70dabd28c39071fb7ec71ef07a604d8a7388af14a23f1ed7a14868986fb2d70d

Resubmissions

25/08/2024, 17:50

240825-weqzgsyalk 8

25/08/2024, 17:48

240825-wdevtsxhqm 3

10/08/2024, 06:26

240810-g7f8estbkh 9

Analysis

max time kernel
1048s
max time network
1055s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
10/08/2024, 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SG9uZXlwb3Q.exe
Size

1.9MB
MD5

4068c0803b559c904b34b910d8d9ef86
SHA1

e2cc27330b08ccf77a2affb4d60866d8fc3e3f9b
SHA256

70dabd28c39071fb7ec71ef07a604d8a7388af14a23f1ed7a14868986fb2d70d
SHA512

87d9907a284202b0cf3383810593ed66775fd695aa43793a185e1e23ce611336e9936b27a4b387b36a47c8659c75d4a217a7f2d4498b1e42170d0109292825c7
SSDEEP

24576:Y5lYe0j3Z6o2GEr8RgE9QRhAmnjtVLFFAVWtOwjV3SFDFnN65qsyHiPOMXB8sN/w:REoTgYyU1zaCXDXFWGebMYZzCvpp

Score

9^/10

credential_access defense_evasion discovery evasion persistence privilege_escalation stealer trojan

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 35 IoCs

pid	Process
2436	RobloxPlayerInstaller.exe
4776	MicrosoftEdgeWebview2Setup.exe
2272	MicrosoftEdgeUpdate.exe
4044	MicrosoftEdgeUpdate.exe
380	MicrosoftEdgeUpdate.exe
2208	MicrosoftEdgeUpdateComRegisterShell64.exe
3156	MicrosoftEdgeUpdateComRegisterShell64.exe
964	MicrosoftEdgeUpdateComRegisterShell64.exe
708	MicrosoftEdgeUpdate.exe
1352	MicrosoftEdgeUpdate.exe
4928	MicrosoftEdgeUpdate.exe
4976	MicrosoftEdgeUpdate.exe
5248	MicrosoftEdge_X64_127.0.2651.98.exe
3684	setup.exe
5164	setup.exe
4836	MicrosoftEdgeUpdate.exe
5600	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2732	MicrosoftEdgeUpdate.exe
5304	RobloxPlayerBeta.exe
1620	MicrosoftEdgeUpdate.exe
5900	MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
6040	MicrosoftEdgeUpdate.exe
3624	MicrosoftEdgeUpdate.exe
6028	MicrosoftEdgeUpdate.exe
5872	MicrosoftEdgeUpdate.exe
1016	MicrosoftEdgeUpdateComRegisterShell64.exe
4740	MicrosoftEdgeUpdateComRegisterShell64.exe
3548	MicrosoftEdgeUpdateComRegisterShell64.exe
5444	MicrosoftEdgeUpdate.exe
1924	RobloxPlayerBeta.exe
4272	MicrosoftEdgeUpdate.exe
2028	MicrosoftEdgeUpdate.exe
4800	MicrosoftEdgeUpdate.exe
5456	MicrosoftEdgeUpdate.exe

Loads dropped DLL 34 IoCs

pid	Process
2272	MicrosoftEdgeUpdate.exe
4044	MicrosoftEdgeUpdate.exe
380	MicrosoftEdgeUpdate.exe
2208	MicrosoftEdgeUpdateComRegisterShell64.exe
380	MicrosoftEdgeUpdate.exe
3156	MicrosoftEdgeUpdateComRegisterShell64.exe
380	MicrosoftEdgeUpdate.exe
964	MicrosoftEdgeUpdateComRegisterShell64.exe
380	MicrosoftEdgeUpdate.exe
708	MicrosoftEdgeUpdate.exe
1352	MicrosoftEdgeUpdate.exe
4928	MicrosoftEdgeUpdate.exe
4928	MicrosoftEdgeUpdate.exe
1352	MicrosoftEdgeUpdate.exe
4976	MicrosoftEdgeUpdate.exe
4836	MicrosoftEdgeUpdate.exe
5600	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2732	MicrosoftEdgeUpdate.exe
5304	RobloxPlayerBeta.exe
1620	MicrosoftEdgeUpdate.exe
1620	MicrosoftEdgeUpdate.exe
2732	MicrosoftEdgeUpdate.exe
6040	MicrosoftEdgeUpdate.exe
3624	MicrosoftEdgeUpdate.exe
1016	MicrosoftEdgeUpdateComRegisterShell64.exe
5872	MicrosoftEdgeUpdate.exe
4740	MicrosoftEdgeUpdateComRegisterShell64.exe
5872	MicrosoftEdgeUpdate.exe
3548	MicrosoftEdgeUpdateComRegisterShell64.exe
5872	MicrosoftEdgeUpdate.exe
1924	RobloxPlayerBeta.exe
2028	MicrosoftEdgeUpdate.exe
4272	MicrosoftEdgeUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 22 IoCs

Web Service

T1102

flow	ioc
582	discord.com
508	discord.com
511	discord.com
557	discord.com
574	discord.com
575	discord.com
593	discord.com
419	discord.com
422	discord.com
469	discord.com
477	discord.com
565	discord.com
573	discord.com
416	discord.com
478	discord.com
505	discord.com
510	discord.com
576	discord.com
420	discord.com
475	discord.com
476	discord.com
542	discord.com

Checks system information in the registry 2 TTPs 24 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache	MicrosoftEdgeUpdate.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	MicrosoftEdgeUpdate.exe

Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs

pid	Process
5600	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
1924	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
5600	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
1924	RobloxPlayerBeta.exe
1924	RobloxPlayerBeta.exe
1924	RobloxPlayerBeta.exe
1924	RobloxPlayerBeta.exe
1924	RobloxPlayerBeta.exe
1924	RobloxPlayerBeta.exe
1924	RobloxPlayerBeta.exe
1924	RobloxPlayerBeta.exe
1924	RobloxPlayerBeta.exe
1924	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\MicrosoftEdgeUpdateOnDemand.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\configs\DateTimeLocaleConfigs\es-mx.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\MaterialGenerator\Materials\CorrodedMetal.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\TerrainTools\mtrl_ground.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\XboxController\ButtonY.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\TextureViewer\replace.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\New\Blank.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_id.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\AssetConfig\listview.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\TagEditor\Close.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\scroll-middle.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\PlatformContent\pc\textures\plastic\normal.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ControlsEmulator\XBox_Dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\RoactStudioWidgets\icon_tick.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\Tabs\Inventory.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\RoactStudioWidgets\checkbox_square.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\category\ic-top rated.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\DevConsole\Search.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VirtualCursor\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Locales\gl.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_2x_18.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\MicLight\Unmuted60.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\fonts\TitilliumWeb-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\gradient.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AnimationEditor\Circle.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\Debugger\debugger_arrow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUD4C9.tmp\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\avatar\scripts\humanoidAnimateR15Moods.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\localizationImport.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AnimationEditor\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\LuaApp\icons\GameDetails\social\Discord_large.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Locales\az.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Locales\sr-Cyrl-BA.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Locales\ur.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Locales\lt.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\icon_ROBUX.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\ScrollBarTop.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\models\DataModelPatch\DataModelPatch.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\AssetPreview\Pending.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\msedgewebview2.exe	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\TerrainTools\mtrl_air.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\AnimationEditor\image_keyframe_bounce_selected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\CollisionGroupsEditor\rename.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioSharedUI\import.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Locales\gd.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Trust Protection Lists\Sigma\Staging	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\configs\DateTimeLocaleConfigs\it-it.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\fonts\families\Creepster.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Chat\ChatDownFlip.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\Controls\XboxController\Thumbstick1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\StudioToolbox\AssetPreview\preview.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\identity_helper.exe	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\msedgeupdate.dll	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\content\avatar\defaultDynamicHeadV2.rbxm	RobloxPlayerInstaller.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\SG9uZXlwb3Q.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5456	MicrosoftEdgeUpdate.exe
708	MicrosoftEdgeUpdate.exe
4976	MicrosoftEdgeUpdate.exe
4836	MicrosoftEdgeUpdate.exe
6040	MicrosoftEdgeUpdate.exe
5444	MicrosoftEdgeUpdate.exe
4800	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CurVer	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\CLSID\ = "{E421557C-0628-43FB-BF2B-7C9F8A4D067C}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0E8770A1-043A-4818-BB5C-41862B93EEFF}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.15\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CurVer\ = "MicrosoftEdgeUpdate.Update3WebMachine.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ELEVATION	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.15\\psmachine.dll"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0E8770A1-043A-4818-BB5C-41862B93EEFF}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.15\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CLSID\ = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass.1\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3COMClassService.1.0\ = "Update3COMClass"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\ = "PSFactoryBuffer"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}	MicrosoftEdgeUpdate.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\SG9uZXlwb3Q.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe
1456	SG9uZXlwb3Q.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeDebugPrivilege	1312	firefox.exe
Token: SeDebugPrivilege	1312	firefox.exe
Token: SeDebugPrivilege	1312	firefox.exe
Token: SeDebugPrivilege	1312	firefox.exe
Token: SeDebugPrivilege	1312	firefox.exe
Token: SeDebugPrivilege	2436	RobloxPlayerInstaller.exe
Token: SeDebugPrivilege	2436	RobloxPlayerInstaller.exe
Token: SeDebugPrivilege	2436	RobloxPlayerInstaller.exe
Token: SeDebugPrivilege	2436	RobloxPlayerInstaller.exe
Token: SeDebugPrivilege	2436	RobloxPlayerInstaller.exe
Token: SeDebugPrivilege	2436	RobloxPlayerInstaller.exe
Token: SeDebugPrivilege	2272	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	1312	firefox.exe
Token: 33	5780	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5780	AUDIODG.EXE
Token: SeDebugPrivilege	1312	firefox.exe
Token: SeDebugPrivilege	2272	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	2436	RobloxPlayerInstaller.exe
Token: SeDebugPrivilege	2436	RobloxPlayerInstaller.exe
Token: SeDebugPrivilege	2436	RobloxPlayerInstaller.exe
Token: SeDebugPrivilege	2436	RobloxPlayerInstaller.exe
Token: SeDebugPrivilege	1312	firefox.exe
Token: SeDebugPrivilege	2732	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	1620	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	3624	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	1312	firefox.exe
Token: SeDebugPrivilege	1312	firefox.exe
Token: SeDebugPrivilege	1312	firefox.exe
Token: SeDebugPrivilege	4272	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	2028	MicrosoftEdgeUpdate.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe
1312	firefox.exe

