Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://create.roblo...

windows11-21h2-x64

8

Analysis

  • max time kernel
    2699s
  • max time network
    2695s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04/09/2024, 17:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://create.roblox.com/landing

Score
8/10
adwaredefense_evasiondiscoveryevasionpersistenceprivilege_escalationstealertrojan

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 61 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Network Service Discovery 1 TTPs 1 IoCs

    Attempt to gather information on host's network.

    discovery
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Checks system information in the registry 2 TTPs 26 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Enumerates system info in registry 2 TTPs 12 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 5 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://create.roblox.com/landing
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3752
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc66253cb8,0x7ffc66253cc8,0x7ffc66253cd8
      2⤵
        PID:3316
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
        2⤵
          PID:772
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2264
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
          2⤵
            PID:644
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
            2⤵
              PID:412
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3328 /prefetch:8
              2⤵
                PID:4664
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1808
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4672
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                2⤵
                  PID:1628
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
                  2⤵
                    PID:3208
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
                    2⤵
                      PID:4804
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
                      2⤵
                        PID:3488
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
                        2⤵
                          PID:1632
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
                          2⤵
                            PID:776
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
                            2⤵
                              PID:3500
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6080 /prefetch:8
                              2⤵
                                PID:2516
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:8
                                2⤵
                                • Subvert Trust Controls: Mark-of-the-Web Bypass
                                • NTFS ADS
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1300
                              • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
                                "C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
                                2⤵
                                • Executes dropped EXE
                                • Checks whether UAC is enabled
                                • Drops file in Program Files directory
                                • System Location Discovery: System Language Discovery
                                • Enumerates system info in registry
                                • Modifies Internet Explorer settings
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1260
                                • C:\Program Files (x86)\Roblox\Versions\version-a8766ccdec1d49d3\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                  MicrosoftEdgeWebview2Setup.exe /silent /install
                                  3⤵
                                  • Executes dropped EXE
                                  • Drops file in Program Files directory
                                  • System Location Discovery: System Language Discovery
                                  PID:4808
                                  • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\MicrosoftEdgeUpdate.exe
                                    "C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                    4⤵
                                    • Event Triggered Execution: Image File Execution Options Injection
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Checks system information in the registry
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:4248
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      • Modifies registry class
                                      PID:3052
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      • Modifies registry class
                                      PID:1556
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                        6⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Modifies registry class
                                        PID:476
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                        6⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Modifies registry class
                                        PID:2356
                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                        6⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Modifies registry class
                                        PID:3200
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzIxMUNDQUItRTI4OS00NjJCLUIxMzEtNzk2Rjk4QUUwNjI4fSIgdXNlcmlkPSJ7RTJGODI3RUItRDUzNS00OTZBLTlGMkMtNDlGNDgzMzIwRDU1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGNkQxQzY1Mi1CQTMwLTRBRjYtQjU0Qi1GMDdDRjVEMjU5Nzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU5MTM1NjQ1MjUiIGluc3RhbGxfdGltZV9tcz0iNTA2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Checks system information in the registry
                                      • System Location Discovery: System Language Discovery
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      PID:1792
                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{3211CCAB-E289-462B-B131-796F98AE0628}" /silent
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • System Location Discovery: System Language Discovery
                                      PID:2020
                                • C:\Program Files (x86)\Roblox\Versions\version-a8766ccdec1d49d3\RobloxStudioBeta.exe
                                  "C:\Program Files (x86)\Roblox\Versions\version-a8766ccdec1d49d3\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
                                  3⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Checks whether UAC is enabled
                                  • Enumerates system info in registry
                                  • Suspicious behavior: AddClipboardFormatListener
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious behavior: GetForegroundWindowSpam
                                  • Suspicious use of SetWindowsHookEx
                                  PID:3232
                                  • C:\Program Files (x86)\Roblox\Versions\version-a8766ccdec1d49d3\RobloxCrashHandler.exe
                                    "C:\Program Files (x86)\Roblox\Versions\version-a8766ccdec1d49d3\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.640.1.6400735_20240904T175850Z_Studio_AABF8_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.640.1.6400735_20240904T175850Z_Studio_AABF8_last.log --attachment=attachment_log_0.640.1.6400735_20240904T175850Z_Studio_AABF8_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.640.1.6400735_20240904T175850Z_Studio_AABF8_csg3.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.640.1.6400735 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=57f2af3bb86950918cc29b5bb59305ca86818ed9 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.640.1.6400735 --annotation=UniqueId=6133354737815618359 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.640.1.6400735 --annotation=host_arch=x86_64 --initial-client-data=0x5d4,0x5d8,0x5dc,0x538,0x5c8,0x7ff60ecbe2c0,0x7ff60ecbe2d8,0x7ff60ecbe2f0
                                    4⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    PID:1952
                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3232.2880.4902369279393095503
                                    4⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Checks system information in the registry
                                    • Drops file in Windows directory
                                    • Enumerates system info in registry
                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                    • System policy modification
                                    PID:2076
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.120 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=128.0.2739.63 --initial-client-data=0x17c,0x180,0x184,0x15c,0x1bc,0x7ffc4d619fd8,0x7ffc4d619fe4,0x7ffc4d619ff0
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:3500
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1760,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1676 /prefetch:2
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:1468
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1948,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=1988 /prefetch:11
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:5036
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2284,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:13
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:472
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3736,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3800 /prefetch:1
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:996
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4196,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4092 /prefetch:1
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:3688
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3832,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:1
                                      5⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:1616
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4524,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:5504
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4876,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:5684
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5004,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:5812
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4960,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4896 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:4292
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4904,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:2372
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4992,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:10
                                      5⤵
                                      • Executes dropped EXE
                                      PID:5748
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4704,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:4120
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4544,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:5904
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.63\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 640, 1, 6400735" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4568,i,8761248182029498321,2805766022118586968,262144 --enable-features=MojoIpcz --variations-seed-version --mojo-platform-channel-handle=2624 /prefetch:14
                                      5⤵
                                      • Executes dropped EXE
                                      PID:6016
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
                                2⤵
                                  PID:2028
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
                                  2⤵
                                    PID:2996
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7076 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:656
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6584 /prefetch:8
                                    2⤵
                                      PID:4152
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6572 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:1148
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6316 /prefetch:2
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:2440
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,1471257371830656994,2228854583409981673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
                                      2⤵
                                        PID:4596
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:1864
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:1400
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:644
                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                            1⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            • Checks system information in the registry
                                            • System Location Discovery: System Language Discovery
                                            • Modifies data under HKEY_USERS
                                            PID:4744
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzIxMUNDQUItRTI4OS00NjJCLUIxMzEtNzk2Rjk4QUUwNjI4fSIgdXNlcmlkPSJ7RTJGODI3RUItRDUzNS00OTZBLTlGMkMtNDlGNDgzMzIwRDU1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1NkRFRDhBMy02MDAwLTQxQTEtQTA4OS05QjE2RUQ5RjIyMzl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU5MTgwODQ3MjkiLz48L2FwcD48L3JlcXVlc3Q-
                                              2⤵
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Checks system information in the registry
                                              • System Location Discovery: System Language Discovery
                                              • System Network Configuration Discovery: Internet Connection Discovery
                                              PID:4724
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E3773F89-64BA-45E5-8CD1-ACB0EB7EEA71}\MicrosoftEdge_X64_128.0.2739.63.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E3773F89-64BA-45E5-8CD1-ACB0EB7EEA71}\MicrosoftEdge_X64_128.0.2739.63.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                              2⤵
                                              • Executes dropped EXE
                                              PID:2972
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E3773F89-64BA-45E5-8CD1-ACB0EB7EEA71}\EDGEMITMP_72FAC.tmp\setup.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E3773F89-64BA-45E5-8CD1-ACB0EB7EEA71}\EDGEMITMP_72FAC.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E3773F89-64BA-45E5-8CD1-ACB0EB7EEA71}\MicrosoftEdge_X64_128.0.2739.63.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                3⤵
                                                • Executes dropped EXE
                                                • Drops file in Windows directory
                                                PID:2312
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E3773F89-64BA-45E5-8CD1-ACB0EB7EEA71}\EDGEMITMP_72FAC.tmp\setup.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E3773F89-64BA-45E5-8CD1-ACB0EB7EEA71}\EDGEMITMP_72FAC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.120 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E3773F89-64BA-45E5-8CD1-ACB0EB7EEA71}\EDGEMITMP_72FAC.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.63 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6231006d8,0x7ff6231006e4,0x7ff6231006f0
                                                  4⤵
                                                  • Executes dropped EXE
                                                  • Drops file in Windows directory
                                                  PID:4900
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzIxMUNDQUItRTI4OS00NjJCLUIxMzEtNzk2Rjk4QUUwNjI4fSIgdXNlcmlkPSJ7RTJGODI3RUItRDUzNS00OTZBLTlGMkMtNDlGNDgzMzIwRDU1fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGN0NDODQ3My04MTZBLTQxQTgtODk0Qy02MDMyRTA1QkQwMEN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjguMC4yNzM5LjYzIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1OTMyMjk0NjYyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTkzMjQxNDUzOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY3OTI1MjYxMTQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzg1YWYyOWQ5LTQzNjgtNDQyYi1hNmY5LTZmOTJmZTIxNDg1Mj9QMT0xNzI2MDc3Mzk4JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUxRdXZ1dG5haXFOMGsxc3JCQ2lYM1NLZndCZ3BUaW1ZSkdoSDQlMmIlMmZNSTV5ZGdBaXZwZ2pHZ2JEWmlGYzJvdUpDZU43bTN5b2pBNG5pZE1JejFvVzRmQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3Mzg1NDc3NiIgdG90YWw9IjE3Mzg1NDc3NiIgZG93bmxvYWRfdGltZV9tcz0iNzk5NDkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NzkyNjI2MDA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjgwNjQyNjA4OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzI0MjU2NjAzMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjkyNiIgZG93bmxvYWRfdGltZV9tcz0iODYwMTYiIGRvd25sb2FkZWQ9IjE3Mzg1NDc3NiIgdG90YWw9IjE3Mzg1NDc3NiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDM2MTIiLz48L2FwcD48L3JlcXVlc3Q-
