Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://create.roblo...

windows11-21h2-x64

8

Analysis

  • max time kernel
    2699s
  • max time network
    2694s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03/09/2024, 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://create.roblox.com/landing

Score
8/10
adwaredefense_evasiondiscoveryevasionpersistenceprivilege_escalationstealertrojan

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Network Service Discovery 1 TTPs 1 IoCs

    Attempt to gather information on host's network.

    discovery
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Checks system information in the registry 2 TTPs 26 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 12 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 5 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://create.roblox.com/landing
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa4fd93cb8,0x7ffa4fd93cc8,0x7ffa4fd93cd8
      2⤵
        PID:3896
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
        2⤵
          PID:3308
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:5004
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
          2⤵
            PID:4480
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
            2⤵
              PID:1976
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
              2⤵
                PID:3832
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2404
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2772
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
                2⤵
                  PID:2340
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                  2⤵
                    PID:2676
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
                    2⤵
                      PID:2296
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
                      2⤵
                        PID:3804
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
                        2⤵
                          PID:4192
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
                          2⤵
                            PID:3496
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
                            2⤵
                              PID:4664
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6232 /prefetch:8
                              2⤵
                                PID:2140
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6344 /prefetch:8
                                2⤵
                                • Subvert Trust Controls: Mark-of-the-Web Bypass
                                • NTFS ADS
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2368
                              • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
                                "C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
                                2⤵
                                • Executes dropped EXE
                                • Checks whether UAC is enabled
                                • Drops file in Program Files directory
                                • System Location Discovery: System Language Discovery
                                • Enumerates system info in registry
                                • Modifies Internet Explorer settings
                                • Modifies registry class
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2256
                                • C:\Program Files (x86)\Roblox\Versions\version-a8766ccdec1d49d3\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                  MicrosoftEdgeWebview2Setup.exe /silent /install
                                  3⤵
                                  • Executes dropped EXE
                                  • System Location Discovery: System Language Discovery
                                  PID:3460
                                  • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\MicrosoftEdgeUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                    4⤵
                                    • Event Triggered Execution: Image File Execution Options Injection
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Checks system information in the registry
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:1204
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      PID:1016
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      • Modifies registry class
                                      PID:2344
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                        6⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Modifies registry class
                                        PID:4640
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                        6⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Modifies registry class
                                        PID:4616
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                        6⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Modifies registry class
                                        PID:3732
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODBEMzU1NEItNzkxQy00MjM0LUE1NzYtQTYzRThBMUIwMEYxfSIgdXNlcmlkPSJ7RkQyRTdFOTctMDE1Qi00MjQzLUIzRDAtNkU3MEY0ODUyRDEzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszNTQ4NEZFRS1CQTVELTQzNzctQTNFMC03RDdBRjk1OTQ2NER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUyNTk0NjU0NzAiIGluc3RhbGxfdGltZV9tcz0iNTgxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Checks system information in the registry
                                      • System Location Discovery: System Language Discovery
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      PID:3708
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{80D3554B-791C-4234-A576-A63E8A1B00F1}" /silent
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      PID:1176
                                • C:\Program Files (x86)\Roblox\Versions\version-a8766ccdec1d49d3\RobloxStudioBeta.exe
                                  "C:\Program Files (x86)\Roblox\Versions\version-a8766ccdec1d49d3\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
                                  3⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Checks whether UAC is enabled
                                  • Enumerates system info in registry
                                  • Suspicious behavior: AddClipboardFormatListener
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious behavior: GetForegroundWindowSpam
                                  • Suspicious use of SetWindowsHookEx
                                  PID:228
                                  • C:\Program Files (x86)\Roblox\Versions\version-a8766ccdec1d49d3\RobloxCrashHandler.exe
                                    "C:\Program Files (x86)\Roblox\Versions\version-a8766ccdec1d49d3\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.640.1.6400735_20240903T164821Z_Studio_40371_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.640.1.6400735_20240903T164821Z_Studio_40371_last.log --attachment=attachment_log_0.640.1.6400735_20240903T164821Z_Studio_40371_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.640.1.6400735_20240903T164821Z_Studio_40371_csg3.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.640.1.6400735 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=57f2af3bb86950918cc29b5bb59305ca86818ed9 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.640.1.6400735 --annotation=UniqueId=4242243316662202104 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.640.1.6400735 --annotation=host_arch=x86_64 --initial-client-data=0x5d4,0x5d8,0x5dc,0x53c,0x57c,0x7ff7ea8de2c0,0x7ff7ea8de2d8,0x7ff7ea8de2f0
                                    4⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    PID:2344
                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=228.3112.12932400321256333410
                                    4⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Checks system information in the registry
                                    • Drops file in Windows directory
                                    • Enumerates system info in registry
                                    • Modifies data under HKEY_USERS
                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                    • System policy modification
                                    PID:1348
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=128.0.2739.54 --initial-client-data=0x17c,0x180,0x184,0x158,0x18c,0x7ffa38729fd8,0x7ffa38729fe4,0x7ffa38729ff0
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:1904
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1788,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1784 /prefetch:2
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:2292
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2060,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:11
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:1620
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2180,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:13
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:3200
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3504,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:4696
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4276,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4304 /prefetch:1
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:5840
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3820,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:1
                                      5⤵
                                      • Executes dropped EXE
                                      PID:2400
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4352,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:5900
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5028,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3980 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:5284
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4804,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:5424
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4832,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:10
                                      5⤵
                                      • Executes dropped EXE
                                      PID:5932
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5048,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4956 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:1932
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4360,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4316 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:5752
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5024,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:2672
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4864,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:1
                                      5⤵
                                      • Executes dropped EXE
                                      PID:6064
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=776,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:2008
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5284,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:12
                                      5⤵
                                      • Executes dropped EXE
                                      PID:5164
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5300,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:1508
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5560,i,2432754558170279919,10216925006304193764,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:4944
                              • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
                                "C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
                                2⤵
                                • Executes dropped EXE
                                • System Location Discovery: System Language Discovery
                                • Enumerates system info in registry
                                PID:128
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1648 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3380
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,16550794047669581858,10921624426243098837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
                                2⤵
                                  PID:3224
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3136
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:852
                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                    1⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Checks system information in the registry
                                    • System Location Discovery: System Language Discovery
                                    • Modifies data under HKEY_USERS
                                    PID:132
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODBEMzU1NEItNzkxQy00MjM0LUE1NzYtQTYzRThBMUIwMEYxfSIgdXNlcmlkPSJ7RkQyRTdFOTctMDE1Qi00MjQzLUIzRDAtNkU3MEY0ODUyRDEzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1OTQyNzlGNS05OUYxLTRCNEYtOTFBRS1CMzU4ODU3MDNBQjl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTI2NDY0NTUwMCIvPjwvYXBwPjwvcmVxdWVzdD4
                                      2⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Checks system information in the registry
                                      • System Location Discovery: System Language Discovery
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      PID:2648
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F9F4CC90-668A-43ED-8037-0DB6CA98DB92}\MicrosoftEdge_X64_128.0.2739.54.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F9F4CC90-668A-43ED-8037-0DB6CA98DB92}\MicrosoftEdge_X64_128.0.2739.54.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                      2⤵
                                      • Executes dropped EXE
                                      PID:3724
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F9F4CC90-668A-43ED-8037-0DB6CA98DB92}\EDGEMITMP_98344.tmp\setup.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F9F4CC90-668A-43ED-8037-0DB6CA98DB92}\EDGEMITMP_98344.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F9F4CC90-668A-43ED-8037-0DB6CA98DB92}\MicrosoftEdge_X64_128.0.2739.54.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                        3⤵
                                        • Executes dropped EXE
                                        • Drops file in Program Files directory
                                        • Drops file in Windows directory
                                        PID:2340
                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F9F4CC90-668A-43ED-8037-0DB6CA98DB92}\EDGEMITMP_98344.tmp\setup.exe
                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F9F4CC90-668A-43ED-8037-0DB6CA98DB92}\EDGEMITMP_98344.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{F9F4CC90-668A-43ED-8037-0DB6CA98DB92}\EDGEMITMP_98344.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.54 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7dd8a06d8,0x7ff7dd8a06e4,0x7ff7dd8a06f0
                                          4⤵
                                          • Executes dropped EXE
                                          • Drops file in Windows directory
                                          PID:1524
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODBEMzU1NEItNzkxQy00MjM0LUE1NzYtQTYzRThBMUIwMEYxfSIgdXNlcmlkPSJ7RkQyRTdFOTctMDE1Qi00MjQzLUIzRDAtNkU3MEY0ODUyRDEzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDRTE3N0IxMS1EMzg4LTQ3QTgtOUYzNC1BMzdDMkIzNkRCNkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjguMC4yNzM5LjU0IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Mjc5MDQ1Nzg4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTI3OTEwNTUxMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0NzM5NTU3ODciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzZlMjFkZjA5LWQ5MDktNDU3NS04ZTI0LWQ5NDU5MDllNThkZj9QMT0xNzI1OTg2ODM2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PW5EdDlKQUl3OWtydHJEclE5Nm9paWRLY0hjWDIydE50SXowRCUyZnlRSHlMZFk5YUh5QTRIejBOamFiNlUzNHpxbjlPZlklMmI5SVlrRU16eUJXOEVqbCUyYnBnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczNzkyODY0IiB0b3RhbD0iMTczNzkyODY0IiBkb3dubG9hZF90aW1lX21zPSIxMzI3NSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0NzQxODU2MDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NDg4MTE1NzY3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1OTI2ODE1ODE4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iOTc1IiBkb3dubG9hZF90aW1lX21zPSIxOTQ5OCIgZG93bmxvYWRlZD0iMTczNzkyODY0IiB0b3RhbD0iMTczNzkyODY0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0Mzg2NSIvPjwvYXBwPjwvcmVxdWVzdD4
