Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Xeno-v1.0.5-x64.zip

windows11-21h2-x64

8

Xeno-v1.0....re.dll

windows11-21h2-x64

1

Xeno-v1.0....ms.dll

windows11-21h2-x64

1

Xeno-v1.0....pf.dll

windows11-21h2-x64

1

Xeno-v1.0....no.dll

windows11-21h2-x64

1

Xeno-v1.0....no.exe

windows11-21h2-x64

1

Xeno-v1.0....s.json

windows11-21h2-x64

3

Xeno-v1.0....UI.exe

windows11-21h2-x64

1

Xeno-v1.0....g.json

windows11-21h2-x64

3

Xeno-v1.0....x.html

windows11-21h2-x64

6

Xeno-v1.0....ain.js

windows11-21h2-x64

3

Xeno-v1.0....lua.js

windows11-21h2-x64

3

Xeno-v1.0....in.css

windows11-21h2-x64

3

Xeno-v1.0....ain.js

windows11-21h2-x64

3

Xeno-v1.0.....de.js

windows11-21h2-x64

3

Xeno-v1.0.....es.js

windows11-21h2-x64

3

Xeno-v1.0.....fr.js

windows11-21h2-x64

3

Xeno-v1.0.....it.js

windows11-21h2-x64

3

Xeno-v1.0.....ja.js

windows11-21h2-x64

1

Xeno-v1.0....nls.js

windows11-21h2-x64

1

Xeno-v1.0.....ko.js

windows11-21h2-x64

1

Xeno-v1.0.....ru.js

windows11-21h2-x64

3

Xeno-v1.0....-cn.js

windows11-21h2-x64

1

Xeno-v1.0....-tw.js

windows11-21h2-x64

3

Xeno-v1.0....der.js

windows11-21h2-x64

1

Xeno-v1.0....64.dll

windows11-21h2-x64

1

Xeno-v1.0....64.dll

windows11-21h2-x64

1

Xeno-v1.0....er.dll

windows11-21h2-x64

1

Xeno-v1.0....er.dll

windows11-21h2-x64

1

Xeno-v1.0....er.dll

windows11-21h2-x64

1

Xeno-v1.0....sh.dll

windows11-21h2-x64

1

Xeno-v1.0....td.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    1005s
  • max time network
    950s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/09/2024, 16:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xeno-v1.0.5-x64.zip

  • Size

    4.1MB

  • MD5

    2082fb4c91583ef7c09766de61cdd1f2

  • SHA1

    6bbc4f900c3df27731b00c9d57e3327d0e5c9199

  • SHA256

    a19dc47dbaad01da2e029f993f013e3abc77cab80813bbb65fb3348226a938d5

  • SHA512

    8ba3c313045933729ab6114aa5ce206d3f78c738bab78f7805a8123e954e32098a746559474cc7be587646d15fa223ad0c5aefd27dabec3a339f9cab65c78b06

  • SSDEEP

    98304:4/eSPHy20NL9Cteaqxt5JwlVLnwphakez+XnDHS9aIhcewTvZRirOFRXLNt+zst:4WSfy1l9UeaSt5J4uhJeSLSZhQBRiiF3

Score
8/10
defense_evasiondiscoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 37 IoCs
  • Loads dropped DLL 47 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Checks system information in the registry 2 TTPs 18 IoCs

    System information is often read in order to detect sandboxing environments.