                                              2⤵
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Checks system information in the registry
                                              • System Location Discovery: System Language Discovery
                                              • System Network Configuration Discovery: Internet Connection Discovery
                                              PID:1864
                                          • C:\Windows\System32\rundll32.exe
                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                            1⤵
                                              PID:4920
                                            • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
                                              "C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
                                              1⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Enumerates system info in registry
                                              PID:3228
                                            • C:\Windows\System32\GameBarPresenceWriter.exe
                                              "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
                                              1⤵
                                              • Network Service Discovery
                                              PID:3748
                                            • C:\Windows\system32\OpenWith.exe
                                              C:\Windows\system32\OpenWith.exe -Embedding
                                              1⤵
                                              • Suspicious use of SetWindowsHookEx
                                              PID:1564
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                              1⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:2728
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                              1⤵
                                              • Executes dropped EXE
                                              • Checks system information in the registry
                                              • System Location Discovery: System Language Discovery
                                              • Modifies data under HKEY_USERS
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:5136
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EAB291D3-C1BE-4841-9816-057FB989F653}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EAB291D3-C1BE-4841-9816-057FB989F653}\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe" /update /sessionid "{6FF3A7A2-E9AE-47C9-B313-71443F1A7549}"
                                                2⤵
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                PID:2016
                                                • C:\Program Files (x86)\Microsoft\Temp\EUC467.tmp\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\Temp\EUC467.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{6FF3A7A2-E9AE-47C9-B313-71443F1A7549}"
                                                  3⤵
                                                  • Event Triggered Execution: Image File Execution Options Injection
                                                  • Executes dropped EXE
                                                  • Checks system information in the registry
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:5544
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • System Location Discovery: System Language Discovery
                                                    • Modifies registry class
                                                    PID:5552
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • System Location Discovery: System Language Discovery
                                                    • Modifies registry class
                                                    PID:5588
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Modifies registry class
                                                      PID:5624
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Modifies registry class
                                                      PID:5656
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Modifies registry class
                                                      PID:4304
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkZGM0E3QTItRTlBRS00N0M5LUIzMTMtNzE0NDNGMUE3NTQ5fSIgdXNlcmlkPSJ7RTJGODI3RUItRDUzNS00OTZBLTlGMkMtNDlGNDgzMzIwRDU1fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7MEUxMTk2REQtNDM2OC00NDZELTlERTAtMjMyNDUwMjcwMDEzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjU0NzI1OTUiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkzNTQyMTYwMDQiLz48L2FwcD48L3JlcXVlc3Q-
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Checks system information in the registry
                                                    • System Location Discovery: System Language Discovery
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:2756
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NkZGM0E3QTItRTlBRS00N0M5LUIzMTMtNzE0NDNGMUE3NTQ5fSIgdXNlcmlkPSJ7RTJGODI3RUItRDUzNS00OTZBLTlGMkMtNDlGNDgzMzIwRDU1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InszNTk5MzYyOC03OUNELTRDNzQtODgxNC1BOTk3NUU5RTkyQTR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkzMjc4NjU4OTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTMyNzkxNTkxOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTMzNTQ4NTkyNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyM2ZhN2Y3LTQ0NDUtNDEzNy04MmVjLTcxNTI4OTQ5MTgyYT9QMT0xNzI2MDc3NzM3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUpUODVHVlpmVGpnMW5kTFZXS1BmWDclMmZJc2Z5JTJmZUJLQUFEZUUweEw5STVmVmZ5SFBWYjdGRjFmZk1VME9NeGxqdFRTYndTWHNORlc3dSUyZkhWTVkzdnZ3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjEwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkzMzU1NjU5NTYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzMyM2ZhN2Y3LTQ0NDUtNDEzNy04MmVjLTcxNTI4OTQ5MTgyYT9QMT0xNzI2MDc3NzM3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUpUODVHVlpmVGpnMW5kTFZXS1BmWDclMmZJc2Z5JTJmZUJLQUFEZUUweEw5STVmVmZ5SFBWYjdGRjFmZk1VME9NeGxqdFRTYndTWHNORlc3dSUyZkhWTVkzdnZ3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTY0NTExMiIgdG90YWw9IjE2NDUxMTIiIGRvd25sb2FkX3RpbWVfbXM9IjYxOSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MzM1NTc1OTY5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkzNDA3NDYxMzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzY5OTQ2MDc0NjYzMzI3MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI4LjAuMjczOS42MyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiB1cGRhdGVfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzY5OTQ2MzM1MjU0NTYzMCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7MTQyNEJFNzItNkU1Ri00QTMwLUJGRkYtOUJFRUZBNUY1RjU4fSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                2⤵
                                                • Executes dropped EXE
                                                • Checks system information in the registry
                                                • System Location Discovery: System Language Discovery
                                                • System Network Configuration Discovery: Internet Connection Discovery
                                                PID:5272
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                              1⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:4232
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                              1⤵
                                              • Executes dropped EXE
                                              • Checks system information in the registry
                                              • System Location Discovery: System Language Discovery
                                              • Modifies data under HKEY_USERS
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:4092
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MENEOTRDMkMtODM4RC00MTdFLThBNjctQzExMkFDRkY3Qzc5fSIgdXNlcmlkPSJ7RTJGODI3RUItRDUzNS00OTZBLTlGMkMtNDlGNDgzMzIwRDU1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7ODYyNEFFMjUtM0YzNC00RDU4LTkwQUEtMDg1RUY3QzM5ODFBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7SjdWaVpqYk55eDFHVnJIVytSZC9QZ1Zpem5GK3RxeGlVdFdYb0Z0SWhmVT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjMzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjI2MTIxNjEiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM2NzA4NDg5MjkxMTIzOTUiIGZpcnN0X2ZyZV9zZWVuX3RpbWU9IjEzMzY5OTQ2MTc1ODgwMDY0MSI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIzMTExODkiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyNzA3MDY1OTY5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                2⤵
                                                • Executes dropped EXE
                                                • Checks system information in the registry
                                                • System Location Discovery: System Language Discovery
                                                • System Network Configuration Discovery: Internet Connection Discovery
                                                PID:2136
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D3071CA0-DA3C-4782-9D68-E2A744BFE66E}\MicrosoftEdge_X64_128.0.2739.54.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D3071CA0-DA3C-4782-9D68-E2A744BFE66E}\MicrosoftEdge_X64_128.0.2739.54.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                2⤵
                                                • Executes dropped EXE
                                                PID:428
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D3071CA0-DA3C-4782-9D68-E2A744BFE66E}\EDGEMITMP_9D827.tmp\setup.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D3071CA0-DA3C-4782-9D68-E2A744BFE66E}\EDGEMITMP_9D827.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D3071CA0-DA3C-4782-9D68-E2A744BFE66E}\MicrosoftEdge_X64_128.0.2739.54.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                  3⤵
                                                  • Boot or Logon Autostart Execution: Active Setup
                                                  • Executes dropped EXE
                                                  • Installs/modifies Browser Helper Object
                                                  • Drops file in Program Files directory
                                                  • Drops file in Windows directory
                                                  • Modifies Internet Explorer settings
                                                  • Modifies registry class
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • System policy modification
                                                  PID:3380
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D3071CA0-DA3C-4782-9D68-E2A744BFE66E}\EDGEMITMP_9D827.tmp\setup.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D3071CA0-DA3C-4782-9D68-E2A744BFE66E}\EDGEMITMP_9D827.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D3071CA0-DA3C-4782-9D68-E2A744BFE66E}\EDGEMITMP_9D827.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.54 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7d03506d8,0x7ff7d03506e4,0x7ff7d03506f0
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in Windows directory
                                                    PID:2284
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D3071CA0-DA3C-4782-9D68-E2A744BFE66E}\EDGEMITMP_9D827.tmp\setup.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D3071CA0-DA3C-4782-9D68-E2A744BFE66E}\EDGEMITMP_9D827.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in System32 directory
                                                    • Drops file in Windows directory
                                                    • Modifies data under HKEY_USERS
                                                    PID:2012
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D3071CA0-DA3C-4782-9D68-E2A744BFE66E}\EDGEMITMP_9D827.tmp\setup.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D3071CA0-DA3C-4782-9D68-E2A744BFE66E}\EDGEMITMP_9D827.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D3071CA0-DA3C-4782-9D68-E2A744BFE66E}\EDGEMITMP_9D827.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.54 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7d03506d8,0x7ff7d03506e4,0x7ff7d03506f0
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Windows directory
                                                      PID:5744
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in Windows directory
                                                    PID:5908
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.54 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7fade06d8,0x7ff7fade06e4,0x7ff7fade06f0
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Windows directory
                                                      PID:6020
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
                                                    4⤵
                                                    • Executes dropped EXE
                                                    • Drops file in Windows directory
                                                    PID:5828
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=128.0.6613.114 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\128.0.2739.54\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=128.0.2739.54 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7fade06d8,0x7ff7fade06e4,0x7ff7fade06f0
                                                      5⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Windows directory
                                                      PID:5308
                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MENEOTRDMkMtODM4RC00MTdFLThBNjctQzExMkFDRkY3Qzc5fSIgdXNlcmlkPSJ7RTJGODI3RUItRDUzNS00OTZBLTlGMkMtNDlGNDgzMzIwRDU1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins3ODU1Njc4RS02NTM0LTQ4MTMtQTUyQy03NTgyM0Y0OTVCODd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjE1IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC40NCI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjQ1NiIgcGluZ19mcmVzaG5lc3M9IntFRTg1NUE0RC1CRTY3LTRDMzktQUUxOS04NDE2NTY3MDA0Q0V9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iMTI4LjAuMjczOS41NCIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpc19waW5uZWRfc3lzdGVtPSJ0cnVlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNjk5NDYwNzQ2NjMzMjcwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjcxNzc3NTg2NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjcxNzg5NjA0MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTczMTE2NzYyMTQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy82ZTIxZGYwOS1kOTA5LTQ1NzUtOGUyNC1kOTQ1OTA5ZTU4ZGY_UDE9MTcyNjA3ODA3NyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1MQ21ieFFPQjhZJTJmV2RNZ3FhMDdsQ00yMUE2QnFqeGZRWlhQeWlCbkZpSzhaWnBTejJGbHV5Q0lwWnFpZWgzSyUyZndkVFZVaXpMaXlLWENHenp5NXNObVElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzMxMTY5NjAzNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNmUyMWRmMDktZDkwOS00NTc1LThlMjQtZDk0NTkwOWU1OGRmP1AxPTE3MjYwNzgwNzcmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9TENtYnhRT0I4WSUyZldkTWdxYTA3bENNMjFBNkJxanhmUVpYUHlpQm5GaUs4WlpwU3oyRmx1eUNJcFpxaWVoM0slMmZ3ZFRWVWl6TGl5S1hDR3p6eTVzTm1RJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczNzkyODY0IiB0b3RhbD0iMTczNzkyODY0IiBkb3dubG9hZF90aW1lX21zPSI0NTMxNzQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTczMTE4MjU4OTciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTczMjYyNDYwMjYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3NzY4Mjg1OTEwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNDcxIiBkb3dubG9hZF90aW1lX21zPSI0NTkzNzYiIGRvd25sb2FkZWQ9IjE3Mzc5Mjg2NCIgdG90YWw9IjE3Mzc5Mjg2NCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDQxOTgiLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2NDU2IiBwaW5nX2ZyZXNobmVzcz0iezkxMzRBRjdBLTZFMkUtNDUxNS1CNTA2LTdCMjI5OEUzQjE0QX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI4LjAuMjczOS42MyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBjb2hvcnQ9InJyZkAwLjYyIiB1cGRhdGVfY291bnQ9IjEiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2OTk0NjMzNTI1NDU2MzAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIwIiByZD0iNjQ1NiIgcGluZ19mcmVzaG5lc3M9Ins3RDRCNTMxRS02MkQ2LTQ3ODQtQjRFRC00MzY5ODNBQkNBRjh9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                2⤵
                                                • Executes dropped EXE
                                                • Checks system information in the registry
                                                • System Location Discovery: System Language Discovery
                                                • System Network Configuration Discovery: Internet Connection Discovery
                                                PID:1148
                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c
                                              1⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:1432

