hxxp://roblox[.]com

Resubmissions

01/10/2024, 11:11

241001-nar2zszgmh 8

01/10/2024, 11:04

241001-m6bt7szepe 8

01/10/2024, 11:01

241001-m4mtpawbmm 3

Analysis

max time kernel
1048s
max time network
1050s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 11:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	setup.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 36 IoCs

pid	Process
2604	RobloxPlayerInstaller.exe
388	RobloxPlayerInstaller.exe
4736	RobloxPlayerInstaller.exe
208	RobloxPlayerInstaller.exe
2864	RobloxPlayerInstaller.exe
4472	MicrosoftEdgeWebview2Setup.exe
3120	MicrosoftEdgeUpdate.exe
976	MicrosoftEdgeUpdate.exe
1900	MicrosoftEdgeUpdate.exe
4752	MicrosoftEdgeUpdateComRegisterShell64.exe
3816	MicrosoftEdgeUpdateComRegisterShell64.exe
1248	MicrosoftEdgeUpdateComRegisterShell64.exe
2456	MicrosoftEdgeUpdate.exe
3152	MicrosoftEdgeUpdate.exe
4992	MicrosoftEdgeUpdate.exe
5088	MicrosoftEdgeUpdate.exe
1808	MicrosoftEdge_X64_129.0.2792.65.exe
5112	setup.exe
4752	setup.exe
692	MicrosoftEdgeUpdate.exe
3816	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe
4384	MicrosoftEdgeUpdate.exe
2824	MicrosoftEdgeUpdate.exe
2092	MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe
4468	MicrosoftEdgeUpdate.exe
2272	MicrosoftEdgeUpdate.exe
3476	MicrosoftEdgeUpdate.exe
4332	MicrosoftEdgeUpdate.exe
1820	MicrosoftEdgeUpdateComRegisterShell64.exe
208	MicrosoftEdgeUpdateComRegisterShell64.exe
3400	MicrosoftEdgeUpdateComRegisterShell64.exe
3704	MicrosoftEdgeUpdate.exe
1824	MicrosoftEdgeUpdate.exe

Loads dropped DLL 36 IoCs

pid	Process
3120	MicrosoftEdgeUpdate.exe
976	MicrosoftEdgeUpdate.exe
1900	MicrosoftEdgeUpdate.exe
4752	MicrosoftEdgeUpdateComRegisterShell64.exe
1900	MicrosoftEdgeUpdate.exe
3816	MicrosoftEdgeUpdateComRegisterShell64.exe
1900	MicrosoftEdgeUpdate.exe
1248	MicrosoftEdgeUpdateComRegisterShell64.exe
1900	MicrosoftEdgeUpdate.exe
2456	MicrosoftEdgeUpdate.exe
3152	MicrosoftEdgeUpdate.exe
4992	MicrosoftEdgeUpdate.exe
4992	MicrosoftEdgeUpdate.exe
3152	MicrosoftEdgeUpdate.exe
5088	MicrosoftEdgeUpdate.exe
692	MicrosoftEdgeUpdate.exe
3816	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe
4384	MicrosoftEdgeUpdate.exe
2824	MicrosoftEdgeUpdate.exe
2824	MicrosoftEdgeUpdate.exe
4384	MicrosoftEdgeUpdate.exe
4468	MicrosoftEdgeUpdate.exe
2272	MicrosoftEdgeUpdate.exe
3476	MicrosoftEdgeUpdate.exe
4332	MicrosoftEdgeUpdate.exe
1820	MicrosoftEdgeUpdateComRegisterShell64.exe
4332	MicrosoftEdgeUpdate.exe
208	MicrosoftEdgeUpdateComRegisterShell64.exe
4332	MicrosoftEdgeUpdate.exe
3400	MicrosoftEdgeUpdateComRegisterShell64.exe
4332	MicrosoftEdgeUpdate.exe
3704	MicrosoftEdgeUpdate.exe
1824	MicrosoftEdgeUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Checks system information in the registry 2 TTPs 20 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs

pid	Process
3816	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3816	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.65\Locales\am.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\models\MaterialManager\smooth_material_model.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\StudioToolbox\AudioPreview\pause.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Slider-BKG-Left-Cap.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB0DC.tmp\msedgeupdateres_ug.dll	MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\CompositorDebugger\eye.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\DeveloperFramework\AssetPreview\package.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\models\AnimationEditor\AnimationEditorGUI.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\VoiceChat\MicDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB0DC.tmp\msedgeupdateres_am.dll	MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\VoiceChat\RedSpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\MicrosoftEdgeUpdate.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB0DC.tmp\msedgeupdateres_ru.dll	MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\AnimationEditor\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\StudioToolbox\AssetConfig\onsale.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\StudioUIEditor\icon_resize1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\PlatformContent\pc\fonts\NotoSansCJKjp-Regular.otf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_11.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.65\Locales\ur.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.65\VisualElements\LogoCanary.png	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\HingeCursor.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\PathEditor\Control_Point_Selected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\StudioToolbox\AssetPreview\magnifier_ph.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Scroll\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\fonts\families\Creepster.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\fonts\families\Michroma.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Emotes\Editor\Large\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.65\Trust Protection Lists\Mu\Social	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\fonts\Arimo-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\TopBar\inventoryOn.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\VoiceChat\Misc\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\VoiceChat\SpeakerNew\Unmuted20.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.65\Trust Protection Lists\Sigma\Entities	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\TerrainTools\import_toggleOff.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Motor.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Settings\MenuBarAssets\MenuButtonSelected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.65\Locales\eu.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.65\VisualElements\SmallLogoDev.png	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\grid2.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Menu\rectBackgroundWhite.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\CollisionGroupsEditor\delete.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\InGameMenu\TouchControls\jump_button.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUB0DC.tmp\msedgeupdateres_gd.dll	MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.65\Locales\nn.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\fonts\families\Merriweather.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\MenuBar\icon_chat.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\StudioToolbox\AssetPreview\hierarchy.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\Settings\Help\AButtonLightSmall.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\ui\VoiceChat\MicLight\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.65\Locales\lv.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\ExtraContent\places\CoreScriptPlace.rbxl	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\content\textures\RoactStudioWidgets\slider_bar_background_light.png	RobloxPlayerInstaller.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 23 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2456	MicrosoftEdgeUpdate.exe
5088	MicrosoftEdgeUpdate.exe
692	MicrosoftEdgeUpdate.exe
4468	MicrosoftEdgeUpdate.exe
3704	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 13 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods\ = "23"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\PROGID	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{D001EC2F-F1D5-4ABE-A1E6-D9BBFB2CAF76}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods\ = "8"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{D001EC2F-F1D5-4ABE-A1E6-D9BBFB2CAF76}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods\ = "9"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B7FDC90A-1DA4-421F-BFC8-3EF55AAB171D}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.21\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{D001EC2F-F1D5-4ABE-A1E6-D9BBFB2CAF76}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\CLSID\ = "{5F6A18BB-6231-424B-8242-19E5BB94F8ED}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{D001EC2F-F1D5-4ABE-A1E6-D9BBFB2CAF76}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\APPID\{A6B716CB-028B-404D-B72C-50E153DD68DA}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ = "IGoogleUpdate3"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{D001EC2F-F1D5-4ABE-A1E6-D9BBFB2CAF76}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-b591875ddfbc4294\\RobloxPlayerBeta.exe"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	MicrosoftEdgeUpdateComRegisterShell64.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 229302.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
1688	msedge.exe
1688	msedge.exe
2748	msedge.exe
2748	msedge.exe
3816	identity_helper.exe
3816	identity_helper.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2996	msedge.exe
2560	msedge.exe
2560	msedge.exe
4388	msedge.exe
4388	msedge.exe
2604	RobloxPlayerInstaller.exe
2604	RobloxPlayerInstaller.exe
3120	MicrosoftEdgeUpdate.exe
3120	MicrosoftEdgeUpdate.exe
3120	MicrosoftEdgeUpdate.exe
3120	MicrosoftEdgeUpdate.exe
3120	MicrosoftEdgeUpdate.exe
3120	MicrosoftEdgeUpdate.exe
3816	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe
4384	MicrosoftEdgeUpdate.exe
4384	MicrosoftEdgeUpdate.exe
4384	MicrosoftEdgeUpdate.exe
4384	MicrosoftEdgeUpdate.exe
2824	MicrosoftEdgeUpdate.exe
2824	MicrosoftEdgeUpdate.exe
2272	MicrosoftEdgeUpdate.exe
2272	MicrosoftEdgeUpdate.exe
1824	MicrosoftEdgeUpdate.exe
1824	MicrosoftEdgeUpdate.exe
1824	MicrosoftEdgeUpdate.exe
1824	MicrosoftEdgeUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3120	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	3120	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	4384	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	2824	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	2272	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	1824	MicrosoftEdgeUpdate.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of UnmapMainImage 4 IoCs

pid	Process
3816	RobloxPlayerBeta.exe
3180	RobloxPlayerBeta.exe
2288	RobloxPlayerBeta.exe
4548	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 4980	2748	msedge.exe	82
PID 2748 wrote to memory of 4980	2748	msedge.exe	82
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 3808	2748	msedge.exe	83
PID 2748 wrote to memory of 1688	2748	msedge.exe	84
PID 2748 wrote to memory of 1688	2748	msedge.exe	84
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85
PID 2748 wrote to memory of 3168	2748	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91c4a46f8,0x7ff91c4a4708,0x7ff91c4a4718
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=180 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6832 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:4932
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2604
- - C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:4472
  - - C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3120
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:976
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1900
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4752
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3816
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1248
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTY4MDMyQ0ItMzRENi00M0M0LTg1NTctNDc4ODU5Qjg3MjJFfSIgdXNlcmlkPSJ7QTgyRjkwRTMtRUNDQS00MEY1LThCODMtNjI5MERDOEQzMDZCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszNzUzRjdGNC1EREFFLTRDQzItQkM2NC03NzA4NkE2ODNFODR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4NjcyOTM3MjMiIGluc3RhbGxfdGltZV9tcz0iNTYyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2456
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{568032CB-34D6-43C4-8557-478859B8722E}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3152
- - C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\RobloxPlayerBeta.exe" -app -isInstallerLaunch -clientLaunchTimeEpochMs 0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:3816
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:388
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:4736
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:208
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:K7btGByJ6TPGHTfMlknhwhsB5w60u9HolucJJ1GBqqAfC00Aes-Zq8M390KMKE76-bb5sRAvSjO_VVLmoNiXpdRtOlVYbFZaphfl_0q8_KOf44N1MtHb8omE4tno8ibmOUSkUVTHNG2f86P3SX3DsUROskJKforjxXK335-wt342suuVLTiBmE0y1YeXnHB2g9nXQ1Rbn8ONXA9JeX7qIx9T9kKIUYy_6ULhO9lNsk8+launchtime:1727781926215+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1727781508036005%26placeId%3D17495769916%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D770ee6dd-977e-4415-bf0d-0dcad68264da%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1727781508036005+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:8j8xHwvk5SjzIjrMwNTDKxaALuxfF_6_GMJ85gqQmAm_5PH0DGdm53Vc3viuCkieokd6m1spcku_VW08yufxX8ex2S_8-Xk_Rg8mcWU8ydGrVrf8KEc9eRt1opaYx0H5pAlSx9eHL3-gTEU90vmeIr3Zf0KhwYdBxy6r4yP0s8gwDaOglP0fVe5YsKkQ9BznZg438pnnRyR017U553Ju6FvR2_IGmz5ppFbU2kwoPIg+launchtime:1727781953233+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1727781508036005%26placeId%3D17495769916%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3De176343b-358f-4bf0-a924-9d900bd9f149%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1727781508036005+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5311705156810918341,3092091458907343468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x38c
1⤵
PID:4728

