hxxps://roblox[.]com

Analysis

max time kernel
587s
max time network
593s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 18:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.com

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	setup.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 21 IoCs

pid	Process
5072	RobloxPlayerInstaller.exe
1688	RobloxPlayerInstaller.exe
2476	MicrosoftEdgeWebview2Setup.exe
1792	MicrosoftEdgeUpdate.exe
3248	MicrosoftEdgeUpdate.exe
2920	MicrosoftEdgeUpdate.exe
1680	MicrosoftEdgeUpdateComRegisterShell64.exe
3536	MicrosoftEdgeUpdateComRegisterShell64.exe
4836	MicrosoftEdgeUpdateComRegisterShell64.exe
4220	MicrosoftEdgeUpdate.exe
4216	MicrosoftEdgeUpdate.exe
2412	MicrosoftEdgeUpdate.exe
1360	MicrosoftEdgeUpdate.exe
1764	MicrosoftEdge_X64_129.0.2792.79.exe
4728	setup.exe
2208	setup.exe
3324	MicrosoftEdgeUpdate.exe
1064	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe

Loads dropped DLL 20 IoCs

pid	Process
1792	MicrosoftEdgeUpdate.exe
3248	MicrosoftEdgeUpdate.exe
2920	MicrosoftEdgeUpdate.exe
1680	MicrosoftEdgeUpdateComRegisterShell64.exe
2920	MicrosoftEdgeUpdate.exe
3536	MicrosoftEdgeUpdateComRegisterShell64.exe
2920	MicrosoftEdgeUpdate.exe
4836	MicrosoftEdgeUpdateComRegisterShell64.exe
2920	MicrosoftEdgeUpdate.exe
4220	MicrosoftEdgeUpdate.exe
4216	MicrosoftEdgeUpdate.exe
2412	MicrosoftEdgeUpdate.exe
2412	MicrosoftEdgeUpdate.exe
4216	MicrosoftEdgeUpdate.exe
1360	MicrosoftEdgeUpdate.exe
3324	MicrosoftEdgeUpdate.exe
1064	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Checks system information in the registry 2 TTPs 10 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs

pid	Process
1064	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1064	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\VR\edgeBlur.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\avatar\defaultPants.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ControlsEmulator\PlayStation4_Light.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaApp\ExternalSite\facebook.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\StudioToolbox\AssetConfig\offsale.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_ug.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\Icon_Stream_Off.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\StudioToolbox\ScrollBarTop.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Locales\da.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\GameSettings\ScrollBarMiddle_Wide.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\AvatarExperience\glowLight.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\129.0.2792.79\MicrosoftEdge_X64_129.0.2792.79.exe	MicrosoftEdgeUpdate.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\AnimationEditor\button_search.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\VoiceChat\Misc\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Locales\ru.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\icon_friendrequestrecieved-16.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\VoiceChat\Misc\UnmuteAll.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Controls\DefaultController\DPadUp.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\StudioSharedUI\packages.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\PlatformContent\pc\textures\water\normal_13.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\StudioToolbox\ToolboxIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Emotes\Large\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.79\Locales\zh-CN.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\AvatarImporter\img_dark_custom.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\Cursors\Gamepad\PointerOver.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\LoadingScreen\LoadingSpinner.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\VoiceChat\MicDark\Connecting.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.79\msedge_200_percent.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Controls\DesignSystem\ButtonL1.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\identity_proxy\win10\identity_helper.Sparse.Beta.msix	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\AnimationEditor\img_triangle.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\StudioToolbox\AssetConfig\CenterPlus.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\MaterialGenerator\Materials\SmoothPlastic.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\StudioToolbox\AssetConfig\selected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\configs\DateTimeLocaleConfigs\en-ca.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\GameSettings\CheckedBoxDark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\MaterialFramework\PlasticWithBorder.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\LayeredClothingEditor\LayeredClothingEditorIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\StartPage\CityImages.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\VR\buttonBackground.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaApp\category\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\textures\ui\LuaChat\9-slice\chat-bubble-self.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\identity_helper.exe	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\avatar\unification\PhysicsReference.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\models\LivePackages\.placeholder	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\StudioSharedUI\alert_error_withbg.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Settings\MenuBarAssets\MenuButtonSelected.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.79\Locales\sr-Latn-RS.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\DevConsole\Close.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\R15Migrator\Icon_CheckmarkOutline.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\VisualElements\SmallLogo.png	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\fonts\families\LegacyArimo.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_2x_4.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\identity_proxy\beta.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4220	MicrosoftEdgeUpdate.exe
1360	MicrosoftEdgeUpdate.exe
3324	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 43 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725391584353181"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\ = "Google Update Policy Status Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LOCALSERVER32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{30555D04-4579-4214-8A71-FE2D0542640E}	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\""	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ = "IAppWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\CLSID\ = "{B5977F34-9264-4AC3-9B31-1224827FF6E8}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17"	MicrosoftEdgeUpdateComRegisterShell64.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
1476	chrome.exe
5072	RobloxPlayerInstaller.exe
5072	RobloxPlayerInstaller.exe
1792	MicrosoftEdgeUpdate.exe
1792	MicrosoftEdgeUpdate.exe
1792	MicrosoftEdgeUpdate.exe
1792	MicrosoftEdgeUpdate.exe
1792	MicrosoftEdgeUpdate.exe
1792	MicrosoftEdgeUpdate.exe
1064	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of UnmapMainImage 4 IoCs