Suspicious use of UnmapMainImage 4 IoCs

pid	Process
5600	RobloxPlayerBeta.exe
2568	RobloxPlayerBeta.exe
5304	RobloxPlayerBeta.exe
1924	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3832 wrote to memory of 1312	3832	firefox.exe	76
PID 3832 wrote to memory of 1312	3832	firefox.exe	76
PID 3832 wrote to memory of 1312	3832	firefox.exe	76
PID 3832 wrote to memory of 1312	3832	firefox.exe	76
PID 3832 wrote to memory of 1312	3832	firefox.exe	76
PID 3832 wrote to memory of 1312	3832	firefox.exe	76
PID 3832 wrote to memory of 1312	3832	firefox.exe	76
PID 3832 wrote to memory of 1312	3832	firefox.exe	76
PID 3832 wrote to memory of 1312	3832	firefox.exe	76
PID 3832 wrote to memory of 1312	3832	firefox.exe	76
PID 3832 wrote to memory of 1312	3832	firefox.exe	76
PID 1312 wrote to memory of 3888	1312	firefox.exe	77
PID 1312 wrote to memory of 3888	1312	firefox.exe	77
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 4452	1312	firefox.exe	78
PID 1312 wrote to memory of 1768	1312	firefox.exe	79
PID 1312 wrote to memory of 1768	1312	firefox.exe	79
PID 1312 wrote to memory of 1768	1312	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\SG9uZXlwb3Q.exe
"C:\Users\Admin\AppData\Local\Temp\SG9uZXlwb3Q.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1456

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL inetcpl.cpl,,1
1⤵
PID:4420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3832
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.0.1912563817\1094768959" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1700 -prefsLen 20767 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d88bfde-6f04-42ef-9fad-8cc6376b66f0} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 1796 1d91fbf4658 gpu
    3⤵
    PID:3888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.1.565035261\739730392" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20848 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac0462db-5127-47c5-8456-30b52dc57102} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 2152 1d91496f858 socket
    3⤵
    PID:4452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.2.869136502\1025434070" -childID 1 -isForBrowser -prefsHandle 2616 -prefMapHandle 2928 -prefsLen 20886 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c14c66aa-f2c1-4206-a457-0c84535d82e8} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 2768 1d91fb65158 tab
    3⤵
    PID:1768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.3.175327380\1485854724" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5f56586-7514-45d4-9b3a-b7f1c000e7ff} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 3536 1d914962b58 tab
    3⤵
    PID:5052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.4.541254949\99963847" -childID 3 -isForBrowser -prefsHandle 4172 -prefMapHandle 4160 -prefsLen 26271 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe8d488f-e24f-45f4-bb17-edda60431f64} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 4180 1d925224758 tab
    3⤵
    PID:2896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.5.343811161\133673471" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4876 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {709f1edf-6a24-46ea-954c-a6536088561c} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 4888 1d922d7fe58 tab
    3⤵
    PID:4528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.6.1678863319\612396139" -childID 5 -isForBrowser -prefsHandle 5024 -prefMapHandle 4816 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ab5b139-452a-4ec9-b44a-c79a92568c08} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 5064 1d922d81958 tab
    3⤵
    PID:4960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.7.1174346973\557081893" -childID 6 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7df62711-cd56-499e-992a-ddfd37572222} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 5216 1d922d81058 tab
    3⤵
    PID:2128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.8.514108749\1151911669" -childID 7 -isForBrowser -prefsHandle 5772 -prefMapHandle 5576 -prefsLen 26433 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40a96d90-2c22-4a4a-8ba3-2bdede982614} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 5532 1d91fd21e58 tab
    3⤵
    PID:1016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.9.1925349168\1150520320" -parentBuildID 20221007134813 -prefsHandle 4336 -prefMapHandle 4804 -prefsLen 27564 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3b0ddb5-65dc-436a-82a0-d09a932b54ad} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 4788 1d9268cd558 rdd
    3⤵
    PID:2372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.10.922472509\1457123991" -childID 8 -isForBrowser -prefsHandle 2616 -prefMapHandle 3308 -prefsLen 27564 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {801c6fe0-c726-49ac-a031-625de249f284} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 6136 1d926cba458 tab
    3⤵
    PID:2380
- - C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
    "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    - Modifies Internet Explorer settings
    - Suspicious use of AdjustPrivilegeToken
    PID:2436
  - - C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
      MicrosoftEdgeWebview2Setup.exe /silent /install
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      PID:4776
    - - C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
        5⤵
        Event Triggered Execution: Image File Execution Options Injection
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2272
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4044
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:380
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2208
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3156
        
        C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:964
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkZDODBFODctOEVEQy00MjM2LTkxOUEtNzdEOTJGNDU5NDIxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBOEJBQkZGMS02ODJDLTRBODAtQTA4MC1GRkQwNTEyOTNFM0J9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjczOTAwMjY1MzEiIGluc3RhbGxfdGltZV9tcz0iMjA0MSIvPjwvYXBwPjwvcmVxdWVzdD4
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:708
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{2FC80E87-8EDC-4236-919A-77D92F459421}" /silent
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1352
  - - C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe
      "C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe" -app -isInstallerLaunch -clientLaunchTimeEpochMs 0
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of NtCreateThreadExHideFromDebugger
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious use of UnmapMainImage
      PID:5600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.11.1219688447\775693482" -childID 9 -isForBrowser -prefsHandle 9248 -prefMapHandle 9268 -prefsLen 27613 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {708d49c7-1e35-454d-b702-8a0174056252} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 9244 1d922d82258 tab
    3⤵
    PID:5252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.12.1288981615\1984347309" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9004 -prefMapHandle 9008 -prefsLen 27613 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {75c3d346-ea69-45a1-b6b0-d91423d3ea60} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 8996 1d927f4ee58 utility
    3⤵
    PID:5296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.13.1343770541\597660767" -childID 10 -isForBrowser -prefsHandle 8728 -prefMapHandle 2644 -prefsLen 27622 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f651936e-f1ec-4054-9712-7fb8f5f4d253} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 10176 1d9258b3958 tab
    3⤵
    PID:5440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.14.858063034\895637354" -childID 11 -isForBrowser -prefsHandle 4472 -prefMapHandle 3528 -prefsLen 27622 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be86238b-79c0-4347-94a6-980e6a7ae309} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 10176 1d91496ca58 tab
    3⤵
    PID:5928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.15.462803662\133127890" -childID 12 -isForBrowser -prefsHandle 9176 -prefMapHandle 8588 -prefsLen 27622 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af9f5d3d-3b4b-4993-9bda-7a93153c5be9} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 9852 1d929a82558 tab
    3⤵
    PID:1172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.16.391089862\1096651840" -childID 13 -isForBrowser -prefsHandle 5892 -prefMapHandle 5860 -prefsLen 27622 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98a5e4f6-6998-4b86-947d-37d3831ebc10} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 8212 1d91496a858 tab
    3⤵
    PID:5132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.17.2059340645\1301147920" -childID 14 -isForBrowser -prefsHandle 3744 -prefMapHandle 5368 -prefsLen 27640 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3bd2d47-eeb2-45cb-bc9d-c442f837177a} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 9344 1d926cb9b58 tab
    3⤵
    PID:5356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.18.901351705\1533809124" -childID 15 -isForBrowser -prefsHandle 8712 -prefMapHandle 5356 -prefsLen 27640 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fa5cd14-84f1-4131-84d3-d07f7da94bbb} 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 8860 1d925596e58 tab
    3⤵
    PID:5596

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4484

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4928
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkZDODBFODctOEVEQy00MjM2LTkxOUEtNzdEOTJGNDU5NDIxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2RUQ1QTM0OC1GMjBBLTQzNEQtOTJCNC04QjcyODQ4QzFBNUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Mzk4OTE1MDg1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:4976
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D2B8C6BB-D3A6-4E0B-B753-B991BBCAFD3B}\MicrosoftEdge_X64_127.0.2651.98.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D2B8C6BB-D3A6-4E0B-B753-B991BBCAFD3B}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:5248
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D2B8C6BB-D3A6-4E0B-B753-B991BBCAFD3B}\EDGEMITMP_180CB.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D2B8C6BB-D3A6-4E0B-B753-B991BBCAFD3B}\EDGEMITMP_180CB.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D2B8C6BB-D3A6-4E0B-B753-B991BBCAFD3B}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:3684
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D2B8C6BB-D3A6-4E0B-B753-B991BBCAFD3B}\EDGEMITMP_180CB.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D2B8C6BB-D3A6-4E0B-B753-B991BBCAFD3B}\EDGEMITMP_180CB.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D2B8C6BB-D3A6-4E0B-B753-B991BBCAFD3B}\EDGEMITMP_180CB.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.98 --initial-client-data=0x210,0x214,0x218,0x1ec,0x21c,0x7ff76378b7d0,0x7ff76378b7dc,0x7ff76378b7e8
      4⤵
      Executes dropped EXE
      PID:5164
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkZDODBFODctOEVEQy00MjM2LTkxOUEtNzdEOTJGNDU5NDIxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2NDREQzk4Ny0yNDlBLTQ2M0YtODFCQy04MkZBQ0U3RTExQUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI3LjAuMjY1MS45OCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzQ0Nzk1NzE2NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0NDgwMzY4OTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NzAyOTg3OTQ3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81MjlhNDFjZC01YzBjLTRjZDAtODA2MS1iNzFmZWFhOGEzMzY_UDE9MTcyMzg3NjI2NyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1FSlRrUWdGY3hOQmN6dE9iOTRDQW5jc1lvSnR5bWRldWNNMlJtZkFOTEc4RzRXJTJiZm03SlpIOGg0UHI4NnpBRWIwOHA1OUpuSldFZVJDM29XWlZtTlN3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyNjA2NDA4IiB0b3RhbD0iMTcyNjA2NDA4IiBkb3dubG9hZF90aW1lX21zPSIxMTE3NzgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NzAzMzMzMDI2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODc0NTEwNDA0MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTU2MTE4NjE3NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjkwNyIgZG93bmxvYWRfdGltZV9tcz0iMTI1NTIyIiBkb3dubG9hZGVkPSIxNzI2MDY0MDgiIHRvdGFsPSIxNzI2MDY0MDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjgxNjAzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:4836