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4992
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTY4MDMyQ0ItMzRENi00M0M0LTg1NTctNDc4ODU5Qjg3MjJFfSIgdXNlcmlkPSJ7QTgyRjkwRTMtRUNDQS00MEY1LThCODMtNjI5MERDOEQzMDZCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszNzQ0MzUxMC0zRkMwLTQ0NjEtOTE4RC1BQjRGQ0Y2RjMyMUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4NzI0MTM2MjciLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5088
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C798A3D9-5728-49CE-B21A-0D9656766AA3}\MicrosoftEdge_X64_129.0.2792.65.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C798A3D9-5728-49CE-B21A-0D9656766AA3}\MicrosoftEdge_X64_129.0.2792.65.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:1808
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C798A3D9-5728-49CE-B21A-0D9656766AA3}\EDGEMITMP_09D42.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C798A3D9-5728-49CE-B21A-0D9656766AA3}\EDGEMITMP_09D42.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C798A3D9-5728-49CE-B21A-0D9656766AA3}\MicrosoftEdge_X64_129.0.2792.65.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:5112
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C798A3D9-5728-49CE-B21A-0D9656766AA3}\EDGEMITMP_09D42.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C798A3D9-5728-49CE-B21A-0D9656766AA3}\EDGEMITMP_09D42.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.71 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C798A3D9-5728-49CE-B21A-0D9656766AA3}\EDGEMITMP_09D42.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.65 --initial-client-data=0x22c,0x230,0x234,0xe4,0x238,0x7ff7cb7776f0,0x7ff7cb7776fc,0x7ff7cb777708
      4⤵
      Executes dropped EXE
      PID:4752
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTY4MDMyQ0ItMzRENi00M0M0LTg1NTctNDc4ODU5Qjg3MjJFfSIgdXNlcmlkPSJ7QTgyRjkwRTMtRUNDQS00MEY1LThCODMtNjI5MERDOEQzMDZCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCQ0VDNTE2NC00MUI0LTRBQUUtOTkxOC0xNTNCRDU1RkE3MDN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI5LjAuMjc5Mi42NSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzg3OTk2Mzg0NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4ODAwNTM2MTQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDYwMjczOTkwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9mZjA5YWIxOC02N2U3LTQ5ZjMtOTMwOS0xMTAxMWZlMjFhMjI_UDE9MTcyODM4NjYxMSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1rbjNQUjRkMEczcFBjQXJ2bzdRT09Td29yUE5ZYVNvdjN6elU5djlLWWRnWmFranUzVFRPamo1ZEVWYWNxJTJmS21FUTlNeHBSWEl0RE9zbElWZ0JHYUhnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczOTQyODQwIiB0b3RhbD0iMTczOTQyODQwIiBkb3dubG9hZF90aW1lX21zPSIxMTM1MSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjgwNjAzNzM2MTkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MDc1MTIzNjkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjkwNDczNzI1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMzA4IiBkb3dubG9hZF90aW1lX21zPSIxODAyMiIgZG93bmxvYWRlZD0iMTczOTQyODQwIiB0b3RhbD0iMTczOTQyODQwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTUyNSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:692

C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:4548

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4384

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2824
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BAA6D46F-85D9-4ADA-839F-C890430A793B}\MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BAA6D46F-85D9-4ADA-839F-C890430A793B}\MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe" /update /sessionid "{EBC64461-D781-4FF7-B6F7-787686942410}"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:2092
- - C:\Program Files (x86)\Microsoft\Temp\EUB0DC.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUB0DC.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{EBC64461-D781-4FF7-B6F7-787686942410}"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2272
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:3476
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4332
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.21\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.21\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1820
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.21\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.21\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:208
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.21\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.21\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3400
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUJDNjQ0NjEtRDc4MS00RkY3LUI2RjctNzg3Njg2OTQyNDEwfSIgdXNlcmlkPSJ7QTgyRjkwRTMtRUNDQS00MEY1LThCODMtNjI5MERDOEQzMDZCfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7OEEwQzAzM0UtNzE1My00MDVFLUFCOEUtNUY2M0FFMURGRkMxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjIxIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzI3NzgxODA4Ij48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjA1Njc1NTE3MyIvPjwvYXBwPjwvcmVxdWVzdD4
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3704
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUJDNjQ0NjEtRDc4MS00RkY3LUI2RjctNzg3Njg2OTQyNDEwfSIgdXNlcmlkPSJ7QTgyRjkwRTMtRUNDQS00MEY1LThCODMtNjI5MERDOEQzMDZCfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4QzVCMjkxNy1FRTYzLTREQUQtQkFDRS1DRDAwRTg3Qzc5NEZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMjEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTQ0MzI1Mjg2MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTQ0MzU2NTE5NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTIwMzExMDA5MjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy84ZWY3NTY3My1hZTc2LTQ1NzktODM0YS02ZmVlMGYyNzMxNzQ_UDE9MTcyODM4Njk2NyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1jZ0hKN1BpUG0lMmZIc1lEOFI2a254eXFsRFNsNHAxU1J1TVY0bWVrSHBtRklvZzJLSWk4OUElMmZnU29KdG5ldmFZc290a01jbEJhSExTdWE5bVpLVW5ZMHclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjAzMTEyMDc0NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvOGVmNzU2NzMtYWU3Ni00NTc5LTgzNGEtNmZlZTBmMjczMTc0P1AxPTE3MjgzODY5NjcmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9Y2dISjdQaVBtJTJmSHNZRDhSNmtueHlxbERTbDRwMVNSdU1WNG1la0hwbUZJb2cyS0lpODlBJTJmZ1NvSnRuZXZhWXNvdGtNY2xCYUhMU3VhOW1aS1VuWTB3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTY1MTI1NiIgdG90YWw9IjE2NTEyNTYiIGRvd25sb2FkX3RpbWVfbXM9IjU0NDc5Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMDMxMTQwNzM2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMDM2MTY2MzI4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iNjAiIHJkPSI2NDIzIiBwaW5nX2ZyZXNobmVzcz0iezE1REM0NjIyLTJEOEEtNDUzMC1CQUNBLTA1OTI4N0UxRkQwMH0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzIyNTUxMDY2NjkyNDkwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9IjYwIiBhZD0iLTEiIHJkPSI2NDIzIiBwaW5nX2ZyZXNobmVzcz0ie0Y0NTFCNzZFLTkzQjctNDdFOS1BQUEyLThFODkzNEJENUQ2QX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI5LjAuMjc5Mi42NSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2NDgyIj48dXBkYXRlY2hlY2svPjxwaW5nIHI9Ii0xIiByZD0iLTEiIHBpbmdfZnJlc2huZXNzPSJ7QzIxRDJFNjgtRDY2My00RTI1LUIyNkEtREYwMEI2RTVFRjJBfSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4468

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.65\Installer\setup.exe

Filesize
6.6MB

MD5
9826817876f5d690339d91533e9af761

SHA1
5e87919aec6a837a7d0d7a26dade5c691ff2e11e

SHA256
1255d4b34db13d2daeb5b442a4784fe568dfc7adb1d5c243a93b9fc93368ed59

SHA512
2e2b93b4245d2a2f82ee195bd26db515e842108e90dd1711ebc0363e3d87812e5f003bfb4609a4a86f36ef273704b4689d7759e2adbdebe0741aaad1f9a9eefa

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.21\MicrosoftEdgeUpdateSetup_X86_1.3.195.21.exe

Filesize
1.6MB

MD5
6e6c9eead0bf1a09c9bc0f4516139bfe

SHA1
1aba1e90b8f7db2ea484521ea3247e1e1dffcc74

SHA256
812012ea1a55b4a8b6980d0c9f352be6bbdc1c69bfe13b5116400057aca30662

SHA512
f844a2bcb06b0421a94160a88647ca6d3ae51cad056b3db186da846df336bf57e84a60d95d8310a2becc32c7ca6334098e13b1315ac66f32ede266e0d4d85e08

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
28fefc59008ef0325682a0611f8dba70

SHA1
f528803c731c11d8d92c5660cb4125c26bb75265

SHA256
55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

SHA512
2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
9db7f66f9dc417ebba021bc45af5d34b

SHA1
6815318b05019f521d65f6046cf340ad88e40971

SHA256
e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

SHA512
943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU4FCD.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
b78cba3088ecdc571412955742ea560b

SHA1
bc04cf9014cec5b9f240235b5ff0f29dbdb22926

SHA256
f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

SHA512
04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
6.5MB

MD5
fec78f1ab5646cbc24229181de0c504d

SHA1
571db81600725ca17cf8763752103423c0ed09ae

SHA256
0ea5b6fba50d2a05704486398ece6ecee7a859a69e021b21cfd0dc08f4d39f6c

SHA512
4d4601c191d16f7cf18d073a7ce425aa52998b4316ca916cbb36d6ea9e8758a03697b2e4111da08dc63022e6af5353a885deb3e3226e26af27e1df7effb7102c

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-b591875ddfbc4294\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
f43108c60b28d820f6378ece8a0442a3

SHA1
2e35dd4d8f59563444c3f99082ff7a11972e39fc

SHA256
3fce3310602781af76b34ebf85e232a8a35ed4a9f4b9c9d5a4be3e49d98b7049

SHA512
8a61af48daca27a75df48bc4bcac879a8169c8f5ad19c60c8d3e2e5c9d71dd419d65587f7d7617c67f18f27fb87a1e6d718534d968e71ccbd4c3c9a5deac5e11

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
59KB

MD5
9148669e68f71ad4ad1c41e68006d8a9

SHA1
1601876abbdba4532a363c702b3a95edde1504d3

SHA256
b2259c7a3cfbd9362b7efab939e91b76b936b11758d3c1f7c067d656afc0a89c

SHA512
d9b8d006b17ded2fcb9a58a1461e3748908aecb73994b3030f64c7c07b1b3e2817bef678def057504b262d9d687265906f41332f8e44b8fbe04db204db9d811b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\015b0988-b192-4be1-bb92-91c5b692bab7.tmp

Filesize
6KB

MD5
6d7d677e38d34d8dbfd1812e936c14e5

SHA1
32351b56881e431316ab5edf030a2b84ee47bbfe

SHA256
56b5b959437bd2fecf7405f8aebb271ff7a74326eb092540281a30be588b64d6

SHA512
61d4b8d40f5dee72c16cb683865bc78d543391e94fb231b31414a32fb51e8f0d59a29ceac85575302540b4392c876e11f4d7e241d440ab395e72f4ff9a500639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0ad26a36-863a-4d69-9179-ced4f88286d9.tmp

Filesize
5KB

MD5
262c5a35035dc015ad37d5d032f7e020

SHA1
362fc4dba78ac7c4d0247f77f259dd6fa7f50a62

SHA256
dbb6522a78a80b17e7fb79ab019a30ee1fc47ee040627428461c6c2dfdf42f94

SHA512
d542feae2f685ccfd92132f7e36cf25251076bf30b8c59529e4618504d9134e7f93c64a518c024d31a627dd4f4bdd7136ea23086eafa2fc5b86951ebb5e404d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
23KB

MD5
e4b0d20f483b4c24ecffd4678479e3ae

SHA1
f0f3175f2c92922d123eac1e3a4c5bc8f6091b49

SHA256
ab25f94f51f31d69f3a7ff1959eafe9ddf3fad8e983fa216c91795bae573e13a

SHA512
54dda1d96956961788768dd0d5cb0ef9f660898b3b4fd1f6c02d5b092fe3629cb38f478e5e2fa5b074963616e63a235593a2de9e3fb420b502b40ded7430a715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
44KB

MD5
28d6deba0823880f8331bd4695469645

SHA1
a9fb38e13eddaed233b777f4db8efb4762c215a2

SHA256
2897ce935bf259f030e1c67dc25840da8793d4b58bc5fc8d5450525490d62590

SHA512
05261445ce6c11d1cf49716c0a2c6c2abbc930af4b7c817d36afa7819446f7e40f740a31b8e9734a5f68a0b140f2424db8779f27bae349a429002bdb30c79e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
43KB

MD5
70f6a1e1f287ec962c89fb8e4ed38bce

SHA1
65fc137952b567815f00e45e5c1bf7e1de661b72

SHA256
1b455a005fd6d5dc5d8239834e08a68437761ad748ae521df0504c7b2f134907

SHA512
bc21c6d2a568b410d1ebf9d3c7313c06dc7106d0dad4cb2dce050c6de6775fd0cd5183a71b8e3c6cd4dc7d1cf2fdef34e790bebef50b5419ac5ca6eb9abb4820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
100KB

MD5
2e52bee929ab7d56b2622ae84962e0dd

SHA1
7fd648bb1fb1f069578e992972d7f22ef1bfb36b

SHA256
58a0ed06b38f7886418d565ea4cdb15345b40a1d29e635e167870f45fe14ed4b

SHA512
c53ceaa60c9591ad0e61e82ebc1b5c6dd46a7b4a1b7ac303aeced0f4a0611e4af2b7a5e1febda5fb10041d0a9c76202ed05bc3e344bb6ac6cc35529e127e9d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
29KB

MD5
0184869286788eacac1ba69396519d49

SHA1
0c5f414d628c549f94ad3a74b0afcb60e5dbedd1

SHA256
f696dbf8cecfefca50ea3fa5cf29f5ba98c37e723bbcd5c6381269e08be54e0f

SHA512
b6bb6bec302cb11e978fb40be6ed3ad6ec18afbf3bc4e81aa5aa078c841bc323542b7a4c83037c7eeef8245c29e27d0143528f071d33acf5346ccef4fd5f38df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
29KB

MD5
61ffec0c3a93f1a6fab956f56b6ea49d

SHA1
942ef545d31c4cce9a36c1587abab02104f435a6

SHA256
ad64da7d38ec779b20b376adbe7093a13e2dd93cd653b189024b991b41f6e605

SHA512
bd00a51d896e5cebdc1f3c8c4d3e187f8bf544e141cdf4ca3f9c562ded91c43ff3c0d64d20e0f9455ca35ed9ccefa1b1f0246e2eff9d191b189468726267b930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
59KB