  • Suspicious use of NtCreateThreadExHideFromDebugger 10 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 14 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of UnmapMainImage 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64.zip
    1⤵
      PID:1700
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2092
      • C:\Windows\system32\wermgr.exe
        "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3264" "11812" "11216" "2984" "0" "0" "11756" "4080" "0" "0" "0" "0"
        1⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        PID:1232
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
        1⤵
        • Enumerates system info in registry
        • NTFS ADS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2956
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff95cd43cb8,0x7ff95cd43cc8,0x7ff95cd43cd8
          2⤵
            PID:1188
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
            2⤵
              PID:2320
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:2740
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
              2⤵
                PID:4912
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
                2⤵
                  PID:4968
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
                  2⤵
                    PID:3484
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
                    2⤵
                      PID:2644
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
                      2⤵
                        PID:5020
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
                        2⤵
                          PID:3900
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
                          2⤵
                            PID:3840
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3540 /prefetch:8
                            2⤵
                              PID:3532
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3248 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1628
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
                              2⤵
                                PID:3440
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3436
                              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4448
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
                                2⤵
                                  PID:2256
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
                                  2⤵
                                    PID:1760
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
                                    2⤵
                                      PID:1068
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
                                      2⤵
                                        PID:432
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
                                        2⤵
                                          PID:1880
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
                                          2⤵
                                            PID:1168
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
                                            2⤵
                                              PID:1792
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
                                              2⤵
                                                PID:812
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6028 /prefetch:8
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:240
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
                                                2⤵
                                                  PID:2620
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
                                                  2⤵
                                                    PID:2536
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
                                                    2⤵
                                                      PID:2936
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7020 /prefetch:8
                                                      2⤵
                                                        PID:696
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
                                                        2⤵
                                                        • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                        • NTFS ADS
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:3536
                                                      • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                        "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Checks whether UAC is enabled
                                                        • Drops file in Program Files directory
                                                        • System Location Discovery: System Language Discovery
                                                        • Enumerates system info in registry
                                                        • Modifies Internet Explorer settings
                                                        • Modifies registry class
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:4080
                                                        • C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                          MicrosoftEdgeWebview2Setup.exe /silent /install
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Drops file in Program Files directory
                                                          • System Location Discovery: System Language Discovery
                                                          PID:2424
                                                          • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                            4⤵
                                                            • Event Triggered Execution: Image File Execution Options Injection
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Checks system information in the registry
                                                            • System Location Discovery: System Language Discovery
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:3636
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • System Location Discovery: System Language Discovery
                                                              • Modifies registry class
                                                              PID:3772
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • System Location Discovery: System Language Discovery
                                                              • Modifies registry class
                                                              PID:4992
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                6⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Modifies registry class
                                                                PID:3484
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                6⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Modifies registry class
                                                                PID:2372
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                6⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Modifies registry class
                                                                PID:3192
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUI3RjE2MTUtMDBEMS00MjBDLTg5MTYtOEM3OTJFRkZCRDgxfSIgdXNlcmlkPSJ7MURDMzQ1QzUtQkUzMy00Q0E4LTk2OEUtQUUyQ0JGNDM2RjE3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1OEUxMTYxOC05N0U4LTRFQ0MtOUQ2RC1GMTYwQTdDNjE0MTh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTI4MTg1NjgwIiBpbnN0YWxsX3RpbWVfbXM9IjU1NiIvPjwvYXBwPjwvcmVxdWVzdD4
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Checks system information in the registry
                                                              • System Location Discovery: System Language Discovery
                                                              • System Network Configuration Discovery: Internet Connection Discovery
                                                              PID:1460
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{1B7F1615-00D1-420C-8916-8C792EFFBD81}" /silent
                                                              5⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • System Location Discovery: System Language Discovery
                                                              PID:3504
                                                        • C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe
                                                          "C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe" -app -isInstallerLaunch -clientLaunchTimeEpochMs 0
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Suspicious use of NtCreateThreadExHideFromDebugger
                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious use of UnmapMainImage
                                                          PID:2712
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6896 /prefetch:2
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:940
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1232 /prefetch:1
                                                        2⤵
                                                          PID:3792
                                                        • C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe
                                                          "C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:cSDS5w2x6D4NtDVNQz9Yswy_SHmC8f0Bou6RtkDj1ai8-le39adlEDtVaAt1JOSKzk1OrH-c28ode8m0lYasumkiIBHw3NFObi6ZBz2odbXhZNxFfQY7SoeYM96lD7hxNjmTurBU2fYeP9ZLl-nda5Le-M4x4ns64sJmWU4sV47lmQGc9uFFkvVjZTui5UXkK9HsnrWxu5c_dEdIM1FefHKgBQYl_Dr1F95145WfZ4k+launchtime:1726937341363+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestPrivateGame%26browserTrackerId%3D1726937106288005%26placeId%3D10449761463%26accessCode%3D4fd65e38-3f66-4afb-8da7-d6b0accb154d%26joinAttemptId%3D3c8067e2-632b-4a53-8406-ee78e8cdc848%26joinAttemptOrigin%3DprivateServerListJoin+browsertrackerid:1726937106288005+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Suspicious use of NtCreateThreadExHideFromDebugger
                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious use of UnmapMainImage
                                                          PID:1408
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5018431742896005706,18270145118223279355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
                                                          2⤵
                                                            PID:2768
                                                          • C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe
                                                            "C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:lPHCOJDheZm3JaDjXnpo56GYKtt00iVAnSZ9u9MqLP51OYZufJbR904cXODcjn72WBxYBdxkQCWYJ2XXKXZmGNj1N90IBT1xnf5r2F4qBepaI5cckqvs0BFxur0fVVdgQt1YXkBENPY0NxcH9ZEPMdNE0VgK2wOjGHtfD1rJE5cArg-okXjzbN_gMPIaDx4eYWuJjkyzNIYErEedn7CMAoHPkbkIlOLM8tfNnlPBmrQ+launchtime:1726937420341+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestPrivateGame%26browserTrackerId%3D1726937106288005%26placeId%3D10449761463%26accessCode%3D4fd65e38-3f66-4afb-8da7-d6b0accb154d%26joinAttemptId%3D3c8067e2-632b-4a53-8406-ee78e8cdc848%26joinAttemptOrigin%3DprivateServerListJoin+browsertrackerid:1726937106288005+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Suspicious use of NtCreateThreadExHideFromDebugger
                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious use of UnmapMainImage
                                                            PID:2168
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:3400
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:1708
                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                              1⤵
                                                                PID:4320
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Checks system information in the registry
                                                                • System Location Discovery: System Language Discovery
                                                                • Modifies data under HKEY_USERS
                                                                PID:1408
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUI3RjE2MTUtMDBEMS00MjBDLTg5MTYtOEM3OTJFRkZCRDgxfSIgdXNlcmlkPSJ7MURDMzQ1QzUtQkUzMy00Q0E4LTk2OEUtQUUyQ0JGNDM2RjE3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5MkUxODQyQi1BRjA2LTQ0QzItQTg3RS1GMEVFOTUzOTFFQzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA1MzM3NjU4NTQiLz48L2FwcD48L3JlcXVlc3Q-
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Checks system information in the registry
                                                                  • System Location Discovery: System Language Discovery
                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                  PID:1020
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0105C5E5-5241-417A-838D-93C5F6A84B3C}\MicrosoftEdge_X64_129.0.2792.52.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0105C5E5-5241-417A-838D-93C5F6A84B3C}\MicrosoftEdge_X64_129.0.2792.52.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  PID:3116
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0105C5E5-5241-417A-838D-93C5F6A84B3C}\EDGEMITMP_8FC25.tmp\setup.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0105C5E5-5241-417A-838D-93C5F6A84B3C}\EDGEMITMP_8FC25.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0105C5E5-5241-417A-838D-93C5F6A84B3C}\MicrosoftEdge_X64_129.0.2792.52.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Drops file in Program Files directory
                                                                    • Drops file in Windows directory
                                                                    PID:1284
                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0105C5E5-5241-417A-838D-93C5F6A84B3C}\EDGEMITMP_8FC25.tmp\setup.exe
                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0105C5E5-5241-417A-838D-93C5F6A84B3C}\EDGEMITMP_8FC25.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.59 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0105C5E5-5241-417A-838D-93C5F6A84B3C}\EDGEMITMP_8FC25.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.52 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6d22376f0,0x7ff6d22376fc,0x7ff6d2237708
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      • Drops file in Windows directory
                                                                      PID:1640
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUI3RjE2MTUtMDBEMS00MjBDLTg5MTYtOEM3OTJFRkZCRDgxfSIgdXNlcmlkPSJ7MURDMzQ1QzUtQkUzMy00Q0E4LTk2OEUtQUUyQ0JGNDM2RjE3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDRTM1MEQ2RS1DNTQ1LTQ0QjUtOTEwMi0xMTgzNjNBRkU4MjR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjkuMC4yNzkyLjUyIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDU0MjE2NTczMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNTQyMzc1NjU5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA3NDg4MDc4OTUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2U5ZGNjM2Q3LWQyNGEtNDA3ZC04Zjc0LTc1YzNkN2ZkOGNmZT9QMT0xNzI3NTQyMDIxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVVHdUpSMjIlMmZ0TTNkY1Y0MzZMNiUyZnJoSVNRczdCc2Uzc3NScVhmMHhoc1FGNkslMmIxUGljM2lsOXZybUVYb1NKVjVrbjdiR3JuNjQ1RU1GTSUyZnl2dFJESEElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzM5MDIyODAiIHRvdGFsPSIxNzM5MDIyODAiIGRvd25sb2FkX3RpbWVfbXM9IjEzOTA4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA3NDg5MTc4OTMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDc2Mjg2ODA3MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTEzNzE0OTcwMTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIzMjMiIGRvd25sb2FkX3RpbWVfbXM9IjIwNjQ1IiBkb3dubG9hZGVkPSIxNzM5MDIyODAiIHRvdGFsPSIxNzM5MDIyODAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYwODYwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Checks system information in the registry
                                                                  • System Location Discovery: System Language Discovery
                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                  PID:3480
                                                              • C:\Users\Admin\Desktop\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                "C:\Users\Admin\Desktop\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                1⤵
                                                                • Loads dropped DLL
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:1228
                                                              • C:\Users\Admin\Desktop\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                "C:\Users\Admin\Desktop\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                1⤵
                                                                • Loads dropped DLL
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:4920
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                                1⤵
                                                                  PID:1064
                                                                • C:\Windows\System32\oobe\UserOOBEBroker.exe
                                                                  C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
                                                                  1⤵
                                                                  • Drops file in Windows directory
                                                                  PID:2068
                                                                • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                                  C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                                  1⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:4360
                                                                • C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe
                                                                  "C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe"
                                                                  1⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  • Suspicious use of UnmapMainImage
                                                                  PID:1692
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                  1⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:4468
                                                                • C:\Users\Admin\Desktop\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                  "C:\Users\Admin\Desktop\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                  1⤵
                                                                  • Loads dropped DLL
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:780
                                                                • C:\Users\Admin\Desktop\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                  "C:\Users\Admin\Desktop\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                  1⤵
                                                                  • Loads dropped DLL
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:1848
                                                                • C:\Users\Admin\Desktop\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                  "C:\Users\Admin\Desktop\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                  1⤵
                                                                  • Loads dropped DLL
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:3832
                                                                • C:\Users\Admin\Desktop\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                  "C:\Users\Admin\Desktop\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                  1⤵
                                                                  • Loads dropped DLL
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:4248
                                                                • C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe
                                                                  "C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe"
                                                                  1⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                  • Suspicious use of UnmapMainImage
                                                                  PID:960
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                  1⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Checks system information in the registry
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Modifies data under HKEY_USERS
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:3344
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2CFBDE25-B822-4ED2-8C44-ED40899F22D2}\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2CFBDE25-B822-4ED2-8C44-ED40899F22D2}\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe" /update /sessionid "{62F23D51-70BD-4351-80C7-4D3A805B9C5A}"
                                                                    2⤵
                                                                    • Executes dropped EXE
                                                                    • Drops file in Program Files directory
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:4668
                                                                    • C:\Program Files (x86)\Microsoft\Temp\EU3928.tmp\MicrosoftEdgeUpdate.exe
                                                                      "C:\Program Files (x86)\Microsoft\Temp\EU3928.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{62F23D51-70BD-4351-80C7-4D3A805B9C5A}"
                                                                      3⤵
                                                                      • Event Triggered Execution: Image File Execution Options Injection
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      • Checks system information in the registry
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:5100
                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Modifies registry class
                                                                        PID:4904
                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Modifies registry class
                                                                        PID:1920
                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                          5⤵
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          • Modifies registry class
                                                                          PID:3948
                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                          5⤵
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          • Modifies registry class
                                                                          PID:3248
                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                          5⤵
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          • Modifies registry class
                                                                          PID:3396
                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjJGMjNENTEtNzBCRC00MzUxLTgwQzctNEQzQTgwNUI5QzVBfSIgdXNlcmlkPSJ7MURDMzQ1QzUtQkUzMy00Q0E4LTk2OEUtQUUyQ0JGNDM2RjE3fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7OUJEMEU5QjEtNThDRi00RDM4LTkwMzItNDc3RDMxNjRGQkYxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTkiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MjY5MzcyMTgiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MjEwMzQ2OTY2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                        4⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • Checks system information in the registry
                                                                        • System Location Discovery: System Language Discovery
                                                                        • System Network Configuration Discovery: Internet Connection Discovery
                                                                        PID:1096
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjJGMjNENTEtNzBCRC00MzUxLTgwQzctNEQzQTgwNUI5QzVBfSIgdXNlcmlkPSJ7MURDMzQ1QzUtQkUzMy00Q0E4LTk2OEUtQUUyQ0JGNDM2RjE3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCQjQ5NzkzNy05RjE3LTRGMjctODk1OC1BQjIzMUZFOEQyNUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xOSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzOTkxNzUzNDAwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzOTkxNzUzNDAwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDE5NTM0NzA2NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2Y2NjEyNDcyLTM3NDctNGZiYy1hMGE1LTY4Mzg5YTZiNjczZT9QMT0xNzI3NTQyMzY2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWZ5QVFRV3ppOVRaYzF6aGVKT0hEUXVaYzRLRmZGQ1Z4eTFuNUxFMHFrVVRQQnBaREszYTFFeWQlMmZPV1BHZFRsVnZxVDJkcTVNWnBLTHFNN2t3T015Q0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDE5NTM0NzA2NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZjY2MTI0NzItMzc0Ny00ZmJjLWEwYTUtNjgzODlhNmI2NzNlP1AxPTE3Mjc1NDIzNjYmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9ZnlBUVFXemk5VFpjMXpoZUpPSERRdVpjNEtGZkZDVnh5MW41TEUwcWtVVFBCcFpESzNhMUV5ZCUyZk9XUEdkVGxWdnFUMmRxNU1acEtMcU03a3dPTXlDQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzQ4ODgiIHRvdGFsPSIxNjM0ODg4IiBkb3dubG9hZF90aW1lX21zPSIxNjA0NyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDE5NTM0NzA2NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNDIwMDUwMzM5NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTAuMC44MTguNjYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzE0MTA2OTE3MzYxMjQwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMjkuMC4yNzkyLjUyIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgdXBkYXRlX2NvdW50PSIxIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7NzY1NjRGRDAtRUU5Ny00RTA2LTk1MUItQkFDQkI0MjI4NDEzfSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                    2⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    • Checks system information in the registry
                                                                    • System Location Discovery: System Language Discovery
                                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                                    PID:3972
                                                                • C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe
                                                                  "C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe"
                                                                  1⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                  • Suspicious use of UnmapMainImage
                                                                  PID:1120
                                                                • C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe
                                                                  "C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe"
                                                                  1⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                  • Suspicious use of UnmapMainImage
                                                                  PID:2004
                                                                • C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe
                                                                  "C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe"
                                                                  1⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                  • Suspicious use of UnmapMainImage
                                                                  PID:4900
                                                                • C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe
                                                                  "C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe"
                                                                  1⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                  • Suspicious use of UnmapMainImage
                                                                  PID:4256
                                                                • C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe
                                                                  "C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\RobloxPlayerBeta.exe"
                                                                  1⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                  • Suspicious use of UnmapMainImage
                                                                  PID:1788