                                      2⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Checks system information in the registry
                                      • System Location Discovery: System Language Discovery
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      PID:4004
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:3484
                                    • C:\Windows\System32\GameBarPresenceWriter.exe
                                      "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
                                      1⤵
                                      • Network Service Discovery
                                      PID:5016
                                    • C:\Windows\system32\OpenWith.exe
                                      C:\Windows\system32\OpenWith.exe -Embedding
                                      1⤵
                                      • Suspicious use of SetWindowsHookEx
                                      PID:3648
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
                                      1⤵
                                      • Drops desktop.ini file(s)
                                      • Checks processor information in registry
                                      PID:5304
                                    • C:\Windows\system32\AUDIODG.EXE
                                      C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004BC
                                      1⤵
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:4588
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
                                      1⤵
                                      • Checks processor information in registry
                                      PID:5944
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                      1⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:5220
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                      1⤵
                                      • Executes dropped EXE
                                      • Checks system information in the registry
                                      • System Location Discovery: System Language Discovery
                                      • Modifies data under HKEY_USERS
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:5264
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{642B2917-1D37-4AFC-AA34-85B5F298B3A1}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{642B2917-1D37-4AFC-AA34-85B5F298B3A1}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe" /update /sessionid "{71127407-5AEB-484D-BB82-3C8155B7FA99}"
                                        2⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        PID:2392
                                        • C:\Program Files (x86)\Microsoft\Temp\EU8792.tmp\MicrosoftEdgeUpdate.exe
                                          "C:\Program Files (x86)\Microsoft\Temp\EU8792.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{71127407-5AEB-484D-BB82-3C8155B7FA99}"
                                          3⤵
                                          • Event Triggered Execution: Image File Execution Options Injection
                                          • Executes dropped EXE
                                          • Checks system information in the registry
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:2856
                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                            4⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            • Modifies registry class
                                            PID:5596
                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                            4⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            • Modifies registry class
                                            PID:5588
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                              5⤵
                                              • Executes dropped EXE
                                              • Modifies registry class
                                              PID:1888
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                              5⤵
                                              • Executes dropped EXE
                                              • Modifies registry class
                                              PID:5652
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                              5⤵
                                              • Executes dropped EXE
                                              • Modifies registry class
                                              PID:6056
                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzExMjc0MDctNUFFQi00ODRELUJCODItM0M4MTU1QjdGQTk5fSIgdXNlcmlkPSJ7RkQyRTdFOTctMDE1Qi00MjQzLUIzRDAtNkU3MEY0ODUyRDEzfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QkJDMEU5MjYtQ0NCNC00RTI4LTk1RTUtRUUzNTI2N0M5NjZBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjUzODIwMzMiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2MzA1Mjg2NTYiLz48L2FwcD48L3JlcXVlc3Q-
                                            4⤵
                                            • Executes dropped EXE
                                            • Checks system information in the registry
                                            • System Location Discovery: System Language Discovery
                                            • System Network Configuration Discovery: Internet Connection Discovery
                                            PID:5956
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NzExMjc0MDctNUFFQi00ODRELUJCODItM0M4MTU1QjdGQTk5fSIgdXNlcmlkPSJ7RkQyRTdFOTctMDE1Qi00MjQzLUIzRDAtNkU3MEY0ODUyRDEzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsxNDkxRTYzOS1CMDhGLTRGMjItOTQxOS05MUY5N0FGQTI5NDB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2MDQyMzg0MzAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODYwNDI3ODM1NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODYxMDkyODYzOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyM2ZhN2Y3LTQ0NDUtNDEzNy04MmVjLTcxNTI4OTQ5MTgyYT9QMT0xNzI1OTg3MTY5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PU1kTGdONjZJeklJMmUwN21yRmhUTXdJWFVVc3pObjNUdURyZlF0dTlLSmtSbW8yd1JFbGZMMVRSOEdRTE5Bb2hLbk5UVlNubVNOVW1sWkRJJTJmJTJmdjVjQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg2MTA5NDg0MDUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyM2ZhN2Y3LTQ0NDUtNDEzNy04MmVjLTcxNTI4OTQ5MTgyYT9QMT0xNzI1OTg3MTY5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PU1kTGdONjZJeklJMmUwN21yRmhUTXdJWFVVc3pObjNUdURyZlF0dTlLSmtSbW8yd1JFbGZMMVRSOEdRTE5Bb2hLbk5UVlNubVNOVW1sWkRJJTJmJTJmdjVjQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2NDUxMTIiIHRvdGFsPSIxNjQ1MTEyIiBkb3dubG9hZF90aW1lX21zPSI1OTYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODYxMDk1ODQyNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjE2MTM4NDQwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5MC4wLjgxOC42NiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2OTg1NTU3MzcwNjI2MTAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyOC4wLjI3MzkuNTQiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgdXBkYXRlX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2OTg1NTcwNjczODA3MTAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0ZCQjc2RDkwLUQ5QkUtNDRCQi04RTIyLTY1MEVDQjNGOTkwOH0iLz48L2FwcD48L3JlcXVlc3Q-
                                        2⤵
                                        • Executes dropped EXE
                                        • Checks system information in the registry
                                        • System Location Discovery: System Language Discovery
                                        • System Network Configuration Discovery: Internet Connection Discovery
                                        PID:5928
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                      1⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:3344
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                      1⤵
                                      • Executes dropped EXE
                                      • Checks system information in the registry
                                      • System Location Discovery: System Language Discovery
                                      • Modifies data under HKEY_USERS
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:3760
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTg3NzVDQjgtNTg3MC00MjNGLUEwRTEtRTMzRTk1NjVCOTYwfSIgdXNlcmlkPSJ7RkQyRTdFOTctMDE1Qi00MjQzLUIzRDAtNkU3MEY0ODUyRDEzfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MUFFMDVBNTktMzI0OS00NUZGLUJBNkQtQ0VBQjdFOUIyNjQxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7SjdWaVpqYk55eDFHVnJIVytSZC9QZ1Zpem5GK3RxeGlVdFdYb0Z0SWhmVT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjMyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjI2MTI5MzMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM2NzA4NTU1NzYzMDM5MzUiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTE0MzI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc0ODI5Mjk4NSIvPjwvYXBwPjwvcmVxdWVzdD4
                                        2⤵
                                        • Executes dropped EXE
                                        • Checks system information in the registry
                                        • System Location Discovery: System Language Discovery
                                        • System Network Configuration Discovery: Internet Connection Discovery
                                        PID:5328
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\MicrosoftEdge_X64_128.0.2739.54.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\MicrosoftEdge_X64_128.0.2739.54.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                        2⤵
                                        • Executes dropped EXE
                                        PID:6080
                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\EDGEMITMP_82FAA.tmp\setup.exe
                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\EDGEMITMP_82FAA.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\MicrosoftEdge_X64_128.0.2739.54.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                          3⤵
                                          • Boot or Logon Autostart Execution: Active Setup
                                          • Executes dropped EXE
                                          • Installs/modifies Browser Helper Object
                                          • Drops file in Windows directory
                                          • Modifies Internet Explorer settings
                                          • Modifies registry class
                                          • Suspicious use of AdjustPrivilegeToken
                                          • System policy modification
                                          PID:5812
                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\EDGEMITMP_82FAA.tmp\setup.exe
                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\EDGEMITMP_82FAA.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\EDGEMITMP_82FAA.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.54 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7133206d8,0x7ff7133206e4,0x7ff7133206f0
                                            4⤵
                                            • Executes dropped EXE
                                            • Drops file in Windows directory
                                            PID:5540
                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\EDGEMITMP_82FAA.tmp\setup.exe
                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\EDGEMITMP_82FAA.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                            4⤵
                                            • Executes dropped EXE
                                            • Drops file in System32 directory
                                            • Drops file in Windows directory
                                            • Modifies data under HKEY_USERS
                                            PID:5732
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\EDGEMITMP_82FAA.tmp\setup.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\EDGEMITMP_82FAA.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\EDGEMITMP_82FAA.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.54 --initial-client-data=0x234,0x250,0x254,0x1f4,0x258,0x7ff7133206d8,0x7ff7133206e4,0x7ff7133206f0
                                              5⤵
                                              • Executes dropped EXE
                                              • Drops file in Windows directory
                                              PID:5108
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                                            4⤵
                                            • Executes dropped EXE
                                            PID:1824
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.54 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff79d9006d8,0x7ff79d9006e4,0x7ff79d9006f0
                                              5⤵
                                              • Executes dropped EXE
                                              • Drops file in Windows directory
                                              PID:2488
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
                                            4⤵
                                            • Executes dropped EXE
                                            • Drops file in Windows directory
                                            PID:3376
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.54 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff79d9006d8,0x7ff79d9006e4,0x7ff79d9006f0
                                              5⤵
                                              • Executes dropped EXE
                                              • Drops file in Windows directory
                                              PID:1912
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTg3NzVDQjgtNTg3MC00MjNGLUEwRTEtRTMzRTk1NjVCOTYwfSIgdXNlcmlkPSJ7RkQyRTdFOTctMDE1Qi00MjQzLUIzRDAtNkU3MEY0ODUyRDEzfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0NkRDMkUyQy1BQzNCLTQ1N0EtQkM3MC03NzM2N0U0MzMwMDd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjE1IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC45NCI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjQ1NSIgcGluZ19mcmVzaG5lc3M9IntDNTExRDE5Ri0yNkE0LTQxN0UtQTk1Ny0wRjM3NTk2OTY2QzV9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iMTI4LjAuMjczOS41NCIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjk4NTU1NzM3MDYyNjEwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc1Njk1Mjk4NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc1Njk4Mjg4NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc4NDczMjcyNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTc5ODQzMzEzOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTIxNTMxMjI5MjMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIzODciIGRvd25sb2FkZWQ9IjE3Mzc5Mjg2NCIgdG90YWw9IjE3Mzc5Mjg2NCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjIiIGluc3RhbGxfdGltZV9tcz0iMzU0NjQiLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2NDU1IiBwaW5nX2ZyZXNobmVzcz0ie0Y2OTQ4MUU0LTQ2QjUtNEREMC05MDQyLTAzMjQ3QjMxMzM0Rn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI4LjAuMjczOS41NCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBjb2hvcnQ9InJyZkAwLjI5IiB1cGRhdGVfY291bnQ9IjEiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2OTg1NTcwNjczODA3MTAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIwIiByZD0iNjQ1NSIgcGluZ19mcmVzaG5lc3M9Ins0RUVFMTREMC0yMjVCLTQwRDgtQTBBMy1DNTk5NTI2N0U4OUF9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                        2⤵
                                        • Executes dropped EXE
                                        • Checks system information in the registry
                                        • System Location Discovery: System Language Discovery
                                        • System Network Configuration Discovery: Internet Connection Discovery
                                        PID:2436
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c
                                      1⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:404

