950b034c4bdea73e9ea55edb9d0961ebc8d8aba0059d4df745986dbaa5f75b74d0b2441c927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
db231852d640887c0093e46a3f38aa43

SHA1
c24f5d7eeee3d4d6fb3de0d02a54b84cc47be539

SHA256
be4d173f39a2746ee61082a497570f37167b48b95616e1df2cfd6dc157fbaf0e

SHA512
abf23457a068ed6654c84fcf6cfe22da8cc12da1f70bef7b078b819a7dac9edcbff5bae67afa52bfce49768a593ebad2991adecbb4357eba6a9c702e49c68c25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0b93dba3d5799a0c74dbc2c86770a3dc

SHA1
566ddfdac343e84abe48310cc2e74c22faa95a94

SHA256
e7aa6b516601a0a9b637c6ed29dcb3a85fee2daf8971cd2a15450ea0aad95772

SHA512
cdaae1da72a85a516d3a48bfa362836c2bebdfcda83ff88554f40331be148f9c7b444a65d54f9d7546c2208da8f964a00529ab4407825a3dba31d2222b32b3d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
aa246a220e74253510901c1d9113375e

SHA1
4f0f2b3fea5a09785a75d6cba890588611b87898

SHA256
82c980261484ce171a2ebd6db18df19fa9e83176a5e674c85cb7ff45c3feabcc

SHA512
ba291c3011672a178bd04dc05af90282b3cbded6f7b22f19dae2ce5b32028cb2cfe82cd779e19e70f191dba49dae653996905ab2c0c5d528d31c35ec122ce999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7d0b63db9454492b3ac5ef753487837f

SHA1
d23ad6288425df76e501c208195c680f52e0ce05

SHA256
99107f99399be0d83477b0ea028421a7c897f194af5098357732da036ddfb42d

SHA512
5d8e15e8bec02f4879427425de9560ef4edf6d7612895482232db8c94169bcf9ab39b9f97864bfd9d184cb7be1ca1176c59d7b8b7c9572b4f77717c688c0c26f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e54abe5d091cb58930dfb622739b9521

SHA1
9e980cbc9f013398bf0c3df14e5c59ad4c196534

SHA256
d0a7a59c287a1d43c8fc41041eb1b047a08ba4fc8aab652fc97936c4a91e8047

SHA512
5d82f055a4b9df1fa59a2ff3e4e631972aab7a50a489157588b0ce73a83697e128d18b2b3b68d7ae041a562700d82d68952d562da0cc1cff08cde5375778cd51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f0d24bff98b4ce293b1f2588d12f3a0d

SHA1
7402d6136b3816b355772bc6843c5b4872baadde

SHA256
503b9dd4a0b44c899421c2fe275957a4798c0032c25e0d72a275af9445c22f06

SHA512
77faa3df3dd535e0d8c8d251f0cd4663f5f613a76160d90494019d8509792aab326af1acc6367cbc02fa0c5c36c0d814dcca9ede6c6b350a25dc2652ad0c0fea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c447160a39250fad46dc43c396543ae8

SHA1
b3ba19dc362a28755ea16bbf878ebb3d8923493d

SHA256
bc2e5407ff5ee6efdd0005bd59a226f0d36629d4c2d5525a40e73016fc5600cd

SHA512
b6287e8e320ea4f73726b9d965aef5a183a4478b1ebcc1bc256ed19b187d897626dab933ed2c2815763b152f040ad5da00723ecdd5ccbc23085257457a8ee022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9053b1dcd68a816344d1db738a9aa1e7

SHA1
5734f15addf915c4fce220a2e4011ca35be52919

SHA256
ce344926ac618bc0b15c2fea79ca2f7a758157c75c2f812feb3bc7d32386d087

SHA512
ed071b82d48bc87ea4f8dfd25118f5621de1ace0808cb88cc9241e2722c5004435913e0ad02d3a4d69a49b019aeb68fc41c8294a7191700c98f083e4934b24f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4585c8fe7ff856b6172ca7d5e77d821b

SHA1
0b50c56020dc7445c5fc6d0c8f9eb857311f5769

SHA256
fe273512d86b5f01ae53336ad67e9bc8e010ae47837fc9ff1a0de85f210ec814

SHA512
8860b2a93ed9c02e48df89178943c2668e293725c5994b0945f538759ff4415900dcd90c8aa5e9f67d43dcfc3855e8a5492be5b5e2242b59f9d39115cdc33a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c32fe2b166458eabeeead0d40f6f1cf5

SHA1
a6d9b157adc1c70765d4d869bf5964ffb0044cfc

SHA256
1f7eeb7e0ca716ef27dfbbd6be8be494722854a6bec3a32e10f880cbcb9175ee

SHA512
9c61652fc3f3f4c377fc67c3fa45614a1d6f3d08dff7e3cf7ebf7bfd3b316a134eae3a7a36e02fe411784bf62dbf7158e6041e9653104e52632cf3b003e4395b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2372c9a38708bbdd91ec4c1dd598c616

SHA1
e63d168ba579e922acaa355d5c89ff9768b28e19

SHA256
a82fe520f1cce5658c86e3e3f2a5d36897eccd1cd08f310b76080823bc356882

SHA512
3f3e1228e7df008df65bfbc0c82a25c32f3042f0e24d006006a3f2b2c73f295dff41a7fe88da52ea00cf631cc539a5d19cecab83261bca320841e1566be4600f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
55ba96dae74412a31f1a6ad5e631cb8b

SHA1
f3a33ac66bb6a4cbc127c0f65db3c6425b65217d

SHA256
b2d1799b3d1afb919201f0f92b1610566109eecc63925481194affc6bcb7a8ab

SHA512
bf8c717405a9451ddd62dae31e2d804b9b88d59edf06a96db016d3cf79ac9dd774440a2e60fdec873929c33a5bbc6b6d78627a913033e17a051bb90069e5abee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aae7ed4d9a037c547af5097a99667e2a

SHA1
7e2b840c97422c544193b1064976ff12e088c31f

SHA256
1e1d247ce95c523c8072ad3a60e43b133e8af54083b0bf59869aed32ec2b83f5

SHA512
50da1737f8d7a5ca001e3b74d2f4a154333f13472e6271a73b0d55ab189f926843fa2934c286e661c52c6f4b1423a09e1b5d982a17514a480c19d07d5eefec57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ff068294e27136a6a0796012b1ff246b

SHA1
032cb45cd2356eb3734783d7447c27e7e0a059af

SHA256
741c28a8776b9632114b6a0d36cff15a38bb790a9dd90949e87f56936b3a1eb7

SHA512
2c52c602e7c5d465072bd27eb39ae09b717e959096985d633b0e1cb8b5f187d9f1975967cc0db5ff10aa17842de20961901552d25992e992ffd4ada89bf2cbad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7ee8f1e4199f03c6bb1da1db81301fba