pid	Process
1064	RobloxPlayerBeta.exe
1688	RobloxPlayerBeta.exe
2388	RobloxPlayerBeta.exe
1392	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 2932	4068	chrome.exe	82
PID 4068 wrote to memory of 2932	4068	chrome.exe	82
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 3192	4068	chrome.exe	83
PID 4068 wrote to memory of 4380	4068	chrome.exe	84
PID 4068 wrote to memory of 4380	4068	chrome.exe	84
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85
PID 4068 wrote to memory of 624	4068	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://roblox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaa33dcc40,0x7ffaa33dcc4c,0x7ffaa33dcc58
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4368,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5040,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5056,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5160,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5528,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4600,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5004,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3760 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5648,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5720,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:4508
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5072
- - C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:2476
  - - C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:1792
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3248
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2920
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1680
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3536
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4836
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTJDMzFDM0UtMTNEQS00QUEyLTkyNzUtOEExNUJEMTBEQ0VDfSIgdXNlcmlkPSJ7MDMzNjlEMTQtM0ZBMy00MjdBLTk2MkItQTRGRjc1QkUwNjdFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGNUQzNzJGRS1ENUZCLTQxNzUtQkEzOS01NDE3OTFFQjVGQzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0Ny4zNyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg3NTYwMDMyNTMiIGluc3RhbGxfdGltZV9tcz0iNTc2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:4220
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{12C31C3E-13DA-4AA2-9275-8A15BD10DCEC}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4216
- - C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 5072
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:1064
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5900,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1448 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:ijkEIEAjiZUxK6tr_Xevpfz59GmIE6VopRClBqdZuBdfjEsfpDmP_TxpI90UjTip81SFQLWOa7dw72v5lNc2PLu6CnwJgy-wf9NhpLxyyfydnnlSg0aCbJc6K4flMDpApGUb227jGohzvIg5fUFLc0t3fz3hrV5uxijlGmCKOZ-4sOzsZhg--yOv9KYmDlFjPcV82zFcASdo7EFAq1OiH8bZYmOgg6zserSaM90hrHo+launchtime:1728066093571+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1728065554826006%26placeId%3D142823291%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D1d0bb37d-8a5b-4d9f-af0d-f4dae8dc8f5f%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1728065554826006+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5884,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1452 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:iaQpX0mxjsAh3yYffviRjc2o2qgGTvO1JLdXM1DDSRlo7GxkfDGtYHl45mdjmoRIOCXSg_Hv9URcl6MiFOwNr-iSQZwsDdvrC79U4Rp4SlUkHRvJIU4zO8aseoLZZl0F-0x9sTQgw0o0AvumycGsQx5RrRZZjP_YOmaDowo9UFKyGq3eyD49_gTWE5IKWCFBaFx1ELs-NIjyVEkQ1d6GwKvKdW7PFIExM0yoMwFw394+launchtime:1728066109945+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1728065554826006%26placeId%3D142823291%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Db1ebf3d7-e503-4dee-9b95-2ba48c268b63%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1728065554826006+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=1448,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:Gb1ENbiAOizf04BfaIwkAM4IgGggEWO4sgIEkCtZWPF2zuTpp8fNmTVaQoDJynuLT8v-PUV4mDtJWlm7ootgowHXanHLbkKl-hul0UXAbIQXm-6ttOGh9mHAHVDhcL8R300AIUMMqB9--FohkrQJAaEmOaf6ytU1Zsgezouy8KrIhJdT-sDzQ4KwhN1HJEXuC1yJ3HxCSp3tsjUYpHTkhosrEGWI9hjEkoDc_8xNhFE+launchtime:1728066123520+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1728065554826006%26placeId%3D142823291%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D40e5d9cb-3b8b-4529-a342-a0c3d3959314%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1728065554826006+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5972,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6004,i,13280143089966881281,2392510294199380912,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4432