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2b4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5780

C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:2568

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2732

C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:5304

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1620
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A36BF8F8-FE60-4C05-808E-09B04F47348E}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A36BF8F8-FE60-4C05-808E-09B04F47348E}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe" /update /sessionid "{7707ED88-5BF2-4492-A80F-339092218A66}"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5900
- - C:\Program Files (x86)\Microsoft\Temp\EUD4C9.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUD4C9.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{7707ED88-5BF2-4492-A80F-339092218A66}"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:3624
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:6028
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5872
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1016
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4740
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3548
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzcwN0VEODgtNUJGMi00NDkyLUE4MEYtMzM5MDkyMjE4QTY2fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7OTI5MjA0RTUtREU4MC00MjQyLUJGNDYtRERDMjJBODE2M0MwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjE1IiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY0MjYiIGluc3RhbGxkYXRldGltZT0iMTcyMzI3MTQ1OCI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA4Nzg1ODUyMTAiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Checks system information in the registry
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      Modifies data under HKEY_USERS
      PID:5444
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzcwN0VEODgtNUJGMi00NDkyLUE4MEYtMzM5MDkyMjE4QTY2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBREJDQkYzNi0yRDlELTQ1QTAtQTczNi0wNzk2MjQxMDBFQTR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2NzgwODA1NjgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA2NzgyMzA2MzciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA4MDkyMDY1MzIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyM2ZhN2Y3LTQ0NDUtNDEzNy04MmVjLTcxNTI4OTQ5MTgyYT9QMT0xNzIzODc2NTkwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWtiQ3Z1d1RnRDliMWxwa0xOOWNSRVFmTHFXVXVyTmliTWp6WWo1MkxKblVkU0Q3Zk44aXZYbEkwM2d2QkZ4Q2gzVmxCVDFsdU5qbnVWSDBkVWU2MnRRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTY0NTExMiIgdG90YWw9IjE2NDUxMTIiIGRvd25sb2FkX3RpbWVfbXM9IjEyODU5Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODA5MjA2NTMyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODE0ODc5NTU1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjcuMC4yNjUxLjk4IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2NDI2Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7MUFFQUZBRTgtQkMxNi00MDMxLTlEREMtMjQ5NUNGMTBGMkY0fSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:6040

C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:1924

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4272

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2028
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUNEQUYzRkMtNjE4Qy00MzE0LTlGQjktMjdGNzAwRDE3RkZFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTEwQkNGOUEtMkZGOS00OTUxLThENTYtN0I3MzNEMEU3MDg0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3R4Z1VCSG9vNkFRU0EvZnlFNDhzeUVYcXgySisvcXNxbEdXeGk0dWZIWWs9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1OSIgaW5zdGFsbGRhdGV0aW1lPSIxNzE4MTUxMDYyIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNjI2MjMwNDA5NTczMzg1Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDMyNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQzMzE5OTI2OTEiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:4800
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUNEQUYzRkMtNjE4Qy00MzE0LTlGQjktMjdGNzAwRDE3RkZFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsxRTYyQjE3NC1CMEZGLTRBRjItOTFCQS1GRDAzQ0ZFQjA3REZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE1MDYzLjAiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xNSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjQyNiIgY29ob3J0PSJycmZAMC4yMCI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjQzMSIgcGluZ19mcmVzaG5lc3M9Ins5QTdCOUU1Ny0xNjA5LTRBRjQtODBDOS02MzRCMjU4ODNBMzJ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNy4wLjI2NTEuOTgiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY0MjYiIGNvaG9ydD0icnJmQDAuNzQiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjY0MzEiIHBpbmdfZnJlc2huZXNzPSJ7NTVCOTM3RUItRkY5Ni00NjY4LTlCRUYtQkRCMjUwRkQ4NTU5fSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies data under HKEY_USERS
  PID:5456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Installer\setup.exe

Filesize
6.6MB

MD5
527503f430c5fd4a542f8c0f163fde47

SHA1
6b4db644895df6c71b547d8b147ef3e327418f9d

SHA256
d1d9b6fa51141f58b95191c8a62cc5a4c9568ba4b70e3deba4e1929df9a97628

SHA512
ece940340ba2216966b6d4b28a950826b55f8987998c101c534331674376b148dfbfacaf5c78695944bf940dea07ed4887f9572e09c118e307752036679850b8

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.15\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe

Filesize
1.6MB

MD5
90decc230b529e4fd7e5fa709e575e76

SHA1
aa48b58cf2293dad5854431448385e583b53652c

SHA256
91f0deec7d7319e57477b74a7a5f4d17c15eb2924b53e05a5998d67ecc8201f2

SHA512
15c0c5ef077d5aca08c067afbc8865ad267abd7b82049655276724bce7f09c16f52d13d69d1449888d8075e13125ff8f880a0d92adc9b65a5171740a7c72df03

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
28fefc59008ef0325682a0611f8dba70

SHA1
f528803c731c11d8d92c5660cb4125c26bb75265

SHA256
55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

SHA512
2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
9db7f66f9dc417ebba021bc45af5d34b

SHA1
6815318b05019f521d65f6046cf340ad88e40971

SHA256
e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

SHA512
943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
b78cba3088ecdc571412955742ea560b

SHA1
bc04cf9014cec5b9f240235b5ff0f29dbdb22926

SHA256
f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

SHA512
04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
a7e1f4f482522a647311735699bec186

SHA1
3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

SHA256
e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

SHA512
22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
cbe3454843ce2f36201460e316af1404

SHA1
0883394c28cb60be8276cb690496318fcabea424

SHA256
c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

SHA512
f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
d45f2d476ed78fa3e30f16e11c1c61ea

SHA1
8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

SHA256
acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

SHA512
2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
7c66526dc65de144f3444556c3dba7b8

SHA1
6721a1f45ac779e82eecc9a584bcf4bcee365940

SHA256
e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

SHA512
dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
b534e068001e8729faf212ad3c0da16c

SHA1
999fa33c5ea856d305cc359c18ea8e994a83f7a9

SHA256
445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511

SHA512
e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
64c47a66830992f0bdfd05036a290498

SHA1
88b1b8faa511ee9f4a0e944a0289db48a8680640

SHA256
a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961

SHA512
426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_ga.dll

Filesize
28KB

MD5
3b8a5301c4cf21b439953c97bd3c441c

SHA1
8a7b48bb3d75279de5f5eb88b5a83437c9a2014a

SHA256
abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0

SHA512
068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
c90f33303c5bd706776e90c12aefabee

SHA1
1965550fe34b68ea37a24c8708eef1a0d561fb11

SHA256
e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c

SHA512
b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_gl.dll

Filesize
28KB

MD5
84a1cea9a31be831155aa1e12518e446

SHA1
670f4edd4dc8df97af8925f56241375757afb3da

SHA256
e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57

SHA512
5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_gu.dll

Filesize
28KB

MD5
f9646357cf6ce93d7ba9cfb3fa362928

SHA1
a072cc350ea8ea6d8a01af335691057132b04025

SHA256
838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150

SHA512
654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_hi.dll

Filesize
28KB

MD5
34cbaeb5ec7984362a3dabe5c14a08ec

SHA1
d88ec7ac1997b7355e81226444ec4740b69670d7

SHA256
024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9

SHA512
008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
0b475965c311203bf3a592be2f5d5e00

SHA1
b5ff1957c0903a93737666dee0920b1043ddaf70

SHA256
65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0

SHA512
bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
f4976c580ba37fc9079693ebf5234fea

SHA1
7326d2aa8f6109084728323d44a7fb975fc1ed3f

SHA256
b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791

SHA512
e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_id.dll

Filesize
27KB

MD5
03d4c35b188204f62fc1c46320e80802

SHA1
07efb737c8b072f71b3892b807df8c895b20868c

SHA256
192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95

SHA512
7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
5664c7a059ceb096d4cdaae6e2b96b8f

SHA1
bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec

SHA256
a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e

SHA512
015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
497ca0a8950ae5c8c31c46eb91819f58

SHA1
01e7e61c04de64d2df73322c22208a87d6331fc8

SHA256
abe2360a585b6671ec3a69d14077b43ae8f9e92b6077b80a147dfe36792bb1b7

SHA512
070398af980f193ff90b4afaecb3822534ef3171eca7228bce395af11ca38364bc47cab7df1e71187ef291f90978bdc37a8611d2992b1800cd1de6aa7fda09d9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_iw.dll

Filesize
25KB

MD5
45e971cdc476b8ea951613dbd96e8943

SHA1
8d87b4edfce31dfa4eebdcc319268e81c1e01356

SHA256
fd5ba39c8b319c6ba2febf896c6947a0a7bae6aa0b4957bd124d55589f41849d

SHA512
f1c9fccf742fa450be249dbbf7e551a426c050ae4af3d2e909f9750068a2bdc801f618eb77a6a82d13421d27949c9f2a9681a44bcb410ccdeec66b24a70f6a9a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_ja.dll

Filesize
24KB

MD5
b507a146eb5de3b02271106218223b93

SHA1
0f1faddb06d775bcabbe8c7d83840505e094b8d6

SHA256
5f4234e2b965656e3d6e127660f52e370dc133632d451ef04975f3b70194b2ed

SHA512
54864e9130b91b6fd68b1947968c446f45a582f22714716bfd70b6dc814841fffe939bc2f573a257ec8c62b4ff939643211fb29cabc0c45b78a6cc70eaa3752c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_ka.dll

Filesize
29KB

MD5
3bc0d9dd2119a72a1dc705d794dc6507

SHA1
5c3947e9783b90805d4d3a305dd2d0f2b2e03461

SHA256
4449ee24c676e34fea4d151b3a752e8d0e7c82f419884e80da60d4d4c1b0f8cb

SHA512
8df01ad484bf2924892129c59317f3da4f79611be2ca29e208114e5ed2cb96a63f753511dc4fe97e281417366246f2fb576cc6ef2618a67803ae7ac01be7b067

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_kk.dll

Filesize
28KB

MD5
bcb1c5f3ef6c633e35603eade528c0f2

SHA1
84fac96d72341dc8238a0aa2b98eb7631b1eaf4e

SHA256
fdd6bffdb9eca4542975f3afe3ac68feac190b8963f0a7244b4b8fa6382381d1

SHA512
ecd79ddd9f3e6db1d0471132c453c324ab55bdead21de77392f418281bc8a2dd43e9009912896ffa3d55d4d3ef17b0aa847a084369b619eb04a2d2313641d520