SHA1
b76128f63dbd75e59b881ba8100c5f84489f1f26

SHA256
d7d56f9a2a4b7b8a1760fc3f9f5ec29788f7bc85b6b172bf0df26108194e0a00

SHA512
e4c209cb2524f80236ba1e9be648878ea277a7ef7ff6f7b83200b44b0542a4ef81161b9eed4f071b66d43f0b25801097ee1a4577f1708b6601076dee1501d671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6c0f06e491b5b4c400b83b63f287e18d

SHA1
e02da041e08eb50990dbd65f56305435e443afa4

SHA256
cf573ed7ba78499511491c0795d006eea7d5e304a413ebe196054aeb509e09ab

SHA512
3ff041cc45b64980d3dcab007512a272d4a31506e3f59b4421b3c905d4b4c8675fb839d0f0adb25c31b90d4a90cab2542472f226549c229e2898cfe61de70c53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
370dd0e96d246b1436f668e6eb0b4c10

SHA1
8dfab5d95d68a3bc4251dbe9a5cacab351c74a93

SHA256
f20998be16960707c2df8416ba60096160bcfe891bd6a9a9f07c98bbb8a4e1ee

SHA512
f51a98d4778f5cb980ada647d6e110c6dd46f10af0c7e8a2bdd332dad73defaa086ee6ef9edacedad2ea89b64858a1fb8ab241ad2728a28323de4fb0e5a4e0e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7affa3ec113e64c64789c278c469dd5c

SHA1
8c6556946b56de17623600982bfc94109d9de8b0

SHA256
1d6fcf7772c42090e5987f61f541f52d836b2d766a114be43b970e91a891b461

SHA512
23b4eb5ecdc2f25e03ce4580c7c63f6edb9ff8e40f02aa2a737a16bbd5fb100ad6d8b442865b9dd6f8d74f79adb96c90d60162d4230c320a38643ffd1c65a4b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b887d5b16ea61bac3adbc43eee375ba3

SHA1
bf040fef1b0603fbcc091d8b43569dc3627c88e0

SHA256
0489622f451e3ceb817e7152e4b6f53ff37eac0925ea8808d1a21e14fe18d56e

SHA512
2d056e94441573d9043df13aebd03e4859844ec01778b439ffc2113cbfeb12c86cf80183ad2331f6f70a03597c7c8a2c5f38d0fe97591803c7132a94ca1e33b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
80ad4f00ff998897f26014dcc004c2b8

SHA1
05dfae904b5e7c1ca16a90d962be507dc7ac7fbf

SHA256
39b8d8f9f5ec8d207346f74867931b158edd0a492c45e9db22a6f6852fddd66e

SHA512
1ed3e18f14f2d5473d5d0a2abc82fd8bb046e8f9dd5af5bb9cc468367a4c833db4dbdb9ae2f58315be3fa550396c60c82b4a09bf32d436c662914552ddff1d0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9bdc29f502cba163583b987d987fab33

SHA1
6b93ca73cac21d91b67aece1d72aa2fd3bd1e6e7

SHA256
add19e1f29a61352d988041aeea3c5d5282061ab8f6b71b44bacfc12cb3ecb1e

SHA512
bc4b3882ac8b3d21f9e682cdc8b6bb47a5c62e047fba2540357a13aab60972d4678b06bb0c9de6ab6ca883ecfee1e4bf079f189f4fd1ab331574fab4485dd4f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
864af6f3aa2d5141a5d9a3c8b4f05309

SHA1
6adeba4fa105498fd87858e5e43530f796ddaf2e

SHA256
9a2fa1a3cc9c8e90f7d923c4c87fa2583e5a047199a7493c956e4da3a86fb978

SHA512
e2d4009fe131ac40a1a1b5fd520526fa9bbf9c8eb72151df66bf31b3ac5ee2b55926e9ebb33dd7905d010058eb58b3a15cd69d7a3aca803c9b2a53e1897bc07a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5c31ceedc7cf324ad2b5ecfe4d849faf

SHA1
39e355a9686dd9e3bfcfaa527d3ef2806872e588

SHA256
82a18f999381e81cd1111c5ba75856ecb3b614c2533aa26f11a28b8575287e72

SHA512
17bf7015dcc715bf2c9d685af638b3c951fd07edb8ddee5860a2e00285f366c19b589dee70870465719187ba5fd6a98e8e2666e1b004990ace03da60264147cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
06fbdd7edbd89df0c0402a3f577b82f0

SHA1
7a2db4b8cbc34dcfb608808f0b9e939dd9514095

SHA256
ba4b3f6309976591bf58504dc7f2ce91ac4114dab60569285acee87be75ac7f5

SHA512
58af8525732fd85c70649260035c18cea64a0315d23c371e3a059a3301d8da4e594ff12ab27f0bca5a6b37dd7c66c63cd5eb534ee0ce54c843661a30151dd861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
8aaa367fd61847079ea286c563de90f4

SHA1
799a14d94ac2a64ad48f4d97bdc899912eeafe94

SHA256
448ebe6983539fe2e32b392118f3fce40a92fa29e15b2bd19b4bd3d50d3b8bab

SHA512
3127f4064ce40ea76606ec36f865d38935b1172215d46c0c0cbffc7caee105bfd0707ec2922ae0ceea8fbc8e2b622e643ab5a8d56481318a6caa642793750aee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
869a29b852dc1d5d8f6f98b1ecc72366

SHA1
b725cdf7545d1c9f1c92927a872193fac4034721

SHA256
d725ec456898fd064cb09fc9060deefb77434e63e31afd933c9d6f986f34b9de

SHA512
3614b01a52fed5f0c03a6811d771bdafd87c5757e920dc03d85c7169ed492f33d7ef928f6490d7a1c97a225139f075d971c4198a93942d5b0b49cd9e05e2fe0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
5655ee7355d5a3790fa5fa51c89079b0

SHA1
35621b3c8244ff5631f56ea95018d20ec333de10

SHA256
58a63b4b019693fe601188c4a5bc9c7ca4951617ef3912ac0d6f666877fdbe7b

SHA512
4c360334e8f069dee4675f36937cc63477b4612fd5d26bc61e282e4101c05992afd3b1d79e11c88d3fbaaa67721b6117c304f8dcb8f35de2bb632671a16b3f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
89KB

MD5
c150c7867022324b7efd79facd4f511f

SHA1
fed0c2a367b83c54013390dc157e1a63f9b4a880

SHA256
8b724f7d4c14da1a566b09ef2f6bf857dcbcb27f14388030d860500458805a71

SHA512
3488a0aadcb00b28534ed414ee757f1dd916d8ce9e28c1fdb6b7a2941587f6c2aa9af9adf85ccaeb436625b2490cc1e312dac725bb22b178b23556b375d1c7e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
9cdd23ebd5563597b687bba130dcad28

SHA1
bb1c076c330312d82a3401b8fbc4e8cedcb0bc15

SHA256
3e6f8e367f46aa46aab3d22f6b3420439fd56959259785a497692869ac25d857

SHA512
2ad19c16adb909d8230a465da9c1a76f2eb4691f8010f694143d60a311c18e437e97a6da5205b3d67033ce6edbf514d3f7625dc7f5ac9b359efebc375f017cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
829e2da7f26365f39ab2bd44b93655d0