MD5
7fd069146ea79b16633bc8b45f90482a

SHA1
98dfafac54f6f5db51e3baea698208833ed1b642

SHA256
a746ba588555b584fe98e42ac1a2dfbb92c2831b54c263f51fe91d124b9214d7

SHA512
c31822f497ebb35a5da455e77965f16a83e2007215ae88e64bc21019d8d45fff4671ab4300d9cf518bd2b652d071cc582fdfb99b4807c75e2022755e6c60a06c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
65KB

MD5
8025f829ce65abf9e97b4260e30ecb12

SHA1
56113928b475308c318ba2b4aeeb9fe60d82eab8

SHA256
ecfc0ac9a79d48fa81b3de8bdbc22448cd85370e2edfae4510a527ee681e5f61

SHA512
3bd71609c61083318689bd83b93b5fc1773912db6cff9db27ea7ee2554e0a2ec82f8ac010bf2e13f0d23eefd618fcdc81bad41a5199f5fda9c1b9285e8752095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
75KB

MD5
15a2f0d9497bdefec193f1951b076696

SHA1
b673c0729fa90d589261edd38bcaa74439297cdf

SHA256
aad6b6bb918d96aa219dcb54ff8a8a9587a9abbe51b4ee131fdb1a82f028745b

SHA512
36cb398ffe146e46e57ba37a2ac92d03476ac0b0368c64ce0102ac3b9d6a484d5e4200c136db9e04f25b327641299457b8f9d140aba6bef6a9fdc04313415e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
88KB

MD5
cf32003b2a71b7f09b15e9ad77a42d40

SHA1
dd13a04a430ae36e5947a503abf60c24f17d31a1

SHA256
9442cba9804cbfce11010881cda395e6df369f778358e50536bc183c926370d7

SHA512
6007af3fe5be0f250b877d18351510f82fe40458033c7342e26aa4ab8fa75f728881b2b872e1bf1a6aca7810151523bb53bf9609f87d414390b45c32c0e66542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
68KB

MD5
2f4c4483d3f4a087d5a26b0180688607

SHA1
6f616df9d2f7feb4d7ae7e623265318f5f44aabc

SHA256
d65eb75c2f3cb2b808687bb9667615029ba71a52d6261cc922a239a7df8a8d28

SHA512
25ee93d819b12b7e8c8649a115b40fe7c70afe0884c51868db9223458f13fcd22acd46406d7a023f950862b41593957d2a435e120db0e4b81d6baedcbdfa6bec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
101KB

MD5
761338e7d858565d6976e2c442e65384

SHA1
c36363d7b6391c958778f27956a8f033e79675be

SHA256
8dfa8eaa5ffee5d0f297c5793bc907f1ecdd88980617064d15751b0191cf5d9b

SHA512
630332ca5f39c7edb2f829f5cd445ac27f157dd2efae8670fbbf0808665917ee599c197e8f1d071db3d54d7cfa1225603704c46c16a330b79a606a07e92bef77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
efd99f6b50b61e6bc88ab81db271f5dc

SHA1
13a91d8c6aae48306779d950cd3da773bac54a04

SHA256
3eb3416904e2d4354a4760874b015d4b7ad0f4f231889eb2e80a7c2ba79c22b9

SHA512
3532987383c85b0cb80ada4314a3fd155cfb78d23470aa7ea43c40342d48982bb8b3824b65c05fe496662e433ce65598cc902cc9e51d6a32802709683221e160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
30KB

MD5
6fd1421c547715cb7b78ca67104bfb78

SHA1
cc7f1d6761d9c7256745ef7586ad53e3183f0e2f

SHA256
57b9a684f743cf229723c1a5e9936d930cf48c3b5056c16c09cdd71ee6fe803d

SHA512
f64899cf62a1696adbf62f597f69c3a1ddd62319071f9a87076977b9f6c80992b333223a07cc1645a2fd578306e30abae12e18afc41cd582ee9717ebcb423a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
88KB

MD5
b3e0b4b87c2850f851379452213c69a4

SHA1
e23320868f2c37fdb31201d19d785634e60ceb7b

SHA256
e10bb93d5900a16cfca5d0145c068665fb799819db1e8b0b4bbec6d987ac04d1

SHA512
c15f68162e7c705e4e47c1ef97eaa8378884966c81fe7485541f41919b62ae723318e7bb8991131432e5e27965739faea93d1363085115eeee13bd3641370466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
23KB

MD5
b071afce30388589889799db2d4f3490

SHA1
976b2eff649868ab275b9e931e3528cb0bf618b7

SHA256
315c8a69ba1e237333b8bc8eccd22acbbeae56544a98a575a198a0e210026aa5

SHA512
6589ac7524a27870ca75382cf40d5ccc993ead4e38b2fd764cafc837861b78a9f342aa0847dedeb5088b3eb2760818611a1eda3cdc95f8bc79fea0a9866b578c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
30KB

MD5
115f3bb10d0a4287f60e8adc7115f08e

SHA1
ba233ca41480d7a0a06f055f6efadbc0e0e52059

SHA256
e14407855e8d1eca25f27a14a2df0cde88a7179293af5a9a1b5d74cb1ad13010

SHA512
5abc045ce192a4fec171ccc6e41ce1ab3fba6c5f3608f706cf30e38d91a54f1da24a45ae43dac8747ce4f845439082eb2d2b3b198a2acb5cfd6dce5e25247d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
17KB

MD5
40f1894f47b77943a35d1f02da5ee60c

SHA1
fffaa9c4eb0e33fcdffc0e326ba346047b970c9b

SHA256
362d6cc83832d29b868334f618e098d112ce78d5ac8299ce2571de96e3170a12

SHA512
c2ca365e6893a543b06b9f77daa80638b37e1af700831bf8c4c719c7548e0345798fc1630e7a44f11e86eb35325008e88cded423857d454238b2e1405dbdd775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
20KB

MD5
f550dad3dbfb045a5d3b91aaeca0b384

SHA1
ae0700d295166c471d2e3640134d7bcfb183bbcb

SHA256
a2d804e54d655a53053419498366fcc7e4a9e485fcc872795b22b31c6b889720

SHA512
1eeab46bbd2eaadd75ba18fa3d74f9ba0555082588e7dfca77425adf6716d9553b669250af5cb2948cd4d4a5a4453866834f018709941da5aa67214c0f6b8b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
39KB

MD5
e1f6e032096b2924e561c3928b9dc73d

SHA1
f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad

SHA256
fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8

SHA512
b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
42KB

MD5
cc7ad65e0558327d8fbe8ade40ab94e8

SHA1
6c153e9bf971f196db25cb2cb3b62f77f0a1299a

SHA256
956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30

SHA512
0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
41KB

MD5
60df02cbc9b6a531c2d3cf32025a4dc8

SHA1
71ce31d6e0f59f98855a01b3eb9a37a86352189f

SHA256
2d73eefd868f115745117f76888a9b0124453918522046796a55c3621ad2c15d

SHA512
cfc2d4bc147bc757054c07a7e347091922d4ff9b7a0f856d0a3c278f5a98fac1a539d05ea5c375868b372f006a530d14558ac7027723f83f3b22087bd12992dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
40KB

MD5
f1cad4800853bba09a023250de102801

SHA1
76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6

SHA256
e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b

SHA512
4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
42KB

MD5
86fe63fc0e7a1438f6e28c33fe5064dc

SHA1
8e2536f901bdf219649c2ef9fd4915b2778a877b

SHA256
d70dec47837e50799c46d9b8925767d32f65adda04ec015be6af92bd4caffec4

SHA512
99f6f8abf56e3b620dfb9e961a71897c050e7f6b3d3b20801e5b7209a6f0afde2de637f26e4baf5d869aab99e99f1b872b19017954155fba0340f8ec771bb03a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
42KB

MD5
b715a5dd019d1b8771a3031ff85c972b

SHA1
5768744eb85d3137d094458e4b7842c1c5c526cd

SHA256
e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a

SHA512
22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
37KB

MD5
303fed02c77f1f182783a0243e21b4e8

SHA1
dc683eb4d99416ec51f3f75f5770c727473f0281

SHA256
c1a17b2220b41919ae85c426619dd73ba1e7d275fa2d3613536a2f31dfae335e

SHA512
4bdbc57fe21dc227b1f227ac54cf29e5e475e70b23182a867d00965aef0001c1c41dd61296f2b63721bd8b0c60dc5cb7750cd70351c9014c6d5f00e765dd193f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
17KB

MD5
be22890c0e3b8c73b26f5acc54d2522f

SHA1
ad445c49471abfb2e76db956314c2510cb5f5a3f

SHA256
bb67a207435818e1935a93dc2847fb8b0ce1893baca38f1e28c392a23803b92b

SHA512
c11b8d1f1697a58ef4f04459fa0cfc07785886f04be3023f29db4c487c26f18bf02c79eb8216dfe91847c50892019d4ba5017860d868ac70dc00f49199927697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
77KB

MD5
da504a86cc8120b79e6aff72ca205486

SHA1
61ed1c46f004641f924a732fe6e8a375ad912356

SHA256
3f718bd89b794ee72ac0554240317dab36f14436555fb0151a0176164f7a5223

SHA512
c2b03a02340e750d1f9f2f41bd4c3b1d99d0e931e3505f492c2c312bc7b45487c9331b535aa834f0b1ec2461c50f3b8fc75f2add786a8261f8f7f13f54c6dc6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
18KB

MD5
462fba886d9ee32edc45a9186c335820

SHA1
682a179ee7e2ab98cf5d29ab297988aa0546793c

SHA256
093f9a32b7e5ed29db07909e640faae70b49b77e3e5bee768a949223d4b5cd17

SHA512
fb0767a5eb9470dd6b36c8ddb0b22edf845f531c893bc8f4d06d7e9f18e488ff7b9c727f5ce8b5fd5dd18dd5ff047bffebb97aafb13332759b533ac0b5a0f49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
48KB

MD5
fcedd8784b86aba8f170709e9121a74d

SHA1
b4ff537a4a4bfe3a2dfe2a7d82a8e11c1f647849

SHA256
86e85d9cdd4d21f1d7cadbd47f6431374b625984cc3420fe4ad6669e81dbb01c

SHA512
bdcb16ce7ba2611f3bb98b9d6200e8c11c05472adffa1d0055b1eeebf42f8505c182834fdd33757865e1536104a0c066a33d7202464e008c4979363286fb2b25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
79KB

MD5
203ca99f19d8986043de955dcdac7f67

SHA1
92ac9ceb2c22ef23f404df3ece49860d0942b490

SHA256
996894360cf8ef0a24cc5bd81825ceb6bc9131c1101cffb756c52684c8544716

SHA512
9acc8fdc77448460ce51ecacb7d8acd738448fe59f0882dbf89343210cb6c8de326b0d06c6b5aa4e9475f8811d5e2414bcad29b8dbdb3b654cf6a4b699ca290d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
31KB

MD5
5be09c7c686dbba1984fc1a2bacb772c

SHA1
b0626f753ce1f18bd01b5c29d86af92a7152e07f

SHA256
c85491a931fe791cd1b23d54b42bd7abec503842ed5cb76420ab365c4ff45b4a

SHA512
2fb59449fa9a0334e85c0342352037a60378e484ad0e0cc417b9559fa8ef7ac81c972a50dff01d177db0875bf244b3ba90bda0565e269be8e745aa7470e223b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
22KB

MD5
d96bc8cfcc751bb4d7c1c4fc79fa7ae8

SHA1
ab1728612b94c8c8910a863fd7017b42e9ec2501

SHA256
bc13472aed9cdf363e21fa5110934b068abf640f9dbb38287a75bc73fec6f561

SHA512
e3f1720eaa3d53d28edf1baa34099c22a6cd8c20cb1b039cfa6e2c32926b0bc06265784f88fe5433aeb3422be1c3a57ed91cbec7ce22661b0af3ae14ed371c18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
57KB

MD5
c37a5314ba360c995451518527cf293c

SHA1
22d1c9ce7d909b3ff70f6ec0c8bcbf999015ba11

SHA256
65beb8051538d1938ec9af6e82affd097e681aca80afcc3893fc7d1081fa23b3

SHA512
51c80c33f1b1756ea187827ef20cc4ba1917a7727759adcb23daff5585ba5e2fce7d98162ce0659ff50fa556e8b0c8d58ad7143e93f74808d6c287b25b2ed3e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ef

Filesize
23KB

MD5
38b055e3070c9a4f2a2223c965bee6eb

SHA1
0bae78c1d693927860014b1239d600861915d4b8

SHA256
16b2f909afc59407dc76b4160074f58b928fda77dc93f222779221ce6fe7a5d8

SHA512
05a51a19ecd3d6a9e015014ae03c63c94ec11fb6d44e8f939acf6177be1b5fdddf6f34bb77710a4235ae06531bfe6987d491a76b124f9321975c1d13a83a7d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f0