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Reconnaissance

                                    Resource Development

                                    Initial Access

                                    Execution

                                    Persistence

                                    Boot or Logon Autostart Execution

                                    1
                                    T1547

                                    Active Setup

                                    1
                                    T1547.014

                                    Browser Extensions

                                    1
                                    T1176

                                    Event Triggered Execution

                                    2
                                    T1546

                                    Component Object Model Hijacking

                                    1
                                    T1546.015

                                    Image File Execution Options Injection

                                    1
                                    T1546.012

                                    Privilege Escalation

                                    Boot or Logon Autostart Execution

                                    1
                                    T1547

                                    Active Setup

                                    1
                                    T1547.014

                                    Event Triggered Execution

                                    2
                                    T1546

                                    Component Object Model Hijacking

                                    1
                                    T1546.015

                                    Image File Execution Options Injection

                                    1
                                    T1546.012

                                    Defense Evasion

                                    Modify Registry

                                    4
                                    T1112

                                    Subvert Trust Controls

                                    1
                                    T1553

                                    SIP and Trust Provider Hijacking

                                    1
                                    T1553.003

                                    Credential Access

                                    Discovery

                                    Browser Information Discovery

                                    1
                                    T1217

                                    Network Service Discovery

                                    1
                                    T1046

                                    Network Share Discovery

                                    1
                                    T1135

                                    Query Registry

                                    5
                                    T1012

                                    System Information Discovery

                                    5
                                    T1082

                                    System Location Discovery

                                    1
                                    T1614

                                    System Language Discovery

                                    1
                                    T1614.001

                                    System Network Configuration Discovery

                                    1
                                    T1016

                                    Internet Connection Discovery

                                    1
                                    T1016.001

                                    Lateral Movement

                                    Collection

                                    Command and Control

                                    Exfiltration

                                    Impact

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.54\Installer\setup.exe
                                      Filesize

                                      6.6MB

                                      MD5

                                      179438f9d59850f9810b884efaae32f6

                                      SHA1

                                      63d91c28509aca46120cebaf93903320943c9b16

                                      SHA256

                                      b03811daebe54e9832cd00a574b3ffc52119f7275d8f56c322c199215c5a0b7f

                                      SHA512

                                      822ef4662274de1d8f8e0eefa98878889a7747223d769584ddb898a5a8d4b75602a01719e9729490ef5dc0a7fef5f789d0d76afa1a3002fac60aebd59ec29f20

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.15\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
                                      Filesize

                                      1.6MB

                                      MD5

                                      90decc230b529e4fd7e5fa709e575e76

                                      SHA1

                                      aa48b58cf2293dad5854431448385e583b53652c

                                      SHA256

                                      91f0deec7d7319e57477b74a7a5f4d17c15eb2924b53e05a5998d67ecc8201f2

                                      SHA512

                                      15c0c5ef077d5aca08c067afbc8865ad267abd7b82049655276724bce7f09c16f52d13d69d1449888d8075e13125ff8f880a0d92adc9b65a5171740a7c72df03

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{08A61D42-8427-4C76-9654-DEBD58C67845}\EDGEMITMP_82FAA.tmp\SETUP.EX_
                                      Filesize

                                      2.6MB

                                      MD5

                                      74571c9aff126bbbc5f80d917255a36f

                                      SHA1

                                      dc98df47e668015111c14a1253d89ed350231982

                                      SHA256

                                      f1c46bc07e31a6c8689e39f3e8aa277713dc5aa95186a0c88f60698109345b98

                                      SHA512

                                      59d2fdfa089e6e98c71b62b68f1084e707eb4060f792aba5471891ce0be6c2953fc105c2b9c9723e4b66bfbc555154fd7b28f18bad6f1c5410f3aaab7acdfcc4

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\EdgeUpdate.dat
                                      Filesize

                                      12KB

                                      MD5

                                      369bbc37cff290adb8963dc5e518b9b8

                                      SHA1

                                      de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                      SHA256

                                      3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                      SHA512

                                      4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                      Filesize

                                      179KB

                                      MD5

                                      7a160c6016922713345454265807f08d

                                      SHA1

                                      e36ee184edd449252eb2dfd3016d5b0d2edad3c6

                                      SHA256

                                      35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

                                      SHA512

                                      c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\MicrosoftEdgeUpdate.exe
                                      Filesize

                                      201KB

                                      MD5

                                      4dc57ab56e37cd05e81f0d8aaafc5179

                                      SHA1

                                      494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                      SHA256

                                      87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                      SHA512

                                      320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                      Filesize

                                      212KB

                                      MD5

                                      60dba9b06b56e58f5aea1a4149c743d2

                                      SHA1

                                      a7e456acf64dd99ca30259cf45b88cf2515a69b3

                                      SHA256

                                      4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

                                      SHA512

                                      e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\MicrosoftEdgeUpdateCore.exe
                                      Filesize

                                      257KB

                                      MD5

                                      c044dcfa4d518df8fc9d4a161d49cece

                                      SHA1

                                      91bd4e933b22c010454fd6d3e3b042ab6e8b2149

                                      SHA256

                                      9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

                                      SHA512

                                      f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\NOTICE.TXT
                                      Filesize

                                      4KB

                                      MD5

                                      6dd5bf0743f2366a0bdd37e302783bcd

                                      SHA1

                                      e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                      SHA256

                                      91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                      SHA512

                                      f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdate.dll
                                      Filesize

                                      2.0MB

                                      MD5

                                      965b3af7886e7bf6584488658c050ca2

                                      SHA1

                                      72daabdde7cd500c483d0eeecb1bd19708f8e4a5

                                      SHA256

                                      d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

                                      SHA512

                                      1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_af.dll
                                      Filesize

                                      28KB

                                      MD5

                                      567aec2d42d02675eb515bbd852be7db

                                      SHA1

                                      66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

                                      SHA256

                                      a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

                                      SHA512

                                      3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_am.dll
                                      Filesize

                                      24KB

                                      MD5

                                      f6c1324070b6c4e2a8f8921652bfbdfa

                                      SHA1

                                      988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

                                      SHA256

                                      986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

                                      SHA512

                                      63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_ar.dll
                                      Filesize

                                      26KB

                                      MD5

                                      570efe7aa117a1f98c7a682f8112cb6d

                                      SHA1

                                      536e7c49e24e9aa068a021a8f258e3e4e69fa64f

                                      SHA256

                                      e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

                                      SHA512

                                      5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_as.dll
                                      Filesize

                                      28KB

                                      MD5

                                      a8d3210e34bf6f63a35590245c16bc1b

                                      SHA1

                                      f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

                                      SHA256

                                      3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

                                      SHA512

                                      6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_az.dll
                                      Filesize

                                      29KB

                                      MD5

                                      7937c407ebe21170daf0975779f1aa49

                                      SHA1

                                      4c2a40e76209abd2492dfaaf65ef24de72291346

                                      SHA256

                                      5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

                                      SHA512

                                      8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_bg.dll
                                      Filesize

                                      29KB

                                      MD5

                                      8375b1b756b2a74a12def575351e6bbd

                                      SHA1

                                      802ec096425dc1cab723d4cf2fd1a868315d3727

                                      SHA256

                                      a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

                                      SHA512

                                      aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_bn-IN.dll
                                      Filesize

                                      29KB

                                      MD5

                                      a94cf5e8b1708a43393263a33e739edd

                                      SHA1

                                      1068868bdc271a52aaae6f749028ed3170b09cce

                                      SHA256

                                      5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

                                      SHA512

                                      920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_bn.dll
                                      Filesize

                                      29KB

                                      MD5

                                      7dc58c4e27eaf84ae9984cff2cc16235

                                      SHA1

                                      3f53499ddc487658932a8c2bcf562ba32afd3bda

                                      SHA256

                                      e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

                                      SHA512

                                      bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_bs.dll
                                      Filesize

                                      28KB

                                      MD5

                                      e338dccaa43962697db9f67e0265a3fc

                                      SHA1

                                      4c6c327efc12d21c4299df7b97bf2c45840e0d83

                                      SHA256

                                      99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

                                      SHA512

                                      e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                                      Filesize

                                      29KB

                                      MD5

                                      2929e8d496d95739f207b9f59b13f925

                                      SHA1

                                      7c1c574194d9e31ca91e2a21a5c671e5e95c734c

                                      SHA256

                                      2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

                                      SHA512

                                      ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_ca.dll
                                      Filesize

                                      30KB

                                      MD5

                                      39551d8d284c108a17dc5f74a7084bb5

                                      SHA1

                                      6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

                                      SHA256

                                      8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

                                      SHA512

                                      6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_cs.dll
                                      Filesize

                                      28KB

                                      MD5

                                      16c84ad1222284f40968a851f541d6bb

                                      SHA1

                                      bc26d50e15ccaed6a5fbe801943117269b3b8e6b

                                      SHA256

                                      e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

                                      SHA512

                                      d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_cy.dll
                                      Filesize

                                      28KB

                                      MD5

                                      34d991980016595b803d212dc356d765

                                      SHA1

                                      e3a35df6488c3463c2a7adf89029e1dd8308f816

                                      SHA256

                                      252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

                                      SHA512

                                      8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_da.dll
                                      Filesize