SHA1
afe95c453d99a1574c8ce007658929c753c3139a

SHA256
855cbd0cfa06734fe37925ca4f3243adc7095f5b59d7ccaa9c8a88e40cf92383

SHA512
c1f062a84e1eadfe3e92f03e3e057b9a071bea5189951f5b1cbf7e002d81153cf9137fdedf555383350b41f0a1c53fac9d527d5ff98293394617a0dbe6380421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
88d1ddb9a2ba8b1fd62323a469d38fd2

SHA1
fcdd97313f00650aea6f78dcbbb363f1ad03db12

SHA256
717e1d14f0dc0d58c00f83d89a7dd1237b36dfffef48887e1f5d48c5f9f61916

SHA512
7e5145b6c072481bfcd64986b29f817b7ec52dec70ddd00a9d1c92d9c2ad7c955f5603eb0cecb92d271cfd71576e1d297452f92dd8a94c6279d38e4b0f5a8de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
b0c56878db7e810af1deb0558f6cd81d

SHA1
aff11bb2576f234eed0c7aa94e9bd5d7a80b3b06

SHA256
6af519f16447a60c4305f218d65d0a4897ca36b58e0c74267653f2590253fc79

SHA512
c163590ccb56d12d1ddb4932f45423229033bf8d0c051accc68eab4671e184d2bb4675ade18a111a978d930063d7887a673fe5d0544851224c069446374fcb34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
745B

MD5
3c591f06cce388d933dace31aa1de3cf

SHA1
1ce3f331b6dbbb825d849e03232020887aeedeb8

SHA256
57ec5f8c2aeb165ec0811fc3ff1d6fba8850f782b103782d210a8f53085bda16

SHA512
4f64a277eb022e824a336fb3223cca354efb8b3938d9bd0f56b64426788888fd0520f61a0267c40bf7c4d79671cdfc917cc65db7452b9400978d5fe00437fec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5d9935.TMP

Filesize
1KB

MD5
0866332399ffe61bfbc461473a2499ca

SHA1
1db7902743c93ad586dc2f7338d672ef4c5f2b2e

SHA256
cc04d47cbb8c3bf14f3db23ab3c643036f2778fe43a780ab6960f716bae3a761

SHA512
ec07e990940096df01dd1e43a3af10bddf4599a13b9449b7f1a77ade8750a8279cbad3b994cfb952df09214a4f8180682b1fda9109778a470313ba34ca986c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
24f7eeca70cd3414e2f7d488748ca87e

SHA1
d63db34f8e1ae96f22a06bd2a90e7aee2c88c1ec

SHA256
dfbe53b7dddd4689d3a985fbf06a701bb6ac132aef011f734c49ea2705541440

SHA512
3cf4d0b5cb6d28a07f2cde8db84ff71e9a2f6b6e10f073c74c517391f506199cdcadb4a653e6da875813675813edfdacdde1c6f1f0d838a141eab3e7563ee99c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
e05b58d090413bcccb8a5a5c8da973a8

SHA1
76d46ab904a6568688d1ceffc2fb955525f9b761

SHA256
d778941853bb5089b4a6e2ab028c15177a47e5a8734d17cb51c48e9f12770ad1

SHA512
79d7455398b82fd78831f880b081de5cfbb849169ceb7d72d3ac97de5a60c240fa9666fefd6ab6e64deeddf9d98da8711e97c7c759216e5ef6b86e934268968b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
34b2da363609997222f78f83b4525848

SHA1
8c336eabd85a1bed68b9d460eab6c1897bbd2840

SHA256
60b940f11b1dde0daf614ac2cc57c490bc6a01f268dfb43d61a0a611483628bf

SHA512
07b744d7b4f17e02cfe4717ac372f02c52784c40f380aafecc25a0f40fd8f695896916c6e48a26ba9ec79b98c3bab8871d592c30f65784a833490d30fe32cd47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
33b027e53b0c95ad4d5102095f7be1ac

SHA1
3c558bf9bcd8b4fb4c2812ec0a3dfd53f893e7c1

SHA256
54a7c4abebef736f07056ce9fda16137e65e0fcb27e4dca17fbd15b2fc5dddb9

SHA512
afd5194fddea9fb55d1d7c704cd6089bcc81c17701dc62f067b0be56223641852f2cb7948b77835260a3b43b00d1c009028c34e82b0ea1f5bfa81eb884f3a8f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
4860573a90b20304ab93c05da0de3b9c

SHA1
3d787713b2f61adadb07ca6ffbe482899173f94b

SHA256
ce7fbc1b4e57fae18f95ca21498f5e79f7910603b6ef8319cbc2082b1f612d96

SHA512
c8ebd4c2e65db9a4f5313e383cc9836d81622cb83158ac9847a73493e803f4955ddf04c1b84320809bd689e55bd4b6983de9254c9540c29be55a5018a8eb1343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9cde985979a09517ce1301b2003eae83

SHA1
7cf0f4314f0933331f8d5cd2d7f721e9f534c322

SHA256
8c8d7eaa1f594f66dd12da2d35222b5603ae48b9dbb28cb7e86fb98eaad0fe7b

SHA512
02db4043584445d0b820f99fbceaf0a26b9e867081ad35c54b3805785bdce72660776d6345f487f22c7ece5179565b480add22ea3c97724ad8cd585a99ebabf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bd82817f4c113338b24157dd409c615b

SHA1
fe0bde769a64c581ea5cfb192acef93558c56435

SHA256
19bbbba5d5da6abd827f12d1e5bce1c200080fa732542ca59f95cd7855bd0254

SHA512
47c8dc0dfdba30b8001f777dba55ad59671e5adc89a991e77a4ea11fa789ac61ca00c04880772153f11e2ffc65d91329826d232b43c2b67b231cba099798e97b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
b4110e5674750e6da3d167fdacc3a9e9

SHA1
33db665889de8d84ab6904008fbb4141a3f984a6

SHA256
858deeec9c352cd69e44e04fc0c785a8ee7a203ea4de50d5c56cbce05b93a6ba

SHA512
2e98a5840a037523a153a7b45b3aedbcf4f23f67b65ecb02e94ab8433397c58e839d5b1a6660327dbc5932ab33efa65b1490c90b721dfd4fcca8b01ecb75352d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
94b77f316614ca74c5335b2c6e9020ed

SHA1
4584fb5e41e7db6b1d0b6cf84be925f2ae324778

SHA256
bbb105749790e01a3eb80950d1c88ad7f68c7c0fcce2da3eecc70d2aef69cc4d

SHA512
5b5dfb50961a039f99e5d88d2cbebc3155fc5f543a3099372c1a18b3e94f9a377786693b3a3428338ee05e6f4742054b1d6b4658b29de595ce01fa3ccd00fbcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a7f0cad9a04f3c9fdc089dad834cb6bb