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2476

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2412
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTJDMzFDM0UtMTNEQS00QUEyLTkyNzUtOEExNUJEMTBEQ0VDfSIgdXNlcmlkPSJ7MDMzNjlEMTQtM0ZBMy00MjdBLTk2MkItQTRGRjc1QkUwNjdFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyOUI2RkI3RS1CRjgzLTRDRTctQTI5Qy02MzBCMzc3NTY2OUR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg3NjEzNTM0ODUiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1360
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{943A38A4-9CDF-4990-986A-7901A7F095BD}\MicrosoftEdge_X64_129.0.2792.79.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{943A38A4-9CDF-4990-986A-7901A7F095BD}\MicrosoftEdge_X64_129.0.2792.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:1764
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{943A38A4-9CDF-4990-986A-7901A7F095BD}\EDGEMITMP_0A497.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{943A38A4-9CDF-4990-986A-7901A7F095BD}\EDGEMITMP_0A497.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{943A38A4-9CDF-4990-986A-7901A7F095BD}\MicrosoftEdge_X64_129.0.2792.79.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:4728
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{943A38A4-9CDF-4990-986A-7901A7F095BD}\EDGEMITMP_0A497.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{943A38A4-9CDF-4990-986A-7901A7F095BD}\EDGEMITMP_0A497.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.90 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{943A38A4-9CDF-4990-986A-7901A7F095BD}\EDGEMITMP_0A497.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.79 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6364776f0,0x7ff6364776fc,0x7ff636477708
      4⤵
      Executes dropped EXE
      PID:2208
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTJDMzFDM0UtMTNEQS00QUEyLTkyNzUtOEExNUJEMTBEQ0VDfSIgdXNlcmlkPSJ7MDMzNjlEMTQtM0ZBMy00MjdBLTk2MkItQTRGRjc1QkUwNjdFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3RTlGNkY3Ny0zMzc4LTQzNkEtQTQ5Ri1GQzA2MDdEQ0ExNUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI5LjAuMjc5Mi43OSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODc3MjA4MzMxNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg3NzIxODMzMjIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MTM1ODIzMjc4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8zM2YzMDY1OC02NDYzLTQxNTUtODg2OS1jOGY5NmJiMjE0NzU_UDE9MTcyODY3MDc1OCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1YbjZVbEpEMGxCTDhyaWNvS0NOaDlzZVBuMm93NzRKRTRGZ2d6MG1SS3pDMnUlMmZuJTJmRENRR2o3T0dLU3hNMGZJak4wcnJsdVVwWVJYTyUyYnR3MCUyZmhVeGpBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczOTU1NjY0IiB0b3RhbD0iMTczOTU1NjY0IiBkb3dubG9hZF90aW1lX21zPSIyOTgzMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkxMzU5MDMyNzQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MTUwNTUzMjQxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NzgxMjgzNDAyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNjMxIiBkb3dubG9hZF90aW1lX21zPSIzNjM2NyIgZG93bmxvYWRlZD0iMTczOTU1NjY0IiB0b3RhbD0iMTczOTU1NjY0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MzA2MSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.79\Installer\setup.exe