                                      28KB

                                      MD5

                                      d34380d302b16eab40d5b63cfb4ed0fe

                                      SHA1

                                      1d3047119e353a55dc215666f2b7b69f0ede775b

                                      SHA256

                                      fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

                                      SHA512

                                      45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_de.dll
                                      Filesize

                                      30KB

                                      MD5

                                      aab01f0d7bdc51b190f27ce58701c1da

                                      SHA1

                                      1a21aabab0875651efd974100a81cda52c462997

                                      SHA256

                                      061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

                                      SHA512

                                      5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_el.dll
                                      Filesize

                                      30KB

                                      MD5

                                      ac275b6e825c3bd87d96b52eac36c0f6

                                      SHA1

                                      29e537d81f5d997285b62cd2efea088c3284d18f

                                      SHA256

                                      223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

                                      SHA512

                                      bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_en-GB.dll
                                      Filesize

                                      27KB

                                      MD5

                                      d749e093f263244d276b6ffcf4ef4b42

                                      SHA1

                                      69f024c769632cdbb019943552bac5281d4cbe05

                                      SHA256

                                      fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

                                      SHA512

                                      48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_en.dll
                                      Filesize

                                      27KB

                                      MD5

                                      4a1e3cf488e998ef4d22ac25ccc520a5

                                      SHA1

                                      dc568a6e3c9465474ef0d761581c733b3371b1cd

                                      SHA256

                                      9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

                                      SHA512

                                      ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_es-419.dll
                                      Filesize

                                      29KB

                                      MD5

                                      28fefc59008ef0325682a0611f8dba70

                                      SHA1

                                      f528803c731c11d8d92c5660cb4125c26bb75265

                                      SHA256

                                      55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

                                      SHA512

                                      2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_es.dll
                                      Filesize

                                      28KB

                                      MD5

                                      9db7f66f9dc417ebba021bc45af5d34b

                                      SHA1

                                      6815318b05019f521d65f6046cf340ad88e40971

                                      SHA256

                                      e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

                                      SHA512

                                      943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_et.dll
                                      Filesize

                                      28KB

                                      MD5

                                      b78cba3088ecdc571412955742ea560b

                                      SHA1

                                      bc04cf9014cec5b9f240235b5ff0f29dbdb22926

                                      SHA256

                                      f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

                                      SHA512

                                      04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_eu.dll
                                      Filesize

                                      28KB

                                      MD5

                                      a7e1f4f482522a647311735699bec186

                                      SHA1

                                      3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

                                      SHA256

                                      e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

                                      SHA512

                                      22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_fa.dll
                                      Filesize

                                      27KB

                                      MD5

                                      cbe3454843ce2f36201460e316af1404

                                      SHA1

                                      0883394c28cb60be8276cb690496318fcabea424

                                      SHA256

                                      c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

                                      SHA512

                                      f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_fi.dll
                                      Filesize

                                      28KB

                                      MD5

                                      d45f2d476ed78fa3e30f16e11c1c61ea

                                      SHA1

                                      8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

                                      SHA256

                                      acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

                                      SHA512

                                      2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_fil.dll
                                      Filesize

                                      29KB

                                      MD5

                                      7c66526dc65de144f3444556c3dba7b8

                                      SHA1

                                      6721a1f45ac779e82eecc9a584bcf4bcee365940

                                      SHA256

                                      e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

                                      SHA512

                                      dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_fr-CA.dll
                                      Filesize

                                      30KB

                                      MD5

                                      b534e068001e8729faf212ad3c0da16c

                                      SHA1

                                      999fa33c5ea856d305cc359c18ea8e994a83f7a9

                                      SHA256

                                      445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511

                                      SHA512

                                      e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_fr.dll
                                      Filesize

                                      30KB

                                      MD5

                                      64c47a66830992f0bdfd05036a290498

                                      SHA1

                                      88b1b8faa511ee9f4a0e944a0289db48a8680640

                                      SHA256

                                      a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961

                                      SHA512

                                      426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_ga.dll
                                      Filesize

                                      28KB

                                      MD5

                                      3b8a5301c4cf21b439953c97bd3c441c

                                      SHA1

                                      8a7b48bb3d75279de5f5eb88b5a83437c9a2014a

                                      SHA256

                                      abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0

                                      SHA512

                                      068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_gd.dll
                                      Filesize

                                      30KB

                                      MD5

                                      c90f33303c5bd706776e90c12aefabee

                                      SHA1

                                      1965550fe34b68ea37a24c8708eef1a0d561fb11

                                      SHA256

                                      e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c

                                      SHA512

                                      b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_gl.dll
                                      Filesize

                                      28KB

                                      MD5

                                      84a1cea9a31be831155aa1e12518e446

                                      SHA1

                                      670f4edd4dc8df97af8925f56241375757afb3da

                                      SHA256

                                      e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57

                                      SHA512

                                      5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_gu.dll
                                      Filesize

                                      28KB

                                      MD5

                                      f9646357cf6ce93d7ba9cfb3fa362928

                                      SHA1

                                      a072cc350ea8ea6d8a01af335691057132b04025

                                      SHA256

                                      838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150

                                      SHA512

                                      654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_hi.dll
                                      Filesize

                                      28KB

                                      MD5

                                      34cbaeb5ec7984362a3dabe5c14a08ec

                                      SHA1

                                      d88ec7ac1997b7355e81226444ec4740b69670d7

                                      SHA256

                                      024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9

                                      SHA512

                                      008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_hr.dll
                                      Filesize

                                      29KB

                                      MD5

                                      0b475965c311203bf3a592be2f5d5e00

                                      SHA1

                                      b5ff1957c0903a93737666dee0920b1043ddaf70

                                      SHA256

                                      65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0

                                      SHA512

                                      bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_hu.dll
                                      Filesize

                                      29KB

                                      MD5

                                      f4976c580ba37fc9079693ebf5234fea

                                      SHA1

                                      7326d2aa8f6109084728323d44a7fb975fc1ed3f

                                      SHA256

                                      b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791

                                      SHA512

                                      e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_id.dll
                                      Filesize

                                      27KB

                                      MD5

                                      03d4c35b188204f62fc1c46320e80802

                                      SHA1

                                      07efb737c8b072f71b3892b807df8c895b20868c

                                      SHA256

                                      192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95

                                      SHA512

                                      7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1

                                      Download Submit

                                    • C:\Program Files (x86)\Microsoft\Temp\EU64A1.tmp\msedgeupdateres_is.dll
                                      Filesize

                                      28KB

                                      MD5

                                      5664c7a059ceb096d4cdaae6e2b96b8f

                                      SHA1

                                      bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec

                                      SHA256

                                      a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e

                                      SHA512

                                      015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8

                                      Download Submit

                                    • C:\Program Files (x86)\Roblox\Versions\version-a8766ccdec1d49d3\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                      Filesize

                                      1.5MB

                                      MD5

                                      610b1b60dc8729bad759c92f82ee2804

                                      SHA1

                                      9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

                                      SHA256

                                      921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

                                      SHA512

                                      0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

                                      Download Submit

                                    • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                      Filesize

                                      14KB

                                      MD5

                                      8726aacf5c47c9cf5b5509ad37c884ea

                                      SHA1

                                      a2ad5d7c33c6b33df858b697dfe9e743750168b4

                                      SHA256

                                      58394287ebbba3f1ce2cde1f1c88601cfd9281e9d75b39fd7e24afd83da3ef02

                                      SHA512

                                      e8d20dd9017c6c6fbc224ec4732b1c0bfb33ec5c42baaf9b6f63847ea8c70af85c8899e497aae19d15e51cb39757c2e6ca06f6c698f459501c93f165ae3bc5b9

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      3e681bda746d695b173a54033103efa8

                                      SHA1

                                      ae07be487e65914bb068174b99660fb8deb11a1d

                                      SHA256

                                      fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2

                                      SHA512

                                      0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      9f081a02d8bbd5d800828ed8c769f5d9

                                      SHA1

                                      978d807096b7e7a4962a001b7bba6b2e77ce419a

                                      SHA256

                                      a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e

                                      SHA512

                                      7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      2KB

                                      MD5

                                      9641578755c22b971bb267ffb68fa402

                                      SHA1

                                      a29146a42bc93b0373b0b389048a8056ebf29d2c

                                      SHA256

                                      01a353b299666a29639298b618c358774e39bbc1075b6c39d80491a746626127

                                      SHA512

                                      9a8c837281f74f1529fee1c59b4f9550d9a66c10467f6dc3c44f3f594eeeb6c9b1811f16e69d2694dfb43862cf3eed48f6ed4963f1bcae8e6e75cdafa276b67a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      384B

                                      MD5

                                      6da83776c0ee07f12c5c1f9304f6ab65

                                      SHA1

                                      58768d9d8faf98f553fe3bba3976a4ef5d8e9319

                                      SHA256

                                      fccb4ba7a04495b45b525b3febccf59789082d5f1a0f0caa3ab7018ab9b0d486

                                      SHA512

                                      c1e0d6e5650f463d040dbfc72026b1d5055e88ec666db8e60020f29ad28ce3b84bf62b07a0f321761d40f3e2b6b51d652cdf93df04d11455e03c6186abaa3549

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      d8fadb2a64e7cbf87af4b695b18fd91e

                                      SHA1

                                      5685cef6f2de1395bb8d1bfc0cbdf1e7e67c0bab

                                      SHA256

                                      451cf8ba0bb94fc577c08ef5b4e0c5447ae5bd0fe5b101ccd204f11281c1c492

                                      SHA512

                                      1d3edf098b66e95f3f9fe103a21ae56379bb418eed94dfa6b3c241960f244433a24a972b63af7d648164186b09f0a5760c942e0014bf286694156e898b1b34b9

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      598049ad3e9dfe3389823a5da6477075