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Reconnaissance

                                            Resource Development

                                            Initial Access

                                            Execution

                                            Persistence

                                            Boot or Logon Autostart Execution

                                            1
                                            T1547

                                            Active Setup

                                            1
                                            T1547.014

                                            Browser Extensions

                                            1
                                            T1176

                                            Event Triggered Execution

                                            2
                                            T1546

                                            Component Object Model Hijacking

                                            1
                                            T1546.015

                                            Image File Execution Options Injection

                                            1
                                            T1546.012

                                            Privilege Escalation

                                            Boot or Logon Autostart Execution

                                            1
                                            T1547

                                            Active Setup

                                            1
                                            T1547.014

                                            Event Triggered Execution

                                            2
                                            T1546

                                            Component Object Model Hijacking

                                            1
                                            T1546.015

                                            Image File Execution Options Injection

                                            1
                                            T1546.012

                                            Defense Evasion

                                            Modify Registry

                                            4
                                            T1112

                                            Subvert Trust Controls

                                            1
                                            T1553

                                            SIP and Trust Provider Hijacking

                                            1
                                            T1553.003

                                            Credential Access

                                            Discovery

                                            Browser Information Discovery

                                            1
                                            T1217

                                            Network Service Discovery

                                            1
                                            T1046

                                            Network Share Discovery

                                            1
                                            T1135

                                            Query Registry

                                            4
                                            T1012

                                            System Information Discovery

                                            4
                                            T1082

                                            System Location Discovery

                                            1
                                            T1614

                                            System Language Discovery

                                            1
                                            T1614.001

                                            System Network Configuration Discovery

                                            1
                                            T1016

                                            Internet Connection Discovery

                                            1
                                            T1016.001

                                            Lateral Movement

                                            Collection

                                            Command and Control

                                            Exfiltration

                                            Impact

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.54\Installer\setup.exe
                                              Filesize

                                              6.6MB

                                              MD5

                                              179438f9d59850f9810b884efaae32f6

                                              SHA1

                                              63d91c28509aca46120cebaf93903320943c9b16

                                              SHA256

                                              b03811daebe54e9832cd00a574b3ffc52119f7275d8f56c322c199215c5a0b7f

                                              SHA512

                                              822ef4662274de1d8f8e0eefa98878889a7747223d769584ddb898a5a8d4b75602a01719e9729490ef5dc0a7fef5f789d0d76afa1a3002fac60aebd59ec29f20

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\EdgeCore\128.0.2739.63\Installer\setup.exe
                                              Filesize

                                              6.6MB

                                              MD5

                                              0306115e5983a950a7c1df77dac6ebad

                                              SHA1

                                              7fa1850fe1c9683eead8cc201bfeb6e8c5f2898c

                                              SHA256

                                              3f20b4d5ccc612ace1a94fbdd43414feb1bf4c52f04b30891042d0611277b0de

                                              SHA512

                                              54d1d00fd6979076f30c209cb814efcd0f1d24ea22f9765767c4f39cbec8b9c75405f9c80a27e035e82adfbb2d54afd43dd15349c16b77442ca1efad454dc2ec

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.15\MicrosoftEdgeUpdateSetup_X86_1.3.195.15.exe
                                              Filesize

                                              1.6MB

                                              MD5

                                              90decc230b529e4fd7e5fa709e575e76

                                              SHA1

                                              aa48b58cf2293dad5854431448385e583b53652c

                                              SHA256

                                              91f0deec7d7319e57477b74a7a5f4d17c15eb2924b53e05a5998d67ecc8201f2

                                              SHA512

                                              15c0c5ef077d5aca08c067afbc8865ad267abd7b82049655276724bce7f09c16f52d13d69d1449888d8075e13125ff8f880a0d92adc9b65a5171740a7c72df03

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\EdgeUpdate.dat
                                              Filesize

                                              12KB

                                              MD5

                                              369bbc37cff290adb8963dc5e518b9b8

                                              SHA1

                                              de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                              SHA256

                                              3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                              SHA512

                                              4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                              Filesize

                                              179KB

                                              MD5

                                              7a160c6016922713345454265807f08d

                                              SHA1

                                              e36ee184edd449252eb2dfd3016d5b0d2edad3c6

                                              SHA256

                                              35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

                                              SHA512

                                              c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\MicrosoftEdgeUpdate.exe
                                              Filesize

                                              201KB

                                              MD5

                                              4dc57ab56e37cd05e81f0d8aaafc5179

                                              SHA1

                                              494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                              SHA256

                                              87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                              SHA512

                                              320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                              Filesize

                                              212KB

                                              MD5

                                              60dba9b06b56e58f5aea1a4149c743d2

                                              SHA1

                                              a7e456acf64dd99ca30259cf45b88cf2515a69b3

                                              SHA256

                                              4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

                                              SHA512

                                              e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\MicrosoftEdgeUpdateCore.exe
                                              Filesize

                                              257KB

                                              MD5

                                              c044dcfa4d518df8fc9d4a161d49cece

                                              SHA1

                                              91bd4e933b22c010454fd6d3e3b042ab6e8b2149

                                              SHA256

                                              9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

                                              SHA512

                                              f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\NOTICE.TXT
                                              Filesize

                                              4KB

                                              MD5

                                              6dd5bf0743f2366a0bdd37e302783bcd

                                              SHA1

                                              e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                              SHA256

                                              91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                              SHA512

                                              f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdate.dll
                                              Filesize