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_km.dll

Filesize
27KB

MD5
2ea1200fdfb4fcc368cea7d0cdc32bc2

SHA1
4acb60908e6e974c9fa0f19be94cb295494ee989

SHA256
6fd21b94f62ee7474b3c3029590ddf06936105508f9bf3509620c42dc37486c3

SHA512
e63b80a5929200c85c7a30a3054bd51eee2f27e603501f105073868690906f4619a27a52e58c90ac2ab5d5c34a4739dfdd2a511574afeb7d0118de88c5544f42

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_kn.dll

Filesize
29KB

MD5
60dfe673999d07f1a52716c57ba425a8

SHA1
019ce650320f90914e83010f77347351ec9958ab

SHA256
ef749f70e71424d7f548d5c12283be70a6d6c59cffb1c8101b74f37ecacb64af

SHA512
46bfe77a49f14293988863a8e4dd0543202b954b670940d9ad5dc6d2b46e46104d8d6206be08a941f7e02b8ff3e2e2366b7b795d02352cff18971f8d0df5fcdc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_ko.dll

Filesize
23KB

MD5
cf91a1f111762d2bc01f8a002bd9544d

SHA1
db2603af55b08538a41c51fc0676bc0ed041d284

SHA256
baa9fae4fb8939e0b5fe0c7f393ab1ca40b52534f37bf2158a9a36331a221e75

SHA512
9db864dbd194885b46f7bed9875f1e531e48f7644ce4494b8dc482c7516a6f783cd35129d2565b272dc674491a08c844a6da88bf9fa7843fcf89c96b4e0af799

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_kok.dll

Filesize
28KB

MD5
ca3465347e57624ee2a5dd2299d4f4cd

SHA1
551a151a8d49489c90400e18c34633aa2c2b8a4b

SHA256
5b9509a1ae34d89c89c8e657742495037d28cd03e1cd48aef4dfaa7aeebe29f0

SHA512
a4bdd458a7628a9f0664e1000512e056718cc924510a21704ff8c69b0b251a5a1c7f6f267d66325cadda1536aaee78440348be128d082112c71732e485ac93f3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_lb.dll

Filesize
30KB

MD5
269e84b82973e7b9ee03a5b2ef475e4d

SHA1
4021af3bfde8c52040ad4f9390eb29ae2a69104b

SHA256
c3fb0cae3dc5cdd86518d60f998c3adec1c0c5804a74ffbb9a346a73d598af07

SHA512
db716e2f6527af2dfeba4c22ff00e159d7cc0b482fc126e87b8b3d35b714bb382676066097352b6ebb87c8dfe7f6144e83100f0c9a9990b0d23c810b6c575c21

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_lo.dll

Filesize
27KB

MD5
864edbc77831a64a3e3ab972291233bb

SHA1
fa1f3eb3320c1b1a329cbe786abecf2a8e625cbe

SHA256
aecab1eb46075d1a1432b3e14537f860a2ded49a13ca82f17fac44b40ad2da51

SHA512
3d54efd01d6317fb4746b55db2c847a506f594cff055f0db84a72ede02dbe3aa03d8e65ea06c5ae365f44312a26cdbc45ad5f9a0de46d2b9c878aeeb24566b89

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_lt.dll

Filesize
27KB

MD5
7071c732cf3e4b3144cf07c49d8eb44f

SHA1
3800bf304b44d9d27ac26bed6ccc899669dc3b4f

SHA256
9c75ef5c3f53c643d7bb8c5907a0cba6ca2d1d64e6bea39ce06b4ad5a20454b6

SHA512
be3a0942e2af843adeb8e9b6acc7cd8adec956b761f71d8eb0a02835ee5be115ac064fda7088b0813d40ec3a24e7bb77816e9b67ef0cbdce1562c36880b15049

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_lv.dll

Filesize
28KB

MD5
30849a9c16061b9a46a66e8e7d42ff81

SHA1
2d0e86535d964acce8912c6bef3cc12346b22a6c

SHA256
b8075c09d33cc6b6ff22fdb29ccc3dd319ce867f4b77a1d165f6f8d8cb4977e9

SHA512
298ee10ff6cab7ff38d31e3a7826dedeab8e9ccc616eae4ca2e5ec333f42e5c6744650857031d8bf35034bd46c7c01a2646362ffbbef1f421995c73ba999ff0b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_mi.dll

Filesize
28KB

MD5
1866ddadd9397dbf01c82c73496b6bff

SHA1
b210a9df7d6a5e116fe7a9ff8d455b6cbfb5663b

SHA256
9b4bb2ca3366a1935b4869796efc0601f94356b45e8613d28e023dd516f48d17

SHA512
76fa5cade101d79d012e00904bf18692f85967ceea0ed7e81da4df65b85afc125a00127d9e06c8c59ffbfd2dcdc88488157b61922960559fa17d13dedca3ee59

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU8058.tmp\msedgeupdateres_mk.dll

Filesize
29KB

MD5
064035858a1df697913f06c972461901

SHA1
b6be99ae8e55207949076955389bc8fec81937fd

SHA256
4850260d2cbb4b4ff3490eb90ce55a412268ad699f946b1cd686ddf9f0403bd6

SHA512
9459056e919854213117b874e61b526af4ba35c3c3e195b204c5c3e59cc4dfa2b4a45c32551e1de144842844f246f5e0d025cdcc78dbf7265ba5e26e7209cd91

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
5.5MB

MD5
9f1edaf7fec140c4fbf752bceb8faee9

SHA1
446e908ae656e01c864606d2cef06ed8abd96fb3

SHA256
810a386924e8aeb9ad6a432067a96b9af05b2070b4a034b28c6d715d99740666

SHA512
2a97bdf30878cabc8460b26baa810fce2f06e649a98937c4112e674ddec24a3cab259b820fd6a382a11cb7d8167b33ebe28ae7e10338a283b299b9c5a4951f0e

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-6fdcfe060c6440cd\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
3ab7d9ea5a2b4ee5e30ebd605092c055

SHA1
45d2ef0b59cf44c0b0df15ba4346678b7aa50867

SHA256
a37538c048fd425b1b8aa10da2e910805fca64b553444593a60cd6bf23f46fff

SHA512
6d32bf2b2e103bb66a5ba3fb6c959bde89e059d70e7c3cb27f2bd5f62aa7fda26a7d0875a312fea7939a3a8852de7c5607f4a971fd5af379491f20f218a06ff6

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
16KB

MD5
f468c4168feda9656dee93ccffb69f0a

SHA1
82da047f79de3d783699f4da5415caad0fd25ffa

SHA256
d6516e04e58f71b28c4a97d779b4ad9f3a2b10c249f1c1376fc870c29b33a9c2

SHA512
886ae0c044ca8b15818021895640f1f616e0b722d68432887135d18e9ce43fade87a9e579a17c3affe45675362bad0a0716b9fcbe4bcdb0caebd70966efe506b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp

Filesize
46KB

MD5
f5dc050e2d8db57d9e2d9c029744d1e7

SHA1
1235c6af81b4ce6562e134a185dcc05f20367d15

SHA256
deb02986eb94f20cf271373deb54635ee8b6f452ae4b76c292e9c61402f6bf4e

SHA512
6a47eb8f12acf9a9a6d4d1ef3430d3ef066cf6c491ca85d3da2bc7a78f5ddacca34b3194d3382e1c5cb02abe680c85c5a0b082681e638cfb0f8c14b45a0b1a8e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\11056

Filesize
11KB

MD5
26c159caf6044f0ae0908aa18f1c4f7c

SHA1
2fb01fc7001aeb4052d4e142879e2f61c3ce9b27

SHA256
3c47007e67c4923424084af0e079ab97c6c6334ef82ebbd6f8d5ae932f23e0bf

SHA512
fc723415f7e762537ff93e4265b5476d97d74568be0db3ca1f2d57725b986fd916d762385842b19f0faae7d57ee47482fcb491e1d5659f80b1fdd12ffabaab0b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\14575

Filesize
11KB

MD5
05f814e9d351b7cccb21594252cc2381

SHA1
e583250f7c51e342318fc2947ab0aff224db523e

SHA256
9724951950710c0b9332b1c54a58baba25c6841dcc2989f501cc7d1767ef830c

SHA512
36a5ce7a45b3b3df5fb746157be851db0ebcd898b7efc44d9a123c4a30437c9cf68cc4b39803df5a8dc4cd7ffccf6993a8c0fe59f31f3487325b5f431f48c8da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\15768

Filesize
11KB

MD5
998286a4067c4dab9bfa2ba72dc6987b

SHA1
69216e6d0290ab07c819f61095ee96bc3d232ff6

SHA256
c9a4106be191fa37b88c1192d9ab7a9937e08f3d68309d81de0f3b4cf08d8bfa

SHA512
a00a6f9766a6645265de1497b21d5f3c192c3e3c40891c74f660ef282e82c52addd8c7e0354bf5d8f50fa73d3453c5929c6fe9b6628ac8052cfc4f532d5b21b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\16336

Filesize
10KB

MD5
f93ae6138b5bd38c852d205a423f3105

SHA1
1342e6be2bdc18318ab3881ca6d1958b40782a89

SHA256
29ca6d6f96099ae432fbc61d4ee76ea7dae3e47898681447bb1c0cd799675ca9

SHA512
0064175f29dbb5cfdd84d71d91c4dc4b13b0e6868f622f644e8f7bfafef07a8817f6ad56ee607f87592f5d0035ad39f37f457c118c1b543d1ca7fd63113a980f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\1912

Filesize
10KB

MD5
0c716ccfda7a219ca4b10b3098b5d08d

SHA1
929f0ac0f23253a919e8efdc69bc797ee3c4a665

SHA256
688a0b1fe4f68e666f790a1d8b247a431480ba7b6c88a0b4fc8bcd607e1ad3d0

SHA512
c5fffc9222fc1a280946ddec8b9338d3fec8b027111307fbc499f8e1286358376df3d7a253d1acfdd4e95c26170d631dc0e4d969a2223ee2ba365f938f103b40