Filesize
6.6MB

MD5
5366d353cfe8a8f4ff9b4b8fc5ce1e3c

SHA1
4262b83fbfd1c4a4647fbd3a0af85eca81f3d338

SHA256
dae41fa913389c700bd64b071bff7cb827c666cd95cbf106ae47daea2438a3c7

SHA512
60a16a0866e0574aea9640927c2be205c8b32894cb4e3e76738cd3169a45af97aa00ff31b66a90813c04c43f4e71282319af2a5bb25c4cb602f14a884dbd6eea

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
28fefc59008ef0325682a0611f8dba70

SHA1
f528803c731c11d8d92c5660cb4125c26bb75265

SHA256
55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

SHA512
2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
9db7f66f9dc417ebba021bc45af5d34b

SHA1
6815318b05019f521d65f6046cf340ad88e40971

SHA256
e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

SHA512
943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
b78cba3088ecdc571412955742ea560b

SHA1
bc04cf9014cec5b9f240235b5ff0f29dbdb22926

SHA256
f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

SHA512
04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
a7e1f4f482522a647311735699bec186

SHA1
3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

SHA256
e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

SHA512
22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
cbe3454843ce2f36201460e316af1404

SHA1
0883394c28cb60be8276cb690496318fcabea424

SHA256
c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

SHA512
f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
d45f2d476ed78fa3e30f16e11c1c61ea

SHA1
8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

SHA256
acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

SHA512
2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
7c66526dc65de144f3444556c3dba7b8

SHA1
6721a1f45ac779e82eecc9a584bcf4bcee365940

SHA256
e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

SHA512
dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
b534e068001e8729faf212ad3c0da16c

SHA1
999fa33c5ea856d305cc359c18ea8e994a83f7a9

SHA256
445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511

SHA512
e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
64c47a66830992f0bdfd05036a290498

SHA1
88b1b8faa511ee9f4a0e944a0289db48a8680640

SHA256
a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961

SHA512
426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_ga.dll

Filesize
28KB

MD5
3b8a5301c4cf21b439953c97bd3c441c

SHA1
8a7b48bb3d75279de5f5eb88b5a83437c9a2014a

SHA256
abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0

SHA512
068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
c90f33303c5bd706776e90c12aefabee

SHA1
1965550fe34b68ea37a24c8708eef1a0d561fb11

SHA256
e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c

SHA512
b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_gl.dll

Filesize
28KB

MD5
84a1cea9a31be831155aa1e12518e446

SHA1
670f4edd4dc8df97af8925f56241375757afb3da

SHA256
e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57

SHA512
5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_gu.dll

Filesize
28KB

MD5
f9646357cf6ce93d7ba9cfb3fa362928

SHA1
a072cc350ea8ea6d8a01af335691057132b04025

SHA256
838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150

SHA512
654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_hi.dll

Filesize
28KB

MD5
34cbaeb5ec7984362a3dabe5c14a08ec

SHA1
d88ec7ac1997b7355e81226444ec4740b69670d7

SHA256
024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9

SHA512
008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
0b475965c311203bf3a592be2f5d5e00