Filesize
21KB

MD5
280dca08efdee68f40a89256d6f9f25d

SHA1
f5291c5fea73d429f08656f543cd6c563df48053

SHA256
cdea009110a6c67df98dd8244f7e238e47508e77642f4369a246a9d0724109a8

SHA512
c0f2b45e1aff0295b6e73d3c39957aaf1e3d6dfc076b5457612f027f538d6f7be85aad1facca20716704ef94f33cc7c60caaecb42fea1a20b956a26c88af1584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f1

Filesize
16KB

MD5
6ba1b5a382a5a943ac7fd9fbf5025aab

SHA1
ab5c767a2efe71d556b8f59aa0b800018855b7ec

SHA256
b5e6da4a2508438c5a4e69c5537469fb899383fb576ca36e9881109a0742c3eb

SHA512
6456947a7e1cb1742443b7898155ff7e884de65561228d2c91d151b5402ca15c1fca9d3894f93834bc3a27e8098e042c296f4afb7bbd1b3d876db7c5af59e047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f2

Filesize
18KB

MD5
e17ec1221dc4256750abcd269d1787fd

SHA1
2ecb31624a0e9242544588597f0da84e98cdc9e2

SHA256
2dbced61c9de4b54c85315314fe0a34276c12f1b16a1e4fe12bdb5930645ee60

SHA512
bc35020209d0a8984cdf11700a4bc7842de3f7fa0aeecfbb74ca649f7811a5f182dae7e24097eea23297ad21411ef621631da730b7847863b72687e4bb584498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f3

Filesize
66KB

MD5
146ac7e548f8ecac1fc6bf02bfbd76bc

SHA1
f1009c7628ca9946526a86579243c19614cbcf7f

SHA256
65207702f890baebfc2a4ae623796336783eafd3118b838369b7a32c204860bf

SHA512
db7ffbf2dfb111f37a8e50a8c027953329b5edf6216d825ffb30fd87a1a858ba5a01e54f87a3c17c28151efa116ed669fc918f5c5de69882d30483c30251f799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f4

Filesize
48KB

MD5
149a77db9e9b3dd5bd785a7380b473b4

SHA1
9b1a7e6c08e2a777627d75c7342048feea1a79b0

SHA256
723d2d4b64a85100aad16ec7e131d69d3fcefc56a8759fc2b46fe5f071fee679

SHA512
8b051cd3fc549d786d1e64261fd50398ddd7124152dfed536b267d618e8e42f5bd8328010b08bccf4773060ab0dd63cc271c8403d0f2d9594533d5189808b288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f7

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8

Filesize
23KB

MD5
45c53679bb27a14ba029ba06afc67bb2

SHA1
d40021823bfda741bcfbd12fe0a7e39fceefe2a4

SHA256
c1a5721987ded448bf8c324b2cf1f32a4722b033f74555c9c8c6c0842879d270

SHA512
13af5753122e38c0155526d173bcb8a07fc626c968ac7885930cc17a60c9428692bf7814b710f44096a7dd3393bdfca4617a7a18377a5e7b347901f892742903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
6KB

MD5
1aa6a9684c689afb62886b319cbf8a43

SHA1
91a04928d59a1191f4eeb7eb23745ecde501597e

SHA256
d04db145e8198ca86355898e95a229cd6d89c2e8f9dc2a225ec6fc649abc3669

SHA512
f0a00f82ababbfdda2e9607d8deedf83bb9dae265b3f93e085913cc9a87f78ea81ff91f61714b7d428389b0862c9095f7853b813cc92eea7b853ca674155a6cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3b963b7be8eb8c2a0336598b1267cea2

SHA1
daaa9733d32e5264884aac6b7d1c47c36106ae51

SHA256
553dd52e1791c54a931207dce560813961e09454281d39e982f1a79fe061a9af

SHA512
60241b2e5361496e47cea2e0ef5fd8888437a701db6ec4c3db52fec8ea45d1ec75793efcd38355d72c8eceb205c2d0c1c29a9d3414a2e30aeffcbf6cbbfc34d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d39f2ab0599528de1bb5750292652967

SHA1
4b3154fa258381ccb02cdb84f5e9c3658402d3af

SHA256
b5ffa4125c61196473e6c14ac19a57a9c83788a3d0595c50fc2fe5b182ab23fb

SHA512
8470cea4c85e975dabbda29831903f09c6f0961ec94710c989b9ffdaffde6915c7ee435d3957de358a6be5b233d7677ba49a59e5b93927837ef8f9cc6e56fe3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
98432c41523f31bad375f564c1ef3b4e

SHA1
114c43f1941a76b08e2a6f33b175cd8ecb10a33d

SHA256
7a13915b58180f1960acd5566491ffd11dc2138db8fde8523da332bb308d1bcc

SHA512
b874e99a9040b2a76c50e93840d5b9479246cd6e34d05529251be971dfdbea258d3fed00b47bafd8fb8a302726055b890635c6832a51a64b28d912c62f4eca13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
32e61273e497e9061fd4e2ff265c88fa

SHA1
4772f931937e834684b78bb067c09804768cb427

SHA256
62c80035b2f1fa97b02e2365e0e69ddcfa933ffa82f0614cddfaaf98ee4b0387

SHA512
1bf86b145593f69d96856122a6fea70edb09333ba208bb2d35af87d16c3b67d2e12b35c3bf4fe62361b32ab63cbf3bf3a4e70ab07ab95a208e3ff61964589e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000005.ldb

Filesize
1KB

MD5
cbd4452d0891ae0929d8e4078c21fe64

SHA1
14bc16c9fd64a9d86e67ead1fe1d671180fdb812

SHA256
c77d9a9c7bd1c8b5a5f8448736789c2b44370815e45a0255ce718df22f5f861b

SHA512
fca5def42a9aa8a3ee31e8fd4e48d06abb7c0c2e691d39ea7a7da14a9b271df97b473914bbbb17f81b3a17791de530c34e65f9ef74e7cbc85cb1f64a0acde3de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
b18c9ed0afc8ec85e6d1d6b170e1292a

SHA1
b93ed21b50d44d9331175b430a8f9c0162987dc2

SHA256
836e57dc1627e3629382d8520b8f5bc8465b722acef0edecfcea9449caf91790

SHA512
da599d266424312d2e70830cd4824e03104d9c868198ff23297d826a8681add14889137e8b2db77a6515039593a78285dfef47f397957f57eb5f9fff5856a92c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
c6b03bae1dd4548b1ddf2cc5a6660a53

SHA1
26194d79117a381a0d1174567deedd931906bc60

SHA256
a7a8122d3ed5fa80214642a13bf20e14b4918e4bfa060d1881cd1bbd9d6a041e

SHA512
1865efa18de6f5ef9a71ab612516e49f1bf26073b76e15288fd7ac53f989f04d6a3ac04e4fd778c8a7b5932544c721477927fc5269e706f48faf267d5c455caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
7cced4f062370a161e7bbab6a045cc69

SHA1
c0a5fec8aa6c4d5de0f35dc35f753551b0409659

SHA256
85dcc45d35a16552ecc3c34a64c1233b79a000e751f254fa1ef2b5b264d073cf

SHA512
0eb17f6cd09a92eba17358c7d4bc01bc76c90030b152516c2e02def8b240995c52ed2c70ca3ecb3d0df2eb7862f1afb38258381c61ccff6e3c66f6b1c31f616a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
f23c34f98e306b0f9b0964a061fa005b

SHA1
a25301adcfe5ee33ee0ff4059c470f8ab29e8eec

SHA256
d63773d90b2234e56388e3e4112449e9f574f3852230903f7add458edb8b9678

SHA512
abf0068cef69eea82e10f111ff12ace78fd8cc035623b8cf2091a03b287559dcfbcb3a155fcd559d8156256267d604be5b20922233985f66223308d57d40c084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
9815c8303a44efe4ab5ddb0bb74b768f

SHA1
a9b752dc5064a6b9580cdbb745f7fdf60355d0ed

SHA256
de165d11689c76d7bae3d30c36074ac66515a984aed057b67f1f6a51ce348109

SHA512
890179a39adb9327869f3f9bb08aaf74e0cb0d2d4b738b01778dafc2ec57ff2b764db4d1f605eca72bade2a7fcbbf230386d012ab95e643cbfeac1e0d39abdd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
9d0b49733532c9ed91ec521b79c58a66

SHA1
7cf52fc79635ea0b197f809e4cd2cb891a641075

SHA256
b7c9927f57a22d8eb3f1190259c8417ceacc540503d8bae55b9758f9da504b3d

SHA512
013f013b15fa6ef3aefd360c6798080736e9b45c56b02efa2dc3c69659dde85e42ad99481ee2187351bd909583968d9fa5e91b3f231d3777e31876057836b94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5a3970.TMP

Filesize
673B

MD5
0a4ff71d7db4e09f441237dd4949e6ea

SHA1
aa918885572d9791341c3faeb558a92ed4aa0782

SHA256
e450344b3ceac1100e55eca94bcad9c1342727898df397773586ac3b54f157c6

SHA512
8309136c15b9190dee416d2e7956bbffd9a901bc24486191caa085173a7a87c7b74ad005b285f2b18b1aaac4be4989e3bf66e28add4e6223d165d98e67ea8454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
e2896794670f13dd2d4d13b86817b168

SHA1
58089c9c0955e754f116b29243b4c834e61e1570

SHA256
7a47c8951a8a2f9d0d66faa65fcb8653970dc9c8e08cc26287f6a9c2ec7cde7a

SHA512
2a14bdee064c729f2cacc90ac8f599cd355c02c0bdfcf7a543e1cbfe8626f3629626d3132810eae3eebd4685d71b306c9de99baa86be950f3698e48fa376f578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
617B

MD5
31564c96e61c00e38b9055abe60bdab1

SHA1
17b9915ec9c3a90cf13cc5f3bf43b229864185f9

SHA256
289d6918e23bb291092b9f318951ef2f3bb49df561f930dff41dc48595ee0a46

SHA512
4e8e92b7e200d5af9566c2769745bdc7bdd42e02899b33f3e919a5ff328c648eb615a8becef915185878494c7040940b9375c208068f5e3a85cc2e045037fe19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
cde621f93ff49df385dae46a6ba12915

SHA1
2b0ffe99460bcfd8566214e6c4380a279ddae999

SHA256
1001f8753b8b1d8086e930c20d40f2e5ce75a236a033c1b165b94715a3d774f5

SHA512
8be7b6495743e4a88ae0af25dbc719a1c63112fc4647cfcbbe93061fbd0428119627608f91230e13d4d6307d2eca9cc5c53d402f9ecdcd5eba7775e2a0503f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
abab56392433cea9c032bb0c94f143e8

SHA1
f100166037789e0374b8178bf716825e0faf6637

SHA256
7aa2c19f669d737e41698685d7cc4140c5f2608a4efa6d6d50d9ae3553c85811

SHA512
80035eb46a801beffee5aae56cd7d48e804c9336301c18654a72ab9ee2846a383785785fc22ad2e1f4eb6653aa6cc5039f08e8d6a4cadf7b5e3a6feebd99d550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
39e0903496a623a973bfc8d2a3752aa7

SHA1
e0ea7419a68bc288dc990df367c26599e90bc195

SHA256
b676d33c31aa9684e85f3570ec17aeb11c429f8d85a962d2157bd88ca1c9b443

SHA512
49e3162e659163dfe6ec2570df25b86e3be8db30e20876998ac724769bd089a2648d10cb6846eef92265b2c5a7103eab5cb0e13458f7102fdf4b36cba5949206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
213bd962a977b7fa445c77787a6b3968

SHA1
d9ff2484f27fd142dd41038faf62e2dec6d4f402

SHA256
c932b1e0a6905e50e1d656a9b81c9dcc2f0543f58201bb345e4dbd5979daf974

SHA512
8fd57e5953fd55b21ae49b9e054109715e16f19ba010f556175dbb4a61b0b830a2063c5822841b37f64c3c7a646bebaffb91ee60387b593418d2dcd2d10adb87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc4818d6c6cb2c79db0a2f5dded2626b

SHA1
9edbfe508d81c52a1e64b49ddf6a1bd94abb5bc4

SHA256
e144b58fe206a094a814204e89f7bd948b40285abdd07e786e364d55e1556327

SHA512
0fba05d3a32730ce9148df1a587bc978af708065e0f13b00c5ab9177b40c8e1522a97c5597b50cda1e38de8a311f2a35019e392b6c5f88d668024dea1c4b2978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
44b9bf48491be54399739c2dfed9b6c4

SHA1
a140d9880b376651c04fc38122f3503462c45901

SHA256
7fb2b7a0664b60929b8cccde6c18df224fa6137dd1d8a9825afabfaf7d9531c1

SHA512
4853297ea9d7d284f49e82cb6dd9df9911fc85cca82c29e5ae3d25ab00a429798fe950bae45f596df5a993f2ffc47b414968a9713d496704de6c612e2b15640e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96f81e1a271a3ed2eb14e55ca4c785e1