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\19192

Filesize
10KB

MD5
2779878547ec5fa90ee4646a605696d0

SHA1
61e947b1120b0d41bed2f56ae37fdc0409a0af1e

SHA256
7aaf265804b27bcb6072cdad6e9141c56de9804b5485770dad5860c1bffd6911

SHA512
39659de77a13fdba8706301b91e6f2f2e5e6da964cc3a703d38cedc05082fc337092157e593d918e57de184f8d354379e5fe1fe3dedbee1995f6d759f7777f1b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\19831

Filesize
10KB

MD5
4850122df5629525bb70e3b0c613849c

SHA1
79e6fdac21d744d0253014a9f77a52a7bccb5740

SHA256
6f300f33e4ee9a65651a6d173188bb6e521fee2a19a5dc3cf06c0d778d1f8df3

SHA512
420b93c19755cf707e100f40109c3e215cf44b22a0fdf116eeb849dae5187c56743a4be5de24c728f3cf47f62b746339f5cb94901b9801ca3c375169c34aa111

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\2381

Filesize
10KB

MD5
d4130f99ffcc4348174f24a4d33154f7

SHA1
da49655cb194ac61682d54611579ee09b1237211

SHA256
cb55b417e39f3e40aa8bbfc5b14e6fc1cc02fcf1a7afbb54f1e937852040a802

SHA512
6d92bc44d50c3265bafd84a411962ed49c917b9aad56c7155a39ffed9d15ce160840a218ba8aaba1486a25ff77dce6dfc8faa31cb0942f8e7b48373e87781bd0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\24086

Filesize
11KB

MD5
286b5ad53e79ffaa62207ff95cc56980

SHA1
722a96f712e0bcc4dc36e32dee991863cdf9c829

SHA256
d6812c1e0fe68988846ed48566ffb9afd4c4a565483675a1b0e00d5cc864e02b

SHA512
3bd8c28e3ceb7c3d07e4154846b6396721bbe0f654cee23f5e7f4de5cd74e93718d2238579c15278b5e3b1f7549b21dc66b6b6e84cdc3ab9d16dc5a0a11d747e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\25128

Filesize
11KB

MD5
0d690d8c1de2c173baa2759f5714ffd6

SHA1
a66a7c5b4f83e4104d34e26f79f4c325e42092e5

SHA256
3e18e214d97224b9bd168056efe7b8ae6d51df94a25bbb943d6523224d6d810f

SHA512
4fd7bb1fe07245ea632325ec188a4a59704968bdde487751bbb0e5bf4a84e7a182040fd6462926f74f14472628d92391510bc242c806a1f5075443b23358bbf3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\26834

Filesize
11KB

MD5
771f4bc9231790fcbe0f91fe3d3ef4a8

SHA1
6d221fa6543912c8f61c6ad0c9207b2ef38779cb

SHA256
f683d6cb7d8032ab3af8d911eb83bb79acde12dd649737e4a746f01ca7c47919

SHA512
dd2a78359815fb9b48c93b82c35e88e01420bb9b60187823e3932db6d03fa6bc18ab4be36e1e94105ecc41dc3be77bb31ed4459fcb973f40e9ec8a9f86355142

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\28458

Filesize
12KB

MD5
e3a53b0db5c12c6cc632da4b43e97264

SHA1
2a2e4b10d7da2c2481ea2ac8f89c5709094ed875

SHA256
109a760089e23a90107c7234ba7aa756fff6050b79cf018d3636e6a165bb9ec1

SHA512
b026205c6bdc751b8d0463786b9a5c6336a7d45559e5d0b57277d9b8248c71c62c0e7f050bbadf19c9857eda5b58ed7882d3afe65460acc8df79e5333bddfbab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\28618

Filesize
10KB

MD5
8fa6fc69ac82a019f23c6591c0b0d667

SHA1
21adfbb70668d2ea9c25af1416b87d881f7e92cb

SHA256
007f33c2f96ddda48d9aa904fbe776679d22cb4a205cfa32a2527d7824973790

SHA512
66178729773351e8d4e6b419eabe31b11de74ac738ba96399b2c79ca8e4c6b2b8a81980f8ad49d89d912b71a72c0cedf6cd1cd48b4091fc7d9973b8d6e44f9ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\28784

Filesize
9KB

MD5
cb69371159298ee4a95bd2b08f8f5cf1

SHA1
e54bb3e17340340cb5116498f9d97e24fe87bb32

SHA256
3339c82dca013e41f73d03b58d9488ce10dbdf25350faae25b07cc241473194e

SHA512
fd93c15884815e5ad03240425c0bac44be073cd34754d0ef1ac6a69182c601e64919fe0537dd57f69fc0f96b9d363dd9f470945090fa37b6db7001e2c3fe1a18

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\29424

Filesize
13KB

MD5
f010ac9436072a9c57222504464fe2f4

SHA1
14a3c8463733eb67c7631a2533d46c5db4b9730a

SHA256
6e17dc0bc318279e7499a5c9f58d921396999f013762dbe218863230d60a75c1

SHA512
4785de2b73579be8c6964a824296cbf129aa272af9d1431a574ee3f5d4f9ac7d0ef42abbf10edd15e78868c95eaa085bd55aff4515c3cf6938bef7da21c803f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\32332

Filesize
10KB

MD5
71eee2e99cea00635582c6d707cc12f3

SHA1
a776b3b3bed038407a175dad1ebef1fdd0219397

SHA256
e2015cfc096b66f57febaa4a158720c4a3008661339293e4d4404011b7713e23

SHA512
ddbc96fb3bf8089c8855d1ba155e4dfd5f5624bf719eac929029ed43b510808cd8ff63e124f27b8d442253b71cc76ddadcd204391c8125c8f1e582ff14bc970b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\3638

Filesize
10KB

MD5
8eb4c4cfe8f9302215ea28703643fef0

SHA1
bf4be62677ea5d64dee120dbc2227165dee7e407

SHA256
3025da753d7b000214d177ca744e39380c3e012025b05638c4eda973e3b2e2e5

SHA512
4e8190a7f4671406f3ab23165990f8d20db17105fd54902ce6a12326a1d9d6d8642926327cee491b6e65ebb73d054828c11b25b10b4ce6cba8f5733007dcb82a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\5813

Filesize
10KB

MD5
7e9422895fc8bc47c5d7ae3375f052bd

SHA1
16ea4ebef611571d6375e4bd719b2c562c5e4263

SHA256
883433450581d60024c81a93eea4c407ae209098cb4a057a6df9bef370a506bc

SHA512
39793f7368ee5eea0af80356a59cbcc5a0fa9683afbf74c94e30632ea37629e0165c23dad12f84be03acd94b3248e79d984123b82aa0da457fee3c304747334a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\6320

Filesize
10KB

MD5
b7efc148032925ad8e5c91a6a27a9934

SHA1
c6fc1ebe313425da881b6ac6c78a91f7bfab319e

SHA256
10b023c6debc56229d1ec67f09a40b257a28798ac8e77a0406187916ac4a7256

SHA512
2dbae1cf6011eb93017243e73426ce5c62dbc6022ceb9b37b31083da7efd184103ab784216b73b8867002a466000a91e753b5ee980abc887fbabd56aea60e7b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\822

Filesize
11KB

MD5
75bdc120eafb10d6cee66df65a907ec0

SHA1
77cd9ba34cc1806e19a6b624cdafeddb65ffdcda

SHA256
52f5c20cd110e42e691da1fe2c9fefe72cfd4e91e3eab3a40db7235453f76d91

SHA512
8900435485cc6a5d4aa811030ceb043f78daccd7d568eb0e0941c7e8f9436377be1e1c0f6b9d9ebbeed4b0b163582a5fc05dd8e2a06356b3b1ade365e04ae51f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\9283

Filesize
10KB

MD5
3a51425d66e46d5d244743af77abb712

SHA1
5c7479d859f0cc3e8c21914c5ec5d711ee39a3fd

SHA256
122ddccfb27ef285b71aeb1f80fdbe8052ab4929a97104faa8d3c00aa73719d1

SHA512
5a5d57d63db300543d2e010e7d9a396d319230655e888b60d04c1b5942f1b783dbbe0b4f12116e082c217cb994bf5a23e898bf4842abb804d4202aae194ac65a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\9361

Filesize
10KB

MD5
f04194d25ee27dc0326f0b0552d9bd64

SHA1
32a577438fb7cd1d029e94da9b265b1e357e428e

SHA256
ce05a5d1fe5d2d38b542442ceed6b88e2638efd5317b81ba0187a0f5175df4dc

SHA512
ec91ea84ae08ebe8558189f4b89030657a4c29a367bf44f11524608142948f2963cd2b0c6e37121a9ec6d8260973ad4458f189ab6eef6d9cc2243c1ea85675a4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\A99B6D3F1FC57DF55116640DC59D3F21029A4DB8

Filesize
41KB

MD5
ec8ce7e33dce4f490929a80271eb8182

SHA1
4dc075651b29dc1908fdd2a49997a49f863a6215

SHA256
5562c36a973cdc655b084cb93660989ac96cae2795d1b234a68fae29c9ed7a59

SHA512
3f5f505833e7655b4d897bfa05f3f9537fb332061a252a55e0b4a19036638ffdf82e0efee404ead0f4b620c6ecc61d624d20d20ea692eceef2c36a0747ef51de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\576e1c153e9a4c8db9cb845a7679bfcc

Filesize
5.9MB

MD5
576e1c153e9a4c8db9cb845a7679bfcc

SHA1
7fa5235289c1eb038774cdcf30be21cb72771201

SHA256
da54941bc273cb5ea3c50a3df7983f6560114d0e9f6fe196a2077e3810f561dd

SHA512
a4d956c4c860ba9b652647c4fd94ba0a617d1ec3436a8fe267292d36b38805acc4f484aa65e9c45e20c10536365a13645d25acbdc4c23e7506829a6f603820af

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
fc6f28e6849dd0d9f5ff5dfd74673dfd

SHA1
6e5bff65832779be100dd93ecdfc52ed52fba39e

SHA256
e7ac69e3972bce59dfc990076f92e2fbbf6169284dcd2871765f1664b0110c73

SHA512
7f641769938d74eb9324c93a17c23b06474a723142336d268ee30efc2bc799379d1625486d02fda2f9730e30cd87064101b78f6dbc933b2d80d66eea07c8eeeb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
a94d2b20c3cec21dde13857e7574151d