                                              2.0MB

                                              MD5

                                              965b3af7886e7bf6584488658c050ca2

                                              SHA1

                                              72daabdde7cd500c483d0eeecb1bd19708f8e4a5

                                              SHA256

                                              d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

                                              SHA512

                                              1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_af.dll
                                              Filesize

                                              28KB

                                              MD5

                                              567aec2d42d02675eb515bbd852be7db

                                              SHA1

                                              66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

                                              SHA256

                                              a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

                                              SHA512

                                              3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_am.dll
                                              Filesize

                                              24KB

                                              MD5

                                              f6c1324070b6c4e2a8f8921652bfbdfa

                                              SHA1

                                              988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

                                              SHA256

                                              986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

                                              SHA512

                                              63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_ar.dll
                                              Filesize

                                              26KB

                                              MD5

                                              570efe7aa117a1f98c7a682f8112cb6d

                                              SHA1

                                              536e7c49e24e9aa068a021a8f258e3e4e69fa64f

                                              SHA256

                                              e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

                                              SHA512

                                              5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_as.dll
                                              Filesize

                                              28KB

                                              MD5

                                              a8d3210e34bf6f63a35590245c16bc1b

                                              SHA1

                                              f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

                                              SHA256

                                              3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

                                              SHA512

                                              6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_az.dll
                                              Filesize

                                              29KB

                                              MD5

                                              7937c407ebe21170daf0975779f1aa49

                                              SHA1

                                              4c2a40e76209abd2492dfaaf65ef24de72291346

                                              SHA256

                                              5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

                                              SHA512

                                              8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_bg.dll
                                              Filesize

                                              29KB

                                              MD5

                                              8375b1b756b2a74a12def575351e6bbd

                                              SHA1

                                              802ec096425dc1cab723d4cf2fd1a868315d3727

                                              SHA256

                                              a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

                                              SHA512

                                              aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_bn-IN.dll
                                              Filesize

                                              29KB

                                              MD5

                                              a94cf5e8b1708a43393263a33e739edd

                                              SHA1

                                              1068868bdc271a52aaae6f749028ed3170b09cce

                                              SHA256

                                              5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

                                              SHA512

                                              920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_bn.dll
                                              Filesize

                                              29KB

                                              MD5

                                              7dc58c4e27eaf84ae9984cff2cc16235

                                              SHA1

                                              3f53499ddc487658932a8c2bcf562ba32afd3bda

                                              SHA256

                                              e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

                                              SHA512

                                              bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_bs.dll
                                              Filesize

                                              28KB

                                              MD5

                                              e338dccaa43962697db9f67e0265a3fc

                                              SHA1

                                              4c6c327efc12d21c4299df7b97bf2c45840e0d83

                                              SHA256

                                              99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

                                              SHA512

                                              e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                                              Filesize

                                              29KB

                                              MD5

                                              2929e8d496d95739f207b9f59b13f925

                                              SHA1

                                              7c1c574194d9e31ca91e2a21a5c671e5e95c734c

                                              SHA256

                                              2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

                                              SHA512

                                              ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_ca.dll
                                              Filesize

                                              30KB

                                              MD5

                                              39551d8d284c108a17dc5f74a7084bb5

                                              SHA1

                                              6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

                                              SHA256

                                              8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

                                              SHA512

                                              6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_cs.dll
                                              Filesize

                                              28KB

                                              MD5

                                              16c84ad1222284f40968a851f541d6bb

                                              SHA1

                                              bc26d50e15ccaed6a5fbe801943117269b3b8e6b

                                              SHA256

                                              e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

                                              SHA512

                                              d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_cy.dll
                                              Filesize

                                              28KB

                                              MD5

                                              34d991980016595b803d212dc356d765

                                              SHA1

                                              e3a35df6488c3463c2a7adf89029e1dd8308f816

                                              SHA256

                                              252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

                                              SHA512

                                              8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_da.dll
                                              Filesize

                                              28KB

                                              MD5

                                              d34380d302b16eab40d5b63cfb4ed0fe

                                              SHA1

                                              1d3047119e353a55dc215666f2b7b69f0ede775b

                                              SHA256

                                              fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

                                              SHA512

                                              45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_de.dll
                                              Filesize

                                              30KB

                                              MD5

                                              aab01f0d7bdc51b190f27ce58701c1da

                                              SHA1

                                              1a21aabab0875651efd974100a81cda52c462997

                                              SHA256

                                              061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

                                              SHA512

                                              5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_el.dll
                                              Filesize

                                              30KB

                                              MD5

                                              ac275b6e825c3bd87d96b52eac36c0f6

                                              SHA1

                                              29e537d81f5d997285b62cd2efea088c3284d18f

                                              SHA256

                                              223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

                                              SHA512

                                              bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_en-GB.dll
                                              Filesize

                                              27KB

                                              MD5

                                              d749e093f263244d276b6ffcf4ef4b42

                                              SHA1

                                              69f024c769632cdbb019943552bac5281d4cbe05

                                              SHA256

                                              fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

                                              SHA512

                                              48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_en.dll
                                              Filesize

                                              27KB

                                              MD5

                                              4a1e3cf488e998ef4d22ac25ccc520a5

                                              SHA1

                                              dc568a6e3c9465474ef0d761581c733b3371b1cd

                                              SHA256

                                              9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

                                              SHA512

                                              ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_es-419.dll
                                              Filesize

                                              29KB

                                              MD5

                                              28fefc59008ef0325682a0611f8dba70

                                              SHA1

                                              f528803c731c11d8d92c5660cb4125c26bb75265

                                              SHA256

                                              55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

                                              SHA512

                                              2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_es.dll
                                              Filesize

                                              28KB

                                              MD5

                                              9db7f66f9dc417ebba021bc45af5d34b

                                              SHA1

                                              6815318b05019f521d65f6046cf340ad88e40971

                                              SHA256

                                              e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

                                              SHA512

                                              943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_et.dll
                                              Filesize

                                              28KB

                                              MD5

                                              b78cba3088ecdc571412955742ea560b

                                              SHA1

                                              bc04cf9014cec5b9f240235b5ff0f29dbdb22926

                                              SHA256

                                              f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

                                              SHA512

                                              04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_eu.dll
                                              Filesize

                                              28KB

                                              MD5

                                              a7e1f4f482522a647311735699bec186

                                              SHA1

                                              3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

                                              SHA256

                                              e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

                                              SHA512

                                              22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_fa.dll
                                              Filesize

                                              27KB

                                              MD5

                                              cbe3454843ce2f36201460e316af1404

                                              SHA1

                                              0883394c28cb60be8276cb690496318fcabea424

                                              SHA256

                                              c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

                                              SHA512

                                              f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_fi.dll
                                              Filesize

                                              28KB

                                              MD5

                                              d45f2d476ed78fa3e30f16e11c1c61ea

                                              SHA1

                                              8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

                                              SHA256

                                              acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

                                              SHA512

                                              2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_fil.dll
                                              Filesize

                                              29KB

                                              MD5

                                              7c66526dc65de144f3444556c3dba7b8

                                              SHA1

                                              6721a1f45ac779e82eecc9a584bcf4bcee365940

                                              SHA256

                                              e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

                                              SHA512

                                              dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_fr-CA.dll
                                              Filesize

                                              30KB

                                              MD5

                                              b534e068001e8729faf212ad3c0da16c

                                              SHA1

                                              999fa33c5ea856d305cc359c18ea8e994a83f7a9

                                              SHA256

                                              445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511

                                              SHA512

                                              e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_fr.dll
                                              Filesize

                                              30KB

                                              MD5

                                              64c47a66830992f0bdfd05036a290498

                                              SHA1

                                              88b1b8faa511ee9f4a0e944a0289db48a8680640

                                              SHA256

                                              a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961

                                              SHA512

                                              426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_ga.dll
                                              Filesize

                                              28KB

                                              MD5

                                              3b8a5301c4cf21b439953c97bd3c441c

                                              SHA1

                                              8a7b48bb3d75279de5f5eb88b5a83437c9a2014a

                                              SHA256

                                              abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0

                                              SHA512

                                              068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_gd.dll
                                              Filesize

                                              30KB

                                              MD5

                                              c90f33303c5bd706776e90c12aefabee

                                              SHA1

                                              1965550fe34b68ea37a24c8708eef1a0d561fb11

                                              SHA256

                                              e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c

                                              SHA512

                                              b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_gl.dll
                                              Filesize

                                              28KB

                                              MD5

                                              84a1cea9a31be831155aa1e12518e446

                                              SHA1

                                              670f4edd4dc8df97af8925f56241375757afb3da

                                              SHA256

                                              e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57

                                              SHA512

                                              5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

                                              Download Submit

                                            • C:\Program Files (x86)\Microsoft\Temp\EU85A1.tmp\msedgeupdateres_gu.dll
                                              Filesize

                                              28KB

                                              MD5

                                              f9646357cf6ce93d7ba9cfb3fa362928

                                              SHA1

                                              a072cc350ea8ea6d8a01af335691057132b04025

                                              SHA256

                                              838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150

                                              SHA512

                                              654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

                                              Download Submit

                                            • C:\Program Files (x86)\Roblox\Versions\version-a8766ccdec1d49d3\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                              Filesize

                                              1.5MB

                                              MD5

                                              610b1b60dc8729bad759c92f82ee2804

                                              SHA1

                                              9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

                                              SHA256

                                              921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

                                              SHA512

                                              0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

                                              Download Submit

                                            • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                              Filesize