SHA1
d82b6fdfaac994e0053b4677541b332d0b1b6211

SHA256
c15693f5f7a3262b4c191833bcd46d19218c31cd25b26ce667a2ac5fd32908d9

SHA512
4817b7bc73b70fbc07ac9c5406ab7f41f1ca4678587f8dd122f3e65cea4693a778838d6beea938d27aee5e4afa668cf345630f0c82107bfdbdd86dea2c997bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4407384f17c3c11a59b36e966bb1e62e

SHA1
82be34533550e5f3d729c342f9d0ec8a418a3eae

SHA256
55a74a3978ad9e9eb8e77451698a6b4c15f443a46fd2b1ab34780e7d9142210b

SHA512
193a412aeab9483157e6b9360ffc7d05ba999fe14f637e45f228642c664a4706e7a2872d4e4cc01ce0e297ca784137d3f68a1e30928d260d80aa0790d4e8f02b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da644d5700f9fe25384818d68628572f

SHA1
b3473507717954e2a8b292167d8b897ad2083fb2

SHA256
7b13dd5885747294d794c8bf79af5dcbad55b9db2b940a97ac1987f54b8045b0

SHA512
9ce74bc154ccc22b2a89f2756312817590e75d04e07f8ec9d7ff78b8f26e750100e4995b9c125746ba071133fcf9a3e085b2a832bf6dab772722f3188885f9fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4339c2477e70fd7505d3775b524af6d0

SHA1
7b3dcebe30b30314cc595a47f5859511d33b3d35

SHA256
e93086c67b8b66700870007feac8d35884e994a7f07a0a511ba84845864e78bc

SHA512
4711496f21e3c5ccd9b2f93a17505016892b1e72ba623a23f60268e5a174a1f3230934e8d3a1c57c42d88b3b83af81b3fa391b3730be52c5b65b5d4ede9857c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66a262a65e6712bf11f120e780349766

SHA1
bd1ad577f37cfce5b985687e44def35961470304

SHA256
b07facfaff3b3c97817e82aeaf7ab59fa6ce5779f0763dd45e070d5c6067b3b7

SHA512
96fbee2a323223f7c253fb23fb6ad0659b6d7bbfd8086988e3ec66087bb1ff5ef68f2250e9b19d4ab5b937a2bef981afe5c29b475cdf29f0974bec35ac37ab7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
197bcd5c09ed87569934f098d05fcac1

SHA1
175debf63072bbc00aafd81fc0af402b8a8c9175

SHA256
f73b46f223d5d3185d3c153fe6bb2aff4717da105ef27db888734237a52c79ee

SHA512
5090d4376adddc08592bf221437d4aaa89736e58864206b407b688a9d1c83f015349ce57dff8917578ec362071e4bb373e2db146b847d4d04b37428b783f3095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eb29251aa2dd36b6df5cd1b7b29adc84

SHA1
b1b1133ed706a335747fe06198d34b000c8d1a50

SHA256
8b0da5936dc26731987f4eb6109c057cd0046f07a7782751c39f67442540af0b

SHA512
cdb9961c09359e074375f1625922fe1888a9e67fec7fca56e5d5f49fd9a1e2c2320be3b4403da417b00620234bb5923b0ac107016c38735ee6b03437913955d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24689933d994d2b2afba437728887a1b

SHA1
0377538a7e0eb857c8e0156ad9c599a634124d7a

SHA256
3f5a54f4e944f0ebf1711a7b11a3422b7d1e705a26707281c8037a804a25b964

SHA512
ea9bdf5e9f54b3ecd263014f77f66beeed9d5e0a8d6ee3a7954ac1e3eebf2d3a8e117104e5a1f9861eb666bbfe38b1ce34a7d5b6fb401b72c271e46552d353d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e5970f18734ecfdfcb0542661f45a770

SHA1
c518a50dfc5f29d60a175d64b9a39395e4b4f822

SHA256
fc7d8bae9ca4547fc61dd9be81eea55e251553c41b5e5a8975861029d20c23bc

SHA512
67b7809871871686e23c9da38cd109a78750e42400fd4fabad7ba1acd8e3619f2702aa05f087e50af2b267bcb44418475a37a32827dd608006a59831eafe102e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
35B

MD5
343859b4ad03856a60d076c8cd8f22c3

SHA1
7954a27de3329b4c5eefd4bdcb8450823881aad6

SHA256
8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

SHA512
58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe5b3787.TMP

Filesize
99B

MD5
1b364dc6079e76375fb7624528b76ace

SHA1
88834e041e3fa13f1110cae22b27a13e203dbf32

SHA256
adc924066d783277d9b653bcc72883e1fb81ffef8363dd3790ce91d6ccad655a

SHA512
61a69dcc78bca6dbafc68f1136c0408a5f4ba2108f2c55f9afd5d1e70e58424dd1743637be08dcfff1a513bba74193ee6afc577565f35840128a7527e49cb174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
be348c84e5ed32506413ce71e0681a13

SHA1
fc77f007fe35feeb58517f189fdcb6d073831e5a

SHA256
fcf7f76b3abb5c9ea80a8492ff0ceae20a1e89f0ead18c1892ee50a640b1a6f0

SHA512
345e077f324dbc7660cb919306830df99c80ffd948ba4c2284c10425c1c1e7bc33dc8c83ad9bc878e8244057e80c0696c9ee91fd7b9de54b23a7193e951150f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b20c9d1938d42396ed7cbcff7ea59b9

SHA1
805433e3774c062941b2d084649252d56c358307

SHA256
50d6c6168a0f45d2efe85e0dbb10e80584e14d0c671489a9dd4620710faaa46d

SHA512
94ddca46fb4aedd7ca484a78b01e46655811690490d83bfa14f01114713b4df84087d9eb2411fe5618b2631659d4b84d2d0c85a4ac3bed596ac4b4a0f0caae57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1deeee9678f9b3313ffa6be3a05367e9

SHA1
160daa840f628812848ebbb48ea0c98c5ca02d00

SHA256
a63b772ac9ef237a26d914756b41aba03262750b195e9f168bf0c89b6e4dec3c

SHA512
7d81bf2834a4357d49fddf472437cbbfc885ff2c7318edc8b67ec080d6c14da4e4b54e2ac9fe1594c27f7c372722b54103232f680e54f48836c34b4d449c545e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
508d36b3fac8073e76c6eec9d98ca47e

SHA1
cfc835f800bc746705a55869a66c7a922ef97768

SHA256
3598f9cb9503df1393ba68560546ac1f94d66411baa9b893eadbe0dc3c4c1d79

SHA512
502f112139ab5b3c8b5c0125777ce965b65fce315076284ad6f914057fbd1950ca4bdbdb84148811eb88664f2e9cce62717c72364b137bf10994bb5e995b09da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b05e7cde21b5aaf95e7748ef27a3b214

SHA1
aa288a7fb5b811d5ba0f08d90079038e68a29e32

SHA256
d2ad5036b448ee84160fdab75e783bd5ff73e80fd07f4401976851216f617b8e

SHA512
779f05faac86eba3328058613a8d30a385cf8f403165d69105e66e5358ba4d0330154f425201d9407155ed4a841647bbfbbff7262ee1169cbdbb6192954c7ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f031cb934990f86d30d9210c6802ec3

SHA1
6ff8a3274331b95c17e745a5e5c6430e3d5d6a7a

SHA256
984e1ab9f21b8b5d59e324f7e69cf658c489182c1fea5483740a1afe1a3618cf

SHA512
cc2574bda5984c967755d94f4c41c3d9bc904aeb64fc0f6808b31205dc269308edcaa37276670b2ca11ff4bc6431ae95e9ab2fac3c3b1916775442ca3e36faf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d36cd8181d57943fc33398510228072e

SHA1
832452df1c30cfb623e20b6dbf7e3bb11528d128

SHA256
244e5e337cb74f6733193d5c9da99f1e32ebf33bd9d236d7f778776adf2fd2a5

SHA512
072b72f650e11f35d9130b92e0d2ddd56c48954139679d345595adc56d112f905304df685b40980ddca9d30a79076280c96252bf7db813b4fc983373db7b1c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
81cef454202d7b4f7573bd813a89c04d

SHA1
b55c90e7013bf28bca18fe0769295da2afa02795

SHA256
08e5d61ea5e3235aba14eee0a670d7165fcb767f7adfe6a27f4db1110b5b2b63

SHA512
3f7170cbbc6b426c58dc55abfbb73f5ab9504615fde1793a5f877990a36cdeba81682ca7ab27ee8a264ba67524043fb6ef8f066cacd055c391356b5783ad2760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b8dd5e3084f79705a93f4166d09b25cd

SHA1
d28a0fce4d6300361268884eee84311cee73db99

SHA256
07209615e9b3522a02fca83f403b8c995687e276ba09ce98f99eac0932570f4b

SHA512
61e13e71f3b82af4db4fc6b45b2053e79730aa8c6bfb92c6f359c6c541f1694f3ec618ff5819e1d36fe8d14cba650ff288ab048e1f3248a080c9d325e40f42ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
82f2ab1d6ea7d150b5ec835af0ec12af

SHA1
615be24ab9aeebee6ab13c2e03010c397cfcf098

SHA256
e24fb66062fccabd357105b53b3cc07a0390dd2a5eb32d68b2639f4c7fba3484

SHA512
320d993c1c5874d79a4272587b09219ec6c2de11c1cdf0443b0c39bc47a72873f397a0c47b375bd8674adedba6356b48acc3f5aea92fface906620b231cf010a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ae488789437bef9088ca3e99f113c1ec

SHA1
a1f9ef6fa37203c1c444971a74311b3d56e9aeed

SHA256
9a1a3da7e7f7b83a747edc85183f32c746351c87e59f1af4b2bb81129aaba70d

SHA512
6be1cd11ac6e7f69158912f6c5f10976bccecd2f77b6907a682a6eae6a480ba971e4bc38ac2e4ffc47d8afc7a2cc363ac37340b6af5de2e5dcb05e5198988531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
519bc4f7132aa80d5914bfe5776b37b8

SHA1
8348f40442d740269d6fc5a231658b3a31be6726

SHA256
668161902c802160454f81024e8539be5761b0bb4dbf18a2e992b99b0f8f4bbd

SHA512
a625b614aed1b841775b774d0243a68dd674612e1374cd00a83dd20ff888ff1d7c339a6fbbf6904895da19df628dc1c6908046074f8b868496d4dfe55705d6eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
0f082b77d41c8481f31e3c59a5a8758e

SHA1
11e6a4094971b53994d698ff72caed40d5d45bb4

SHA256
2cd7b5554e764798554de95f8899eaad34b7bc60c33c60d42d228e5559dc0197

SHA512
6f6a8fe3569861d80436d8c2b709e96aa21846fe359bea54442886cbf075931b34ac3faa36106c50aae4f1dd2275b3950ab3cc023da72f3604be8d67eff53619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1e662a8541c73e6f6ee66e4897494388

SHA1
1e9c82e9e0f947284d71b467f7d2a4b3a78d47c1

SHA256
00dbb4231530b7d87da4c20ec5f458e13abc48185537366c66eedbd2cb04559d

SHA512
defed808fde8008ccd8ad29630b54c43694c47ca9ab0401ad3543799a2efd4e8109df1b4ea33bcb5afc3a966d445eea916fdac0e09b386ce847c61abe3ed770d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb1bb377467de7748e5b93b92d879704

SHA1
4b64bf32d5b6768955f2302247bd85d95cfb0b69

SHA256
f336a0a15cc261f6074433fcc5f0d14b34f768f93d97db06abfa6e7f47f96894

SHA512
37b5c7b6d8fb977c649dca296973fb10381445450c24c1da360b61261aeb1e2d8255f7212a67ea1e746922260f695cfb3e489b2a3ad33455100f928cffd87bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5f1d906309b8cf0c399d3a67784f27fb

SHA1
2640dbd6b338ff40ce95e84f7bb0343b0bdb12e3

SHA256
8e44e553c4b5707770e02cc35c286321bbbf485281696b4a71c64bc5752a01b7

SHA512
1073a8c960c08ef856bfc89f81736a62312faf300f24034ad8083384dba280b90da164aa12da2098ca35ca2572c71cbe8444e5a9dcafc620b64094d44e4f5b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e6bcd3a1bf453132e198191362fb74b2

SHA1
c27ceb27fade9ddb2450ae569bd2cd29efdf12ff

SHA256
b50cbba8fa509b789eaef8f69016dd948c3db9ee653754f42ee28d7225f91318

SHA512
34fc305e090097d529134c1c56806b0311ed6f45911bd2d5bf6ef6f38ff9ddf62f3ed812d7cc18551f56ca58e8b425d08072bbb0ece8ca06a2ea6c0dd850b17b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6c239b0112c465a528be3f939de61347