                                                                Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Reconnaissance

                                                                Resource Development

                                                                Initial Access

                                                                Execution

                                                                Persistence

                                                                Event Triggered Execution

                                                                2
                                                                T1546

                                                                Component Object Model Hijacking

                                                                1
                                                                T1546.015

                                                                Image File Execution Options Injection

                                                                1
                                                                T1546.012

                                                                Privilege Escalation

                                                                Event Triggered Execution

                                                                2
                                                                T1546

                                                                Component Object Model Hijacking

                                                                1
                                                                T1546.015

                                                                Image File Execution Options Injection

                                                                1
                                                                T1546.012

                                                                Defense Evasion

                                                                Modify Registry

                                                                1
                                                                T1112

                                                                Subvert Trust Controls

                                                                1
                                                                T1553

                                                                SIP and Trust Provider Hijacking

                                                                1
                                                                T1553.003

                                                                Credential Access

                                                                Discovery

                                                                Browser Information Discovery

                                                                1
                                                                T1217

                                                                Query Registry

                                                                4
                                                                T1012

                                                                System Information Discovery

                                                                5
                                                                T1082

                                                                System Location Discovery

                                                                1
                                                                T1614

                                                                System Language Discovery

                                                                1
                                                                T1614.001

                                                                System Network Configuration Discovery

                                                                1
                                                                T1016

                                                                Internet Connection Discovery

                                                                1
                                                                T1016.001

                                                                Lateral Movement

                                                                Collection

                                                                Command and Control

                                                                Exfiltration

                                                                Impact

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.52\Installer\setup.exe
                                                                  Filesize

                                                                  6.6MB

                                                                  MD5

                                                                  00bcd9d9dcf8c6376d677caa332c04e3

                                                                  SHA1

                                                                  0a86d25ce5d84a0371064ff3bb38a6ff6a3a27c0

                                                                  SHA256

                                                                  08003badaf082b1f7c535b98abaf9f9953004668c5192fba75786e2036d59c14

                                                                  SHA512

                                                                  fdfaee47cc7b434141a7b860d260d1cb9a130140e4838ba591256a9f93d04bb5ee839da9961fedc2c65d9557b9095a12bfd94573a2af7983c5856051007a835f

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.19\MicrosoftEdgeUpdateSetup_X86_1.3.195.19.exe
                                                                  Filesize

                                                                  1.6MB

                                                                  MD5

                                                                  f34465b4e626bd45ce9b984b7233c655

                                                                  SHA1

                                                                  d31182f357a2dae0ab69b2e948ad6106ece228d8

                                                                  SHA256

                                                                  07f829c35f0fa4b2352b947ca0764093e0a06ebc8eb759dc912360ec69d5ee07

                                                                  SHA512

                                                                  d64cfc1181a98cad8ccc3feba7d024d3a78d2b1ea2f07402135eada82d7d4529cb636448779444a3b20991f4b71f7382bda1c14fd2a4eae1fbc39099153db06d

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\EdgeUpdate.dat
                                                                  Filesize

                                                                  12KB

                                                                  MD5

                                                                  369bbc37cff290adb8963dc5e518b9b8

                                                                  SHA1

                                                                  de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                                                  SHA256

                                                                  3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                                                  SHA512

                                                                  4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                                                  Filesize

                                                                  179KB

                                                                  MD5

                                                                  7a160c6016922713345454265807f08d

                                                                  SHA1

                                                                  e36ee184edd449252eb2dfd3016d5b0d2edad3c6

                                                                  SHA256

                                                                  35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

                                                                  SHA512

                                                                  c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\MicrosoftEdgeUpdate.exe
                                                                  Filesize

                                                                  201KB

                                                                  MD5

                                                                  4dc57ab56e37cd05e81f0d8aaafc5179

                                                                  SHA1

                                                                  494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                                  SHA256

                                                                  87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                                  SHA512

                                                                  320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                  Filesize

                                                                  212KB

                                                                  MD5

                                                                  60dba9b06b56e58f5aea1a4149c743d2

                                                                  SHA1

                                                                  a7e456acf64dd99ca30259cf45b88cf2515a69b3

                                                                  SHA256

                                                                  4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

                                                                  SHA512

                                                                  e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\MicrosoftEdgeUpdateCore.exe
                                                                  Filesize

                                                                  257KB

                                                                  MD5

                                                                  c044dcfa4d518df8fc9d4a161d49cece

                                                                  SHA1

                                                                  91bd4e933b22c010454fd6d3e3b042ab6e8b2149

                                                                  SHA256

                                                                  9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

                                                                  SHA512

                                                                  f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\NOTICE.TXT
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  6dd5bf0743f2366a0bdd37e302783bcd

                                                                  SHA1

                                                                  e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                                                  SHA256

                                                                  91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                                                  SHA512

                                                                  f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdate.dll
                                                                  Filesize

                                                                  2.0MB

                                                                  MD5

                                                                  965b3af7886e7bf6584488658c050ca2

                                                                  SHA1

                                                                  72daabdde7cd500c483d0eeecb1bd19708f8e4a5

                                                                  SHA256

                                                                  d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

                                                                  SHA512

                                                                  1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_af.dll
                                                                  Filesize

                                                                  28KB

                                                                  MD5

                                                                  567aec2d42d02675eb515bbd852be7db

                                                                  SHA1

                                                                  66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

                                                                  SHA256

                                                                  a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

                                                                  SHA512

                                                                  3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_am.dll
                                                                  Filesize

                                                                  24KB

                                                                  MD5

                                                                  f6c1324070b6c4e2a8f8921652bfbdfa

                                                                  SHA1

                                                                  988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

                                                                  SHA256

                                                                  986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

                                                                  SHA512

                                                                  63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_ar.dll
                                                                  Filesize

                                                                  26KB

                                                                  MD5

                                                                  570efe7aa117a1f98c7a682f8112cb6d

                                                                  SHA1

                                                                  536e7c49e24e9aa068a021a8f258e3e4e69fa64f

                                                                  SHA256

                                                                  e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

                                                                  SHA512

                                                                  5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_as.dll
                                                                  Filesize