SHA1
b5ff1957c0903a93737666dee0920b1043ddaf70

SHA256
65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0

SHA512
bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_hu.dll

Filesize
29KB

MD5
f4976c580ba37fc9079693ebf5234fea

SHA1
7326d2aa8f6109084728323d44a7fb975fc1ed3f

SHA256
b16755fdbcc796ef4eb937759fe2c3518c694f5d186970d55a5a5e5d906cb791

SHA512
e43636d8c947e981258e649712ad43f37c1aab01916539b93c082959fb5c6764c9c44979650092202839e812e6f252c6c3eaf66d3d195c1efd39c74c81ad1981

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_id.dll

Filesize
27KB

MD5
03d4c35b188204f62fc1c46320e80802

SHA1
07efb737c8b072f71b3892b807df8c895b20868c

SHA256
192585d7f4a8a0cd95e338863c14233cdd8150f9f6f7dd8a405da0670110ee95

SHA512
7e67ea953ea58ff43e049ce519ae077eec631325604896479526627d688f2fa3bfc855a55ac23a76b1c9ef8cd75274265b8238423b95a2437be7250db0db31b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_is.dll

Filesize
28KB

MD5
5664c7a059ceb096d4cdaae6e2b96b8f

SHA1
bf0095cd7470bf4d7c9566ba0fd3b75c8b9e57ec

SHA256
a3a2947064267d17474c168d3189b0d372e36e53bf0efb9c228d314fc802d98e

SHA512
015dcb17b297a0aaad41c7b0b2199187e435855fd3977d16402be774622cc4f6b55d04ba9159a89e26e350c5602928c76dd9386be3974437b41888a0cfdddfa8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EUA923.tmp\msedgeupdateres_it.dll

Filesize
30KB

MD5
497ca0a8950ae5c8c31c46eb91819f58

SHA1
01e7e61c04de64d2df73322c22208a87d6331fc8

SHA256
abe2360a585b6671ec3a69d14077b43ae8f9e92b6077b80a147dfe36792bb1b7

SHA512
070398af980f193ff90b4afaecb3822534ef3171eca7228bce395af11ca38364bc47cab7df1e71187ef291f90978bdc37a8611d2992b1800cd1de6aa7fda09d9

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
6.5MB

MD5
0db5eb659537a9f91c9cdb7bf4f45a3f

SHA1
5cea27e9f413f9a43c9d5a38bb7e8fa657535332

SHA256
9d5973fdb8c0d8be42a77dd47d98f7e0ec5c300edbf093956704ab368f856ea2

SHA512
92f672db5e6a4d3eb6f06a226ac6e996d8ba4584f03a44abbb935f634881d603b2b4da1a4e4672f977139b99a0a09ea6183f54a48eb0dbea295ddca95b8d7ff0

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-d2bde6b0a05e4840\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
0bdadb7e4ab01d80f5310feb76bf887a

SHA1
0cedce05dd05f687bbc32fe7955d63e10ed178a3

SHA256
02922204829cd61afc3f66cb0bcd00649edcdb30cd12523e33b147ce2bbcd4a0

SHA512
42b76ac7845ee6a1dcd0c29156bdc199a08acf0a528c147b805a15471d99500647431200d256654ee29022ebe8f22a115d4c37ea318cfa8f74ef27919d4f5769

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
59KB

MD5
d3f2740b73be10ea3ce0c0d5d2894621

SHA1
cb0d7fa01703107c44e1f6230ff8d711222acd53

SHA256
9d4db8e306b263e3483a8b90586be72118a0db7adb795576baf7660ef4b398a6

SHA512
1d6b4846811e34e0dc25d064d4f251cd690103f85c64715e84b1709ddf24622f183c4df72cff3b472f7059c17814d7e99269ed7fe87a3ea47b0c0f0eec40f133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\23055e15-f4d2-493a-a9d2-36df1387e00e.tmp

Filesize
9KB

MD5
94ad7391c36724da806c9f0537d7f5e3

SHA1
98b12026d292ddc65c8e3dfccc23697a52818f7a

SHA256
20d948b217d32c1851a56c854b7ddd8c16e4f137445f8198e8709584411c20d8

SHA512
e5512f6a4856ac92aae69d4b9ae59b355517410d8bf630779845c725f9dc1a0ba22796a75b1984b1df77c9c3ab6a192b5c1516d019823d01f83b8cf91893ba85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\26878108-2089-4b5c-b305-cb2979d91a48.tmp