SHA1
73c2edf155804f523c384e23450d46d5f42befa6

SHA256
99647bec8452d4e1288b083d088407005c812e7293a0db00842f07991348136c

SHA512
9f0846c682771eed7a6ecfae898f6b440ec6a9ccfdae599f443db11ca6bfb1cc554ce1ada8c8fa8acfbafa26827f4d97ea1718d8d252265a67d3fa84fa9b727a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4075b0955e72441d5dd1b82ab324f47

SHA1
88d6cfbc06fbeb12f6de101b3f0908a09c5abc89

SHA256
8f7f88de47a2f79dc0c7e6d1b29ccdf14e21d8b08f7518854479fedc2675c33d

SHA512
9d249a5df63cf881627bfa4571a8b798834698823b7055806541e80c9e7ddf2ec4b99e453453438a1ddd1d04042879f432076e52fb89ba41f111db68e4db3f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2ca4dbd20de19fc4783dd7931fcba8ac

SHA1
53e57a80db3b4d4e7ef91e4e39b1bbeca7c09d67

SHA256
b30d5f640faa2db17eae954f3be854c75a4ff336e414e81d65de0e456c7c41e9

SHA512
f01bba87d4c364fe7224d286f8d58be0bf95ff3ba4b44d9dd0dc40ad3dae9747dff54a14211d3f9e713f9534e56dcdc575a293196fe6a7cf3173b7d1a0a350a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fa7cec2857d1880dc5fbbdea80954921

SHA1
7026cf58f1cca416fff372948448845d7c23766d

SHA256
fc1e37a2e6f938ebea6a7f83fb21642c3aa661c528712020721be6d623b92fe8

SHA512
e8d54c9d3eb27ae4964794ccc9e1216f0390aa6fee95d3f4d7439860b34f7e7ed0af0bacc81cec4c1fb357fbcf7fdc2ca3084d438abe8af7d898aca74ef5b68e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
16a9434f5820fe58b0e8736ea4197721

SHA1
4d90d813566d41bd9ca2f2c4c92214f7d1bd7c2c

SHA256
a6bbb10e9e3106d3f9233524855e4926ef155f7f10a26569211def7fcf56b2a3

SHA512
0779bd09177916c333a5cccebb8e9d744ade0dcb55a3a2feb72080785fd0771f0d5add5ddcbdaf127423c4a6c0bc49b66c27b2957cc7a52b1c8bba29a8727b2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1a1ec8fd90a06024ae93e0028b6efd6f

SHA1
74f4c7c424158c22097b3b923124fd43dbfb7096

SHA256
90c238b26a308f8191aef5c813aea79907bdf562a4b66c435cc698297f96a220

SHA512
3de830425a534378c0c0d29c7916a21869d99c9d9e37cf33c38ccccce9a354b0905f58387f707d51c99718eb27e4a7c05b8953e6ac72fe63de51358ea14b247e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
04988f7ca661b4c0a0650e04901ac0ae

SHA1
fab31a4930bf4475bbe62be819393e77ef1d8473

SHA256
a6e18cbfba6f7e4d14caada089a4f086af839ca7c76055d0c0347a1857797526

SHA512
cc721946e3f9cd7735c8ba5d4693cc217fd3bf0cf843ecaeb24b129e61a64d16927c50e40d9c584be46f41c5eccf5242f807bd68499a832c2413fbe38dffa309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fd8cedf26f0a5aab251e39ef3bcbc1c5

SHA1
ae283549e62dcbe1e52fdf33c1502aae5de6e872

SHA256
9139a372ae0e66b56f57fd24f5e28f03dc362d601688d505a5d49ceff0f293bf

SHA512
c0fcf65374d51a4139ccf7a15f675275879204084034ed7840159067a602322c0071ea196938c6059a9fefd87eec88d1615878e1cee83614d493c11603852aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bdb9a64a506bb9346aa1c390cc993c2d

SHA1
85ced6367885f42ea9c09582013921c99fd2e74e

SHA256
8cf3640820a175cdf959fae54b1da7d74f5532a6ed9982ac58d0258ca0ba6b86

SHA512
918295b8f7e9a6f42e55318c0dee3babc85e2f15ef5135e0316dc5f54bb9feb8fcb226233d0df88507c461cf63467b3fa49abef5da60b87bcb58485fc7a68cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
4294eae1d3b8b92178875ad1b7bfb324

SHA1
c007f648d71c3ccbb3d3dc4c5b139cb42e904e4e

SHA256
e6192fd8691d0e53ffce28e9acb5c5f22608f625c9ed45259dfb5d42a7db77c6

SHA512
a6ef8f1f7ee7367bb28c82026995afcc66bb62a822cf252c57b8eeb575cd49a4f78888d80dab75531f18efa631c524c76e168ee69eacd2851b53aca6e632db3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9a7e10401a9ad8e77c89da2ad238c490

SHA1
fe6e9411418ab7a4a6129c50d5ac0600dbb155d0

SHA256
274e484049e5b26539356f470a29ff59029fb57b1d650ef4d14bf571f780e59a

SHA512
304755941a91ece6369118e079e5dc85dda2a12d202205c96a52db4d290253dc50385f98691d001e3e8e0dbbb046e6f4b6f4dac514639a95f2c19893e3e4ce3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
56adffae60be76535a2df04bdb81e755

SHA1
f0169253080bbad30b5a5bf27e7295828f818e7b

SHA256
3136915b387c83f29fe979fdabb861e9071141633605fdb853a74aaace3ce38d

SHA512
c548fac19172d23b06f43aa310a7012153981a7c4586a02c798d0cedb6107a4b21660d5e3a2c5b0dd6669aa0a129f9af98c73ff1baccd92f6d7594f9876d02b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ff091d94870c16374a9b59ac82cc841a

SHA1
791b08468ac56729953bdefe78450053fe35efef

SHA256
a19aef4d248825e804cf5b9641f197da8b4decd0d4eaba1662c0c9edff454d4c

SHA512
c89338032e0bec1c9e5cb641680e42fc7f49a21d3fceb264028afaeb4380fef2c941b1e22b678807b484da386728952b743cd13188ab0d35a21e016513086fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e82654c97f3b8fc6ffd5121faab621b8

SHA1
119a958615fc9f0bfeb2f6e448cb792fc3d22067

SHA256
1f3a3bc7812dd2e5e89da2f7135b8ce5fb1e87933c2a290e6aaf1a4b42fb20e8

SHA512
c0f74ea41a8ca5cabab22ebfde5e3242d3ae0032c547538cf42f61189a2a580846a0dd2e277a49b3a5a5b28d2be5c045f098864b619a002d5def02743b86954e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f0ffb2ee339fff0f5bdef0138523b3a3

SHA1
3bd642a14ce069f7d3b0f7068a24e37848c11677

SHA256
48254be64b94267364f078b7eafb7be4160d634093a544f45fe5768ac301cef2

SHA512
6a2c977a9a1e03d8e41781d1f4da23db4bb7568811abaf71347f6ff7f3c9212729d5b22ef937b32bba72574d6291cd430f0d89ff723aa815b82d29bbc943c304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
15fa0c3573e191f8ae2be7ddd5181f7f

SHA1
2fd6f96fa1cc51debcbcd7538d45c44fcadb2c93

SHA256
ebb1d136cd1f2bc9114081835750d6e942ea965b20d2dce3d3ac5e83c3a92d00

SHA512
284864b5e664455a66f376e5d3a3627896cba4d5b76c2787b1cb227011adf6e9ebe97c5ce6abadbf52e160d8afa2afcae21672f25d4836c33268a2643fe11277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d7dfcd1aa8c8e48ae1682d2f1588ec04

SHA1
619106b1addbea763a731fd0168fea52396ef18d

SHA256
8809a00b6b091a6df433997aba0c3601b51177f814bd60b75f2b61cca5fae02e

SHA512
31a5e220678a268f3819ff929f5f32a15deea7fb762a2be4cd0971cd5173fa84043acd63edd96fec5e0066e060f1ce21e6d62161858ed34937f9cff872e11e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
cd3a575f5ff43248737b8086ea862f94

SHA1
9fbd2a2b9bd59bb52cea9d7ff52846e5dcdcb49a

SHA256
9bec177739ede726da8a472bea34ab9bfacc028151e6f9226c74afb96c59f93f

SHA512
8fe1442afd7261ce813771e37a4b46b3fd7d326bbf350625743523817d589e218ff1255498ca66b621fc2f236b60e0b471363651b4a03126cf6f9f23c8d54d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e512258179b1c05b08669fc51ed0a677

SHA1
33d39f57337a3cc7a4dd3c0e1e1ff96709a5a560

SHA256
95412534f4aa353dc21a8894911825b86ae0040e713b802d333a5ab62c28dea6

SHA512
87504e96c7284f9923bed310b6b92cab77cc443c011812bca31ed427f2e49d6ab2bcc79f7de7539326e4d9a56fc9375e57b38f0083164a7e2689f1d1654a0393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3829d59545998e03a33be285efc04230

SHA1
d5c073925c6f9700d8b26e9253c6ae8497a24b3e

SHA256
f11e8c5c80dbb60e89249a82f9092b452f0be3dea45fb067fa2aee9e8cc8f52a

SHA512
524c994ce3ddd5a9cb91ae3ce52eea383dcd5cbcce854d2318244b38558b8a401272581a770b6449304fc8c4f14bbe3439698aa46d3317dced65609959f6c1c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
925c8b1742808838cf5d011992609d0a

SHA1
330544c70c74535274ac180b87c8d4d6b0a2a279

SHA256
bb7af690ae37926ffe3041e04fb5cbcf82613b2a7841d9f321e586f3619a8b22

SHA512
891a28285e40d245c8aad3520e3b0917de84c86da3349e713f25ed61a96de2f348a5a39848b61c84f1246fe417914adc6e1f15318cc8b9dd771c01dbca4e1cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
62508fe46e0bbc82f735e6b0d6787af8

SHA1
7641221f819338e897ca35522ef5febc92688a91

SHA256
b7a1e4b40e0cd5a3c9e01c79f00d3e7b935a6029a5810166da551e200456f59f

SHA512
10948d8bc9513361a4f2d6c412e841e091a3d5ce7763ced3b898339c61e35bb52347a879f052145e5eec72d42dbc2de7c5aabffba6cace66e217737cbe169988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
80d4f2f31085876c029381b7a4c45b6c

SHA1
24c926bf634b64f29c43c1f97708e0a24059c50e

SHA256
c06b43a3f0f4629b3cc156c1ceece97a117df566352c6ef3fb17fab5c2bdd37c

SHA512
0e598643c92e69d628ec4fbfa6800d2a0a2b577fba99d596c68cbef32edcedf53482f2694e62f534eecae4322eeeebb4545ef5561fa9c3b139ab0a8f2779c7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e5c186b630f0b3ce255ae1fa60fe21c5

SHA1
ef4db34a2fa01e7445e3e3bddf8a1379bd6d439f

SHA256
a2fa822635640eb46201497b45fffb569873861df1090c0bdc0e1d89b19ad8dd

SHA512
95588312f5d53bbb593b72153df50034efaffe408f0df472512f5ecc1a0602abe3cd19533da743e279995f3e778fb9dd5d824d05f23127b7dd54aa57f208f258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
084845eac07f4d2de0ae7fa5045f1e58

SHA1
c7cf4d2a5c8a69714cc009e3f0fe2a882a6d44ff

SHA256
4eea692c19cff2f58a3f0d9cb3af3a3d8d0468ee82770c836eed2d3959671a65

SHA512
851e2afdad17cebdefa348d166f4188527452df239d3bc3238e9acce13940bac9315c4f097121a80f3dcb108f1dade2315203c262d3ac6524e4598151548f6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
49be0154175aaddb1b95e773e2353dc7

SHA1
fb748d8c687ca077c8517bba0634cb5c83cb70da

SHA256
8ba9c741c48cc2ad71061d213e3c71db955b7f2c178aaf73a3ccb25e797c843b

SHA512
fa1c78762ce82e2cb69cf40c9ff4daec412214630bbb05423e85ad1cf8bd2abffdfb164b127b224d171740d2b6a99947e7546a712459714e7506b6ad38c95ced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f5d2df0c6e6bf82c213b22fcd3035335

SHA1
9c4f8bc691deb7d6b8218bd812372d8d512c6023

SHA256
8146ed8299768688d370a974fef807562526167918d6e9483ea7b67152a2b466

SHA512
95847447202cfa37db938645732f06368127b91ebe466521263cb17bb3a5848d746b8da8c484cab2ab0fb6ff5f6458728f40a00871c0dbb318fbef5900d38943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
04b952d8b451186953e1fc6ec587bd90