SHA1
570d4cf3249f575f582df114bd4455c3a26310ab

SHA256
7a52d5d92e69119955f9136ad40e3b6bbb6b98ed1de3aa9765b74c66818f92d6

SHA512
eca4356f172be500312f2ecf7bba635bdd9c2c449b8c1d4ead689a3b4dd21c54c8feef10eeb7d089de4d27e49d8f178fb7c00ea1ec2b32b01c7045149ab8733e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5a8c6998093f51de99459c038c0cf823

SHA1
2b5a87c9de827c460bdc259408c8e2febc2631d3

SHA256
4e11d63f4b848311c2e1bd130e8f69e58020d01e9378e493b41ff7ef1fb7a9a1

SHA512
a5a45083d9323e47dfcc07f462198e34b8c30dce4421473e7599a0fd60af71f522924975239b7ebf6d1c71b096f90860c201c42e62c7e633cd48c792df6d5453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
0b95348685ac944efd0f120da86fe097

SHA1
caa335ea837106ace4f4664b461b95c08a141b55

SHA256
1cc60a91a4b590c9d9761e8644b16ac9bd73d51a6db82b56a9a188c741cf0f46

SHA512
5871c17f2bb195408a5bccf98fdb160110b73348ac986b317a5ff915dc174966b036eb9bcad692f5852aba9b82b33a640e51e0d93378de1a08f57a74b6cfd1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d4af37a25a579fdb0eaa472952824518

SHA1
68353128b8ccc3a9ccf50e8a5aed6feed7589bfe

SHA256
5f11c747e80a6d59bd7fb0202ab9511683acf984c459a4857097277fd5354ec0

SHA512
880f2c97d3082ad1d07d6cd814c9017110139116e9e7036d63b748bb7cd5829fe72e84542805d7f1d146389bc3785a05940200ea8d2499a2e20e7087528e3e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a335467b9c4137e270740b68b3f82e4e

SHA1
a1da5719db1914e984d12a76357d2bcabbb80110

SHA256
cd9eab5ec2b80c6b86b46eff2fe3b9fc38e2ecc86decb62327c0df4a7bbf2b20

SHA512
b0da687156144ce823e9ef814ce83534dbebec88754a0eeda430451c5f4eb877c394d261bfca8e6a15f6c56d5967f495215db7f897f33efe82bfed23e7f1e643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
666ffb69791eadf2acd84839c5cef97b

SHA1
560a632745db6abf38a1131bc1892f539bb33238

SHA256
482165b8c4031127f2a6f4aa603a481cd9faeaa161141cb68f1a50cae71c31f3

SHA512
75b8ca55733e6dfa920fb2b1293986107a3b7c9746b23cf37ddc6684f452592519840109d7e94932330be1dbc88c1d7976ac2e8bdbdcfd895976ceebf15bbf46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
084d953c0452b8826fe691cc8415a6e0

SHA1
c3602836f9ae5d5323e1a4e96599df4d5afb4b83

SHA256
b16d82f346571580de9d5e35660b75b90755968a68f5182af5a11f81d63341f8

SHA512
f335bed795bce668f7c383731d8fa5adce765c3ac2f7e4bc1bac86778bd365cefbba66a94017d03d5e92bb7cbe27c62f7bb13928aac82406838bb0044f40f9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b2a6afb45727007ad50d944937ed9728

SHA1
98cbc613a1077483ba4af86b953944fc6cb9cebd

SHA256
020c7e487d4f23dd9fcb93e8187579cbfa4719f53d6e048e6acedbc18c8fd5c2

SHA512
650e1e0d1531d5b9a6e54faea323b8f9953258e1069dabad640e268cc8aba6b860e235d1e8a76a63680f5da6b25a51395f28887b27a297c650e4d26c2b4fdcad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
1a4907d09999c9cfd582e34c625d4d0a

SHA1
ed6bea31b29da9e337f347e774412bb1a72cbcdf

SHA256
76b972d952d1c023c873c0e1635292e0dc73deb48528917e33234d302178800d

SHA512
69021682eb6c8268769458135af298a000cd4cee6f3eb8db83be8c3e991259f5a0ae17f2fcfa196057dea61f294383754716da6d560b36e39637e67e3fbd250d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
002bd8ae0e7d2062f9bf64ec6ad5939c

SHA1
1f953f02613b0376257ad25cf2ef575b67dfa26d

SHA256
e2101c34e20f86c23b0379be671db766b5f6d021798cdd8f72a0d397bcf7c95e

SHA512
a59e6146053e49d667a48205738e6a9c36d81b3bce91f28158547c082ffc4fd69a4e5304d853605fc5173ff834f66d7a5ed48fa0861846307f1b69281b3bae3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6cc9547b94ab1a723f386253c58c2640

SHA1
5638e167d5338217610ffd5036b736a08557d25c

SHA256
624b4a66c31c7319683de0bbf164e6edc3caf87ad393c27535c6e98e4f43177c

SHA512
4cacf98272c072e020938c4519ed40ef73c82df7486c188e5dbf4be665b41c40577cf48d2a78db5c5d6ef4396bfd6b9c5de089f29c23af9e0b9b5a69b1678ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
7ccf1735ef45faa333860d78e480cb25

SHA1
523deff8845fd81a2e1d3dc8ac2906b5c2305670

SHA256
b1a5cb5df4f10c1d0ade21f1b97b9256bb873be77eb0de808ae507074f92a8c3

SHA512
e78d4614f9df42d5a342763a4aaec78a3cfe985bfcc399b39cde8a126c2529f7acf31975c32ee83561b75b3a779b396726bc7ac3fee745638b19229ba89f0e20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
331d449d5641c40dde23fe7a6da11afd

SHA1
6c66df14c5f7cc02b0cd4dcda5407572cbb2fc54

SHA256
3b46d3a2b6bd4e43fced142eaee30f088b241febb1c81c0e4a417c6c969c8382

SHA512
90a1ec491dd16cea6ebdfea831241e41675f847b2d41c364b0c323e8a4fd013b48163f1a54adf5e9e7ea398da15cfe0439834c1d69305e31049d19f9c0da390a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
758be76848f7b5756cfcd41a63d9e184

SHA1
8a564361645405da69dd6c5d828328f896fa2645

SHA256
2e85c7c036335257cc0b1613c71d7fc4e222fdd5cec46b11e58c4776816a1a55

SHA512
a0d5bb606b8458ac3e41b1d5a0eb38f7afb1cbe0b382912e114692cc4f3dd828d943d4c2fb61b7457d4a0309c648648732a5ee14505d0b74b7270856fd422351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
224876f96bf9b7e33d02fbd5f9726715

SHA1
811c85cdb95800ed533492208400d42c56b7a60f

SHA256
15652166e49d522c832f46919a9a3c55802b887a5eaae8efa8e8b1898c5c6979

SHA512
1851bd0df1b0942999153c72fdaf00004014e288861cd36e7784d94ef3b91f4550a10be7836e7568f776c42c461dc664538081aa846f2e3a3d91f31a44a19e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
cef7799fee96b93a7a639ac27992c87b