SHA1
10434c5686470fd5b4f97e0e1073eedd56d98aa6

SHA256
455067547a49ee8d6b646d3ee20a5c220054fc2ab98d1969e5f920176be4c345

SHA512
d858d5694d68e5e7b9bb391a98a44dec9d5db54dbe63e1d026a74202aa2f98758f46d21ddf253d301f359dba4f5e65a0d2727478aec04b553b9d600f055168fa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
b3d83b3ae4b57366e5cd724f5ae948b1

SHA1
78fb2318ff080874ef2e768ef9452a04a61e0a86

SHA256
c43823ff3e1e4ae976ee9b3afe399e61843510625c7c7ac4ae514f76f5db3f4b

SHA512
66bd9542b1cdaca59edec9608f0e105c1b84c4a48c0de3649afc8e8700e1ab9b4997e3eadf2029597eabd4c1d63347b0f7e5da195adfaf506a0406b188204f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\AlternateServices.txt

Filesize
10KB

MD5
ccd4ca80237d2b5eed49bcdd385624ec

SHA1
2b0c4e8d41b4cbae7d3b78a1aa7fbe5075765684

SHA256
8f63df3a21201a4586c85697738869361cea844b46c89b86c6ab4624aeaa4d32

SHA512
e5d9dd96104a87fa1454638400835a55702763892285ff6b15f8fe45eed42467a86d63fbcd4e11c1c4fe9cd40fdd03b50a38c705d4e9fbeeb015ad50729a40f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\SiteSecurityServiceState.txt

Filesize
2KB

MD5
216f5f175143d15301923d8d52bd1b23

SHA1
a056d9e5dc41bd650cd41358c1403b7faa889b98

SHA256
9be08c16e99ac6e72ab8e4915ff7349e94b1b83f2d7041a7d17ce2cc4cd5f383

SHA512
a94778941c9e58c3c60011050624020e645de71bf28a1f0922c2a931bc4894c54b22edd1f4fa1180d3904b39bbc9ebcba9a80667448d23e24d0fdde7af3af809

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
e2b45da6f709967b624ed1ce63ded446

SHA1
7c39882bbc1658670eb385e3354515d793a4b002

SHA256
13cd10e7bf30fb494ed8ea9cfc24cfdfba9c211e93d2c95dcf672cfbf478846b

SHA512
c26cd51f07d6f559fbb11769fc8bc28ef520d42ec8445c39e32e53a2ee8cbea5f32752ef50a9e6bfcff3140ff6e75e3b4ffd52897e98c3c4daa86fdcf48cad22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\bookmarkbackups\bookmarks-2024-08-10_11_f70S+BIHcjdozL1H+8sV3g==.jsonlz4

Filesize
953B

MD5
14e152530b0003973263fd54064ea363

SHA1
98a18c46e4980317a1f795bb0f364f02b7524f06

SHA256
98818f8d867aabab23dcf95b03d2d912fd8d6106f1bf48e1f04dc9b5af42f199

SHA512
21a75ea8970d68bac8100f499d88b38fbdd904d5217e69492f10f63c9026f43f00508fc62e059f54f82d7a1bb6c16b15f14b281c87542613ddd20893029ce664

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
437bbdca14f96993cb24b961c0092e8a

SHA1
4f8b828859894d1c4ea60dc754215b7789e45f30

SHA256
42cd60a57eda8ca39cb91d956b2c1528712372205a8f50da869be2bee39c41c3

SHA512
425e12f7f9b07f1c7bf0cbc6d7b3ff547b057c5c61d7b922848561d0e75168353936b3f6b5c10a2e4245ab6637adf79cec10a492246971225b40f179e75282b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
c01ebca8932824fefca72b4a196a5396

SHA1
80bfed7ae82f9a14108136d0c08736dd7531a119

SHA256
b9ac2c9b9f04795c9f850a86a1522a83f123926b8f7dd45573256fdf18c0937d

SHA512
8ed5845354e6a9f09c2fe63bd7723d3a0fc8a6368fa4dc8562576cf64c8465555dff69fa8fd5a7f677fac6c1a3682f0c888da2fbaeb11923bb0f465a9602a52e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\56970b3a-c9a8-49d5-8d54-64daf7091d6d

Filesize
10KB

MD5
5c840175a496c12452ea6cf58182ee83

SHA1
6eec8c3bf0865444f8de52c241ae2b54fa6f57ce

SHA256
9b9d2b4df3a1150c90e01cb136287ea67cd56ec952d26917e4801bc9644a9033

SHA512
5669287d718a0f22e30fe030e718690060405552c3fda7dd430a9853b5461cd4ab07c06dab6c5b1409e27f98634f4bb6c7b6ab26bec02a7afcd2346379bf85cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\8d38daf5-921e-4126-861f-dbcbac492c28

Filesize
746B

MD5
8afde0c9bbce95700fd8d43e979c5fed

SHA1
ef6e374fddbae162b42597ed047ba02068e6c589

SHA256
31b7c44bad33441ad6f8b577371fe7afd46386fa862c4bfb0ccb04978c7f5ca0

SHA512
cc41fa96e54aa442867e1054f04594f98a91b6893dc08903e69d11657ed681ec2c3f18e896b3db51a3eda2801e5ce637b360b4f11bfd5f6db0d2238b57abe909

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\extensions.json

Filesize
41KB

MD5
3a01b4a89e5a34364aa1e0423f19205b

SHA1
54e71e49ad74ec3a72f3ae011b3130b4b0a13e6a

SHA256
c281a1ab0e4fd3e14684f80e13d2f77839b58d3ba641bb0e539c35d6ac683c81

SHA512
08076c4f6cee0556dbc425167d4073756f0c5743da053900680f8e65638663b5ce466d5e628775ec2f2f25af18251440c3b6f53025c1b2151ebc72e1517382d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
7KB

MD5
7dc0356648320c666ee5712c5d6d9cde

SHA1
49766044a21c3923eee87d7739ef3c6fbf310bad

SHA256
30cd75dc899a5c29643315a94bbbf6e86d6ef65e181517f5d1e331c4191d891f

SHA512
12f84d403e01972d4a4ec35b7e32e5e3f302ed90ec42a6aca837bddaa684e22e49d22ccf7b3df1931d872197c0ddba67ae000651d010a5006b60a1c6d0cd13f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
7KB

MD5
52f570395c2bc5eceaa154dc0f9a68f8

SHA1
2f78d65d9b184bbbf4b60902ba322efc0d5afdc8

SHA256
5c861ea9af24f6f7386b457676a1a30fd33244d0f7828f74b87d2faedd38d799

SHA512
af0e0cb6c7edd5756d2757e539e904a161131250ba6fd4b41dead8c2f6ca874fea96eebcd2e65fc0b5f71874487f9d51216c049201cb0bbc9339e20ad1b15631

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
7KB

MD5
c68074dbee56f366a626c11a8920e790

SHA1
af883886bd71f7b7cee05cce99b15f3607e8c8ff

SHA256
b5f356ca99adbbaa463d3a36e216212cd19eaf38497d5c4540dc833fb001b056

SHA512
29ef3dc8915069a65b25614486eb56595d615bf51f5e22f2bf53c6958ae047eb1ecfad4d6eca2209e8e2dcf0bd7b734cec83a08bd7176a30e18a2a5e3f3ce86d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
6KB

MD5
b8717b62229f3da11088c975fde8c86f

SHA1
8338adc7826a43a7115d2c399cdc0bc548505935

SHA256
e204afdeb87aab5449fc20970e4ec4594e3a24553f93550b967fe18c96b49c00

SHA512
efdb74470680af57113b0b76e50ac078f79a38ef20b91e2c2eada41046ffcb96917a8d147ddd51ea5f18ddc2536e80f74ba1b714cfbd0378b154fbac975c6ccb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
6KB

MD5
6b7a4eec8694a7b8a8caae4c58ae4d13

SHA1
084717b1826adecc0bc9b487135c23a3dc5b5a51

SHA256
2666cc717b3437c9a76885820cff0c45169eb84f98cd50748d543ef165d6f0a7

SHA512
97480e9e937faa679f9c719bc9cf583d80c191bafa2c87d1de02adb4883cb28dea3453165974a53d63570d1eeda83986e74cd1cf605302be95560e6727d3dd6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
7KB

MD5
ae46624c73de52d888d03ab67a44fa9d

SHA1
5e503ec39a0ca89577925d603fd523d054e1d482

SHA256
12b899ce13d6c1a3c55a53e8a465f571c8073d204e471d59d368f946ec485156

SHA512
47b618118357c3b805bcb8174a9edf9e86be55f37326566be5ee2079c8cd4a7cabb14b2fd0cb21ef3a84cd7d9c53704f52591729b3e11d455ddba7c546492e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

Filesize
7KB

MD5
66787439fee132881b98ed48cacbd331

SHA1
91b2a022eb7a40934b618d970388633facbf9cc4

SHA256
5b844d94bee1d4029bd2d47a2b20872a45ec466e9e266de5bf18539b8d1f9cec

SHA512
f3c77ba98e0e53be1b8eed268f117dacb4900970e8da6fe97d3ce1dceaf0b778098f575ac3d542740fd87280c9a96b29d30fb78ee0ce48fd39e6cd35192bb456

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

Filesize
6KB

MD5
e567f720e3cd45cfb5f8b6f590d1b539

SHA1
fd199ce1f12efe16b3d50f660c0a53e41d44ec2e

SHA256
952a7b86ab0cc4f9105f7edd5572c2374f3b628772d60591fb42ea09506e862f

SHA512
ca1ae55736bf7c31c66d895b14de81accd0e6813bd9884c4c5f1015bfa98ee4f89a6b323d7d756da6e21aff19a86b321987fb932a4b3a923c505dacc6d35929a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

Filesize
7KB

MD5
1004669d5b666f1bf5b87133f144da54

SHA1
a9bc51d5fc47ee9e6b65cdc94fe80815c363fc2c

SHA256
17ad8ffe82792597c9639dc78dd7b330c4f589b3fb74bbe9016695a968af164e

SHA512
4df43148dd93352ff15784c1c8b419487650d149a354ebf606af575d16b19cc9723990f6d7d95639987add4137dc4e58eee5ce2583b61cc8ad5326531f540b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
33KB

MD5
75077505b397815b8eb181539b8aa920

SHA1
68afdb6c3851fa6f151e34636172df21870870b3

SHA256
a03fdce39992b16e98be5b8bf246b40bf58e16af7c12e214b661c50b1254186f

SHA512
f84a016bf535167924b98ae0f970cc7cd79f6a16d38e89bdfb93a75c4eaf1f62fadbd219292ec044bb1e1a9debc0b759a0a5e1746d4310c2af8293d21e5a83ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
33KB