                                                                  28KB

                                                                  MD5

                                                                  a8d3210e34bf6f63a35590245c16bc1b

                                                                  SHA1

                                                                  f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

                                                                  SHA256

                                                                  3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

                                                                  SHA512

                                                                  6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_az.dll
                                                                  Filesize

                                                                  29KB

                                                                  MD5

                                                                  7937c407ebe21170daf0975779f1aa49

                                                                  SHA1

                                                                  4c2a40e76209abd2492dfaaf65ef24de72291346

                                                                  SHA256

                                                                  5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

                                                                  SHA512

                                                                  8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_bg.dll
                                                                  Filesize

                                                                  29KB

                                                                  MD5

                                                                  8375b1b756b2a74a12def575351e6bbd

                                                                  SHA1

                                                                  802ec096425dc1cab723d4cf2fd1a868315d3727

                                                                  SHA256

                                                                  a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

                                                                  SHA512

                                                                  aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_bn-IN.dll
                                                                  Filesize

                                                                  29KB

                                                                  MD5

                                                                  a94cf5e8b1708a43393263a33e739edd

                                                                  SHA1

                                                                  1068868bdc271a52aaae6f749028ed3170b09cce

                                                                  SHA256

                                                                  5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

                                                                  SHA512

                                                                  920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_bn.dll
                                                                  Filesize

                                                                  29KB

                                                                  MD5

                                                                  7dc58c4e27eaf84ae9984cff2cc16235

                                                                  SHA1

                                                                  3f53499ddc487658932a8c2bcf562ba32afd3bda

                                                                  SHA256

                                                                  e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

                                                                  SHA512

                                                                  bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_bs.dll
                                                                  Filesize

                                                                  28KB

                                                                  MD5

                                                                  e338dccaa43962697db9f67e0265a3fc

                                                                  SHA1

                                                                  4c6c327efc12d21c4299df7b97bf2c45840e0d83

                                                                  SHA256

                                                                  99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

                                                                  SHA512

                                                                  e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                                                                  Filesize

                                                                  29KB

                                                                  MD5

                                                                  2929e8d496d95739f207b9f59b13f925

                                                                  SHA1

                                                                  7c1c574194d9e31ca91e2a21a5c671e5e95c734c

                                                                  SHA256

                                                                  2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

                                                                  SHA512

                                                                  ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_ca.dll
                                                                  Filesize

                                                                  30KB

                                                                  MD5

                                                                  39551d8d284c108a17dc5f74a7084bb5

                                                                  SHA1

                                                                  6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

                                                                  SHA256

                                                                  8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

                                                                  SHA512

                                                                  6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_cs.dll
                                                                  Filesize

                                                                  28KB

                                                                  MD5

                                                                  16c84ad1222284f40968a851f541d6bb

                                                                  SHA1

                                                                  bc26d50e15ccaed6a5fbe801943117269b3b8e6b

                                                                  SHA256

                                                                  e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

                                                                  SHA512

                                                                  d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_cy.dll
                                                                  Filesize

                                                                  28KB

                                                                  MD5

                                                                  34d991980016595b803d212dc356d765

                                                                  SHA1

                                                                  e3a35df6488c3463c2a7adf89029e1dd8308f816

                                                                  SHA256

                                                                  252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

                                                                  SHA512

                                                                  8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_da.dll
                                                                  Filesize

                                                                  28KB

                                                                  MD5

                                                                  d34380d302b16eab40d5b63cfb4ed0fe

                                                                  SHA1

                                                                  1d3047119e353a55dc215666f2b7b69f0ede775b

                                                                  SHA256

                                                                  fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

                                                                  SHA512

                                                                  45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_de.dll
                                                                  Filesize

                                                                  30KB

                                                                  MD5

                                                                  aab01f0d7bdc51b190f27ce58701c1da

                                                                  SHA1

                                                                  1a21aabab0875651efd974100a81cda52c462997

                                                                  SHA256

                                                                  061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

                                                                  SHA512

                                                                  5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_el.dll
                                                                  Filesize

                                                                  30KB

                                                                  MD5

                                                                  ac275b6e825c3bd87d96b52eac36c0f6

                                                                  SHA1

                                                                  29e537d81f5d997285b62cd2efea088c3284d18f

                                                                  SHA256

                                                                  223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

                                                                  SHA512

                                                                  bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_en-GB.dll
                                                                  Filesize

                                                                  27KB

                                                                  MD5

                                                                  d749e093f263244d276b6ffcf4ef4b42

                                                                  SHA1

                                                                  69f024c769632cdbb019943552bac5281d4cbe05

                                                                  SHA256

                                                                  fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

                                                                  SHA512

                                                                  48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_en.dll
                                                                  Filesize

                                                                  27KB

                                                                  MD5

                                                                  4a1e3cf488e998ef4d22ac25ccc520a5

                                                                  SHA1

                                                                  dc568a6e3c9465474ef0d761581c733b3371b1cd

                                                                  SHA256

                                                                  9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

                                                                  SHA512

                                                                  ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_es-419.dll
                                                                  Filesize

                                                                  29KB

                                                                  MD5

                                                                  28fefc59008ef0325682a0611f8dba70

                                                                  SHA1

                                                                  f528803c731c11d8d92c5660cb4125c26bb75265

                                                                  SHA256

                                                                  55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

                                                                  SHA512

                                                                  2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_es.dll
                                                                  Filesize

                                                                  28KB

                                                                  MD5

                                                                  9db7f66f9dc417ebba021bc45af5d34b

                                                                  SHA1

                                                                  6815318b05019f521d65f6046cf340ad88e40971

                                                                  SHA256

                                                                  e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

                                                                  SHA512

                                                                  943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_et.dll
                                                                  Filesize

                                                                  28KB

                                                                  MD5

                                                                  b78cba3088ecdc571412955742ea560b

                                                                  SHA1

                                                                  bc04cf9014cec5b9f240235b5ff0f29dbdb22926

                                                                  SHA256

                                                                  f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

                                                                  SHA512

                                                                  04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_eu.dll
                                                                  Filesize

                                                                  28KB

                                                                  MD5

                                                                  a7e1f4f482522a647311735699bec186

                                                                  SHA1

                                                                  3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

                                                                  SHA256

                                                                  e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

                                                                  SHA512

                                                                  22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Microsoft\Temp\EU9A6F.tmp\msedgeupdateres_fa.dll
                                                                  Filesize

                                                                  27KB

                                                                  MD5

                                                                  cbe3454843ce2f36201460e316af1404

                                                                  SHA1

                                                                  0883394c28cb60be8276cb690496318fcabea424

                                                                  SHA256

                                                                  c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

                                                                  SHA512

                                                                  f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
                                                                  Filesize

                                                                  5.5MB

                                                                  MD5

                                                                  d81db68ce340e4b9ff903d6d9e3b2b21

                                                                  SHA1

                                                                  083a061fb32eca3d0fae2d7120a80ea2ce6cd8cd

                                                                  SHA256

                                                                  c808dfbf70edf83c353cd8735bc23c026d6727260fab83bdece6801a0cc727d0

                                                                  SHA512

                                                                  9a92ea92ab3d3b3271b92d9cc94f4be8fde169310f7545838f566f0da30094ee0042c373389801c26b1c5a6dacb6d34dc125010c9a4708444e090fb4e5764252

                                                                  Download Submit

                                                                • C:\Program Files (x86)\Roblox\Versions\version-43ad1853ad91427d\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                                  Filesize

                                                                  1.5MB

                                                                  MD5

                                                                  610b1b60dc8729bad759c92f82ee2804

                                                                  SHA1

                                                                  9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

                                                                  SHA256

                                                                  921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

                                                                  SHA512

                                                                  0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

                                                                  Download Submit

                                                                • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                                  Filesize

                                                                  14KB

                                                                  MD5

                                                                  acda7fa2762fd7bff088befaef995cdd

                                                                  SHA1

                                                                  57cacb500625d20f71f60e69dd5e7c58b4eeec93

                                                                  SHA256

                                                                  fb9cf49e66c046b3b362a29a1aac8b89f96409b7322261acb24e68ff81f86652

                                                                  SHA512

                                                                  18598346834b2092a7876f5561ef6a921c857e8620378dff897da9dd9baff00b4fe6a5e7396a941612e63263f3c797ddf39db1c210d750612ae99957199ed2da

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  c4a10f6df4922438ca68ada540730100

                                                                  SHA1

                                                                  4c7bfbe3e2358a28bf5b024c4be485fa6773629e

                                                                  SHA256

                                                                  f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

                                                                  SHA512

                                                                  b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  4c3889d3f0d2246f800c495aec7c3f7c

                                                                  SHA1

                                                                  dd38e6bf74617bfcf9d6cceff2f746a094114220

                                                                  SHA256

                                                                  0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

                                                                  SHA512

                                                                  2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\47bd6d8b-a270-451b-a986-34c228004832.tmp
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  39fccf36fef25a849eb0163ecb5c4724