                                              14KB

                                              MD5

                                              36de0e17ea6c7ca05c32dce44a8fd5ca

                                              SHA1

                                              a0daea4ed99d729cf699311b0c59f85c2ca13cfb

                                              SHA256

                                              8ac0b0b6a939da47079e7e588ef51b7813f8ba0429b23907c9bb9f16d9111984

                                              SHA512

                                              4098cef464300e5eea5044256933a1f8e01fde96405a8a427978ba72475af58459eadc4d5c28a7fa57d8208381256b83e00e79a50b6093adfe82e316d316bf79

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              026e0c65239e15ba609a874aeac2dc33

                                              SHA1

                                              a75e1622bc647ab73ab3bb2809872c2730dcf2df

                                              SHA256

                                              593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

                                              SHA512

                                              9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              228fefc98d7fb5b4e27c6abab1de7207

                                              SHA1

                                              ada493791316e154a906ec2c83c412adf3a7061a

                                              SHA256

                                              448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

                                              SHA512

                                              fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                              Filesize

                                              384B

                                              MD5

                                              3ab23585e70bde499cf440bae9868bd7

                                              SHA1

                                              95e93d95ea510ad8c7c67c66003bbe05581e4cdc

                                              SHA256

                                              31b0f634a4df74a72e26f69f020886a39f3e161e14a13bceac48adc9320b17df

                                              SHA512

                                              012d2baa1d539a77f91034cff3e4816a49e917f2da6076e025a35cb9d5e70f1be02ae168811a94447114d6c77b746c7c455d4dcba417010eebd64bf59ad053f6

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                              Filesize

                                              3KB

                                              MD5

                                              06dd21251ef084252f8cbe0f31165b55

                                              SHA1

                                              59909ffa35f9b2c2fa743884ca3eb3f7addc0835

                                              SHA256

                                              eec77d2fcb4bb4e235c88418c22c7115bda4b9cb91754b3e8be0a27ee1ab04db

                                              SHA512

                                              55a8734b961145f0a55c35aecca6369848bd8a99c9d1e9b5819ad904463484d1f0806583fa5a447941d1dcc8ac8c803ec50be9e7378cc93dc118cb2979e52042

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                              Filesize

                                              3KB

                                              MD5

                                              81c08b6acba7b51bcf0d8e2c482370d5

                                              SHA1

                                              6d408a067e482948e8aa05d2380ac0465892bc95

                                              SHA256

                                              9a2cdc96cc22c081af8a1ecb960784eaa8cf1e71c8871a516a9f9fc0b0dc0d77

                                              SHA512

                                              77f15625d5fdbf1324b381bf66a30b273d65df8718277c3595f4f6ab35b020fed604966efa55f9effcc3e41f81ef8b6e575130f18303ee01a7246fe8785a260d

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                              Filesize

                                              2KB

                                              MD5

                                              0cb5f6dff4f580b03db92390b2e7d23c

                                              SHA1

                                              119f0bc1a2583bbcb28d4c5610f59c8396e34c20

                                              SHA256

                                              00987c4a362c734f718287ff77a157f45c6b557d373ed13ed0c7518bb9b8f2d0

                                              SHA512

                                              7c37f40e98fd74efc8e7207dc02986395e9624c092b8e59ac500f54006af7deac80cde58d910cd2146f0819df4a96546e3c4cf062ac79e527ddd6fc9b62d940e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                              Filesize

                                              2KB

                                              MD5

                                              7ed096089170b037484f1fb899b0a6e8

                                              SHA1

                                              8d8c67a0795f1db7098d847c05ed1dbd5f46085a

                                              SHA256

                                              cfaa61ac10aee4b79f991b4f316c16a70ed8d891a8921560a159b3146d291be0

                                              SHA512

                                              4fd26aa5ef1f376227961fa9b475b8fdbee72e268c96f916e84e0458fd5ab8757eede6d60897149788ac78e97438f3a0cbbbcb0a3d7bfea69e848326814d42dc

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                              Filesize

                                              1KB

                                              MD5

                                              e8ad7c5ffbda2ff4eea22a89919de531

                                              SHA1

                                              11a6b4f7e4e8fab6e6927f78ce810ddfc7e5ec3c

                                              SHA256

                                              ceeee5c8f6412e217e095cdce081102063af6f937f86828bab000cf4feccd3b0

                                              SHA512

                                              ea8e1d7fca28102cea2e4b89b574496bd46e9731885ea54423ea8abcd038577ea0a08bd0a3ed36a713dc02969cb37b5d0c268c5b62cc06c642273a9e08ae5f54

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              5KB

                                              MD5

                                              1e9bfd2178b0c94c86df2272dc56c8c8

                                              SHA1

                                              0074d15627b0a82215a5bf5b1d51d46b23a8014a

                                              SHA256

                                              8cddf11c29071ae9f9f230d79c3005299a75e9dfcfbb49ba91ba790a5f76a76e

                                              SHA512

                                              b9e9f23bcdf913054cac78466e9d08b2092d8ff87f06f007626c4967123caec1d5508f1ec80a2438d50a2be7868762e50881577de2ff971815005a042bc4082a

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              6f25fd7fd1e248ac8139dac89334317c

                                              SHA1

                                              682a276d73dec545bc035fd024c8dd2c735f7e8b

                                              SHA256

                                              04e6d6c3b1fb3e0cce7c175bb18029a600827257ae765255f9d43d586448b759

                                              SHA512

                                              c5a5755f1730dfd2872667072144ba3219a12a5772899a4990b4b6031decd57c84eb21cbb0107ea8fa177ff63f71e56a52b4cf9f7bd032a4b944d04fbe8c6141

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              d7669821badd83ad1f4039c8cdf2d52a

                                              SHA1

                                              2c0d9bc1a9e0736125849c1edf117c61fa2e07e7

                                              SHA256

                                              2f1fe03144cde424fdbd211d6e8a1963b6da038104c87ea82bc003e7f4100897

                                              SHA512

                                              e563fe80bf742a2bfa38164b72fd22494026338bdfe35b6e3200b1f73cc66896c2dc123c7fe986bb7694d719463df7c98c0a5e7bba61f5b897fc2d9ec9a8d7b2

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              1f5e81336e6f6390224b97febc0a6015

                                              SHA1

                                              ae956393f8dd3d88bcceaab34258498d1d77d267

                                              SHA256

                                              d07bdf94ef713864f4f282425d5dbe43ec4a4a08559e78d1ba932c7d6987da12

                                              SHA512

                                              d398375e4c0539be86131926faa67a12693990d1151a8eb30526944f62986aab8e0fe2bf46a97fb09c630d0278be3b62bc092e39bfa3162e932f63b00622ca6c

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              26d3090a1547fbbb30874c7419c42d63

                                              SHA1

                                              c10cc8806f9c99734b56ede8423cc6d16b0a80b2

                                              SHA256

                                              62ff22b2501e6b688dc47f984db72362941fa90bf744f0ece0b6fbd08b10b813

                                              SHA512

                                              50214aeabfbf4f55683ffaff01edcc6a4a5e53bce2a22ce0b87eaf0927ce5485ccc5f777fc79da6c60c48b801847b1b34c1db5f086da9e9ac2bddf84f55f0a42

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              2b0f516af8b8854efbca58b9e7d203f1

                                              SHA1

                                              f91e33a1e2faceaf9984a7e4790a2148fbcfe23c

                                              SHA256

                                              386a45926c80b0a09905bca973e29cbfc06fdeafa47633f246f362d87b7511a2

                                              SHA512

                                              21c1a9eb18326609c11c1f8e67f9948c1269717e85a49f90c1427a60fbd1853032eb2d9b802a013439a43b3315b1c2bce7c579a17dada870a37d280dd5410213

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                              Filesize

                                              3KB

                                              MD5

                                              706b00938e764181993e52c8a393806f

                                              SHA1

                                              ce51ddf7955019e1fe58810aef25395a6693784e

                                              SHA256

                                              b2ba1795cb0a4107380e9eff7e059c3cf95a8bca4a89d8b6b7228498c1580024

                                              SHA512

                                              6c83118669bccacf7080392ce84e9fb422fad50afb098d696205b3e78bd1ff31ba0273f34b4e2c46694e4f4df61962bdbb8c8958f13bac0e35ffcd97687694d9

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                              Filesize

                                              3KB

                                              MD5

                                              75642403f58da600ac12f39bc9e2534c

                                              SHA1

                                              999b4f23a88c73147fbc6d79f2a9238fbca4eb9b

                                              SHA256

                                              86d52cbb130a9231a0be7f51fe30495c71e5afeac4b774072226f4770c3f1080

                                              SHA512

                                              617af5cfc37ece75124b1434200526a253ad735e788e399a146b244eb81fc98b0f6040541f75a2eb50d1a95ea9415bbae52a38fb4aa51424eea56c8f52eea20e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                              Filesize

                                              3KB

                                              MD5

                                              5c2fe7faf8f24ce5cd29c4e441777a76

                                              SHA1

                                              fcbfa734430106ab233a0791be0bce80d9db2d1e

                                              SHA256

                                              5522acf65fa0d00806bea392f80d2ea8708cca40ff5bac7fbc7b81b4713da0b9

                                              SHA512

                                              9a7c5be46b2e58842580ace40131f42bfb9b8cb506507ce6be5132ac7b2b84f56d6875ccfa5e8b9386a173209c069a329d01a31be1d34da5f9f5f809204b1f58