MD5
f4a29fb4f492f5dcba9c3013fd8d35f9

SHA1
6eba5b4fe9301b5e36c2203c755d4b3cbbed5bb0

SHA256
daee84844d4ce5ea83d190643d6ae2b6f891bc9c6682057f1cb0997c974bfe9d

SHA512
1283ea78781682e2f15895c7e913066ed3442f5b54148167176af1dc6ee78f85e99e8ab9d563f7d370e3a1d890ef3564e07ba48b842ee47dfdd48c1d06d63c3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
33KB

MD5
db47b12e8d4c662fc7bdf9c6c8e5e3d2

SHA1
7ed29c1dd442c4dfcdfddc86b9ae9035419dda4d

SHA256
bdf937d165b3b8ff90d4766a6d495608b8d464ed25550282c93ad2b4689bf5e2

SHA512
674bfdf7a6cbc2882ddfa08aac4502cb0c7d290182c555f8da320fd35351338a38e5ed806155aab919e2e4ae414c77c724b2b51d79b5980e6d570e566da06880

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
3dcd6627959dc8e55d6fbab9aff1e970

SHA1
46bdd128ef44fa8e2e7a34c4831f5a7cd45b7d65

SHA256
0b084807533c54fc69eb14692f1a524839752a96638fe984e6868a7051238c37

SHA512
2fb8621da3a138ef99e53a4e34c80adda89236af04aa5120313841b268d88db08335a4627d6a48fb2bf533f03eca0052a93dd80cac427f114c01c2a5fc5889cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
35KB

MD5
d7579741247b6aa2cb82683a76e1fa28

SHA1
8d0f938f19582dd5671155e0858559483ebb14df

SHA256
b3c71366ece03f166f329333deb6da29b3246ee6c572731f08c6d2ec0225acab

SHA512
2fbe28ec07241bbbbda26bf042fe3961e71852cf8c32b34ef479553cafd066f5d46e368c99bf3ea02277dbf8240ec171579d70b77a15ab297e556bf57aa65f8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
628e2e268fd79fea25f1b36ce32635f8

SHA1
c1773e837431d728760771decd3d35a46aed2377

SHA256
d5d2268654da869cd3970d6ced4a4c711634b52015eeb2bea14f3418f2fe528c

SHA512
999ad933500882cb0b0f3d1f0dd981ccdc2376d73fbfeace459edf9fc82eb7e4c996d49b5f9e4a7c3054ea5bcaa12ef359483ef156b1ed68a19cfcc960bdb20c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
23KB

MD5
034989e1d2d8dc506dd7a07a404c006d

SHA1
a5173dbceaa4e595023e96d2cb1285b7081481fd

SHA256
2d9031c27b1ee2d2575bf54027f2e5e1a1ddfaf28b60127e6240a68cdf7969d2

SHA512
931c9db0759132ea2924faccf537e4e14f74989fffa5ad6aa6fc895affb3abad690d5b55585c7f2dbee38a710ef23ffc17bc5cf40a0dede6aa4208567470dccd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
65733459ae38a95d0e1b7b45d369c12b

SHA1
43af20eadbb9da411a810cbb806e445f19a4fd57

SHA256
5276a32c64c167515aa98976686a72580f383b3005e30463a477dbf09ce596f8

SHA512
f48721e55b73478a2e9f81b8e3b3e2c01e5e2a57b0a60f6f103da4245a861fde5339ef8d3e6e435048fd481ab4bfd883d32a313e08c745e40666b692f1a0f00d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
a3382bb1d76304fcd2e839feb7070786

SHA1
5888964467b2d99918ca8eda253dbaf4c1f73142

SHA256
526adcc9d092e3b26a6b1ab1fbbbfdad2ff37a6667e866c882027329ee1e1536

SHA512
d8803bd0bbf6a1b358823173650cb92844ca55c747164f9cdd5a331d81aa38a0d3f58c47a03edbc60ba41de7164de948150b65283374b1da44c2c664926f997b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
a30e6d259fe40c0c06057b1198dfaff2

SHA1
f1ac4eb2bf8115b17f4d3a9867d661b8d8907ed9

SHA256
683496eed2056e6f53114f34019e12cc90a2a373fb2cff32a64e1e185d88b360

SHA512
3594a66e4c0ae26e86b840d408a504ab5af10ab22b6e3b659d57588983288a91eb1ad4ee666a0e0bab06612b695a52ee9124ce85314e2f3b64718d1d439774b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
33KB

MD5
532fdebb49d57c928c2db9c1672a982f

SHA1
36e3f8b5486312138ff73d74b249a5044286adf2

SHA256
0cbfabc5a4efd3f39dd1e8d4f5cab562c89fb8d20cb34c77f537c19e83f4575f

SHA512
4ea14303c6d8f1b34b3d4ba5e2e87ce42763891d994f38a3584d8aa06076d39df9c2da14c8872edf8830fc0501dc97581c77d38ddd7e76ab0c705bb68454a9c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
1769a0aeb0c497afc5bc46832a569909

SHA1
5c6ee230632f2c91957dcf0fa99c747ff30ac666

SHA256
7c4ae22ba5c332de0136eb68e5da943a899597dd46c4503b35438ce6798cb1b3

SHA512
7c5fed3c34a1b6d3809c0207d38cd577ae783585541ab417f6409758ebe6b6b92100db06501cb86e3c90e40f895a01f4f5c81605832a2a8cd605a09ad0520a21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
33KB

MD5
196189662c8a946e86c7282fee90f533

SHA1
5d4818a3735c7a7f893e4c39a5be5c0e4cf091dd

SHA256
c198eeca648f18ba488d1704ef5bcb42b55e0fd7a895f5cbed55ca7a432f206f

SHA512
a27f6b543d4f61dacfc3e1ff6b78f40b5cbaec9ff7a0af09c99a660b4dc82148f76da5b5885dfe4491eb4be214b0f87dbf1da8d1558a73a34d49b87f3e30aa4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
9673b8219740045ba11535cd9bf8a1ea

SHA1
0c7a6df3fce93400f76255fa7db4a5912c7fcc1e

SHA256
3e2a40889ed71010ef96ade4a537adf2595d3f66b96ee93af02ce98d65ea8676

SHA512
b617dec9a96464952a9d2319843896f922fc2ae942d2aab11f7d22bc6d2a12585349fe6fc85476cb79b6b298eea49e01ee5fadca416d5137152395a92eb9307e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
33KB

MD5
693137001511f54c3376964b78f02552

SHA1
70ddf401490d23aea68835b660d439aab54477f7

SHA256
3042cbaa0db8ca66b6fb096d88abaf01d871e790a327e19690195da5072eb4aa

SHA512
a1497f2f42b28146f68db2ef8eb549b47335038b423b6891b7ec265d8dfda5be7eb6d1b7ff813e0234d4f32671828f713c40442acd30cf4b13be9cd221531235

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
b29717a47785870feadaab1c658d77cc

SHA1
6f79e6a906fc4b368b24bf7ab76465242aae8a7b

SHA256
4dc0592dfa7d8ce6c9e8a051d33226772695600c63ae78a799bbdca5017865f2

SHA512
24d981345b3124330391cd341be67a4ef872e8be41d4d3330c020f2dbe4f7881fd6284b2b671a5f1b977794e09ae37b61457a9fbcd2b488be336056669789e9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
35KB

MD5
1df8f5e5694a2f81241f0e188aef9bf8

SHA1
c3cc8e47e2a1e37cc78e634ae09c52d6cb2f172c

SHA256
d6aacf89ab46c2335aa3ebd8e07c86b566885a10998814c2a3cfbb5cc56aabe3

SHA512
aa1886616c8bb3d96cf9620c9d54efad850c0a4db041f1ec14c904d04a0b6909a9571fc82288da32b073c9a83e1c2fb0890a0842779122e4eeeb77f2f29e5e81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
6bd1381e7bf598768818075ce9c91fca

SHA1
8ac53e92b6b0d5f358546fbb19c2e7e859d2272c

SHA256
ed09c3ef3e1a5a7f248f578a3beb55b8d91cc3b24af8c4c03d4d8d5864e49cd2

SHA512
de0fcdf0ff63895e492f8e9a11bc6f4490afc17d1e059d9bc9130475832e47f3b5f325c2390e8925c5f8eba3c71539d097a4150a7a692fbb44916ea5f063cb09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
23KB

MD5
a583eff9e5e0ae3c718667b2c3c1c1a8

SHA1
dc89e11ea20a7ff596f8011264b92098746cf229

SHA256
c20d9fd7f8502f67e5566a1161368c57b328e0bb4329f548b7c6e6a0dbfe93af

SHA512
cea146aa8c46403cc73a588b31f4d6547d10519656ab0f532caca0de56ea389f134e415c147cecd4f98b6825ef410f7ca729bd6f6c3604113da50fd46365fdbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
5d17e6a8bd6a0d6c7fba64cfd14a3fc1

SHA1
375f6b3d5351e352f19bc94632b02b200b8fb6b7

SHA256
8d47b390019e8f723d21427c585f9677faa78842269dc56d89f7a46af4aec627

SHA512
8bc4ab3e5a8567d5c604c18739cb19bbb5c63203b94efbb6897943290fb26c32b2b09e865ff6772de47c37545d2dec613e9db415665560efe9be9d5d38866517

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
23KB

MD5
82bf744d40a682f3fa99ac6dfdfd099b

SHA1
eeb36989d2c04f65a06551feea34fa821f7444b8

SHA256
1bb5e88e32d7db7dfe130b9b29c7705762b22e0cf643840157e03796e777eb27

SHA512
9682ba23fd8da577573f5800dc717986701c364e7603c262a5aabb0340e5b46cdb204bc079cf59b0d149bd21b4ff69e346511c5b05525d3448d68e73eae234e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite

Filesize
48KB

MD5
277594f445e8eec19c5fbb7a3220c7a6

SHA1
8da4e875f5235f7b2a78fa8a290b8803fa13afa6

SHA256
69197646b24fe76c21792e9e8aa5f79b67a2e31def077c5e07a8d8a959fad6c3

SHA512
ff899d57cad75a1b54c062a0ef93f3474ff422010fddc86ea9a5e88f8808ab6a6912fd6dd34608ec81d3c0ab36202af3de159aad15709831477f7df3493e5fc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\default\https+++www.roblox.com\ls\usage