                                                                  SHA1

                                                                  36965176586f6dcbad38de107f409f586ece8f36

                                                                  SHA256

                                                                  474c48ccc544051c08174d3d95e493e31981f48b4042834535b9555b28d08042

                                                                  SHA512

                                                                  44314e4fbde5bfe018d24dfdf28b4038c8ef4b334333f2971218de6f7f9a20b122921681d8513f58e376beb96690686a59bc9175d67b0a8f0e5d82ac0e79f543

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
                                                                  Filesize

                                                                  90KB

                                                                  MD5

                                                                  e68f8a19866705c0e35a30812b957be3

                                                                  SHA1

                                                                  c88b39d0eb0a12fb0b32b0ed761435242c00f457

                                                                  SHA256

                                                                  4815df7fa6ff875bc8fcf24a4de4a71a772484861f3bf16d5b69792662c12d92

                                                                  SHA512

                                                                  d82d5545ded0e79adb5612d789126256dc22cf9303b0ae960ed03ad6318e9636181d858c80cdd999ec11bb0a962ea3a474bec21ecb4af00ed465a3e7a460a271

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d8
                                                                  Filesize

                                                                  51KB

                                                                  MD5

                                                                  588ee33c26fe83cb97ca65e3c66b2e87

                                                                  SHA1

                                                                  842429b803132c3e7827af42fe4dc7a66e736b37

                                                                  SHA256

                                                                  bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

                                                                  SHA512

                                                                  6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  e8cbf8ddc9f98b566747d1727c150ba0

                                                                  SHA1

                                                                  2fd9499bd44b442d71706a3b86bc03af8b6b387f

                                                                  SHA256

                                                                  e319f2517df8ad7efdf39a8d6615ffa786fe465b23d1d61fa421c5078bbbc9ec

                                                                  SHA512

                                                                  6183f1a851b75b52534357ec56b7b061e4b482e48d9cd27049cf2d77679e30460cbcea0d9402fdacc6192bc6cdb199129a49c334c16b3454f80935d38817d10a

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  f3decf0ba2cd72209cbd90d3d050e16a

                                                                  SHA1

                                                                  bf6bcd2730de5805775b3fbde55ada1139b26b25

                                                                  SHA256

                                                                  f29b871d5a38e74f5fc06fb2989baa5b24fd9794f8160eeb631ce851329d4ded

                                                                  SHA512

                                                                  115467cb323bb432dc8905c4c30b856876c386332364c1a9b4028a94156539dad3025ae9b9940c0eea23db231a5a8e8b9dde35d17f8e13884485b80e04aafa4d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  6de3eb0df866f9727358e83b1fc897dc

                                                                  SHA1

                                                                  5112a7fbf18450d9565959eb76d4bb9b74860ebe

                                                                  SHA256

                                                                  939a28357cdfb2613d90cfe711a9c955f5456d5d238a69a4a4049bb04bab1e23

                                                                  SHA512

                                                                  d884124b8245b9af4dd9238bb2da619c196a3ea6d1b6bda5d5b8547c9773cf3f41e780d50181c052bfeecb0efffc1016326f963f3d160b23cce401cc55461303

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  b52a9fd5900d0a84a51488468036f555

                                                                  SHA1

                                                                  03bf61fa838be109ad2084742e4ba0ebcf4997a0

                                                                  SHA256

                                                                  16544521a95afc198348f93f09df48de6a176c45c2b6460b9bd21f670fe79c92

                                                                  SHA512

                                                                  9b3e0d67dbcc281729962528daa800ee6f272b2ae0d0f328b27e8f8a4e83b8f00416e944df33c96942735dfb1d1adbfd3103584661115635d264182ae429ea4c

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  32b7da87e8b353191c1e68b5c8218f1a

                                                                  SHA1

                                                                  2695c74b6f578de5512d075594b496f13aea7e1f

                                                                  SHA256

                                                                  b003af9506a5a98f1294c552f7392d2528dd32211b8aabd8fc896f19aeb1cae8

                                                                  SHA512

                                                                  e4c63e43e85e80e0a07f8c20e0552fd3dd22412a28af91b2b0d182425008b24bd5565c39abfa4fac444e45cacdc003ed2e8dc08da3ac085c263593293205eee0

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  33b19efb5a64f865f30169fd3ec81ea5

                                                                  SHA1

                                                                  1780b3ce3eebff74b3ff9e9fbbd4a9cf2f3e84fd

                                                                  SHA256

                                                                  e2d96b2aca0d689b5ea43b7731f22a054a0d5814d96de1821a47cf201a7e7758

                                                                  SHA512

                                                                  3ee50cae4ab4391e27572d8c223dc4c949e23898cf966e293162231ef7f1bf6afc3b9de398b90e3124b7a236896676cdbfba5e7245ea4a6a3543a03f39fe2742

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  e844178be24dce003290a3c6713947ac

                                                                  SHA1

                                                                  59c33df158aa24324158dc186ecee674ab1f9373

                                                                  SHA256

                                                                  77973a2839335381bc44513a29d7868af70c349397ad1c3e1a1efa909ccd029a

                                                                  SHA512

                                                                  1482ec061890b3d19cdcc5b792e8b0b2ca9891f492bdb26a2fe5b1fc54b76eeedb79c4306d8f4d340e5080f8034d5cb9c845668fd34b2c2637e145fbf15dec9a

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  76ed86f7d46bb9265b6ed6008ce6c69f

                                                                  SHA1

                                                                  cedbdcebc7e6753b4fea576f996230840fbcd05a

                                                                  SHA256

                                                                  1f765da5cacef30144501470d7a2d89073afd99d6a244b3875a363e1a58d4375

                                                                  SHA512

                                                                  704ec10e341a26c80d0732c794da9d756f9a1ed538d2692183bfcff912c8c763058c3bca53f45b33c3dd6d3a30a1cf6e12162f55ea62f7f7986cdf5a3caf8098

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  2bec73fe5e8fd1e18507e411cf909915

                                                                  SHA1

                                                                  e8b843002d85c8f3dfaf50d712953c5355fe5d1a

                                                                  SHA256

                                                                  906c68372c32f190a9a08008c2de6a7847804fb0ba929f269edc2cd4a8df948e

                                                                  SHA512

                                                                  c51893fd0e5a67bd470e90f610aa42a39888cbf92880694cb31115e1d0c0399d6da79c31d712d678412ca3824686e70fb9c1ee34685b66bb32f46818dee9aee2

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  7KB

                                                                  MD5

                                                                  44adc7dce11021facf6b95d6d807d619

                                                                  SHA1

                                                                  66ce9b988e3b170a6e4c9773353c0e580660ea0e

                                                                  SHA256

                                                                  80b45061f501761774d4c7ef249cd4e18f14e06ad42f6b524907db6c4ca58224

                                                                  SHA512

                                                                  03dc2192d4ce4377bcb89d680d95ecc2d85f6a0f834a037a7ab6e967142e5dd850f0f3b67dd7be89fa4e08083a66b142606b7909c95a94e668424db12a6eae77

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  f476a95aaba0fd64687dfbb34b724bb8

                                                                  SHA1

                                                                  a9433c8abdb3a4c3354b1730b434ce1772710ffd

                                                                  SHA256

                                                                  06e5c90d35d8ef77f31ad1ab5f40f5751e2ec42da051b2f5b8ba82c91ca923ab

                                                                  SHA512

                                                                  5eae59e8ea3e1c263eb3af1922745e38a0807f9a7dc2b73c9a20eb88def34b6477a539a62fbcf2f67c85672978d201d848f88168b7837f20fafe848139a37661

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  4320d2146333faf523a5c51166664e16

                                                                  SHA1

                                                                  2c94b54cc1fd41c4f5a8924ced49e1a5ae82acba

                                                                  SHA256

                                                                  53cbf272b57548ce20b29c7039116421d8c48e8d79676cf28a08226f521ea921

                                                                  SHA512

                                                                  b178f3f7acd45624954f91518ebcbc858838c5461a48c8dc5f79692d814475d3519752f93d41f2623dc1d9061c1ed2fbd2fee264845a3fe10307924f0ee944ca

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  a8381b6f1a17e98961d57e4490d1f8fe

                                                                  SHA1

                                                                  f5a65a38af408ba765d49c82782e38c256282eb5

                                                                  SHA256

                                                                  b6a11ef672510f6bbe951f400ce913da858e83f842c0576bded89dc6ce524c12

                                                                  SHA512

                                                                  e5b5c795faa6c78bada037bdddf818f0f034fba3bfa047bb1abe079fd547045db8647d37d8dc3d8ef8bd8b9b1c241d5a15a2be7935e682f27ff7a4211ef9597d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  493edbb50a7d86694a1f430b8f936c4e