                                      SHA1

                                      ce98934e43dc6bacba18f5c4d2d24e10ac3c7591

                                      SHA256

                                      6b0a6873f92fcdb01747095f69881be5b7a0605ba838eb57eec9cf9198dbea01

                                      SHA512

                                      3d8027f09b1a077f54da1dcb370256d3dd09721150b95ee8701e893220b6f0f8f40938eb07b0577d334cc846d424905d9b37a0102b67ff887f7f71b26f9468fa

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      115b5b528f0746f63571ecfb4fb0d3c5

                                      SHA1

                                      5354180f85ed06648221c2b194ee5322914743b5

                                      SHA256

                                      baee53923e8d73dd864131f100adcba72f2824282c1bb1c2b3c245b335cf52f1

                                      SHA512

                                      182a974e7e9d2bc4c6235ae37a3e1d07c382947cf00d538ef6ed8a022902296bb417a0dfd66337f494f9c875a6bcbcea7e4cde8357bf5d0ab41a3be8b8fee2fc

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      20bc3e842a33f09de10d3e7fb0802aeb

                                      SHA1

                                      81e6b348303400ce0e8b6a03c322d55ecf982d23

                                      SHA256

                                      2f3b7856893b76df16308eefd1f664ae14e88e67f21e0b6ee1f1621d4063d97d

                                      SHA512

                                      61b4016b15f1e135f386de480f26074ecf035af717c8382096a24f353ec4b599b360ce8fea3d711485920c1c0dba8e1a4edb040135b1ea4adb60b49445974d49

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      b54db1422c65568d6931cbf3ecc0e883

                                      SHA1

                                      c100a69136bf604d2b3e60ba75d082ef87a5cf0f

                                      SHA256

                                      570df11f928f1b127c0c4fa32d3722962f1e07425f303a70f022d7b4601c8618

                                      SHA512

                                      8379b0d756badbb86e1809009c473c3e7b0e2da9ffcec35811448b2043cb90e46a9dd7a8fd691fa869cedf56ddb914f1aab5f4b8dfd7c9f27d6773257a46d0ee

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      dc15ce0f5b51a9eac25d62c55f749715

                                      SHA1

                                      5b655a7eee13b69be1315879cb1145f47fe730b2

                                      SHA256

                                      a334d631750dfc25eee7eeeef04b40d10e9ea3f28b1d5f6188c5791a7b6cda18

                                      SHA512

                                      c03ead8cf782c66682f211692d34cd1621939173a404da1f5289bf05fccce9e0b12b6389bff827e3bdde43223ce7959601011e593f594e0a23a2bf8a7ea2f0d6

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      3KB

                                      MD5

                                      f7cb8c2c1c5861976b3db9e406deeab0

                                      SHA1

                                      51c3674af131cfa6908f3d6f7274ab33dacd3ee9

                                      SHA256

                                      6fb10e3bebf6443cbfef724953181fcc47f8b7329bf1c94655288b78c7ce7503

                                      SHA512

                                      1d4e29265f411b329872511e032d5e3ae2628be406e0de6cac3491ec2bd959d8ae2e833243c0e3f985090b095920aee240d920e4fe2aa15e995c6f959a85774b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      3KB

                                      MD5

                                      9b0f08943d8a1aa50cc4e96d1b88ad32

                                      SHA1

                                      e2ad43ebf5da392289b484471dfca4389a0bc564

                                      SHA256

                                      01816939296dd63bcb389897ae2a830a45e5fb51a0bffe72c860f7a457487f14

                                      SHA512

                                      d40a2f8eeff7ac2b6bf835fe533f31d065b55d7e71e6ba71d6e178c5456a093784e54099597b442284fc151c0a61b99c22fdbcf2b7fbb21c34133cdccbb0d658

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      3KB

                                      MD5

                                      938a7a2ca2762e443be65b072282ec15

                                      SHA1

                                      eaddd67f830ac5a3aa824cfb8bda9cd8949f4c63

                                      SHA256

                                      9425aa41f1fbc29301d6309a572af14589741c326836c03ad76b2f3af83082ed

                                      SHA512

                                      44a574731ac85f3f22fdba7d2c2bb76b5ea89e8750d0dbf28e1597a1f99c375f89b869f969c4cec0009cdd7c442c0e43bbcb3c9cec94c9167ac547be52496f65

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      2KB

                                      MD5

                                      d487c2adc43b73ccaf7c5206522643cf

                                      SHA1

                                      f4ece994ed6e694129e3885e195208926ebf0e7e

                                      SHA256

                                      23aa01afa147674e0449d0e184379695cd02d0143bd8e228645d3f5d0ee4b5fc

                                      SHA512

                                      3bba1bcd24dfc51efb385bceb97a98ab014f3a33031741367cf760f7b47d5414793bccb74478213e2a752e840eea45477f77fc9e3761a821970ca410fc60ca2a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      3KB

                                      MD5

                                      6a189c60fc645520b97ac7a05211384d

                                      SHA1

                                      4164ce9f53a7ab03c7a3ce80c3ea61cd3c9aac18

                                      SHA256

                                      7243237358f18c23c8d6cc257e3fff5039b7c273072bc1259c510feda4ff6471

                                      SHA512

                                      fa6fbd6dacf957569ca6a048d168b4935ed5394b5f9ed795d1299586ca0d6a45590d432f993e817d895d893f061483772b727ce5453dab67a3d296816e66b8c9

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d570.TMP
                                      Filesize

                                      2KB

                                      MD5

                                      845bb1005de5c612f5b7a45bc1b52327

                                      SHA1

                                      10724c9060b6aea96ecf7bbba21e4cbae7908b42

                                      SHA256

                                      0a33696737d36677cf88f9cd4399c6f96762ae225513ef53248f030361838fcf

                                      SHA512

                                      74c27b1a8ebdabcab0ed6250bc1774cd095844de1e9c853d146b73eebdddb583b390e56e8d219919480077b59d92e8c0aededc20541d2871560e55a127361b99

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      206702161f94c5cd39fadd03f4014d98

                                      SHA1

                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                      SHA256

                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                      SHA512

                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      2ea08fda7c9d56dc8b62762ef79862c8

                                      SHA1

                                      86c95ccb4a17586d24e76dd71876d64d19592f69

                                      SHA256

                                      5f972f5b4e855fd82e26e2685ac41b9ca620aa56ac76edeca9a237765551e319

                                      SHA512

                                      6cd7ea3a5fdad66ab0c440b1ed417d612e4711f25d88790bb43f4bdd2c56b926a34b946680bf17d95cd4b406a10752ab09c5aabb46e5b79c1c0fb4484afb57cc

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      cb06d54d8b76f5d08940da3b71622aa6

                                      SHA1

                                      aad4e80c7027e148f7c7077498eab1bafa435479

                                      SHA256

                                      e6da9472e5940d90a13fc0d5fd1538f8d6138009b19b44dcb1b7ec3a81a4290d

                                      SHA512

                                      05de8453d0ac5113e3ec730a3faf12e10aeedf6abf4ebe9dacf4cc9af8dac52a69138a7c316e655f1c58b6ee5869a9de6a0289b4f99dc1d592ffab3929e26cb9

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      5ddb6ec47981db7ab4984c5bf2d4c62c

                                      SHA1

                                      5590bf2d92d0190941f0530597ee98775b8fb890

                                      SHA256

                                      1f2577cdc22f8aa79c4549483da929845667076bb8bc84989a18a0c012583a10

                                      SHA512

                                      3f73c6bf38d3e555744bfa0a5b76cac1bca17b19d9f282dedeb490d063bcf7416406b79416edc0aca8f3cd276473c74f588444a9b69c2f1d6da5b48409a83e42

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json
                                      Filesize

                                      3KB

                                      MD5

                                      6bbb18bb210b0af189f5d76a65f7ad80

                                      SHA1

                                      87b804075e78af64293611a637504273fadfe718

                                      SHA256

                                      01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

                                      SHA512

                                      4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\CertificateRevocation\6498.2023.8.1\crl-set
                                      Filesize

                                      21KB

                                      MD5

                                      d246e8dc614619ad838c649e09969503

                                      SHA1

                                      70b7cf937136e17d8cf325b7212f58cba5975b53

                                      SHA256

                                      9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1

                                      SHA512

                                      736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat
                                      Filesize

                                      280B

                                      MD5

                                      f65a8d88b7821bac654734336ea8869b

                                      SHA1

                                      f587e74ae8d97b3ff0d61a616eaaa67006665684

                                      SHA256

                                      8f77b0b32a977c2ccd82aa45cc4328fb19d2a2bb0cc9a108859b94fe0557d71d

                                      SHA512

                                      32178ed7ce524494062f069511446eabd5e73e1c46a644030a4322afc4b91f942d7c42c9536cb3e0f872ba63baa442ccecb6bd9bc93f8c35462c81f86e552e0a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      48B

                                      MD5

                                      30f496e5966dc64f55293c96de8a9088

                                      SHA1

                                      c7b9f0ecfc8311a8baf876f5c1ef3be84ec31a9e

                                      SHA256

                                      4347e3cfc4e160fb3df1c9109e73db95fc35429e47be2aa725a6b0a90bd47d3b

                                      SHA512

                                      7273d6dfec28dc276389145f5ef96cac9ca76e14f6538b7e14839e00d2e2b3b899d787812ba18a041716ec931e1b385c416c33cd62dccb0ed6f100b88c03f969

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      2KB

                                      MD5

                                      ff934d5b3364a972812062f93308ded1

                                      SHA1

                                      1005e0c09a8f372459df03b6e77a9c40ee9f720a

                                      SHA256

                                      430294de94f2d87f9e5dfba65df84df3bc4520784197619f2dec27395527fd08

                                      SHA512

                                      7b548ec052e9f41c616b5d6b19ef3caba6d345c96f2a6837ff322260ffe9ccb821d45fb5cab78dc6c5a25c9769a593a565817d26d1042feb642083914956fbb3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      2KB