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                              Filesize

                                              3KB

                                              MD5

                                              40a6303a53caadff3c05422e8204b538

                                              SHA1

                                              0d8ee3ab82b08e8c28c0a907db4c114f59c5f99e

                                              SHA256

                                              67b3dd7aec482376882f2b14a4037d8ca206860074ab7995d1bab89209dec67f

                                              SHA512

                                              ee8311a0631f5d2abf6e638fce3c9eaed985d0494e78fd66878119f8f6e559ccbbcfc04c6a7e1525cc3faa50a9b4a801f26733a0062398b74c3f9ae6a810119d

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                              Filesize

                                              3KB

                                              MD5

                                              e5f2420436e79c3df626e805a02947a9

                                              SHA1

                                              f6afbaf53836e5f4b8df34f36e68250afa829407

                                              SHA256

                                              cdf4199051224448d97f23b49e62422169e26986178d4883f99ddea49c70da76

                                              SHA512

                                              16781204828cc3bd9ff4b327f0fdd870f79f9a5306894c8a4625306ca42f20696111fe994195ffdc6c669c26949a74b4f2a17e1c09bfece831c22b588b90ae52

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                              Filesize

                                              2KB

                                              MD5

                                              0a0810115ca57a47170dd84e950b7f8a

                                              SHA1

                                              8e154dcc56ce7ae6915202f945ae69574eb94793

                                              SHA256

                                              a5b59fb20106806985fa9fa8e2283d03c9495aee7c398d3bd2f97db3fc98a20b

                                              SHA512

                                              3bd416a8ce34753e278c801e5b7cdfee0ed7f473e7d19520a13d053a95b25dd574dad98a5cb37026483e0e39e2a1397b45a7791a5d71fe1d3174c1453564f0a3

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5814bc.TMP
                                              Filesize

                                              2KB

                                              MD5

                                              e4fa49a4d0a7ed38be53c87805166898

                                              SHA1

                                              762fb37a81cd4da8d5cb61ce8b44ede64d475d91

                                              SHA256

                                              b775beaeb8c0d979836ef9355ce351fc035601fd91163029501e99dff7d54002

                                              SHA512

                                              80ef366ea9e5b4fa3a8b504e3cba62d6d6659635d4f9bcf26fe55b0284399b6ddfb22d67c77237b585b52b865c20ee04f4c4b38107676f47a731888490293b2b

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                              Filesize

                                              16B

                                              MD5

                                              6752a1d65b201c13b62ea44016eb221f

                                              SHA1

                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                              SHA256

                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                              SHA512

                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              10KB

                                              MD5

                                              90341779855e85f522b9b7961a9cdf3c

                                              SHA1

                                              00d5b65f8520d77c7544e597d2d7724c182f1a0f

                                              SHA256

                                              e0157829598c0421edaee32ae99defef74bd495c2f467a611a61b4abb50fe82c

                                              SHA512

                                              90feff14cb69bb0f9208e587e09e627330f008339a91e8f9ea7f04aa8339e3fa90fc30077cdfa8f032556871e3cdbba7503a7a5f69d82022149f075aa8d4fb73

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              16f945ec8edda35ad5015dd736f36b7f

                                              SHA1

                                              1cbf5c6e17d5329ec96da82d7689bc142e3e0373

                                              SHA256

                                              532c96a9f119aa285ccce9f1a184c919f32e92f062ad2117f2e370a108483cd8

                                              SHA512

                                              b6193a71660592b28e620b8e46572ef2f6133f2a2d1682afc6304bb48b04e6081116793eae90d8bca68ad583151c69c0f16e0b4ed63215a5d3eac80291bbe7d4

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              02b293104b7d52f87ed3f6561c4648f6

                                              SHA1

                                              0d5c6fad8a8fe44a4618b265b80e67b3ac2cb171

                                              SHA256

                                              5999f2cf0ba633ca763d074e9147070c8e8d42313dcfc54ac9e49fc5d459d5a4

                                              SHA512

                                              434277ed09d00398653551a7f64533d5914204ed8316a92cac0708c6fdd169384519643de9eff93caa15719138b30b8b0767986d711313d5ab576df7ed2772e9

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat
                                              Filesize

                                              280B

                                              MD5

                                              7139a104eb39806dedc4eba817fe9bbd

                                              SHA1

                                              664c359d5673ee47ed5102995bb5c857bb49d213

                                              SHA256

                                              f25ae579c3099794b1c11e56a76285d601fba3701a6eebda613c879d339e4183

                                              SHA512

                                              00369da1efeafb0e4237ea9cf43684864db3a035bee83da075bd426339ff5c93b647b5ca662d4a53668dc54a11bf8efac0959be4e8b06d6969dd5d9b2aefb0d1

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                              Filesize

                                              2KB

                                              MD5

                                              eb357cc55dc8ded02201722a9c9d8129

                                              SHA1

                                              a741960c2c3c9ef39635b84fecda7d8f9ff9e852

                                              SHA256

                                              9fb397567384b591c183cd799bab97bffcdbe8ab3d3fe699cd6bbeb4b311fced

                                              SHA512

                                              ab68d76943b7e19152acbb1190b962723e6922e8baa89d25d5265783054dc659d9e1680c1f4e39c0e83f83fa36b1f453dcb15bfbdfc39dfc0fd83949c34cfe4b

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5c2a44.TMP
                                              Filesize

                                              48B

                                              MD5

                                              9012c3a6a544227bc34d368f833639c3

                                              SHA1

                                              94a012ba22e53b3db33f6165e7399ad141cef339

                                              SHA256

                                              9c10d5b67171c8297922944ef3b8d02176da1ead6b5225e7687efc3905320f01

                                              SHA512

                                              c6c1f35d6ef9fa98e451852e8bbc18c389bbf5eb70d3f67d08b5ebd205483e7172fbc6b90b2e3c27ae890dfa7ff1b37893627af37676995f0af20f50431472f2

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_0
                                              Filesize

                                              8KB

                                              MD5

                                              cf89d16bb9107c631daabf0c0ee58efb

                                              SHA1

                                              3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                              SHA256

                                              d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                              SHA512

                                              8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_1
                                              Filesize

                                              264KB

                                              MD5

                                              d0d388f3865d0523e451d6ba0be34cc4

                                              SHA1

                                              8571c6a52aacc2747c048e3419e5657b74612995

                                              SHA256

                                              902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                                              SHA512

                                              376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_2
                                              Filesize

                                              8KB

                                              MD5

                                              0962291d6d367570bee5454721c17e11

                                              SHA1

                                              59d10a893ef321a706a9255176761366115bedcb

                                              SHA256

                                              ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                              SHA512

                                              f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_3
                                              Filesize

                                              8KB

                                              MD5

                                              41876349cb12d6db992f1309f22df3f0

                                              SHA1

                                              5cf26b3420fc0302cd0a71e8d029739b8765be27

                                              SHA256

                                              e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                              SHA512

                                              e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
                                              Filesize

                                              41B

                                              MD5

                                              5af87dfd673ba2115e2fcf5cfdb727ab

                                              SHA1

                                              d5b5bbf396dc291274584ef71f444f420b6056f1

                                              SHA256

                                              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                              SHA512

                                              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                              Filesize

                                              1KB

                                              MD5

                                              6b82b94f4d1ac1b49592e44102362171

                                              SHA1

                                              c600538af5b3d33c564fcb9df9a8c3ffc901d7ea

                                              SHA256

                                              94c31a6eba3e02422a888aad86f6e41df22848bcc6a538a006d7aee9fcbe80fe

                                              SHA512

                                              dc9f7b466d64e35558a8aaa22aed51ca3c23d451db3ac1e5bc6d82495b49be7f436466e25be5fc2259e6350379da3af5235455ff40f8e318121d4478119c98dc

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State~RFe5cbfdd.TMP
                                              Filesize

                                              59B

                                              MD5

                                              2800881c775077e1c4b6e06bf4676de4

                                              SHA1

                                              2873631068c8b3b9495638c865915be822442c8b

                                              SHA256

                                              226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                              SHA512

                                              e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
                                              Filesize

                                              2B

                                              MD5

                                              d751713988987e9331980363e24189ce

                                              SHA1

                                              97d170e1550eee4afc0af065b78cda302a97674c

                                              SHA256

                                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                              SHA512

                                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                              Filesize

                                              1KB

                                              MD5

                                              d27e8970fb9bfb27fd7dfe88df86dbf0

                                              SHA1

                                              31275650eecc9890864deacbc90260011f68e9ec

                                              SHA256

                                              89f46e04fb68d820bd589447e3d564f72ec37655271be4b3fd45c87a271b2e33

                                              SHA512

                                              0b3c5e0edb3dd0908224b9b27267801a89341241b61897d654e35eb77301b31f6b927e7f341779d45855bc53d9b01ee12f9ffcf203d29e4cf8035ab61ff4b2f4

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                              Filesize

                                              1KB

                                              MD5

                                              05b0b702abd3424431b6eb187f0b00c2

                                              SHA1

                                              6d28550896dafbc847e58db53e2d91c6fc3f54b0

                                              SHA256

                                              da64241732141003663a88f6e36c3e508df87e40bb0d2eabbd1201c30284af1d

                                              SHA512

                                              f098814238eff0fa54c0728fd6c98c04930d7aa98fc2c27c542c2f06edc68eda5db615525097284fe06701a2381f4d4cf432a06867561e9443b009fba18fa419