SHA1
2a93da34b7816141f482d9db9848fa3574959fd9

SHA256
96aa610ce268f34a68a164114af0cb2fb871cc0bfebc49691ec0a95330e603de

SHA512
aee53610c872c0ea054462d3da53dcef77c54afb271a1c6d7a393ce41b7748e95d5c947c1063523d8326d333b405aec7dec58ace9728ab58a02726c99531a955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5b7221409a3aa5fdb877966a9fd8fbb6

SHA1
4c177e453bf56720c51e73edec62e3890fac3d8e

SHA256
46db17a315df4954fd9acef736f1ac6ddee3e9b5d872bc27b796507fb7767084

SHA512
0e2ce90b1a06d41cf86bacf7b6fd51665130bceb0224a3cde67794826d595f31e3b692c3fc6aae42337858b247aee1c2b758a4cdabe9697f617ba4948e41e80d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ce2d197e7d36492bb7cb73c390eec804

SHA1
07097895ed705687700551ef76420456fbdb3817

SHA256
7bc5fa1c9bd94ca7f0b57682ba114dbec6512981f13bd28cb200ee3100e594ab

SHA512
8b8802051bea397a719bea03d9178a1344e8f5e7b599848ac9e73eccf393b88280a1e8c9fc7819dd1e5cf80e257a49d02c1edae3c6db290a81a3e0d4e2a57313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
964a43087a64b2b67393e73f7560c31c

SHA1
434c55a636529df266ff95fc100297bfac836a65

SHA256
bfb3702e1f7656dab49e2376c6361bc6dcd8dc57e5997b3c95ec81df483894aa

SHA512
7f526d9963f3ea523da38ea927b25b284a4536433e144a1af7dcfe12e632b12ee380c11fd1385a9ee41a07661afdd77c9078e365b286faa4a90ea2514eefd5e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b3c3fb27cde2a3ced8f1d16f8febedea

SHA1
f47c1f60a85b2abbf6bb92ac1ce1367902e02098

SHA256
a007010afda6d90d1d451ddbd60ae77b81c598f262d4dd30a51aa5e9829a7ed5

SHA512
67d2076ec4e05afbaff3063108bbf72f9adf70d0733a155a739b6bc25ecd4bb09205f1e83ac066c11d77bad9a9956e30474ccb2e57e6d1964ef59674e33dd8e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
04153d973e26095df37854edefe4e033

SHA1
68c260b139bb4e1dabffb60812aa233f38ba7233

SHA256
15e79cc2ae6cb3ff37032a672fe07774f799355db5f68a4f17acdd98ab8a66de

SHA512
ed5b8ba904232aea27de6be736b208a1f09b61a683e896b4f504ff9b70cfe38cab45bbd6d9ad1eac584baa841b772edb56428d51259f89bbcb383e02a3a3392d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
4fd0b932e6edaa11a05474f1cc1b2dc2

SHA1
5463b981600e69a97892d97f1d5a6ee5705c74ad

SHA256
ba8e64d7695ce7c9a3829cc19cc4035ef38ff0b827f23037177032e68c80f265

SHA512
4c4e55eed24c36c715d851196126453af8a3bdd3e124a8e1e86c9175d6795d2ae53040492975b195d84511efc6893b30e1b2b9a8f1a9126f93e09f6261cbfc64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ae55497630b005c36ef4fb3f1390f655

SHA1
908ad75c148c91d90919df7134aaaa94d4853563

SHA256
b85d5d8626030c25affe5581d44eadcbf2a34ecf5319d4aa13f5ecc4dc636077

SHA512
24d702e852f95a6153dad11597e5e5b521c94c2d4b5a63dd257b18f8624fa7f298291326f2c51a18cb0f9f63b3acbd0562b1de68b449e38668b7a510bf2c1e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3cbcb68919228d92c995fa25fa685c6c

SHA1
93253ab139f843532f2b6a739d7e6a201f868845

SHA256
acc2ba9b6691f4256a87312fbef3345a8357d699f5ee26a265914c728f262019

SHA512
3a7a798b6193195f055caa34b29fa1c69946d19b0303dfc04159b0949f84a6c8014554610b33be475bfe3576a58dd4768f7b9e4d0616e7610ce7f9a56af18c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4040f90a5727df70e9be38064960ad10

SHA1
467e5db816916d7378258b235bf0f81f019505bc

SHA256
4fe93bd075822b79ac4064ca567875aace49c75916e65efdd121072c7c203ed0

SHA512
0d2c3d9df13907b778fe68b6120ae8085b826da4f79279754801ad64153236c753bb6d68d273fc2b8acf3f080b59bad6b86a9b87681fa480e4bfd0c0a8b5ef04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8f077b415f23dfe84bef57457ab1996c

SHA1
e5c2d628364de68d24a014fdcf494ce435eb996e

SHA256
23cd03945635a1efebaa0d18e48d431996fa7d679d71424dde7867b340bb5d08

SHA512
df3dbb73bb90ad011c6305624b43bcfe2b808e9fe476e357e457bcea8d477f882cf1f61d414a7c5804841fe5f4c655c7fe44490a6a0bafccc8fbc7c14aec3b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f5175cfb80520803c33dc638eee4f8ef

SHA1
ecf7e5dd31748da9fce960ee1c7ef32bca974d96

SHA256
43ea182366fb90bb1343660ce49efc4f8e0a218d512651a3eb0498f7a884dbeb

SHA512
cdc7239b6c5f17a18760cd2a641e2b95be4df703edf8113b0f25092bdd3940cc80d89fa51b5e3f60533dc3fbb073dd86af1b38c213b07f4bf28fa93678305cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
915df162254d1ce68c83527bb8dd0d07

SHA1
a6849275c891f5ab78db721482a22b2b509a5d9a

SHA256
3b6a82e14b4d84b3d3cf7d2689259a00ecfdb98a4b38b6d9fc210032888a2357

SHA512
5286d8301dc237e0873688fdfaa04d61a84f349c9a95d26d1e468d27aeed167d70080761d9f495df1e97c550089ebf44a8c74c2067fee19ae74b74097cfff124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8e0aaaf2cbc46c6b431b9ea1988719d2

SHA1
99932e9b408bcc43b7d9b6c1b4445cee40a48cfe

SHA256
0b15595754a7889f24acccce587da28e9c8e18930f036c8bdce6ee7538be5a05

SHA512
17e52bd11879682a6cbde516b0bcf8044e0b887ad6e540dd932dd5bef989bde7e7e3ed6e2a71cd9eda5e031e6b2c9569e41558f14ff644ff39cf63cdb87486d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b935563dc6b920acea3e167b12b7fa17

SHA1
3ef859b802ee5bea3dbf7bc3afe8888526737f50

SHA256
a72802dc91d6c0f128bbc54b710f59f9835b1204630d8890fe9bb217742c3633

SHA512
3e0b7ff6f364c4df74ae8039be67cb8e768f1f233537cf1c8b6a22c618939676296c84e018db3ebfdc37fba5f2e27f52aa44cb25dddf7bd666229ad923a4d683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
305f1ec8333da5347a876d2ad7956e70

SHA1
33735a4b75f44460aa7e33771288bcde8e195a1d

SHA256
8fb4178ec02107a9aa100ebebed1c734143e5feeed65c70bf67b9f5560e3a5b0

SHA512
cba5f1d827db4e313dff37aabb54012b7c65a05305ff84777f007e113231d88d28f76fd1b61418bfc8b4f4484270b808d608b9a20c52cab225c7c485ab71d221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
433c916945104d676ed1e02ec59d9d01

SHA1
ffa774e72830e07ad86c9f53871473dadaf64d3b

SHA256
a0ac5e19a5d8ac4e18785efb431ab0d7467bf802849d1d25144cd54b717f4658

SHA512
7757bcfb7a7ecb18cab0e0dea564d7dc041ddce71ded47c184426018d470c1fcee156562caca9bf87e4d8411533eda765aa70e5cea97b7d44e8f145dd9ef4708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8c5707087415856b1e54a942f5555354

SHA1
73e1e9b068ca3c79bbd8fc7f2feeb1c1a4b5236a

SHA256
2ccba7d2fb3e0f86e7aafdcc757bf544d2218072cab1297dc15f8c8ec5ff8298

SHA512
395267cc90b75fcd82adbd2fd1dcd15747a9ae96f6519c9af1e4a1b57266b0da5f2274c447a8b5259157855d4a41e02d5f538c490ca0d4ffc54ec5357940b894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
4ee853d2f7eb4f474d97725da9f2698f

SHA1
0f6af87059729722de099f26d458b2ddc0466300

SHA256
b6a45174c16d6da611ff0be69a58b3249e6f12d96d89932ed7b04fec57e766e0

SHA512
85da0aa134a99bbccd8c702da33027e7fce6c6d903e2d88fc4ac7d96f79715ad17b7e5fe10b1674e1b64231e031e03467c1ddb61cabbe8f07dccb109b0ed94b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8c73c09708444f55b1b1686e11c8cdd8

SHA1
a2a1af2a759e35486e2b36a2c4d85a69221bd5d2

SHA256
d24d327c0d9580ad4831f7ea7cfbe489b55df50a6d915184cf0aca598d847691

SHA512
0d060c0ccf71675afd36ca2660c5ba3c31e9064f4c33840e957ffae8674bbeec6320393391ac53b0295daa1177d41bd209b21cf6298c06842ce71a9d16c456cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
62a104c8cb62c484180c431b712e31b1

SHA1
9d0b112f9f470a2838e6ff066f8df4b8c7ee1db1

SHA256
93d035d80380b69de3e705a4db67805359c94ba3013fffdd6e3f090f61f26909

SHA512
16cf526c31a6aa33306576019bbb3309a04cf11c8b7e8c4bc841e7c22ae5accb8d017bfaa6a97212526038eaf3c3464248bacfed75ac54444230ab760f05ac06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3237726ed6cd39a36198d6aa97a000e6

SHA1
99a19386bd243661e10910562610838177048ea4

SHA256
3efd2a2b89fa21d574ca8b486d4825af432eb00fbfbfae0f297c67b3d894b01b

SHA512
29eb6faf6294b807d3a7e88831eafe58003b4ff952b5c20cf49ef0afccd9544a1450f030f695cc1187f2b70cc6c7317ece34e5f52d94f3a057d155f37647d366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a3e8120c6fc7a5ae35ee29663a1995fe

SHA1
4ce84c98c069d26939bc03c5fa0bcb12a2042736

SHA256
f5ffe5db5549594dadd870260feaee23ebd3d648b740252ff8a120ae3dda6a58

SHA512
f05c87f0da327b19679786b65de2e5354136f173b2e2ee38a33ec8d44b99e76633e8780caa4e60d89aff9f03262963b2e49287f27cceefba905faadb270f0014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ae0d783d298e3016db9f2372adde2244

SHA1
49153610f0de7452dc977874c1a85d2be1109575

SHA256
be6d4f58267817e8ca2fecb2211b66f86b48317df5a9ceb1e95abdf533abc702

SHA512
40f96dedf1e063129741a31891d2a6a789d86a49abe86a1161e547ae50a3c072235df7f24dbb6bb336e7443c4f9757c4072e1918baf12205a1939726c5c5b306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
adc6e55210e552751a7b27af959b23fd

SHA1
ee5426912bbea8fb508315fce0f9e2678f92b8ba

SHA256
a6962da9d7ea66b4a77674fbe16960b25e643f9879940804c11a85e3dd5e5655

SHA512
2608c35a01634e1f20ac16869222a5d03c3bed7d04d0610218bd7cf44823d75ede372d0b7bf5953e581383684fa7d3e13ce4e997b6ae5640dc197909d102a80b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
85456723051f07bbdd1c7c0fbceef3c8

SHA1
fbb1c0c2c63b66b5589ee2d299e1c0bae9fcfef7

SHA256
4973e312c70169826f2af5baeef348c5b7a1e619c6a5c52f71c8153f81b9471f

SHA512
a2e28016c74880c5e6b77dfea2088f2e925d32ee07962d803413822d2d6f90f036c3b462c332fbab4acc4663050408451cc9a52557a795d6423e31f7ed05e79e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
77d59bf5f4cd7af98d954c6c0de14d81

SHA1
b3b55b300ea902c3274adc5ffbcdfa38773198f0

SHA256
5d5e5d5a4901a75c6c8d473c26fe21746b1d246093fc3fb370bbe9d805f505fe

SHA512
6fe0696b597763d2a74d6b16aa03b13720c1e8bb8ae319c65c7d5e45b3889623b7d59084594077cb8f9a26b464adc3ee8d3fa0f0040cb690fe000c70371dc309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f6f0e66148c0a8ed0a32b653ad6e8b88

SHA1
ee1a8321c2c90dabf1fde519ba3255570a888646

SHA256
2d9b3a2495e65843766b264e5fcba1ae7db09c2896cdb1a55aeff30aeabf76e7

SHA512
dcabe77e7586064c3d67a6ea164cda829bae098f0afefa9b2a8fcc04c88d1fc01a609a70c2523c19ac3131fe694c09d79e50d3c846576cfb21130a86e491bb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
124b1a9fb59b42d2a731de491f16cd1f