                                      MD5

                                      245563c8914a6033e3e537166aa0ce38

                                      SHA1

                                      f0ccf8e5dc49d929b4eb7c4c42283076b088af13

                                      SHA256

                                      2891fe091e479df58d69e923043952c2f8b8bb34d068f1c8d2a59d83a5409d64

                                      SHA512

                                      4e2d96b62c9863e29c4d2b7e56a41e56df0dc1bd5bf0528d07f9ff86ae68bb580079f205a64f2c4d39eb8132f5b4ce9042a5a9fb84f57a306d4962df5da5951f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\wasm\index
                                      Filesize

                                      24B

                                      MD5

                                      54cb446f628b2ea4a5bce5769910512e

                                      SHA1

                                      c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                      SHA256

                                      fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                      SHA512

                                      8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\ExtensionActivityComp
                                      Filesize

                                      4KB

                                      MD5

                                      b4658f0ac4d1a96ff23e9edd0de90b1e

                                      SHA1

                                      752b065125d6fd91e8eba3fcbcb32ae2d1d1c1f9

                                      SHA256

                                      8f6bc4d06d8f3f8424d8856fbcd03034a61cb4170f409973dabfefec21d5ae7f

                                      SHA512

                                      4a35569e6334f50d8c879f4985fdcb43f9e4e0927bb6f133360ae541de1e41cc9024d551b33d2114f97a53a07837e62dca24e2a45b9d7b47b1642a384d6e5bd1

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\95ddec90-8926-4311-a418-948be7bef028.tmp
                                      Filesize

                                      40B

                                      MD5

                                      20d4b8fa017a12a108c87f540836e250

                                      SHA1

                                      1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                      SHA256

                                      6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                      SHA512

                                      507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                      Filesize

                                      61B

                                      MD5

                                      4df4574bfbb7e0b0bc56c2c9b12b6c47

                                      SHA1

                                      81efcbd3e3da8221444a21f45305af6fa4b71907

                                      SHA256

                                      e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

                                      SHA512

                                      78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      c4cc608ee5d965b7e5514cd9e887a9ea

                                      SHA1

                                      56bc9ee65c8337d9f06a7b83be35beb10495b41e

                                      SHA256

                                      bc7865c5159db2f32b0107df060690172e9e4c32082e7d4d81ef4fc4d8299fad

                                      SHA512

                                      0e89bcc6bedfa4e4f0097d8b798bdaaf78527bb307657080587885e77d62422d83b05b9098b33b5189a972e9a41e76d2b968bbdde9848f58d2d88dfd54f81cc7

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                      Filesize

                                      111B

                                      MD5

                                      285252a2f6327d41eab203dc2f402c67

                                      SHA1

                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                      SHA256

                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                      SHA512

                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      58bc73d7b82ffc1c6d394b4ad15d54c1

                                      SHA1

                                      e5f9346dec9ab1cd135c3b6c63eeb85c45635685

                                      SHA256

                                      5e6b687b058f280b5c2784a90d61722f603b19a6e72555c3fabcbc9d650300b0

                                      SHA512

                                      4811860750f793a3160a5a4dbb0513975d0b3c590ba6ccdfff8d13a00519a53709dac922069032ed29670da4cd30ec8e168e29dcdba4f004fe2b6694ed8d1208

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      1467340727cbb820a51acb0f75fd539b

                                      SHA1

                                      46036bcb522f71ab662a71c0620b13b8194c48a8

                                      SHA256

                                      881bedc09aa7f0948a13156a0b010d6992053419af9da305a500f346a86e96f4

                                      SHA512

                                      9cc8a63736b3bc817ea8302db0b35ddbbf76da8b7ccabff426bb91e944e0cbad44c245f144d6b2ce439b4b502a0360bf9325e59870a574713d37650395c8f29e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                      Filesize

                                      1KB

                                      MD5

                                      4d4ff285461d367bd4b540434f2d15a5

                                      SHA1

                                      2f3e61ebcbb09b3b1f591b557666898d1cff7ce3

                                      SHA256

                                      020a72d016ce091b105eda0cf3ea1f46ac0727ec0314e30f5378424057e14af4

                                      SHA512

                                      c4c6278a0158e0cd5665dd7054878181e07bf42d0b582a5e4915241fee2ecd1ec74370d37ceec13fa519ac0a88f53e4d604194fded6a05373be2b266d153e13c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                      Filesize

                                      1KB

                                      MD5

                                      8ece7712474c836adb82ce86ae6e1d79

                                      SHA1

                                      d7da4a458ece9fcdfff7d652c73f7de317074e4c

                                      SHA256

                                      96cedb62ed38ed874c44b3563f2fe1613223607ba7be397824805c56890126e0

                                      SHA512

                                      59058bfe96522f2c8dcfdcb633f4666144b312298b5a3e3a9c65495a86789b7bf0ee2183ccc87c66c67361b389d102ec01731f7646e039b94c757ee88ce3b430

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                      Filesize

                                      1KB

                                      MD5

                                      c108b00f8950d733ecd340397bbe2df9

                                      SHA1

                                      925117c15afb21d560a8d9b4dcd05865c29eb9c3

                                      SHA256

                                      6a137244dd8a923029151f722cc617dda545ae1ed9a48e61a00ec08e6be7d4c7

                                      SHA512

                                      2706f4781ed398c60fd0a5c3bcfb357276d80e9fb12aff133bc1c0d2a03ac6a898ceb4f8be3cda3355a5cd119de434aa63af2aa3e245efe090c7e8faeefde814

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                      Filesize

                                      1KB

                                      MD5

                                      0f35029beafe7347e78574cfed897032

                                      SHA1

                                      d68f323a2dcd546a1d28f35e0dac6e6a4a08a77a

                                      SHA256

                                      cdbec33945765f48c6266368a658a352f2c3c2479af7dfb5affbf8f8befc5bab

                                      SHA512

                                      49e98fb443c755f5f514557ceea81ea70a3f1721ae08c0c7b0e29205a26e370f84118e844dd684b72a8a56a27fd3af1aeb68d3f1913ba83bd9fb1ea2f7000098

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                      Filesize

                                      1KB

                                      MD5

                                      67f2395a01e4819ecfcf2b50d712bbc6

                                      SHA1

                                      ac208e8629483b6661bfbd29719dd1dd7073a1b3

                                      SHA256

                                      bf6f4f60d40b0d343f7824781d28808a8c01f7851d9a80a1481bf78ca1322039

                                      SHA512

                                      465922df6da66db99c29fddfea3f403c7571ec3a34a1a813c810a855dded34d2488fc5e61fd5c8e28d322f0b426908ec75096b53d544801aadff948ad4ba0447

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                      Filesize

                                      1KB

                                      MD5

                                      15a4c852b3fb69058b768eb31e77fb4d

                                      SHA1

                                      24351e85f81689ef0e5df24189796218c939e8f3

                                      SHA256

                                      33afd6c190b72c2f19ec17f1a66c1464b3b0c4e75b27dd1bb697c4a36c39c657

                                      SHA512

                                      7821d00cfff35bc0895481929cdc34354b54e7695a218a74d313cf77bf1d477bc6f290f9af5d90f3a96df9d27be9c89689e9e3b7d8493813d4630d90b3ec3d2d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                      Filesize

                                      1KB

                                      MD5

                                      770d4fa40ead9aadd2e690e327ba0ee5

                                      SHA1

                                      a8f3e1c730d0073101fc82fc3e3f337c5ca7a9b7

                                      SHA256

                                      b29d4ad9565fe96faa552b049fd2664fce4ac4cf77f589937628dc26ec2d9183

                                      SHA512

                                      c5ccfb1e6ccaa1609883db130f3663e7b5f689179c25ea78bcd87c9673d64a1b73f8a77a56dd9a486532f5fe3fa5cf100c70b32e498f3a2664fc9a50c458b4d3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe59db81.TMP
                                      Filesize

                                      1KB

                                      MD5

                                      7034b86c7e7d10f01692b7333bcf408c

                                      SHA1

                                      59ac85516aa2cbd61c6595ac626386a39eabcdc9

                                      SHA256

                                      7a3f351123f8dd75db0c4eb0d9b2e4d97fdc05fa7bb32b3633854b39f83b8f75

                                      SHA512

                                      4f304524ade2c1b4eeaf6a4bd34c1002d4f07505d80ee51e2b6d022eef6eb7dd4696ecf72470a2861c0673a416ee8abcc7d6b6790d7ddfe24dcd0947f6d536ee

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      24b9b877973e4e2d1de537ce501b876b

                                      SHA1

                                      4cdb8a27de14542ad39c55bd94df9f0a799562e5

                                      SHA256

                                      3e67df284d69128743280fa6680adee8eef7805b15412f7cc3fc163fa07cba82

                                      SHA512

                                      e616b1de433a54ee4c59720533981bc1a852fbebf7a7413b6df31ff45d383b5ed353681f75fbac5e0267976b9d60107ec685ae38f3469cf0437cc8e8a45e323c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
                                      Filesize

                                      7KB

                                      MD5

                                      339bf369ff7c14e5af7be6c06419ea20

                                      SHA1

                                      8056237321c91d512b098d42e3a0348e07a188db

                                      SHA256

                                      18344ea9a2e77126194b98dfe67f01272e73ffd1d51398312a98ea4c6a74f72e

                                      SHA512

                                      9c110f0bdccfddc614cd4ec04dfdfeffa55c3a16a802eb37dff2f98acfe57bdb1c25adcdda2f55617ab6f2ad19b4bf1e8b7a14f45a749b073dc2ee465f00e04c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      5cbce75d8ec6195846ca5d37bc7880b8

                                      SHA1

                                      28b23b0e125f5061e002568085dace813bae6d94

                                      SHA256

                                      6720abbfe36675f652052abde6e527181a61349687e85508015192f64c1c16c5

                                      SHA512

                                      951b7a47d0bc05e46d9faac3c92087ba4a9182699a5af475efe7876e0a1967173ff2412b5f39f774f3a6b03a050f64abd039e87ab8bb8609f7127b533aefe342

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      62d59d146e02b400256b126c0fb91948