                                                                  SHA1

                                                                  24948968a943a6ea7ce9aed7b7cf4744d1bc17f1

                                                                  SHA256

                                                                  990a27f48ede651b9d2937ce7fb23f2a045ca2cdaded65e2bf8d20e58de783a3

                                                                  SHA512

                                                                  4b668d80f50e6369075c30db070fcb9fc4e751485befca94036974cce6b301e4a83cde879b91bb064a9f091cf49eff8084782eb7a7c17b70603769d32287351c

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  1a4716e04612b12a6d5bdac4e47982d6

                                                                  SHA1

                                                                  839204c26123d296e1a32fd6c6ec21af48b12d84

                                                                  SHA256

                                                                  f9c48f7d09a17e62ff92388b5987cf1904f475067bdbf365d55f9bb56aa6f132

                                                                  SHA512

                                                                  553421428f039702902d54333078420071e417ba255b5ca0e19571e7f2d0c551c9c352c535c04f8c0a5f45ea45c5032c1fb42308073c63b58ddfe13422a8fbc7

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  52286a74ea061597e7b2321210772839

                                                                  SHA1

                                                                  9791b7e12b106d67ad571256e8e6f1809c940416

                                                                  SHA256

                                                                  7f4642b2ba74c329111f9b6ac30f81833b9574467286c279ecfb58b0e1b7e705

                                                                  SHA512

                                                                  b74d42d73a2907975ba22445a4084137f5a2bba2eeecbce7c42436c0a91d087e6cac6863e3ff26d18b655392136a27d7c9e1df2e2a511c62ac748b922eb2b5ac

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  efac40181f3cf304fadea08d01a37979

                                                                  SHA1

                                                                  48fecc03ee76c7aa8f544a1ca0c10ca2b6ab3104

                                                                  SHA256

                                                                  0c754d88df308e750c4da32cffe232761867112384e24f2291531147f3b0ebc7

                                                                  SHA512

                                                                  3628c8353b144b2944bc7ba104c20cb9daae7889765257f55bef5cbc1c8b4b00063fe3592afaba067028ffae79cc96a5517c9332b33f76f8a44f500e5e779eae

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  c32d17223f59387c11e8667f13a11434

                                                                  SHA1

                                                                  692df6311a14f31be88991a8acdb9665c39d592c

                                                                  SHA256

                                                                  902bd93bd42583c2068754229ca24a2a82b07c3f3dbafa187d2585f8a10f2f19

                                                                  SHA512

                                                                  046a3be4f36a3201c609eb0c124252195e05dab915a029ef363b2482d7e4df2b200a30f8415f2dcaaeb90d36976dacd9ead2f8fe57f65f2d694ea4731634c14d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  3f7479f93b7056e566191bac290d4bf9

                                                                  SHA1

                                                                  e20bf975194f13dd623fbe954f6990376bd2997e

                                                                  SHA256

                                                                  2c41ca44a33d88550ad4865dcffd54a788ec4c3142677134069bdab780d40093

                                                                  SHA512

                                                                  09b656f75977cec1349ba843e9fa81aa97b77461536d3da0b31c4b2866e9b15867dd96d24cf169f34bf0034d2d9eb0b983de7eebc68a8a33cd64ccd36bd88437

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  5e2735d2a3cc0ac99ba54c465e9bc417

                                                                  SHA1

                                                                  0b9aeac7dca01863b5b99d0f4332e107ab0072c1

                                                                  SHA256

                                                                  defb837af623c9c1014d3b090404ab6382d56c1dfdc8424520e93f6ec28b5192

                                                                  SHA512

                                                                  83ad08810bde8345f9e9f11b8e90ff9fb4f23b8b807b778762c5c464a8a7b887a6cdc6ffb8da69c477544e47cfd904701a287c8144164514f8ddc24a3ba6a727

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  98aa17528ca2ec4f4dc24dec37804eca

                                                                  SHA1

                                                                  238eb7cf624ba4b494ae1c6f43e4b23ee65673ff

                                                                  SHA256

                                                                  b01ed89e1a0cd1da3bdcccaec84ff1f2cc63960c9c8dc9cc9d18e0ac2602dedf

                                                                  SHA512

                                                                  a43d5905ba81f325694cfd636bd9badc0473fdebaa1c14d04da7af683dd84281d9f55953a09f4942a75ebe9aab1c0f83f62093d107ae51ca32786ec2878c35a8

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  0de979cc81208cbf7547cedce21ca866

                                                                  SHA1

                                                                  6bf296cf8787d5397b46a67b86f1fd772049ca30

                                                                  SHA256

                                                                  d6ff652eb55b4e3e1f4343251e5a77a1718129c1b671e1a0ae3f0552a6a63fd7

                                                                  SHA512

                                                                  d1e44ca540faa4be751fbd320931b957e57a0749a0b04b2775a07a379965342bd422d4d51c610c9fe096d64d0e838f01244a4ab88771b54532eb4a3ebe365ce5

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  8f534cbd3917bf1700d6711760a07320

                                                                  SHA1

                                                                  092f34f5d708c4fd3e175d654289b76bdfb59718

                                                                  SHA256

                                                                  5da54252501a155c73e32dadcf3f6afdf63a47a01b66347efbec57ee9ef7d057

                                                                  SHA512

                                                                  f522e92c9372ab8cb7ea5f0c95cca4f641d51b2b3173190a329a286a290d734f07688720ade8d853dd3d92a673ea731d43efc55e846bed55c58c84ec8523ade7

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  977682303b16566e070a9b154ffbad31

                                                                  SHA1

                                                                  5dc3971a31087f52c1d99045abef23f5aa63c162

                                                                  SHA256

                                                                  4943b3be3eecd800a1da7a14cef5d621b6b8731743a8ef876873dad4b9cc99b1

                                                                  SHA512

                                                                  c0f87af44208f1ba61ffcc15bfa00fb9ff966aee9853f1c782f2ea515273f7fa9dd1235e517113be44048e87d16730ca18ce07568d55b444250e9dad5d72459d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  91b1d7342564ec7906fbc5f799a21e76

                                                                  SHA1

                                                                  ef3c1bc89db2ca800eeab89ff498cc2e0f7fa36b

                                                                  SHA256

                                                                  4503acf405f09ab1a007636d943334bedbe858ce365ad1d91087c9f236997e30

                                                                  SHA512

                                                                  aa6d825492da766955e0cf13bfc779885bd1c1d76989e17c9872264497dd98432026e9cd8a32ad54ad213d4488ce91e8cbf65be54d06007b394b174c67e8f476

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  e9853e371d67b81f61b49e8da5f88e5f

                                                                  SHA1

                                                                  a266b3360c96254732801321fa351b0eaf9eba0f

                                                                  SHA256

                                                                  d7eae81dea4b3e8fd46045755559623a9f94fcb84b608a0917e9e40799f99ab7

                                                                  SHA512

                                                                  8c237cde1d3041b91edbc4d1a3feac17f8e50a1ac35f4d0f6539bce2ca9b2d7cf031d8e7636378d622a65fd9a5be9537c41aab0ab6581c8a28552cf5d6b3b4d4

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  0ddb72100970fba9b39679a649a77316

                                                                  SHA1

                                                                  23e6e6535bf65cc5e3184eb2c9f70cc8e1f13c27

                                                                  SHA256

                                                                  37ebf4627dfd0f5e41869eef80b44a36fdc6626a97f16aa6a4dac7684a08a1d8

                                                                  SHA512

                                                                  baf89f48d80c9cb97331c76ac7d376d44e0f1eaecbbf59bd4b4de44265099ed536ff269019a6e7318b4f38d78bcd0024564f8a42d8ccd46287de171c3650464e

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  927ae89ec96ceab522086b2323dc35fb

                                                                  SHA1

                                                                  790e2a67f3a04751925ab0acc5f5af84b59ab5f2

                                                                  SHA256

                                                                  1d5323cab643625ce4699ee82aba4f9c4400dc4288c4e1070813e412ac3e19b0

                                                                  SHA512

                                                                  da558aff7357258f5622bab6e875f97db9fe9e78590c3c70ec827108311019b706be80ccc8e559ba2157ceba45d1632ef1092d6e98170ee2a920f47b412fcd31

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  03fa214543bf521958bd91a82c3bf1cb