SHA1
3ed7d7647ffedb0fcca26e50f0c1d7d08ac184c3

SHA256
24295e982aa612b8c21084490191e4f2e384cb54e2b0b4e41325b10bcadbe284

SHA512
b9c1283d0d7d1bb49bfd27109da8fee3a4033e9a47aced377ab5313ca01816427c45af6a08ece2ca232730716ddc7e95e4aba1d29c1d644640bc5da2c226ba45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5b70cfa47680aaa3fad29b4ebc439115

SHA1
810267397369ea7fd3c3e5793c0c129191dec8b0

SHA256
34d0cbf7b5d7640c6e74d4504a19eb65358f38719dbeb24f7b239a321b3f892c

SHA512
632f0da2dfc7f3a49fc9a6f30f4328bf08d37f5184db4d4999b33befcdf1a7100efd2fc41a987055bfb0cd29d365201bee7097a4d745edd9f4e215fa952e699c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
4012fccd2b6145b5795bcb9609922648

SHA1
e68021a0552fdfac7261920114df6185c35c6b6b

SHA256
e999d7c4dead47a85fe476ae403266e1e51f961de8b699c1988e2a10a151be0a

SHA512
54b1fa23bfa6bb4b924a5090b255771134f5b0028ea1182941a942e2bba39274123edaed7a1b9a5650e2fca8a0d696039ee72f8758a1ddd4debe142c072ce65b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
47bf7c3103cfdd7deeb9e2fd231e6f8c

SHA1
98a076f8521d0f6c03608924b0deb2a0473d721c

SHA256
66f3438a15b63841f391a75cde0323b54949bd0d9da90ca777da2e5109d6c69a

SHA512
8e4882fe6675bd9e93f1682651ca8b27ed18a515c4dd49c57ca03c4d9d8792e98502adb20e48d925858e0e422c0172878d30f61cb0c46b73ee0e18382e3f1615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
d8cf8f8447737edd2f6ae7821d6015ca

SHA1
797514403a5c2387342e54d59cb1adaaa7b9a6d9

SHA256
f9de8bed1b16c2ca77813216c6c3d0b7a43df8bc2db9ce339465495a15ea3182

SHA512
16327fb2078447db4ae071885ef150e8373282dfe5d7c2114a6262b8f8213a3242d754354ab472aa36cd24549986a12fae8bf04c196457d15d62e7b59df1cbd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
41151a7eb0cf7da197f68a0216ad291d

SHA1
89f3d25f0ee17a9034586e23765763cbe9654aab

SHA256
69555e989e9870746bf18010a39b4030c7a3f8c95e1f32c5c28c9695727ad025

SHA512
825c72bf1020e5ec7856a16d8743639b287a494b292bb08010e15986078467d4ed5e2bcc10d55a98b65f7a267eec8df0cb3927a54c1358d133558bfa286cea5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ae8.TMP

Filesize
1KB

MD5
ee06a331bd5b9ee942e45199860c5829

SHA1
3c83de5173e1ace51e00be76f2cebeaf13162795

SHA256
afb7358af96c9d01701aa056eb85b738c5ad937fa128e7b7086201249820e9c6

SHA512
d26e7a70c1d374f618908ab74750d1e8387831e9bd5467c0345557e1d01a49c11af5273accaf18dee072804361d4b0f83753b9cfc080638488bc46e661618ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b034d8b3d719ca25ac2ba618015f5551

SHA1
c7aa902d09a14d9f45f7f610c9dbfe39456e7dcc

SHA256
f987e0f569b49036b3b9727560e3dcd022a3c3863f8b76f682a1977d2e7a5d61

SHA512
b82f22f6ef36be086223516dbc6be01baeaaef3925be2bae9531bc1a5d779a297f4d0e195de4caa66658a0351382ba605f9ec97e0aba15a97b705884d9c4ace6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f7f94fb4395b31c7fa9e4539238f4f2c

SHA1
df1506913029cbe52d1bd4b26c64741fb6eea89f

SHA256
20be29f397cfd01b5e0ca70730ba5af8d18f1eb1f3b974c09e1dfc416dfab229

SHA512
f47f4d873692283f8ec85cf2cc0e3079248c4f2fdc0d362e71eb42befacc3af715b652bc3963353872df79bd5bbfbdee53b4f8ff69274be2a883e27fa5de369b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b51cade9cf0e6968c3e3f717436da0f6

SHA1
7a9abc87a2b8d44e26b01e12ef435c7a8c7bbfcc

SHA256
6cb23cbc1d3be3400e561ce11d6f72364de99d36ec080b599c4225eae8529dac

SHA512
b5b12d365e47ddd8a52d3952a2f7e4d8c8fefe8b365c4c2fe3c7faf099859c9ab5366bac6c150bb8068663bdf02c39957c4bff82ad87b3412d69140e1fc572d3

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\3fb493bf3ab76f597b24810fd5e185e5

Filesize
6.8MB

MD5
3fb493bf3ab76f597b24810fd5e185e5

SHA1
b3742bd78ebc8b1fa63b5eca5cb55328d314f3a3

SHA256
807ef8eeb330f5fe80911f7767e045869f8d2400988ae9db8340cd419afe0e77

SHA512
855cf2816ae00f6adc717073b0b87eb2f586db719fde3a07345967b8014b0efe5337867954ec454e908ffe9b20ac2e02eb1043da478bbcba06c5463fab7a00bb

Download Submit
C:\Users\Admin\AppData\Local\Roblox\logs\cacert.pem

Filesize
226KB

MD5
c656d325f5df1991584f0bb00a27902f

SHA1
80713b343427211dbe8932ca6f642452c20ce7a6

SHA256
98ecaf8da767ccb2870dd30a5e7334d2f45702a3a33ec8b4286e6ae88b720eb8

SHA512
f7fe201f971410a15b44577123f3c3ff7982371aae9adaf2c52778ab08ac663ac0306878a665be3242662cc873cb0917b1eee3f75e45ad789d4b84474187bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
6.5MB

MD5
bfbd6cc26087166af3a64398260ead58

SHA1
c50f08bffce2a709dee9af3ae6b96bb482abd4f9

SHA256
95c5f519a5f729ec1205f9f1c69b3e370e468ed5d1c7675502a9c9ef227509c9

SHA512
c23683291b4b0e0f555fd715ba6e685faa5a952df95c70df69010e2f6c9f0fd7f593f030fab068207ff97583e049b52674e85bd41fc5901f817b4ec080d945e3

Download Submit
memory/2604-2758-0x0000000007070000-0x00000000070B0000-memory.dmp

Filesize
256KB

Download
memory/3120-3038-0x0000000000710000-0x0000000000745000-memory.dmp

Filesize
212KB

Download
memory/3120-3039-0x0000000072F40000-0x0000000073150000-memory.dmp

Filesize
2.1MB

Download
memory/3120-3110-0x0000000072F40000-0x0000000073150000-memory.dmp

Filesize
2.1MB

Download
memory/3120-3160-0x0000000000710000-0x0000000000745000-memory.dmp

Filesize
212KB

Download
memory/3816-3203-0x00007FF92ABE0000-0x00007FF92ABEB000-memory.dmp

Filesize
44KB

Download
memory/3816-3202-0x00007FF92ABE0000-0x00007FF92ABEB000-memory.dmp

Filesize
44KB

Download
memory/3816-3174-0x00007FF92B2C0000-0x00007FF92B2C5000-memory.dmp

Filesize
20KB

Download
memory/3816-3171-0x00007FF92B230000-0x00007FF92B260000-memory.dmp

Filesize
192KB

Download
memory/3816-3172-0x00007FF92B230000-0x00007FF92B260000-memory.dmp

Filesize
192KB

Download
memory/3816-3183-0x00007FF9298A0000-0x00007FF9298B0000-memory.dmp

Filesize
64KB

Download
memory/3816-3182-0x00007FF9298A0000-0x00007FF9298B0000-memory.dmp

Filesize
64KB

Download
memory/3816-3181-0x00007FF9298A0000-0x00007FF9298B0000-memory.dmp

Filesize
64KB

Download
memory/3816-3180-0x00007FF9298A0000-0x00007FF9298B0000-memory.dmp

Filesize
64KB

Download
memory/3816-3179-0x00007FF9298A0000-0x00007FF9298B0000-memory.dmp

Filesize
64KB

Download
memory/3816-3184-0x00007FF928BD0000-0x00007FF928BE0000-memory.dmp

Filesize
64KB

Download
memory/3816-3189-0x00007FF928E50000-0x00007FF928E80000-memory.dmp

Filesize
192KB

Download
memory/3816-3185-0x00007FF928BD0000-0x00007FF928BE0000-memory.dmp

Filesize
64KB

Download
memory/3816-3186-0x00007FF928CE0000-0x00007FF928CF0000-memory.dmp

Filesize
64KB

Download
memory/3816-3193-0x00007FF92A970000-0x00007FF92A980000-memory.dmp

Filesize
64KB

Download
memory/3816-3194-0x00007FF92A970000-0x00007FF92A980000-memory.dmp

Filesize
64KB

Download
memory/3816-3195-0x00007FF92AA20000-0x00007FF92AA2E000-memory.dmp

Filesize
56KB

Download
memory/3816-3196-0x00007FF92AA20000-0x00007FF92AA2E000-memory.dmp

Filesize
56KB

Download
memory/3816-3197-0x00007FF92AA20000-0x00007FF92AA2E000-memory.dmp

Filesize
56KB

Download
memory/3816-3198-0x00007FF92AA20000-0x00007FF92AA2E000-memory.dmp

Filesize
56KB

Download
memory/3816-3199-0x00007FF92AA20000-0x00007FF92AA2E000-memory.dmp

Filesize
56KB

Download
memory/3816-3200-0x00007FF92ABC0000-0x00007FF92ABD0000-memory.dmp

Filesize
64KB

Download
memory/3816-3201-0x00007FF92ABC0000-0x00007FF92ABD0000-memory.dmp

Filesize
64KB

Download
memory/3816-3173-0x00007FF92B230000-0x00007FF92B260000-memory.dmp

Filesize
192KB

Download
memory/3816-3178-0x00007FF929880000-0x00007FF929890000-memory.dmp

Filesize
64KB

Download
memory/3816-3204-0x00007FF92ABE0000-0x00007FF92ABEB000-memory.dmp

Filesize
44KB

Download
memory/3816-3207-0x00007FF928A70000-0x00007FF928A80000-memory.dmp

Filesize
64KB

Download
memory/3816-3208-0x00007FF928A70000-0x00007FF928A80000-memory.dmp

Filesize
64KB

Download
memory/3816-3209-0x00007FF928B70000-0x00007FF928B80000-memory.dmp

Filesize
64KB

Download
memory/3816-3210-0x00007FF928B70000-0x00007FF928B80000-memory.dmp

Filesize
64KB

Download
memory/3816-3206-0x00007FF92ABE0000-0x00007FF92ABEB000-memory.dmp

Filesize
44KB

Download
memory/3816-3205-0x00007FF92ABE0000-0x00007FF92ABEB000-memory.dmp

Filesize
44KB

Download
memory/3816-3187-0x00007FF928CE0000-0x00007FF928CF0000-memory.dmp

Filesize
64KB

Download
memory/3816-3190-0x00007FF928E50000-0x00007FF928E80000-memory.dmp

Filesize
192KB

Download
memory/3816-3191-0x00007FF928E50000-0x00007FF928E80000-memory.dmp

Filesize
192KB

Download
memory/3816-3192-0x00007FF928E50000-0x00007FF928E80000-memory.dmp

Filesize
192KB

Download
memory/3816-3188-0x00007FF928E50000-0x00007FF928E80000-memory.dmp

Filesize
192KB

Download
memory/3816-3165-0x00007FF92B0D0000-0x00007FF92B0E0000-memory.dmp

Filesize
64KB

Download
memory/3816-3166-0x00007FF92B0D0000-0x00007FF92B0E0000-memory.dmp

Filesize
64KB

Download
memory/3816-3167-0x00007FF92B1E0000-0x00007FF92B1F0000-memory.dmp

Filesize
64KB

Download
memory/3816-3168-0x00007FF92B1E0000-0x00007FF92B1F0000-memory.dmp

Filesize
64KB

Download
memory/3816-3169-0x00007FF92B230000-0x00007FF92B260000-memory.dmp

Filesize
192KB

Download
memory/3816-3170-0x00007FF92B230000-0x00007FF92B260000-memory.dmp

Filesize
192KB

Download
memory/3816-3175-0x00007FF9297F0000-0x00007FF929800000-memory.dmp

Filesize
64KB

Download
memory/3816-3176-0x00007FF9297F0000-0x00007FF929800000-memory.dmp

Filesize
64KB

Download
memory/3816-3177-0x00007FF929880000-0x00007FF929890000-memory.dmp

Filesize
64KB

Download