SHA1
dc06e22d1dd302efbfc87100403bef69275da9df

SHA256
22eb8badd02636ebe24b7e9b8429711f03da0f7a08d8e024d4f7f3f38a4eed57

SHA512
3d44ba3f114485770b2b1aabb112fba1a0e071b34c7d236f6213273fa152d3e9f02b0c60004d88f436721786b2485625a3a19b74887fb6d7fe6066fe7d1ef0ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
d19c249e01c48e0fc4ec0354a721a011

SHA1
e6e9ddcf25c7f5245257e8c434045f580f5f5f4b

SHA256
e74df1f4582983e48a9c4d803b09f4fdd97912ceb2175fb13dc69a5123cc0c93

SHA512
e52c47b40d720c1b0748dfbd0ee0ba6d749d815e0fc781f7412949cc528a583b6191a507d14e5b55f308838c5bab41bbb90ebfb6a0fb7955c72443c7d876fe74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ca54cb833eaf4735f8fff6f07737da1a

SHA1
b15ccf418a1b552b7f84559b1597d014c5d16ed8

SHA256
f388d72661dc03ff9a2daeb7e29f49d0cbff052a87630a4fb11e3d5061a51c3b

SHA512
08d5a76c9dc18f5d55804c7025caa095a7b9ce1755b7b243fb5093a862f498a2e789326cf4928d90c724933c37bc0a93560cdbbe324f9a4107ee4ab02f2047dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8ed652d1aff0d804b9ec776142db1f23

SHA1
141c7c87c348dca26a360caf41f72e456bcf06c4

SHA256
447e8fc7b50482689a8689784d1b1b7863b8760d59b259bceecdba686e3ee331

SHA512
67a2e3cab4f8070645f0cba7ff11686c6501550946d03bac813bc8533d9fdbd53a1f07ea4f86fcedaf125f9542467ee9d2b9d4353698a09eebf813cea16d6032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
fefce73ce93931165c65045d958c738f

SHA1
09d83d8f5cff06cebc4b15477dc7cbd4982e49c2

SHA256
4893be10a666e3bbfbfafb574b5834615580a56a1a5c4800167cf535b4a062d7

SHA512
a255b578eedebaca106c80e88462872fd0ef3b022b27c202e0b14e5fb5dd19df1661771f34883317486390f72983d08577546aec3faf433d95743630a579e019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
add8789503bfacbf3dc7bb4133a75214

SHA1
022a78f9098b001e328a45474483c90fbc89978b

SHA256
0dd51d2e0ab740d412d31795f52d5f8e2d4dd1655ab3f01e93d8f66c3bcd4c10

SHA512
242d93077d8964ef753cc0e4613428da4f9cbdc2874250a8200d111c06c31a58688450fae5e9aa787c9a627d1002ee08ac77e7abe4fdd5aea6d4aad59632701c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
383c43528656166589842bf6369468b4

SHA1
4da7dcb02a5d0beaedcee1997b2f9f0cf6a918b5

SHA256
950c689aab0171569e38c350d3a681ae36af9deec763ab36cec98ee248d1e36d

SHA512
97e026a9aa407c3a709c165f1d05ff2b58095e8134dfcff661df29ec2bcc662eca58b59c92dda009a6d9585f041efd6b71351f7f3ba171d8d38d20041cbf686b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
97f1e4522d4934eff0e851a244b83a69

SHA1
422a58df9b8f9eaae2505e83ee6df409a827bb9c

SHA256
b506488ede6aa2b5243f54b96a2bed3616e39db5d62dbe254eeb5dc7f649060e

SHA512
6a8f11efdeb4e80425b0a94a8328e11e3dc6a5684e1e556aad40c3c29456eae953d34a95fc4f3ee9c12f0a5edc070c19bafc5e0da57b5d3392089a28d8d5a5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b7526471c9d5a82270dfdc9c6ca3c509

SHA1
ea4af4d036baeb63620baf6b2fed0babe807db9f

SHA256
0da862c1fba9ccd1f5df08f8e625bbc8a7f1d40214dbac578948976559d6215c

SHA512
51dfab3c43fcb12e630e21f34b4e69d02f8abc850bf2e418908128c26a52232e71233c498549837d2fd65fffdf6dfec06d99ad8e797567c703594d9349fb41ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c521490ed512859393b956129c5f03bf

SHA1
f198d2d6e2786a73f3074ae6ba9048231632f1df

SHA256
8df580b5269e9e2425c842d9d12074fb4f5917c61013dc5a15132c74ba6804e3

SHA512
2c1de920aaa9d5d242f9c7af1ffcc23d6ab7aab60b835c4f1434f070448427a51471564b83a77ac19956917942417fdce4b0c719d22b5170294fc1f3672d4653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
cc36f647ede71e8edb8770b37ead23d7

SHA1
16cb3394ad14b6562b322ebfee64945b162299f0

SHA256
b422fdc5b3f8112f916b31dbccf4031813a80ed349f53ccd8f15f612ff3b849c

SHA512
4f0ae7e032e7cd452c6cd7d5daa0efef77511753b0acc212fe62396ba0d873a805eaa80b44f3360bad068dfc15e5e1482e6b01f412f8298d2e5681efced3f889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
eaf7f86960ea8187d589024b289c76a7

SHA1
b5cbbd36c5842f1648da58df3c5a41bea7aa3a0c

SHA256
db46ca46806bd32403c4739c8c988d61f6a94a68afedc689a6de65f054c6a4e4

SHA512
00907b637ea167149dec6a7daf39d78ab032be1d9ed9131588f2305d9845c61d11da30a99151c3b79d7208672d0aded4a16899a6b1391b7c540f8bc8ed38ac43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2f995602522deeb15e9b6ca7800f521a

SHA1
850de4d1452604cddb053cec77e2a96978bfc7d0

SHA256
c5692cb26bcd273f082643813ccc8c0dbfb4c0f73575bcbd41e602a428783651

SHA512
6294a9da7daf103888d5391b2640e283bf7eec8e8cebb6fdcc8187d46ea2e4daf0db64706197038ed416b19f33ca868b0ff8cef41ca1753f391b0a3257f5f904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a95c909ad6202360a8a52778886c4d9b

SHA1
49043e8bf30674095c0c5b793bb578b2591da6de

SHA256
0da366e046c226d93683bac48bd6ace1da9527337ab33c89bfdc29d40220c71a

SHA512
6325d1f7ecc464a320107e6bb5a6402654e82e50ff304e57193b761e17e10d87d45c65d8ff1ae5ad1ecaaaeed6ace196f9b3f5d97b694a3f343aeb7ce3bb909f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
0e5fa501d567b129ac06ac2a39f0a3bf