                                      SHA1

                                      3d64bf81c74a4e303a387b3bcf56855a47bf609d

                                      SHA256

                                      95127872f3fffd2b2d5e45bee20836fea00aae215e1cfb9c6e6b7cef2fdd19ef

                                      SHA512

                                      81d9e332120782490c1db3358c534639d3b39c6826745771d871a9794de7d26dc71f94d5e09b5d034e2f0792f818b63ac028d5caa7d0cb7bf22ec525d7260c4f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Site Characteristics Database\MANIFEST-000001
                                      Filesize

                                      41B

                                      MD5

                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                      SHA1

                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                      SHA256

                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                      SHA512

                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_0
                                      Filesize

                                      8KB

                                      MD5

                                      cf89d16bb9107c631daabf0c0ee58efb

                                      SHA1

                                      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                      SHA256

                                      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                      SHA512

                                      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_1
                                      Filesize

                                      264KB

                                      MD5

                                      d0d388f3865d0523e451d6ba0be34cc4

                                      SHA1

                                      8571c6a52aacc2747c048e3419e5657b74612995

                                      SHA256

                                      902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                                      SHA512

                                      376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_2
                                      Filesize

                                      8KB

                                      MD5

                                      0962291d6d367570bee5454721c17e11

                                      SHA1

                                      59d10a893ef321a706a9255176761366115bedcb

                                      SHA256

                                      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                      SHA512

                                      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\GrShaderCache\data_3
                                      Filesize

                                      8KB

                                      MD5

                                      41876349cb12d6db992f1309f22df3f0

                                      SHA1

                                      5cf26b3420fc0302cd0a71e8d029739b8765be27

                                      SHA256

                                      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                      SHA512

                                      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                      Filesize

                                      2KB

                                      MD5

                                      f972019057e4ba923e4a83ac0d5f91ca

                                      SHA1

                                      a5e24069c27cfe39998ba97df5b901d1c4ff3743

                                      SHA256

                                      85d47143edaf733c55f9a934a53ffe1f26045db30ae8b1e4536962d1034bce5b

                                      SHA512

                                      892266a35d09a75f90d80516585a6c2ea8db21b661b47f4de35fcac28368b84917334cf0fc986eca0535eeb5b1acae911d199a54ee526e9319810222653d2db0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                      Filesize

                                      16KB

                                      MD5

                                      4493df23dce821dd3d833444474ac2ee

                                      SHA1

                                      415bd1dc64fe2d72aef2f93dce5920db236f4230

                                      SHA256

                                      84ab9b977b1418582253c9143d7d866ee16d9795ca64a1c3d110ba94271cf5ac

                                      SHA512

                                      68f8c25c0deff605b0a8be8cb332c03d0428df20c6e3696f965a12db23464ed42c124d9c0992d0318a22b7b49d20725ca39f47631ce3ccc0284162fc32ba361e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                      Filesize

                                      1KB

                                      MD5

                                      1b3201f7a0c73f13973979b7ac9f3f0e

                                      SHA1

                                      87770e09115eb9e55a712add52730a283387de10

                                      SHA256

                                      f4051bdbcf23fd91c0e9997f34329df4e5e352879ac4525fba2648cd950e761a

                                      SHA512

                                      c2e7ebaf294950b2a140715eb4d1c8d98ebb1b511440acbf386a08c02b282d1713cd9a0f6d3b2a46d856c46d68260f7b97984be7ce4be284a6cc16b0b9c863fd

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                      Filesize

                                      3KB

                                      MD5

                                      9ac1d46b132b2d5fd82d44ab814c8a36

                                      SHA1

                                      4ba401330e75af82bc5aabbbc85c23fe3018286b

                                      SHA256

                                      f7565fb87e8b80581ccdeccce85725ecf558fc705634804ec5aaf56e31346f8b

                                      SHA512

                                      b2a5cf6b64988f0a6e4d0056d8bf4b28fa02f1600be57a0015ff1a4112c74549074bcb64ca933ce28b60dfbebd6f025a1815b84c68b5a47bcf4a89a79a42add2

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                      Filesize

                                      18KB

                                      MD5

                                      962e757e2d058b7cd76ca7fb0fb37942

                                      SHA1

                                      5fb1b719c3654fadc2bd51704df9b8aa7e8dd84b

                                      SHA256

                                      95521560635ed2f94cc6353eabfcb3a8a009cde46e01653bcd565a8767513d01

                                      SHA512

                                      7911d55591ac5c4c83978c65f773c497f7a995320f5469a1c77db7d42c0c8027e8c2faf541d91e29a951503f05568be202f025057540300b7d8fd33de84ab1d5

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                      Filesize

                                      17KB

                                      MD5

                                      ac08e5fe4aac5f54efbab082e34c64b2

                                      SHA1

                                      c49283bd1b98cc276815611de71ce9261f5698b2

                                      SHA256

                                      03419173f7cbf42fcb75927c9819e152dc938d65cadf0c04efeb31019c22b8d3

                                      SHA512

                                      e1a9eb84c42eae3c9879bb59e61bcb42f78a2640ae46ac6170680bd0b9e278e2a2bee1fc759e3ea2e501d8e7250ddcf890efe89afe00096968646d4abc482594

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe598747.TMP
                                      Filesize

                                      1KB

                                      MD5

                                      246356c933322559e4206399ceb91035

                                      SHA1

                                      a3b94ce333d28fb337d544e39a4e0ea336018197

                                      SHA256

                                      a2020043b2b9c28923ce45a9b693272cf4677f78add838548db65188d4bd2e07

                                      SHA512

                                      d29982331db3534d7eb19588ab9bcdcf443a1c5ebf441f4b9f465d1de0c8f8f8e9b93187eee440e8d81fee389c1eb35e4cc66c0b26942e9aea2f81d5fa89dce4

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\crs.pb
                                      Filesize

                                      278KB

                                      MD5

                                      981a9155cad975103b6a26acef33a866

                                      SHA1

                                      1965290a94d172c4def1ac7199736c26dccca33e

                                      SHA256

                                      971393390616fbe53c63865274a40a0b4a8e731c529664275bdc764f09a28e2d

                                      SHA512

                                      2d75ce25cb3a78f69f90fbd23f6e5c9f1a6ed92025f83ce0ab3e0320b64130d586fc2cd960f763e1ab2c82d35ef9650ebd7ff2a42a928a293e0e7428cc669119

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\ct_config.pb
                                      Filesize

                                      7KB

                                      MD5

                                      df3d937079b894c891f9b0b741874928

                                      SHA1

                                      ed93fc386807b3a28fcc7988a88ae4741bfe1b15

                                      SHA256

                                      c7cbb0db6e924cbfccf4a6e8223e3fed4d93f5d78a3122c30213b6e38ee195f4

                                      SHA512

                                      5728bdd930283a4906e7e07acd3eadecb813a3154ffb41729738444bf13aab27dceb01e05a27c77bb13cc498c1d5c2d492ac653ddbfe4b14004b1c7a5bc54f1b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\kp_pinslist.pb
                                      Filesize

                                      11KB

                                      MD5

                                      d43d041e531dc757a69a90cb657ef437

                                      SHA1

                                      09138b427565bc276cfd3ba9f59b0c8bad78e91d

                                      SHA256

                                      9431360a5534ad2f8eddde157cce39704b99da035fcb6d2cca11220700b11ccb

                                      SHA512

                                      476a98122059b9cc19492b7ae557c61381842c8c347f85c686e0a493bfd0e8707ce3491b690e7978b3fb7d7d2a4daa2767e4a590398a50562519bf32e8d12ec6

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Subresource Filter\Indexed Rules\36\10.34.0.54\Ruleset Data
                                      Filesize

                                      2.8MB

                                      MD5

                                      16176aa639f8d0bf6c1a823f9d973d8c

                                      SHA1

                                      f1f365a4705a3fcab04bc4aa8f080ed7ae2f372c

                                      SHA256

                                      75da3c6add63a83efb735ae0f1f4e6578607ea33187753b0f65f750a1ab0ab34

                                      SHA512

                                      d8711e8a2d417f1f9b81a13d04951420460d1be2dd0459916a3226f364b65cd77fc0feb4be22412df3da0a2433cd924df7d0684fab04a2c6cf3a6e9715ea9f84

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.54\Filtering Rules
                                      Filesize

                                      1.8MB

                                      MD5

                                      a97ea939d1b6d363d1a41c4ab55b9ecb

                                      SHA1

                                      3669e6477eddf2521e874269769b69b042620332

                                      SHA256

                                      97115a369f33b66a7ffcfb3d67c935c1e7a24fc723bb8380ad01971c447cfa9f

                                      SHA512

                                      399cb37e5790effcd4d62b9b09f706c4fb19eb2ab220f1089698f1e1c6f1efdd2f55d9f4c6d58ddbcc64d7a7cf689ab0dbbfae52ce96d5baa53c43775e018279

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.54\LICENSE
                                      Filesize

                                      24KB

                                      MD5

                                      aad9405766b20014ab3beb08b99536de

                                      SHA1

                                      486a379bdfeecdc99ed3f4617f35ae65babe9d47

                                      SHA256

                                      ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

                                      SHA512

                                      bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\TrustTokenKeyCommitments\2024.9.3.1\keys.json
                                      Filesize

                                      6KB

                                      MD5

                                      5054c41b012752c1a98db9d819268ad6

                                      SHA1

                                      a7d70197bb25621af1c3ab5bbf5250026f849753

                                      SHA256

                                      477b0514c0ee0eb204f05925935f51fd7f794f1123f6775f06cb654de89504a2

                                      SHA512

                                      1791aa67ec5a135c6d0c79a545cfb422ed631502b5c7398f4661824548540553ac610922191583a44c9442f0703c5a9f270fee77d3c62c99162ed5a6ca9b2fb0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                      Filesize

                                      2B

                                      MD5

                                      f3b25701fe362ec84616a93a45ce9998

                                      SHA1

                                      d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                      SHA256

                                      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                      SHA512

                                      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                      Download Submit

                                    • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
                                      Filesize