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                              Filesize

                                              1KB

                                              MD5

                                              13ad6d647b45a9c5589c7dff63b62515

                                              SHA1

                                              9989a22b2423567dc3c56b83e7b7b325e75d0cb1

                                              SHA256

                                              34b5194a1ec21a5919dcd4ee64ca9e04f65a104be335d5dfa2156a94c0703322

                                              SHA512

                                              31d7a2f092e01896e8d60d33da32fd727a4c3c0916aaac6312163b394158aa1c640991983b1d70858bd341c90e1745c8b4172081ae42e6ef1233093c8ec63750

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe5c0ff5.TMP
                                              Filesize

                                              1KB

                                              MD5

                                              37ee4785ae92810958b7a046edb8d15f

                                              SHA1

                                              6923c437ed086d7e7973424841b13b5e71fa81d8

                                              SHA256

                                              041d540f5e85b86ef6b67b72b11bd174aba3a0cd93e34ae2c2bab224f0ab23d8

                                              SHA512

                                              6a79de2ae1a0e58880f823383f33382065df07b883aaf007f1fff3e19265cb12bdfa6f4665526fe688c73f6b6f03758c52571cab1879f5b5cf58407960e7291d

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              9003e3e030b4ae9b262cd76f3d300332

                                              SHA1

                                              7aa6ae528946772b03805b21c1fec8a21eb1e9a7

                                              SHA256

                                              06d9267443a24e9527f89f71e72b3c3069bd2dbaf233c8d94550cf0b1075bc9e

                                              SHA512

                                              ef487a5d906675495e0812cf80bae2faf95c9bb2ff1cf7ba87325c6a297a5a86b2d1ea8e660292a05164348c5ee369aef45a765813897685464558d1ebfd31f7

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT
                                              Filesize

                                              16B

                                              MD5

                                              46295cac801e5d4857d09837238a6394

                                              SHA1

                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                              SHA256

                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                              SHA512

                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\b53e10dd-e8d8-4f62-bfea-56be21a7afb7.tmp
                                              Filesize

                                              6KB

                                              MD5

                                              33542fe638eea9c5451e443a3bc64734

                                              SHA1

                                              2019cd9306faf49e0fba2a48928b6c103b085fac

                                              SHA256

                                              3f87f0dd204715d531a347f256628d202fcc2dfe5fa0a5691b9ff82b0b45beab

                                              SHA512

                                              238284c8a059df4e705f07a824a88e212aba997b84d64cda5d3c257c070d03e5bed85d1fa18155488543c1baa951b84db20ac231876e502f7d1a9d6a003c2273

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                              Filesize

                                              2KB

                                              MD5

                                              c2d53c2bab5f217504eeb6b574c28001

                                              SHA1

                                              587aa0e4a3b6249eb8a1a8f014a87137d47e78ea

                                              SHA256

                                              0f85896462f7772ddc2ff67b078ee162639b5a15b53f42ce2ab4222c230d7b3d

                                              SHA512

                                              64ea51f4041511101fdc5f45a36f910b3460b16e06db73d67cd3817c16170d0e2cfa3a52b34ce9242b36eb3d6c77fd55fdaf073e0aadedfcbc98424400b488de

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                              Filesize

                                              3KB

                                              MD5

                                              f84f8fcc9437352ee3d9e4058628c706

                                              SHA1

                                              1827d6efb8c0d0c377426984c68754d4bc3b67b3

                                              SHA256

                                              6469d091c3e77eabf732b292c43a89367c5661278cda64b36ccc1abe6ff7f4f3

                                              SHA512

                                              d72724b72084f1550a2df868ae988371a2ba085012d6e371cae7c509a8c25cb1127a632560d3d2eba35d4017df600b5a2572e3c4eb062dfbbfe08a3c645c19d7

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                              Filesize

                                              16KB

                                              MD5

                                              422ce47dba5bc1e7106223cd5868e097

                                              SHA1

                                              5962e1753b5555f2b09a7344700c2b921127049e

                                              SHA256

                                              f52efeae26fd86165434a71f23223c6325cfe9334a8b0a2589c9a89efb48589a

                                              SHA512

                                              08745180f3e7d308cb76dab4ae75d7c424b662c17b517ebe7a5832131e05ec352eee7a1d5876bd8fe538ea4e33779d44fa8cca0a72cdd18c703529626b55a02a

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                              Filesize

                                              17KB

                                              MD5

                                              e908a019b0a25c07e84a23e2068f5149

                                              SHA1

                                              82da77e45b4bb94c3b14891f5a33f2ebb4319eee

                                              SHA256

                                              31828908f06cf037c66377efabcf4710027f8f6ae383b37a3eecaa6370eb5b95

                                              SHA512

                                              10f806c5d0fd1663385a8c4e5ed038a602d149115fc604ccb733e9e531956f89059f2281c79804477c4c1fa8f7c8f3171a1fc98f5112c943cfaf8f0fbf3b89f4

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                              Filesize

                                              1KB

                                              MD5

                                              fd98c8bd02cb2e38830fd0db6fc01085

                                              SHA1

                                              5739d42f160c796459988acfa4590db5218970d2

                                              SHA256

                                              d7145c47a68bdcfca71cd37893b8eeb281b55b5423ba9ea8330911a4a4eaff74

                                              SHA512

                                              d74c115c0ba650593455dd884d161586e7282b501950a8489497a07ee3e900cbc63c4b9dfae3809a89ba7b4b27af531617e4827718ca9a1cb34f496510abfec4

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe5bac2b.TMP
                                              Filesize

                                              1KB

                                              MD5

                                              2958ccc553fb23583076cbf1af091391

                                              SHA1

                                              111f5f269149d71226d1b76a5d5bfe56cf627d3c

                                              SHA256

                                              3704b3d9fa6e1e5f589eeba3fe183a23907a2a84c71c3daf272992cbf9c7e994

                                              SHA512

                                              dd2f4506e3215305f74f71a6d6385b2b8cb7e81848aae1fa0064ac134ed1758cff2ed8942ce07de711d8ef8d4b99913c7d6b7958d23e91b795dfe84b883aa44a

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\crs.pb
                                              Filesize

                                              278KB

                                              MD5

                                              981a9155cad975103b6a26acef33a866

                                              SHA1

                                              1965290a94d172c4def1ac7199736c26dccca33e

                                              SHA256

                                              971393390616fbe53c63865274a40a0b4a8e731c529664275bdc764f09a28e2d

                                              SHA512

                                              2d75ce25cb3a78f69f90fbd23f6e5c9f1a6ed92025f83ce0ab3e0320b64130d586fc2cd960f763e1ab2c82d35ef9650ebd7ff2a42a928a293e0e7428cc669119

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\ct_config.pb
                                              Filesize

                                              7KB

                                              MD5

                                              df3d937079b894c891f9b0b741874928

                                              SHA1

                                              ed93fc386807b3a28fcc7988a88ae4741bfe1b15

                                              SHA256

                                              c7cbb0db6e924cbfccf4a6e8223e3fed4d93f5d78a3122c30213b6e38ee195f4

                                              SHA512

                                              5728bdd930283a4906e7e07acd3eadecb813a3154ffb41729738444bf13aab27dceb01e05a27c77bb13cc498c1d5c2d492ac653ddbfe4b14004b1c7a5bc54f1b

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\PKIMetadata\13.0.0.0\kp_pinslist.pb
                                              Filesize

                                              11KB

                                              MD5

                                              d43d041e531dc757a69a90cb657ef437

                                              SHA1

                                              09138b427565bc276cfd3ba9f59b0c8bad78e91d

                                              SHA256

                                              9431360a5534ad2f8eddde157cce39704b99da035fcb6d2cca11220700b11ccb

                                              SHA512

                                              476a98122059b9cc19492b7ae557c61381842c8c347f85c686e0a493bfd0e8707ce3491b690e7978b3fb7d7d2a4daa2767e4a590398a50562519bf32e8d12ec6

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.55\Filtering Rules
                                              Filesize

                                              1.8MB

                                              MD5

                                              a97ea939d1b6d363d1a41c4ab55b9ecb

                                              SHA1

                                              3669e6477eddf2521e874269769b69b042620332

                                              SHA256

                                              97115a369f33b66a7ffcfb3d67c935c1e7a24fc723bb8380ad01971c447cfa9f

                                              SHA512

                                              399cb37e5790effcd4d62b9b09f706c4fb19eb2ab220f1089698f1e1c6f1efdd2f55d9f4c6d58ddbcc64d7a7cf689ab0dbbfae52ce96d5baa53c43775e018279

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.55\LICENSE
                                              Filesize

                                              24KB

                                              MD5

                                              aad9405766b20014ab3beb08b99536de

                                              SHA1

                                              486a379bdfeecdc99ed3f4617f35ae65babe9d47

                                              SHA256

                                              ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

                                              SHA512

                                              bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\TrustTokenKeyCommitments\2024.9.3.1\keys.json
                                              Filesize