SHA1
f88383b87bb68b4bfb9169ef619177265cd22dd6

SHA256
34db69375cf3ea7ac387384e022b8d0c946d83428740cf2fa76ded0b82e2e2c8

SHA512
c2800b2d07ec61601fdd1c6b55154f3e3e485486c529dd5ba14b8d95c5d00f13045c500c931d3e5d6afbde6f80973768844000271c0ab7acadc194740e107546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
19a5fcf1c85d8a7ae88ee69a36e93cca

SHA1
4eceb23a0ec0c9bb79881b5b3fcd095dc7b5bb2f

SHA256
e5e08d4ab0ce7f16742a9b73a644dbc7c773cc51824c20beca1d0495f72a438c

SHA512
73a7d598d022adbe46b8445bb1ee40d67397674f6c2b2acd786577f16a86492d6e525c060ca570183deb79bc3f272220c159e791b00ba489847f50b7169f9150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8159e27cfff4bbce0da4d955d29fd600

SHA1
82cf968e8040a24d8719b690e7a396296b510633

SHA256
01a4313c1c175ffc9dc8d872823302a2431c4f8d3d074eb84619a9029d6aeeee

SHA512
4320c6dd35feaeb3c326c47cd1e8b20f09fc53d148cc1c050361f4f651cd258a02084bdb300dbef38dbff6587be30ba06b3791d09fba1f1658e5330b6362f99a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
d1c88119adc872e91b7b02eb3ca4738d

SHA1
77d2ed4b741326f0e4122a49638c8a011506867b

SHA256
c45e8732d38027f5310bfdbca85995f88283c6aa3f9d8be44186bf216fa511ba

SHA512
19f78f2944b1416efef5e21237584e57fc05a4ea1470c4af90d76ed0a6bbb30931c51f2deb6858d0b2330aca387383a578e3a6f6d634654882fb35c309150076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3daf4c9f00088a92ca52fab568ac7a18

SHA1
b1bb42782b7c07091b41949b390cb21b9b25e586

SHA256
10c6987ef36daa1ec2c5b205c8cd253ef00ac0d78b5061520dfd1abf5f6b53a2

SHA512
bd24da05e81125791d7875682befd832a2de1683a8337f06658e455d11a604f035e44b9a0b63f7fa5466092b23e07ea03d657e3702b2afee1748cad147c815a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
4fd898fb116ebeceb6652038b6953c35

SHA1
1f819e0b1646b1e729fede3648012d2d7110485a

SHA256
17693e9f60416325e4ed8cb549e7faf5d888e44e3db6ac53e6a83fe7b02c5602

SHA512
b90051cc2b784492712bc20910b6ecc1a9229fda461f425b2e2d0ac7ad6172681241a4d63938de3197d3fa330d8e5dbfafa4d7658b684ce069ab0a0580800116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9f2ec6adaf5e5ebc5fe73232a87f93f5

SHA1
4ca516e6f9f44ac5d07ed412e16fddc7d9293706

SHA256
89bef5e679ccbd1f5b168747ea444ae628635c4f0c6fe4abc22b87007b6373e4

SHA512
41a73ddd1910337aeb2a868bb3db349670bfd1dbb2a10072a3d20536733b236ab50deceed98f63cfb24782d8e8e171c0ddf46cdbaed295add364be4c6c57b3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5e332a2104f953051fd1ad56c8f78bd8

SHA1
450cf5af5dc79880b4c4929d8b324cbc51aa316b

SHA256
ce394f07a4903da38b38073319b63c049939cfba8061b28ba9e577e069c20999

SHA512
34344d21955fdb7850a4b7bf163df2ae5c6fae7549d65bde00be2dc235299e1da8ad1f66b7330feb9c855e3cabaeb495caaacc1ea8178f02072163b8d0ced9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
7c3c8dcbcab3238b0dbefd9530535fa8

SHA1
c18e5cfa8293da2bc64efd659cfe145703263b3a

SHA256
90a567fc1852e5627a318b454688084cf572a5e8f3cb546746b0ab2fc66839b8

SHA512
59085a368eeb319389427830c00ba549187d486b1bf2adb30679ba7fdde188f0e4044865c33c943e0ee8c4eb3e5d975c8e6ef5d2fdac8590409435246247efef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e9ea4c0b299c33a103d5a05662f6e6d8

SHA1
c338e490b6c4a8bf91f442ae074d9babd444133b

SHA256
48f07db007a45d7295988441f452645bad70f920f8730e335ff85b8b55918d54

SHA512
fd578999f0de374ed59c6c817ffe672bf75cc007e9e6ca1d99b3544e4bdab89a688d48b7379c9a19194cab7d48c5327e66dfa8309812ebbcf8166aac6a0d3880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
19b9819a314cbe6d49fe662bc0382733

SHA1
6628662f8da2a0a054930428cf3eb296f874b86e

SHA256
cbeab1fd7771db6dce6e58defe3d1d3d2a3874c35d8da384dbd6fdc417159284

SHA512
dd8b57af7386ae89a68d1c904930d3bc8be593f0c7206c984f53cb746647e7515a945c18034e06026d9869cb5129da69ce2ba0389c326d964d826f43e0791863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e1d74f3020d9b8905374badf3013e147

SHA1
5d6c83c27749778d5d9583aa82ab4081fe13eca9

SHA256
f4d8f9d6e7c193669df890ccf601cbe2251a9d4698e495c9e3af9440941edce1

SHA512
3281c903443ac579f30b62a900272c8c883ac42907fd8c39e46bcd06dcd895f7ae527b590dbcb64422f40cd10a52ebe7b0a68c4e9f28187afb6bfd9be4766ac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4ae59dc57588d980d7f8d88dec240d54

SHA1
645a6c49a2eaab6450fb25d9f7efdc8ef57463e9

SHA256
ecd2613e7efc3585ba053bedc50ba754d55307fc3d8db20a93418dba444ec41b

SHA512
ea30df818c965fddc3d5bca5224da24faf98ca09175cc5de505185ffaeda43c2bcf587beb5e1a702886b7239ada48c83d1e245dc19032b3b828bdcd42d241ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
82796ea1049449e15c2df04cf4d0782c

SHA1
0a8a6ebb70c85b63b97d4e9db505cc13cd98c6ed

SHA256
edbc796c03b2391a2d50817e88b3452a4b8a81ea680ee225c8cfa6236cc99876

SHA512
0a183bb1aea61fc93f06aaee61e732a0075f07f505fbecf526e6e93b3ff20d47f751f0c86dd16100e8fda17306ef862c81de6d5739c9d254e186139b44191772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
1ba64d4c370834138042cf1f3f1d6d06

SHA1
e0d47c2c9c490f669eeff2ab79d6df1e6766fda0

SHA256
33dfe02204b16081a16fbfbf506e24c455743872918feed87b5ea8e3fa3ded60

SHA512
ae28f925d8a9595dd35e1c06f7b09c83ac43921e8854d1f270b613ef7d92bc88c19ef72536bc1f094ad8e53c46140b3acc97aec2d785264b10cbff293be036aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
65ee6b58686800a49077eb4802f12cc3