                                      5.5MB

                                      MD5

                                      24bcceca8b115ff5d0060b2d9def17c6

                                      SHA1

                                      a06ba5c1f6d64c9a95627c4b2291806d2b5cd300

                                      SHA256

                                      c91803f5c89cc6b4c649f1a6dc85901208a0cf83cbe5d44c4e4800cc0e3b8fde

                                      SHA512

                                      d0d5163a972860ae532d8d0f29d97a1a74796b94aec00d112e30efabc1139b1bb97c892afe7f3a69ef1323aa387a71ae006749e91f374ee93b465586ed6a913d

                                      Download Submit

                                    • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe:Zone.Identifier
                                      Filesize

                                      26B

                                      MD5

                                      fbccf14d504b7b2dbcb5a5bda75bd93b

                                      SHA1

                                      d59fc84cdd5217c6cf74785703655f78da6b582b

                                      SHA256

                                      eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                      SHA512

                                      aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                      Download Submit

                                    • C:\Users\Admin\Videos\Captures\desktop.ini
                                      Filesize

                                      190B

                                      MD5

                                      b0d27eaec71f1cd73b015f5ceeb15f9d

                                      SHA1

                                      62264f8b5c2f5034a1e4143df6e8c787165fbc2f

                                      SHA256

                                      86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

                                      SHA512

                                      7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

                                      Download Submit

                                    • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
                                      Filesize

                                      280B

                                      MD5

                                      363ac25fc0c37be3d732c4e21991a0dd

                                      SHA1

                                      8c3bc07634b38c63c576e96ebe2eebf3b993aed5

                                      SHA256

                                      ee30636c2ff209bf3d5871dce5b1bffa4e505d45c4bf3d342051d8813d0b538a

                                      SHA512

                                      efa9275bcb74ff4908365247aeeff259f974b12b07a855e33e551321a1e0389a46b738f88b1467f56c847beda1242e43e9b4243925d059f1cd74c39097abf02e

                                      Download Submit

                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1348_1440875756\manifest.json
                                      Filesize

                                      113B

                                      MD5

                                      b6911958067e8d96526537faed1bb9ef

                                      SHA1

                                      a47b5be4fe5bc13948f891d8f92917e3a11ebb6e

                                      SHA256

                                      341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648

                                      SHA512

                                      62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

                                      Download Submit

                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1348_1541184346\manifest.json
                                      Filesize

                                      116B

                                      MD5

                                      1b8cb66d14eda680a0916ab039676df7

                                      SHA1

                                      128affd74315d1efd26563efbfbaca2ac1c18143

                                      SHA256

                                      348c0228163b6c9137b2d3f77f9d302bb790241e1216e44d0f8a1cd46d44863c

                                      SHA512

                                      ab2250a93b8ec1110bcb7f45009d5715c5a3a39459d6deead2fbc7d1477e03e2383c37741772e4a6f8c6133f8a79fbabc5759ff9f44585af6659f9bb46fbe5d6

                                      Download Submit

                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1348_1659935363\manifest.json
                                      Filesize

                                      134B

                                      MD5

                                      58d3ca1189df439d0538a75912496bcf

                                      SHA1

                                      99af5b6a006a6929cc08744d1b54e3623fec2f36

                                      SHA256

                                      a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

                                      SHA512

                                      afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

                                      Download Submit

                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1348_211885127\manifest.fingerprint
                                      Filesize

                                      66B

                                      MD5

                                      7ce55ac0d7683657fd051e573ad06e30

                                      SHA1

                                      3bc51fbc6155c4e9d1439587e1c739995054cc52

                                      SHA256

                                      138e2b36e4c8bec8b00180558843355037d7de99c389f46e6183c4fc5a34c790

                                      SHA512

                                      f269c5c2ee53ed836bfd1b928b40e1ddb2aaea00e5585c85fecfcb1add71130d4ecfe91d2f2527934ac472c8b432d3475ca02b8f808e7e6014cd49155529d9a2

                                      Download Submit

                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1348_211885127\manifest.json
                                      Filesize

                                      43B

                                      MD5

                                      55cf847309615667a4165f3796268958

                                      SHA1

                                      097d7d123cb0658c6de187e42c653ad7d5bbf527

                                      SHA256

                                      54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877

                                      SHA512

                                      53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

                                      Download Submit

                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1348_591272590\manifest.json
                                      Filesize

                                      102B

                                      MD5

                                      8062e1b9705b274fd46fcd2dd53efc81

                                      SHA1

                                      61912082d21780e22403555a43408c9a6cafc59a

                                      SHA256

                                      2f0e67d8b541936adc77ac9766c15a98e9b5de67477905b38624765e447fcd35

                                      SHA512

                                      98609cf9b126c7c2ad29a6ec92f617659d35251d5f6e226fff78fd9f660f7984e4c188e890495ab05ae6cf3fbe9bf712c81d814fbd94d9f62cf4ff13bbd9521a

                                      Download Submit

                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1348_702794302\manifest.json
                                      Filesize

                                      76B

                                      MD5

                                      ba25fcf816a017558d3434583e9746b8

                                      SHA1

                                      be05c87f7adf6b21273a4e94b3592618b6a4a624

                                      SHA256

                                      0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

                                      SHA512

                                      3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

                                      Download Submit

                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1348_758693204\manifest.json
                                      Filesize

                                      78B

                                      MD5

                                      9593491f9d9bb497a1d104f3214409c3

                                      SHA1

                                      699d68751b46d66d3036ae934fce022cd1687e66

                                      SHA256

                                      bfe0104fb221b896897700b442cef991edd0197dc5fb258c966aada66a309ea7

                                      SHA512

                                      1ffe9a0f36afcd141c9832b893eeaba230ca31b716824d5107e36b5d672d3d03489d42c9fdf5935261027daa6440803498dd8b1dffc005d7b9493af99cd5cd60

                                      Download Submit

                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1348_87253418\hyph-as.hyb
                                      Filesize

                                      703B

                                      MD5

                                      8961fdd3db036dd43002659a4e4a7365

                                      SHA1

                                      7b2fa321d50d5417e6c8d48145e86d15b7ff8321

                                      SHA256

                                      c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

                                      SHA512

                                      531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

                                      Download Submit

                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1348_87253418\hyph-hi.hyb
                                      Filesize

                                      687B

                                      MD5

                                      0807cf29fc4c5d7d87c1689eb2e0baaa

                                      SHA1

                                      d0914fb069469d47a36d339ca70164253fccf022

                                      SHA256

                                      f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

                                      SHA512

                                      5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

                                      Download Submit

                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1348_87253418\hyph-nb.hyb
                                      Filesize

                                      141KB

                                      MD5

                                      677edd1a17d50f0bd11783f58725d0e7

                                      SHA1

                                      98fedc5862c78f3b03daed1ff9efbe5e31c205ee

                                      SHA256

                                      c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

                                      SHA512

                                      c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

                                      Download Submit

                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1348_87253418\manifest.json
                                      Filesize

                                      179B

                                      MD5

                                      273755bb7d5cc315c91f47cab6d88db9

                                      SHA1

                                      c933c95cc07b91294c65016d76b5fa0fa25b323b

                                      SHA256

                                      0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902

                                      SHA512

                                      0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

                                      Download Submit

                                    • memory/228-574-0x00007FFA3B8C0000-0x00007FFA3BE0C000-memory.dmp

                                      Filesize

                                      5.3MB

                                      Download

                                    • memory/228-575-0x00007FFA3A410000-0x00007FFA3A812000-memory.dmp

                                      Filesize

                                      4.0MB

                                      Download

                                    • memory/228-577-0x00007FFA3A410000-0x00007FFA3A812000-memory.dmp

                                      Filesize

                                      4.0MB

                                      Download

                                    • memory/228-576-0x00007FF7E1990000-0x00007FF7E2990000-memory.dmp

                                      Filesize

                                      16.0MB

                                      Download

                                    • memory/1204-547-0x00000000731F0000-0x0000000073400000-memory.dmp

                                      Filesize

                                      2.1MB

                                      Download

                                    • memory/1204-483-0x0000000000E70000-0x0000000000EA5000-memory.dmp

                                      Filesize

                                      212KB

                                      Download

                                    • memory/1204-484-0x00000000731F0000-0x0000000073400000-memory.dmp

                                      Filesize

                                      2.1MB

                                      Download

                                    • memory/1204-569-0x0000000000E70000-0x0000000000EA5000-memory.dmp

                                      Filesize

                                      212KB

                                      Download

                                    • memory/2292-642-0x00007FFA5E190000-0x00007FFA5E191000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/2292-1294-0x00000244BEE10000-0x00000244BF188000-memory.dmp

                                      Filesize

                                      3.5MB

                                      Download

                                    • memory/2400-1324-0x0000020FDBD60000-0x0000020FDC0D8000-memory.dmp

                                      Filesize

                                      3.5MB

                                      Download

                                    • memory/4696-719-0x00007FFA5E190000-0x00007FFA5E191000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/4696-882-0x000002102F130000-0x000002102F4A8000-memory.dmp

                                      Filesize

                                      3.5MB

                                      Download

                                    • memory/5840-931-0x000001E114F10000-0x000001E115288000-memory.dmp

                                      Filesize

                                      3.5MB

                                      Download

                                    • memory/5932-1549-0x00000268E7F60000-0x00000268E7F61000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5932-1548-0x00000268E7F60000-0x00000268E7F61000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5932-1553-0x00000268E7F60000-0x00000268E7F61000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5932-1555-0x00000268E7F60000-0x00000268E7F61000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5932-1547-0x00000268E7F60000-0x00000268E7F61000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5932-1558-0x00000268E7F60000-0x00000268E7F61000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5932-1556-0x00000268E7F60000-0x00000268E7F61000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5932-1559-0x00000268E7F60000-0x00000268E7F61000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5932-1557-0x00000268E7F60000-0x00000268E7F61000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5932-1554-0x00000268E7F60000-0x00000268E7F61000-memory.dmp

                                      Filesize

                                      4KB

                                      Download