                                                                  SHA1

                                                                  8b4d381827fee0919c982dd83fdcddd75db42c5f

                                                                  SHA256

                                                                  ccd4488639bb6bd579a0f6bb118fdf8d328d844b011ac542eac3773b3a6d650f

                                                                  SHA512

                                                                  e29ce2182418fc78d717659027d378fa2163495db3a519dc3f460a3879460881617e990521f59acad210b526e7502e2f80cb149317062d66235748401d3a9d1a

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  c555dd1adf0735823778ce73c378dcd4

                                                                  SHA1

                                                                  9d8e1c0eb296c0177e72cfee355cc7d698f320f4

                                                                  SHA256

                                                                  8ae63376da908883de30fe639e567664351b21e85690d7d1d9cd4674a15df62b

                                                                  SHA512

                                                                  b03a88d752a028c1214571fa2f3ce3c43bc8bdf0b24452ed0aad74fec6ba21ddf14bc4a20a787eacfdf7193dc2d32e0a6f6c9a67e0496e0ea0d3a1177551a15b

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  614da66b25e9f9618ca1e229587f8ef6

                                                                  SHA1

                                                                  7b19787c5b9df4376a96ad2bd73d3856a2745d33

                                                                  SHA256

                                                                  a3803a9bc5ab749e5c3686702f8ec6b10b7e8879301281ccc56a5d923e80779c

                                                                  SHA512

                                                                  eed8b0ca0476e4183a6c3cc369bb13e7c1da49dfed8d9e97f15ceee9b4f8566932b743b43d91d8a887d13b46e78261af36114c2626253b0307a31435ef67a6c0

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  c87512fdced6b2f4b712cf85a29eff61

                                                                  SHA1

                                                                  6de119b2c333e8c2caef7078773c9c359da1d5d7

                                                                  SHA256

                                                                  fb048ab560b4d60c69b5b16405f8b0b63f306c9ae39b842656729333423d5158

                                                                  SHA512

                                                                  d888aae41bdf218781323cd96ec155f257deec8a169dd4a60be0d1559c2f96fb8c356acc2570ab6138d31beec34829fec9566923725991763262da870d0b3240

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  fa97a538ca8abc8ed644c29f32a0ee72

                                                                  SHA1

                                                                  3132d1a025585123c17ba9c6549e3f119d041d12

                                                                  SHA256

                                                                  6c9f00606f5683ef6bfcfee9d38cb095fa4ac70ebd2767fb83d1407ec89bae57

                                                                  SHA512

                                                                  781ae05907265335d83e0a3d208c5a31758ce8f24543d490b8a30f65da07097f33d17d4c019295dc3f6ebad9274e93b01955343c6bad6e7512e8e1e547d60aab

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  bb23787b9f86e96973c1a657cdd90e17

                                                                  SHA1

                                                                  9978ce0fb357a5f05461cd3f1c8fc866fa72b903

                                                                  SHA256

                                                                  5e17fe07ea1cf98ef451150de7e56d7e615927d63419f97a01e0fd4275050288

                                                                  SHA512

                                                                  de1563d8fce2c02bdd1524db6683d28e2df2f7d053d14c8ca0902e7d853370ffc0c6e0ef29c7183c9b505befce26d48779746d2b2da92dbc1de27946c1078c95

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  adddce153272e011b49ba4049caaa28d

                                                                  SHA1

                                                                  d42449f6355f6f03f102079946b1970e4b9e8ea3

                                                                  SHA256

                                                                  7abfc5599a60ed3fc4be8a7fada0d4f4fbf1c041cd2e91f7d5b3c560f32778f0

                                                                  SHA512

                                                                  0c281369d6fc340eb992b863fb0d31e480a38c2d0548ea301c2d91f9ee8a6a7ccc1a78cd6170f701f609d725f52234e46ac891aad715a815d99188174bbf42a0

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  3346004c1617770e4b84ab5c7a610495

                                                                  SHA1

                                                                  502808fd5ee32c04e669b2ebeb9c59005302e881

                                                                  SHA256

                                                                  9cf0ebc86b8fdb36a2b90b80a28955a3bb84a9bbc3f52b52d86a359043935503

                                                                  SHA512

                                                                  7214804626e4f00214830d14374f1296cc632bdd31968dc2a6647e32aa2561c3f94b397cdec469169c2d7488b097e75fbabecd42997a1ef3ee576ac6739ed5d7

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  72bda7a76e3fda3b0385f7775f7c6475

                                                                  SHA1

                                                                  69b656dfef3f8f155ed9742ecc6f4e423a75a62b

                                                                  SHA256

                                                                  def4c535764b5e06308f84595558b7f2aa37e78dbb6d62e77e61da1e3233f6a8

                                                                  SHA512

                                                                  8705916f23d7e662710594efe6b8a5f3702878113374f1c86b11499e3d7cee6eeb005387679e6147815196316a59fd5ed5ac7920000b16fd1fd020b5e30edd42

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  0ef7b967d5063df2701253213fba8d3b

                                                                  SHA1

                                                                  fa9ef909b07bf657928f4c2da5b67f1b0b0744ea

                                                                  SHA256

                                                                  8ffbfa74941b3021945e1327181da97cde6e1a61b55c7864ccf86a9c9442e489

                                                                  SHA512

                                                                  ae0b75fa3a16ea8ef3688923d1c5bd78d09ee7bc8eae07242654ce7bd9a4d678631aa82af15b812b1afcea7b6af76e0e34ebbb9bba2db8a83673eb8761e0e896

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  46295cac801e5d4857d09837238a6394

                                                                  SHA1

                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                  SHA256

                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                  SHA512

                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  206702161f94c5cd39fadd03f4014d98

                                                                  SHA1

                                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                  SHA256

                                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                  SHA512

                                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  7a56254f232c239136351f6d7bec251c

                                                                  SHA1

                                                                  6f060b0c036f9d848bdb22216e50c2443b3fd2c7

                                                                  SHA256

                                                                  a39be4bbd78a390e9f01034b58b78118977de514f7408437cc212bf51cd6a010

                                                                  SHA512

                                                                  19f3bf8b0686df7e97f167de64e1d4cb986e04835e162cfb75f6e7c875adc67895ed3dd43af855e5fbecd72e52c66793aae3fc0236bfb4f1d9ffc40222394ea7

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  8d2d0827b008005707bd1232173f612f

                                                                  SHA1

                                                                  da23eccc1771eed050c7f91a0c59efebc800b778

                                                                  SHA256

                                                                  e4727a48682360994015383d10c5801861c95950dfa90e1beabd8a5b93133a71

                                                                  SHA512

                                                                  c194fb89c19e49ccbf5c8da2ee7d537ce5c7f9b8624c192b248ef5da0d93f56a5e3884a03e51cac83e57b13e6cc89925e57cef521ba4a5e659c07af5042f0af5

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  60d1fbbdd4b22c791d3d797d1a755157

                                                                  SHA1

                                                                  440c8f4a0912eb3a7d3f09e9a47f892ae1f4eb1b

                                                                  SHA256

                                                                  f319897f44660e638db8f4af043fff0772d7bf8bb62da800a98553bade38cd73

                                                                  SHA512

                                                                  1fdd07d27ff47928d4ba86fcf3adbb8ea7241826ab0c237735cfbc37e62bbf71980442567eff303e51c076d84296f651c79aa0cd946ad91852e1d60863ac2dca

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  aa4e6ef7a34c8073360fda7327bed007

                                                                  SHA1

                                                                  10d993e79c36baaec4171f483f0180aa50442fc9

                                                                  SHA256

                                                                  796c35228f795ec36dd4efe3e09ecad956afcb34c3df7eae2b26d2c4a5cd3f2d

                                                                  SHA512

                                                                  8ca5e374c0cafbe10d4e2c255e6d3dd70b81ea48bab3f1d59bcc206b2ed869e69aa61f7a65fa8d25a888cbf2e50d1d093776716d4112e81aa7409beaaa44fafc

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  a0089621d9acb10575b8a5ebf6e4171b

                                                                  SHA1

                                                                  16dd3df563e953eccd1a31a0167d4259bf94bd2e

                                                                  SHA256

                                                                  6390d3fa44cdeefe5058cf9ecf7cef52ed50f934d67ffb8d397ade6887eccf85

                                                                  SHA512

                                                                  04cb5e80337f869c74e06ee69365612f1c3dd4388a24705271da0defccc580e3779ea02209db4c7d556091c5b950fb55c764fe29f52667af882373a804da8bfe

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\797706739a30b33b492db91f27663c44
                                                                  Filesize

                                                                  5.9MB

                                                                  MD5

                                                                  797706739a30b33b492db91f27663c44

                                                                  SHA1

                                                                  44980bfc6ee691920cf08396d899758954ca522b

                                                                  SHA256

                                                                  d54eeb1cb983c99fd3d7ff77f99ec8cb9940b20b0eaeb8ed0dda408627e080f3

                                                                  SHA512

                                                                  78732213ad3b4f49d854dc13dcb4deca6e04c62e893393d8ba9f701239dae07ef90b06920bc2913dbdd5637f1b4df94aa23693faeac786dc87984ea35b147229