SHA1
5b6e0be1ccc7851a78cab5905abb17e27cd54003

SHA256
c1a441347cff11f4c8fb060ad1c9abbbc25b33f889ade7a71396b3c8bf88673b

SHA512
b43e1668b1701ff37887e42e9fff4325c8c8361c64bf5be35bcf0683dca2ae025a3221bb8a8adfb70dce1e9470e84b6459049b5d6bbb03902aac6ebd9ff96de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
91ebb9bb5f675fe8fb7f44b87e109378

SHA1
4ada9208cab3a75e5de72b3500901263f40f3fc6

SHA256
7e38743f68eea82f88a04b6a0a27430f8c1cad626eb856d6b664c90d122fa711

SHA512
7e7c5f15cd48f4f6278b23bd512e15ffb8f9b8edd3402ea3953e77f4c3a069361eb729d98c1fc800f5862e02c37773fa00db6d0f649d301affd0fc2db975ef99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8f33a3e11187c1eb710466d3c0415817

SHA1
51ad8ba48810934622007fe796f05343a68ec39e

SHA256
bf9ec719d2b2b4d010d2ee7ed031cb092709ef41c3df8b6411e608a5c2ba4309

SHA512
bdc70e212a8319b624c27a0bcba2b7402e4b2270dfdd44358db2e10970f34c0af92d86426046f78017503752836a9c6a34c3d69861b4ee3d724b63d8b7d3a992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
08ca3af5899351da70c7f448ea54cc59

SHA1
108323435a2dff7da0a1a6a038c832a6d17d34f2

SHA256
3dab0d726bfcac55c1af24407b1a74273b3bdae765e6cc069d30f0ce517a128a

SHA512
af95ea2bac66a23238cbefa3d89c2e9b951e778e6876cb850b6c02c9b67f5162e527227456ffb8d3efd930400f6428419e8280cf9d8184598067cf0473c8b6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e0a5f0642cec4879ebf87024bce2f57a

SHA1
9bda1bc7271e22c1aa68c3dc73e5b23fd0b81633

SHA256
a4661826f706810f6cc5843e533dda20b1953010cf2342a02074b6245025414f

SHA512
60eb9647b0144c12f52069818f319f8dc25aa7c2cb69adaea07441c28a3e2b26183d1071e6084f0c3c83a8e97a789ce6bef7272cd0a32e9d36120e2b5ccbf0f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58117f.TMP

Filesize
1KB

MD5
e767ce29f1e905150162719d425a2645

SHA1
f517d70dba8b65557a3e8cb089312a0f626787e5

SHA256
5761060c10a9c5fd032694410a8e904afc82d20b2e3ed5c097cb634f284d9801

SHA512
cef8ddca7f023a58b52bce02641f4d6854be8e1d3148c9c46a8d2516535b21936cefb4520518be329658bc29aca9f356d982fca8aa75344841bc5918a7a7fb83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\af3266c6-2d5d-40aa-ada7-e16d7123ce73.tmp

Filesize
5KB

MD5
5273fea037ebcc7a8646bedbf216b918

SHA1
c646096114972bd422fd0001b2f5cb77ac90fe98

SHA256
3d146c12bd1ab03c0c0744c479512d24a1ea125a56bdce4d1fd0f2498e8d0545

SHA512
39dac75abf0d989409252013f47b23b8c84b03a0d2cec0a21513b2e149c02f61516a26cf48e96ea2410ecce4c0dfabac6900c14a991f8c7d46405dd8990fe4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d44a367e93c11c3699d49874dac5e82

SHA1
bcc9623232622644ddd456b39b422b0fa2dc4811

SHA256
86dcf20524396dd0e0d957c08e03742dabcc3a98d989b83d4aec6be3939f3ec9

SHA512
f016a31559241063dc622155053f4ab382550da029d7f9f79e9059ae5fd4e3c30265f11ae6628e16578da602a339c98c390bc88012beca58326fc52500b3f654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c89c937bf46a82be7c8cd4f31cde6085

SHA1
63b735fc9d7ebb034bffa34ca2cd13b61cc4d672

SHA256
ce4e3ca409ac7159000b427bfdd14c5c629276000a6ce48187de7b7fa274a43d

SHA512
82c95a9cceec1eefb6bc291f27c5fe6a0b02cd957052dc5b4390487dc7b1be7192ad78fb8404960b62c177ce467613419fa19af3566e231e34ddb8741b688aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
34a6b82807afc1840d0e72acb4979881

SHA1
0e0bead7a043245711a7f99269219ce2cdde5ab9

SHA256
d074e92c3facfde132e4c104e60d6410f84cc785502af3fd627760ccad039043

SHA512
14ae73addbbbef40e3bb51203aaeb18111806dde049c9776414b69eafac3864e7f9cff893c268225f334e1ee9f6093706c7732adb06c5d5e74d63dc0e6829df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b5bdb1af9c6c83e743ad1275120484a

SHA1
ad0ef237946dd682bc6ad513922af1d659a9e559

SHA256
875e6e139124ec97e864d323569b14b2f9d1ebce49010c5a36dff80b1b690ece

SHA512
649d33985e2297c08764ca303518623de0616a1da0ad980c7c1060690360f0763a3078e7afa4a20f21ab2dfaf297f066a394ee69b49f78a808378c9c090007ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6036ee7646c6d996b65db32c8cbd811e

SHA1
71895b2849329bdeaff0cddeb2a1ad9fe25cabd4

SHA256
f2222c3dc81885b4d524bdcbe9db2034347cecc3d55d97dc137befd00d9ad6e8

SHA512
02b68db679579ae2e103e7ee8853955a31ed21182d0ac6f4c5dd19ddb7112b0fc61b9b261f3503ece975062fb1996fd0d037ccbee45757769ac459482b6659fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aec59eb95cd007a47bbd07e5ee814297

SHA1
1729967d19b25eaa1709d795e3de22f83fff592f

SHA256
e33e663012d169100e253eda2fc792e352191922830383ecf79dd9f35ff7632c

SHA512
92b77e6f8365674af0793b04d681d874f34d56a4cc2991e4baa8850176f3ed4d16c57a4c2715031c9a5adef018fb329c3ec4550b36c76d9abf1e513df027c98f

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\576e1c153e9a4c8db9cb845a7679bfcc

Filesize
5.9MB

MD5
576e1c153e9a4c8db9cb845a7679bfcc

SHA1
7fa5235289c1eb038774cdcf30be21cb72771201

SHA256
da54941bc273cb5ea3c50a3df7983f6560114d0e9f6fe196a2077e3810f561dd

SHA512
a4d956c4c860ba9b652647c4fd94ba0a617d1ec3436a8fe267292d36b38805acc4f484aa65e9c45e20c10536365a13645d25acbdc4c23e7506829a6f603820af