                                              6KB

                                              MD5

                                              5054c41b012752c1a98db9d819268ad6

                                              SHA1

                                              a7d70197bb25621af1c3ab5bbf5250026f849753

                                              SHA256

                                              477b0514c0ee0eb204f05925935f51fd7f794f1123f6775f06cb654de89504a2

                                              SHA512

                                              1791aa67ec5a135c6d0c79a545cfb422ed631502b5c7398f4661824548540553ac610922191583a44c9442f0703c5a9f270fee77d3c62c99162ed5a6ca9b2fb0

                                              Download Submit

                                            • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
                                              Filesize

                                              5.5MB

                                              MD5

                                              24bcceca8b115ff5d0060b2d9def17c6

                                              SHA1

                                              a06ba5c1f6d64c9a95627c4b2291806d2b5cd300

                                              SHA256

                                              c91803f5c89cc6b4c649f1a6dc85901208a0cf83cbe5d44c4e4800cc0e3b8fde

                                              SHA512

                                              d0d5163a972860ae532d8d0f29d97a1a74796b94aec00d112e30efabc1139b1bb97c892afe7f3a69ef1323aa387a71ae006749e91f374ee93b465586ed6a913d

                                              Download Submit

                                            • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe:Zone.Identifier
                                              Filesize

                                              66B

                                              MD5

                                              a0843761aae2f42fd43253639046fe1f

                                              SHA1

                                              c7d3138493b8a877dbc59b05442445f33c486015

                                              SHA256

                                              473a60e649d46a33d4cd0dbaa9de074ca50852010f75ad8aa72c2911f6eab11d

                                              SHA512

                                              7d51d1bddb46dd0db49d5b490092f8d11a4a30ccd755a980c45e7e176fe4e4325ebc3f798fedccf121d1ca32c5d8fb0d4a15baceab9e0877c2b0abf4ee067fd7

                                              Download Submit

                                            • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
                                              Filesize

                                              280B

                                              MD5

                                              47fa2aff9599985642fd0bd1a2a18a4a

                                              SHA1

                                              1fb3ddb026e13b6e620084e1a0dc197268741d37

                                              SHA256

                                              33b56385c7fafc65d35cd559b61a78f755960d92bb259d7a20b3f2bb90311016

                                              SHA512

                                              63930fe63b5421cd491272573a8e3485f2f0ae932709c2807c712b3a0d6cbd783d7603fccc609291b3bd2f10a264b263fd6673a991d327782f490e270126d9d5

                                              Download Submit

                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2076_1876728063\manifest.json
                                              Filesize

                                              76B

                                              MD5

                                              ba25fcf816a017558d3434583e9746b8

                                              SHA1

                                              be05c87f7adf6b21273a4e94b3592618b6a4a624

                                              SHA256

                                              0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

                                              SHA512

                                              3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

                                              Download Submit

                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2076_346520250\hyph-as.hyb
                                              Filesize

                                              703B

                                              MD5

                                              8961fdd3db036dd43002659a4e4a7365

                                              SHA1

                                              7b2fa321d50d5417e6c8d48145e86d15b7ff8321

                                              SHA256

                                              c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

                                              SHA512

                                              531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

                                              Download Submit

                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2076_346520250\hyph-hi.hyb
                                              Filesize

                                              687B

                                              MD5

                                              0807cf29fc4c5d7d87c1689eb2e0baaa

                                              SHA1

                                              d0914fb069469d47a36d339ca70164253fccf022

                                              SHA256

                                              f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

                                              SHA512

                                              5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

                                              Download Submit

                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2076_346520250\hyph-nb.hyb
                                              Filesize

                                              141KB

                                              MD5

                                              677edd1a17d50f0bd11783f58725d0e7

                                              SHA1

                                              98fedc5862c78f3b03daed1ff9efbe5e31c205ee

                                              SHA256

                                              c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

                                              SHA512

                                              c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

                                              Download Submit

                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2076_346520250\manifest.json
                                              Filesize

                                              179B

                                              MD5

                                              273755bb7d5cc315c91f47cab6d88db9

                                              SHA1

                                              c933c95cc07b91294c65016d76b5fa0fa25b323b

                                              SHA256

                                              0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902

                                              SHA512

                                              0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

                                              Download Submit

                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2076_390457893\manifest.json
                                              Filesize

                                              78B

                                              MD5

                                              9593491f9d9bb497a1d104f3214409c3

                                              SHA1

                                              699d68751b46d66d3036ae934fce022cd1687e66

                                              SHA256

                                              bfe0104fb221b896897700b442cef991edd0197dc5fb258c966aada66a309ea7

                                              SHA512

                                              1ffe9a0f36afcd141c9832b893eeaba230ca31b716824d5107e36b5d672d3d03489d42c9fdf5935261027daa6440803498dd8b1dffc005d7b9493af99cd5cd60

                                              Download Submit

                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2076_496740025\manifest.json
                                              Filesize

                                              102B

                                              MD5

                                              8062e1b9705b274fd46fcd2dd53efc81

                                              SHA1

                                              61912082d21780e22403555a43408c9a6cafc59a

                                              SHA256

                                              2f0e67d8b541936adc77ac9766c15a98e9b5de67477905b38624765e447fcd35

                                              SHA512

                                              98609cf9b126c7c2ad29a6ec92f617659d35251d5f6e226fff78fd9f660f7984e4c188e890495ab05ae6cf3fbe9bf712c81d814fbd94d9f62cf4ff13bbd9521a

                                              Download Submit

                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2076_656907177\manifest.json
                                              Filesize

                                              116B

                                              MD5

                                              e39cecf91d50b976575112bafefe9393

                                              SHA1

                                              82e2d1c3cdc771a02ae8989a89dfd1f61647b8b3

                                              SHA256

                                              f7d0ba2c20ffcf2fa230225b4a309a0eb52741eeeb29725b01c289d0067984d6

                                              SHA512

                                              0a63fcb2109d878013ee79fe0789817d9df4445eaec4bb27d663237ada6d035d28946e9a4c2ae0238413f5d404b56536c4095bedbbe6528ba36bbb5f24bcfd02

                                              Download Submit

                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2076_856714362\manifest.fingerprint
                                              Filesize

                                              66B

                                              MD5

                                              7ce55ac0d7683657fd051e573ad06e30

                                              SHA1

                                              3bc51fbc6155c4e9d1439587e1c739995054cc52

                                              SHA256

                                              138e2b36e4c8bec8b00180558843355037d7de99c389f46e6183c4fc5a34c790

                                              SHA512

                                              f269c5c2ee53ed836bfd1b928b40e1ddb2aaea00e5585c85fecfcb1add71130d4ecfe91d2f2527934ac472c8b432d3475ca02b8f808e7e6014cd49155529d9a2

                                              Download Submit

                                            • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2076_856714362\manifest.json
                                              Filesize

                                              43B

                                              MD5

                                              55cf847309615667a4165f3796268958

                                              SHA1

                                              097d7d123cb0658c6de187e42c653ad7d5bbf527

                                              SHA256

                                              54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877

                                              SHA512

                                              53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

                                              Download Submit

                                            • memory/996-1223-0x00007FFC733A0000-0x00007FFC733A1000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/1468-1122-0x00007FFC733A0000-0x00007FFC733A1000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/3232-1063-0x00007FFC4F9C0000-0x00007FFC4FDC2000-memory.dmp

                                              Filesize

                                              4.0MB

                                              Download

                                            • memory/3232-1064-0x00007FFC4F9C0000-0x00007FFC4FDC2000-memory.dmp

                                              Filesize

                                              4.0MB

                                              Download

                                            • memory/3232-1062-0x00007FF605D70000-0x00007FF606D70000-memory.dmp

                                              Filesize

                                              16.0MB

                                              Download

                                            • memory/3232-1061-0x00007FFC50A40000-0x00007FFC50F8C000-memory.dmp

                                              Filesize

                                              5.3MB

                                              Download

                                            • memory/4248-782-0x00000000732C0000-0x00000000734D0000-memory.dmp

                                              Filesize

                                              2.1MB

                                              Download

                                            • memory/4248-1056-0x0000000000330000-0x0000000000365000-memory.dmp

                                              Filesize

                                              212KB

                                              Download

                                            • memory/4248-781-0x0000000000330000-0x0000000000365000-memory.dmp

                                              Filesize

                                              212KB

                                              Download

                                            • memory/4248-830-0x00000000732C0000-0x00000000734D0000-memory.dmp

                                              Filesize

                                              2.1MB

                                              Download

                                            • memory/5544-2217-0x00000000006F0000-0x0000000000725000-memory.dmp

                                              Filesize

                                              212KB

                                              Download

                                            • memory/5748-1980-0x0000022293A30000-0x0000022293A31000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/5748-1982-0x0000022293A30000-0x0000022293A31000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/5748-1978-0x0000022293A30000-0x0000022293A31000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/5748-1974-0x0000022293A30000-0x0000022293A31000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/5748-1973-0x0000022293A30000-0x0000022293A31000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/5748-1972-0x0000022293A30000-0x0000022293A31000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/5748-1981-0x0000022293A30000-0x0000022293A31000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/5748-1979-0x0000022293A30000-0x0000022293A31000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/5748-1984-0x0000022293A30000-0x0000022293A31000-memory.dmp

                                              Filesize

                                              4KB

                                              Download

                                            • memory/5748-1983-0x0000022293A30000-0x0000022293A31000-memory.dmp

                                              Filesize

                                              4KB

                                              Download