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  f3b25701fe362ec84616a93a45ce9998

                                                                  SHA1

                                                                  d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                  SHA256

                                                                  b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                  SHA512

                                                                  98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                  Download Submit

                                                                • C:\Users\Admin\Desktop\Xeno-v1.0.5-x64.zip
                                                                  Filesize

                                                                  4.1MB

                                                                  MD5

                                                                  2082fb4c91583ef7c09766de61cdd1f2

                                                                  SHA1

                                                                  6bbc4f900c3df27731b00c9d57e3327d0e5c9199

                                                                  SHA256

                                                                  a19dc47dbaad01da2e029f993f013e3abc77cab80813bbb65fb3348226a938d5

                                                                  SHA512

                                                                  8ba3c313045933729ab6114aa5ce206d3f78c738bab78f7805a8123e954e32098a746559474cc7be587646d15fa223ad0c5aefd27dabec3a339f9cab65c78b06

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier
                                                                  Filesize

                                                                  26B

                                                                  MD5

                                                                  fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                  SHA1

                                                                  d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                  SHA256

                                                                  eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                  SHA512

                                                                  aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\Unconfirmed 922387.crdownload
                                                                  Filesize

                                                                  5.6MB

                                                                  MD5

                                                                  d771329feeb9cc60faf5b52f311b33ed

                                                                  SHA1

                                                                  62cfb3e7e243b532f8414a99a793ecb6bdbf12b6

                                                                  SHA256

                                                                  f4b5d28aa94e1cf97d3007e4874a6782d971a7343b68aafc4a72cdb42f323f31

                                                                  SHA512

                                                                  567080abc4b3d4501cf1956365b0b24c648e633f470712c5e96a70a74bdc193546f6a0939313ebc1a598b559a9ce6d6e5d0c10261fc16c000d9ed6a310d5f2d8

                                                                  Download Submit

                                                                • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
                                                                  Filesize

                                                                  280B

                                                                  MD5

                                                                  f5da2d96d09813d3d4132f2d81dc21a6

                                                                  SHA1

                                                                  f6620a95246c33de9d6811f2144bea4f5531da2e

                                                                  SHA256

                                                                  1eefab2033bb7f204503d942f7b15272437fea41d2829bbd62648237e4e27841

                                                                  SHA512

                                                                  43763ba0c0381b60f3f1a3396ed616da8d6d5010f9dc315aefbdc35ce2ff931881367d29b2b73fcc93034b934661130fd88d1391e3c481b307e6991b960a30c3

                                                                  Download Submit

                                                                • memory/2712-1822-0x00007FF97C7C0000-0x00007FF97C7CD000-memory.dmp

                                                                  Filesize

                                                                  52KB

                                                                  Download

                                                                • memory/2712-1802-0x00007FF97BFE0000-0x00007FF97C000000-memory.dmp

                                                                  Filesize

                                                                  128KB

                                                                  Download

                                                                • memory/2712-1828-0x00007FF97C2B0000-0x00007FF97C2C0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1827-0x00007FF97C2B0000-0x00007FF97C2C0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1826-0x00007FF97C7C0000-0x00007FF97C7CD000-memory.dmp

                                                                  Filesize

                                                                  52KB

                                                                  Download

                                                                • memory/2712-1825-0x00007FF97C7C0000-0x00007FF97C7CD000-memory.dmp

                                                                  Filesize

                                                                  52KB

                                                                  Download

                                                                • memory/2712-1824-0x00007FF97C7C0000-0x00007FF97C7CD000-memory.dmp

                                                                  Filesize

                                                                  52KB

                                                                  Download

                                                                • memory/2712-1823-0x00007FF97C7C0000-0x00007FF97C7CD000-memory.dmp

                                                                  Filesize

                                                                  52KB

                                                                  Download

                                                                • memory/2712-1830-0x00007FF97C2D0000-0x00007FF97C2D9000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2712-1821-0x00007FF97C780000-0x00007FF97C790000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1820-0x00007FF97C780000-0x00007FF97C790000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1819-0x00007FF97C710000-0x00007FF97C720000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1818-0x00007FF97C710000-0x00007FF97C720000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1816-0x00007FF97B570000-0x00007FF97B580000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1815-0x00007FF97B570000-0x00007FF97B580000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1814-0x00007FF97B550000-0x00007FF97B560000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1813-0x00007FF97B550000-0x00007FF97B560000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1812-0x00007FF97B550000-0x00007FF97B560000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1811-0x00007FF97B3A0000-0x00007FF97B3B0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1810-0x00007FF97B3A0000-0x00007FF97B3B0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1809-0x00007FF97B230000-0x00007FF97B240000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1808-0x00007FF97B230000-0x00007FF97B240000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1805-0x00007FF97BFE0000-0x00007FF97C000000-memory.dmp

                                                                  Filesize

                                                                  128KB

                                                                  Download

                                                                • memory/2712-1804-0x00007FF97BFE0000-0x00007FF97C000000-memory.dmp

                                                                  Filesize

                                                                  128KB

                                                                  Download

                                                                • memory/2712-1803-0x00007FF97BFE0000-0x00007FF97C000000-memory.dmp

                                                                  Filesize

                                                                  128KB

                                                                  Download

                                                                • memory/2712-1829-0x00007FF97C2B0000-0x00007FF97C2C0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1801-0x00007FF97BFC0000-0x00007FF97BFD0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1800-0x00007FF97BFC0000-0x00007FF97BFD0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1799-0x00007FF97BF30000-0x00007FF97BF40000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1798-0x00007FF97BF30000-0x00007FF97BF40000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1793-0x00007FF97DD10000-0x00007FF97DD40000-memory.dmp

                                                                  Filesize

                                                                  192KB

                                                                  Download

                                                                • memory/2712-1792-0x00007FF97DD10000-0x00007FF97DD40000-memory.dmp

                                                                  Filesize

                                                                  192KB

                                                                  Download

                                                                • memory/2712-1791-0x00007FF97DCC0000-0x00007FF97DCD0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1790-0x00007FF97DCC0000-0x00007FF97DCD0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1789-0x00007FF97DBA0000-0x00007FF97DBB0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1788-0x00007FF97DBA0000-0x00007FF97DBB0000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1831-0x00007FF97C2D0000-0x00007FF97C2D9000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2712-1832-0x00007FF97C2D0000-0x00007FF97C2D9000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2712-1833-0x00007FF97C2D0000-0x00007FF97C2D9000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2712-1817-0x00007FF97B570000-0x00007FF97B580000-memory.dmp

                                                                  Filesize

                                                                  64KB

                                                                  Download

                                                                • memory/2712-1806-0x00007FF97BFE0000-0x00007FF97C000000-memory.dmp

                                                                  Filesize

                                                                  128KB

                                                                  Download

                                                                • memory/2712-1807-0x00007FF97C0D0000-0x00007FF97C0DC000-memory.dmp

                                                                  Filesize

                                                                  48KB

                                                                  Download

                                                                • memory/2712-1794-0x00007FF97DD10000-0x00007FF97DD40000-memory.dmp

                                                                  Filesize

                                                                  192KB

                                                                  Download

                                                                • memory/2712-1796-0x00007FF97DD10000-0x00007FF97DD40000-memory.dmp

                                                                  Filesize

                                                                  192KB

                                                                  Download

                                                                • memory/2712-1797-0x00007FF97DDA0000-0x00007FF97DDA9000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2712-1795-0x00007FF97DD10000-0x00007FF97DD40000-memory.dmp

                                                                  Filesize

                                                                  192KB

                                                                  Download

                                                                • memory/3636-1783-0x0000000000E40000-0x0000000000E75000-memory.dmp

                                                                  Filesize

                                                                  212KB

                                                                  Download

                                                                • memory/3636-1710-0x0000000073CB0000-0x0000000073EC0000-memory.dmp

                                                                  Filesize

                                                                  2.1MB

                                                                  Download

                                                                • memory/3636-1634-0x0000000073CB0000-0x0000000073EC0000-memory.dmp

                                                                  Filesize

                                                                  2.1MB

                                                                  Download

                                                                • memory/3636-1633-0x0000000000E40000-0x0000000000E75000-memory.dmp

                                                                  Filesize

                                                                  212KB

                                                                  Download

                                                                • memory/4080-1360-0x0000000006EB0000-0x0000000006EF0000-memory.dmp

                                                                  Filesize

                                                                  256KB

                                                                  Download