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 470707.crdownload

Filesize
5.5MB

MD5
3191d6165056c1d4283c23bc0b6a0785

SHA1
d072084d2cac90facdf6ee9363c71a79ff001016

SHA256
cbd127eca5601ef7b8f7bec72e73cf7ae1386696c68af83a252c947559513791

SHA512
ac0fa1c6e8192395ec54f301bc9294c2a13cb50698d79d1ca32db9d4deb4852e7607032733d721bc5c9fd8d1ce5610dd73b30b66e0302141377f263a3b7fa0f3

Download Submit
C:\Users\Admin\Downloads\onefile_756_133675730049968022.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
103e05f43af77de1dcbac1145fcfec8d

SHA1
1adbe0a10a3bd8ae197551aab9146592bf4df8d0

SHA256
97825cef0b8b6a23ad6f5db4f8acd676ae64e9f543fd6f62553807a9ef40914d

SHA512
8a172c4ed0ad1331f26de7a5cd5890401ca9d15845d57bcb3fab2431da2d89b6c4ec16cd189ea7b50daf910c2f841fb5b43912469c74dd5e979183473109d745

Download Submit
memory/1176-2006-0x0000000072EC0000-0x00000000730D0000-memory.dmp

Filesize
2.1MB

Download
memory/1176-2148-0x0000000000280000-0x00000000002B5000-memory.dmp

Filesize
212KB

Download
memory/1176-1953-0x0000000072EC0000-0x00000000730D0000-memory.dmp

Filesize
2.1MB

Download
memory/1176-1952-0x0000000000280000-0x00000000002B5000-memory.dmp

Filesize
212KB

Download
memory/1296-2188-0x00007FFA09220000-0x00007FFA0922D000-memory.dmp

Filesize
52KB

Download
memory/1296-2174-0x00007FFA075F0000-0x00007FFA07600000-memory.dmp

Filesize
64KB

Download
memory/1296-2186-0x00007FFA091E0000-0x00007FFA091F0000-memory.dmp

Filesize
64KB

Download
memory/1296-2185-0x00007FFA091E0000-0x00007FFA091F0000-memory.dmp

Filesize
64KB

Download
memory/1296-2184-0x00007FFA09170000-0x00007FFA09180000-memory.dmp

Filesize
64KB

Download
memory/1296-2165-0x00007FFA08FE0000-0x00007FFA08FF0000-memory.dmp

Filesize
64KB

Download
memory/1296-2183-0x00007FFA09170000-0x00007FFA09180000-memory.dmp

Filesize
64KB

Download
memory/1296-2189-0x00007FFA09220000-0x00007FFA0922D000-memory.dmp

Filesize
52KB

Download
memory/1296-2190-0x00007FFA09220000-0x00007FFA0922D000-memory.dmp

Filesize
52KB

Download
memory/1296-2192-0x00007FFA095F0000-0x00007FFA09600000-memory.dmp

Filesize
64KB

Download
memory/1296-2193-0x00007FFA095F0000-0x00007FFA09600000-memory.dmp

Filesize
64KB

Download
memory/1296-2195-0x00007FFA09610000-0x00007FFA09619000-memory.dmp

Filesize
36KB

Download
memory/1296-2191-0x00007FFA09220000-0x00007FFA0922D000-memory.dmp

Filesize
52KB

Download
memory/1296-2194-0x00007FFA095F0000-0x00007FFA09600000-memory.dmp

Filesize
64KB

Download
memory/1296-2182-0x00007FFA07930000-0x00007FFA07940000-memory.dmp

Filesize
64KB

Download
memory/1296-2181-0x00007FFA07930000-0x00007FFA07940000-memory.dmp

Filesize
64KB

Download
memory/1296-2163-0x00007FFA08F50000-0x00007FFA08F60000-memory.dmp

Filesize
64KB

Download
memory/1296-2180-0x00007FFA07930000-0x00007FFA07940000-memory.dmp

Filesize
64KB

Download
memory/1296-2158-0x00007FFA09DD0000-0x00007FFA09E00000-memory.dmp

Filesize
192KB

Download
memory/1296-2173-0x00007FFA075F0000-0x00007FFA07600000-memory.dmp

Filesize
64KB

Download
memory/1296-2164-0x00007FFA08F50000-0x00007FFA08F60000-memory.dmp

Filesize
64KB

Download
memory/1296-2187-0x00007FFA09220000-0x00007FFA0922D000-memory.dmp

Filesize
52KB

Download
memory/1296-2162-0x00007FFA09E60000-0x00007FFA09E69000-memory.dmp

Filesize
36KB

Download
memory/1296-2175-0x00007FFA07760000-0x00007FFA07770000-memory.dmp

Filesize
64KB

Download
memory/1296-2176-0x00007FFA07760000-0x00007FFA07770000-memory.dmp

Filesize
64KB

Download
memory/1296-2161-0x00007FFA09DD0000-0x00007FFA09E00000-memory.dmp

Filesize
192KB

Download
memory/1296-2160-0x00007FFA09DD0000-0x00007FFA09E00000-memory.dmp

Filesize
192KB

Download
memory/1296-2159-0x00007FFA09DD0000-0x00007FFA09E00000-memory.dmp

Filesize
192KB

Download
memory/1296-2177-0x00007FFA07910000-0x00007FFA07920000-memory.dmp

Filesize
64KB

Download
memory/1296-2157-0x00007FFA09DD0000-0x00007FFA09E00000-memory.dmp

Filesize
192KB

Download
memory/1296-2156-0x00007FFA09D80000-0x00007FFA09D90000-memory.dmp

Filesize
64KB

Download
memory/1296-2155-0x00007FFA09D80000-0x00007FFA09D90000-memory.dmp

Filesize
64KB

Download
memory/1296-2154-0x00007FFA09C60000-0x00007FFA09C70000-memory.dmp

Filesize
64KB

Download
memory/1296-2178-0x00007FFA07910000-0x00007FFA07920000-memory.dmp

Filesize
64KB

Download
memory/1296-2153-0x00007FFA09C60000-0x00007FFA09C70000-memory.dmp

Filesize
64KB

Download
memory/1296-2172-0x00007FFA090F0000-0x00007FFA090FC000-memory.dmp

Filesize
48KB

Download
memory/1296-2179-0x00007FFA07910000-0x00007FFA07920000-memory.dmp

Filesize
64KB

Download
memory/1296-2171-0x00007FFA09000000-0x00007FFA09020000-memory.dmp

Filesize
128KB

Download
memory/1296-2170-0x00007FFA09000000-0x00007FFA09020000-memory.dmp

Filesize
128KB

Download
memory/1296-2169-0x00007FFA09000000-0x00007FFA09020000-memory.dmp

Filesize
128KB

Download
memory/1296-2168-0x00007FFA09000000-0x00007FFA09020000-memory.dmp

Filesize
128KB

Download
memory/1296-2167-0x00007FFA09000000-0x00007FFA09020000-memory.dmp

Filesize
128KB

Download
memory/1296-2166-0x00007FFA08FE0000-0x00007FFA08FF0000-memory.dmp

Filesize
64KB

Download