Filesize
12B

MD5
946e0ef92ac49f5867015b6276494b38

SHA1
fb6c98493589054528f0af8be3f9b17eceb6a77e

SHA256
a020d1175638f17b42d666ac1e0e287801cbca69610eae584aa0b3ca64dcae2e

SHA512
947281a9fc08151cfe008f3ed917ae9e52ad5ca5bb3c959c7abea5dd7c17ac7f88042979b09bee93f6d605f120a880ac33267db7c48c6c9ad70b9ae8e22856a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\default\https+++www.roblox.com\ls\usage

Filesize
12B

MD5
3ff97b962db97d2fd6523260cb095bc3

SHA1
6b4394b736867c9a7105170a1a3d385c31865aa7

SHA256
4901f166fdb3598ed36ef93f097a2eef8b38585dd95679e6c8387942bd7ff363

SHA512
d93b9fabc311f56b814b07e6979a4da80d81b28050492ca57e2fa6574e697f631df40d6f89d2925a355050b423b069fb924d80830faaed943a9972617103d9df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
400KB

MD5
e88eef51dd54cf91714dbfbd853e7a72

SHA1
84c34df72ff7a693aea4a9cdaec54387fccdeefe

SHA256
d98d55e5d9b06d6cf349421320d132ff983244f157dfbe079a399b40509fb6af

SHA512
c569b4a0fd6ca89f5253ecb23f9fc899ee1c5f7ddd56aaad8690bbc7b9f73241a66e85a9ff30eb00e18fbd3d177768c5f4add554c175cccc47c7989c60b831df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
208KB

MD5
6e590fca9370dedd5d6af87a682db64f

SHA1
c13d1106c87352fff65d93d770d5c33609d031c6

SHA256
06a6f347c5815b0f2e36854685af39289f3a209aa751104c8f2773e20ca99f3a

SHA512
eccf36129b2624834ab6da9479b2d43b4be56bb1368ef5595a6757f7c0fece9d4e11bef5a2c439819c0e1766111585071028fc2d444a55cb1708602321b7dbd9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\targeting.snapshot.json

Filesize
4KB

MD5
14ee8580c195d3519cbd73822691fd95

SHA1
7797705f22408f0c1d0b38309122cfd8fd41782f

SHA256
8b697663e6a2afe6b757245555e4cfe56174b14f28ef16bf305ee2a0d2e7da93

SHA512
762906777a62648a3c50b1d2f6775ec0957df3d640f1f28721161d3b2351c482d8e613aec4a15248e6e70324e7f7c356e355bfb530c5f907a53bb64ede32e02e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\xulstore.json

Filesize
139B

MD5
e519eb2fc8c2a70c51b056e9534219e4

SHA1
865f6b2f9e4df6e3293b1831ccb91f8582ec42a4

SHA256
652e594be127bd5fd746548b780ddecdc8f494ff8fc53816705895ab713fc414

SHA512
4d6c4196de45ebdb3ab711dbb0d86e356bb21ce813f74932af7e1b6ac1a67aaa183af8ffcf470f44108685a25c4d21a41692935ddc50ddc9d28d0347df9d3208

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
5.5MB

MD5
3191d6165056c1d4283c23bc0b6a0785

SHA1
d072084d2cac90facdf6ee9363c71a79ff001016

SHA256
cbd127eca5601ef7b8f7bec72e73cf7ae1386696c68af83a252c947559513791

SHA512
ac0fa1c6e8192395ec54f301bc9294c2a13cb50698d79d1ca32db9d4deb4852e7607032733d721bc5c9fd8d1ce5610dd73b30b66e0302141377f263a3b7fa0f3

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.jE7gMoFA.exe.part

Filesize
18KB

MD5
4c61cb68da3f4094e0840348367ed4ed

SHA1
bf7f0abebeac8252978e18e78eb7dd5d4a80f9a6

SHA256
5c35c698b741742b1f933e62779b6522c4f1ae9bcf1b09135934cc985ea242c4

SHA512
32d2781164fd104b5be8a8bc2d04527791048468d4f4479397ce9f4df55f69c3a733ecf9fee73d5a866d5b62c60de4eda53faa24da9e3aa9cc5fbf1f9926aef5

Download Submit
C:\Users\Admin\Downloads\SG9uZXlwb3Q.exe

Filesize
1.9MB

MD5
4068c0803b559c904b34b910d8d9ef86

SHA1
e2cc27330b08ccf77a2affb4d60866d8fc3e3f9b

SHA256
70dabd28c39071fb7ec71ef07a604d8a7388af14a23f1ed7a14868986fb2d70d

SHA512
87d9907a284202b0cf3383810593ed66775fd695aa43793a185e1e23ce611336e9936b27a4b387b36a47c8659c75d4a217a7f2d4498b1e42170d0109292825c7

Download Submit
memory/2272-2653-0x00000000008B0000-0x00000000008E5000-memory.dmp

Filesize
212KB

Download
memory/2272-1868-0x00000000008B0000-0x00000000008E5000-memory.dmp

Filesize
212KB

Download
memory/5600-2699-0x00007FFA883F0000-0x00007FFA88400000-memory.dmp

Filesize
64KB

Download
memory/5600-2692-0x00007FFA88CE0000-0x00007FFA88CF0000-memory.dmp

Filesize
64KB

Download
memory/5600-2689-0x00007FFA86860000-0x00007FFA86880000-memory.dmp

Filesize
128KB

Download
memory/5600-2690-0x00007FFA86860000-0x00007FFA86880000-memory.dmp

Filesize
128KB

Download
memory/5600-2688-0x00007FFA86860000-0x00007FFA86880000-memory.dmp

Filesize
128KB

Download
memory/5600-2687-0x00007FFA86860000-0x00007FFA86880000-memory.dmp

Filesize
128KB

Download
memory/5600-2685-0x00007FFA86730000-0x00007FFA86740000-memory.dmp

Filesize
64KB

Download
memory/5600-2697-0x00007FFA88D80000-0x00007FFA88D8E000-memory.dmp

Filesize
56KB

Download
memory/5600-2696-0x00007FFA88D80000-0x00007FFA88D8E000-memory.dmp

Filesize
56KB

Download
memory/5600-2705-0x00007FFA88410000-0x00007FFA88417000-memory.dmp

Filesize
28KB

Download
memory/5600-2706-0x00007FFA85A20000-0x00007FFA85A30000-memory.dmp

Filesize
64KB

Download
memory/5600-2704-0x00007FFA88410000-0x00007FFA88417000-memory.dmp

Filesize
28KB

Download
memory/5600-2703-0x00007FFA88410000-0x00007FFA88417000-memory.dmp

Filesize
28KB

Download
memory/5600-2702-0x00007FFA88410000-0x00007FFA88417000-memory.dmp

Filesize
28KB

Download
memory/5600-2701-0x00007FFA88410000-0x00007FFA88417000-memory.dmp

Filesize
28KB

Download
memory/5600-2700-0x00007FFA883F0000-0x00007FFA88400000-memory.dmp

Filesize
64KB

Download
memory/5600-2665-0x00007FFA89340000-0x00007FFA89350000-memory.dmp

Filesize
64KB

Download
memory/5600-2698-0x00007FFA883F0000-0x00007FFA88400000-memory.dmp

Filesize
64KB

Download
memory/5600-2695-0x00007FFA88D80000-0x00007FFA88D8E000-memory.dmp

Filesize
56KB

Download
memory/5600-2694-0x00007FFA88D50000-0x00007FFA88D60000-memory.dmp

Filesize
64KB

Download
memory/5600-2693-0x00007FFA88D50000-0x00007FFA88D60000-memory.dmp

Filesize
64KB

Download
memory/5600-2684-0x00007FFA86730000-0x00007FFA86740000-memory.dmp

Filesize
64KB

Download
memory/5600-2691-0x00007FFA88CE0000-0x00007FFA88CF0000-memory.dmp

Filesize
64KB

Download
memory/5600-2683-0x00007FFA86650000-0x00007FFA86660000-memory.dmp

Filesize
64KB

Download
memory/5600-2682-0x00007FFA86650000-0x00007FFA86660000-memory.dmp

Filesize
64KB

Download
memory/5600-2686-0x00007FFA86860000-0x00007FFA86880000-memory.dmp

Filesize
128KB

Download
memory/5600-2677-0x00007FFA89290000-0x00007FFA892A0000-memory.dmp

Filesize
64KB

Download
memory/5600-2678-0x00007FFA89290000-0x00007FFA892A0000-memory.dmp

Filesize
64KB

Download
memory/5600-2679-0x00007FFA89290000-0x00007FFA892A0000-memory.dmp

Filesize
64KB

Download
memory/5600-2680-0x00007FFA89290000-0x00007FFA892A0000-memory.dmp

Filesize
64KB

Download
memory/5600-2681-0x00007FFA89330000-0x00007FFA8933A000-memory.dmp

Filesize
40KB

Download
memory/5600-2668-0x00007FFA89490000-0x00007FFA894B0000-memory.dmp

Filesize
128KB

Download
memory/5600-2669-0x00007FFA89490000-0x00007FFA894B0000-memory.dmp

Filesize
128KB

Download
memory/5600-2670-0x00007FFA89490000-0x00007FFA894B0000-memory.dmp

Filesize
128KB

Download
memory/5600-2667-0x00007FFA89490000-0x00007FFA894B0000-memory.dmp

Filesize
128KB

Download
memory/5600-2673-0x00007FFA891F0000-0x00007FFA89200000-memory.dmp

Filesize
64KB

Download
memory/5600-2674-0x00007FFA891F0000-0x00007FFA89200000-memory.dmp

Filesize
64KB

Download
memory/5600-2675-0x00007FFA89270000-0x00007FFA89280000-memory.dmp

Filesize
64KB

Download
memory/5600-2676-0x00007FFA89270000-0x00007FFA89280000-memory.dmp

Filesize
64KB

Download
memory/5600-2672-0x00007FFA89510000-0x00007FFA8951B000-memory.dmp

Filesize
44KB

Download
memory/5600-2671-0x00007FFA89490000-0x00007FFA894B0000-memory.dmp

Filesize
128KB

Download
memory/5600-2666-0x00007FFA89340000-0x00007FFA89350000-memory.dmp

Filesize
64KB

Download