Filesize
9KB

MD5
c44bfbc221a65782c933f64267fc7c84

SHA1
509bfd07b3bd88e05e9dfcef092c053b74cf6ade

SHA256
658de87c540c418f0824bec98a0eae3afe4ab10d937d2824a53cce6addc79a2c

SHA512
01c994add2178e52bb8c8642faa299449cbf7b31e3186b428c8577d78b54a985f0f1d20b740a7b5bd80c8e8a48f11b9a49303abe1a03a658a73fc0e2473c9b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f1b740cf999c29eda60982a74b3166af

SHA1
b3f625cd96f00e49c71bd85b568b58af19697430

SHA256
b568e4a31eafed3bcbd6ab8abcbdb89fb23aaeda957902ce1dbda48c07c0394c

SHA512
7c3042710f8df58f83c8cc66c47e9bb0b7cf645d900e36e99792388167cd17137e073d728818cb1847d2221635f6728baa1ede29ec9629db5351333882f7fdcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
e98461411ca89910b58ae78603d217b0

SHA1
c031d63b0c7d1f87c3f9ed9de03b786aaad5511f

SHA256
137e43d48725e5a9fd10ee8542f1417ff95265290bcc5c98881c28e917513dd0

SHA512
7bf80ed5978186680a55d10197cfca0f14c77712d39c8f418001ba07e9e01fc90da5965be320bf1d4886d02bf883f91dd1050bd0643560f20a114ff1838195f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b0c2b25a4047d83945d7103cc6b9fce1

SHA1
71f028e0516c50443c1e54918064a9f84a3a4ee8

SHA256
b37c21c0b2671bd1026e183deb140c50c5863a5ab3fa30c0caae0ae43c789df0

SHA512
2dd1d3989cf2b2beb793f8be7d1c6b8f456b0285dafab39f93f5da04242bdfc190018d423ea72d3582549a28c5a6730cc28dc03a616b8e9f70aafb8d7bdf1834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f438203a3cfa67858e073fb07adb0f50

SHA1
17b7d03884e21a22e63a9276e7b8b0e4aaf00747

SHA256
95e18a3b813a22179015e3f29cad7229abe324a293baa1df9ad5f5d972b67004

SHA512
1fcdcd37224379663532b0a75f679076f5c7d5d24041d1d70f99e1c382155f3443bc8ceecc4c79e084da172745982f6e2ccf2c47d08c1f9b6ba9da4480dd5945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
60f5e7c38541dd214c3fd49d3fe1244f

SHA1
d13383099303b23ef3f8f0325905de0f8a285365

SHA256
ed38bb49c9429e38bd0a592bb9ecf7609a0c9d67431b68cd457f0caf9af9ae36

SHA512
64eb08ed65a5b17aa26a1a570e92c395507e5c7f0a05d625b6e36d787996f993b91b0b09c585c7db32719a5685a9a8eeade042c0db0004367778d149ae91b0c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5cd50b.TMP

Filesize
510B

MD5
1c9a1bc13bb33ba160e1c6b08c11f165

SHA1
6bc929cd6289e97739b4a0dd685494dc50ed575b

SHA256
b4cc3b42983ace87e62474e3f6653d35f2d3735cf22bcf83ed7f7660ead95798

SHA512
8d6e4621072c9de11908ebc7db30c27998c5b52f629a9429cc1d6a6fe0ed4cf5010ab0adbfb1f63321731dfeb17cb0ccf67dae04edf21fa2e6ceeb64d5e6ae05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
11f4b6b0821892853cd4886c5c1d3923

SHA1
41f808f1348c7f79e8b9d9f786e8c3e038add9bc

SHA256
3fdf0840caa6906411baf6de5e2afbb1708ee566b432258c6427d823c9e1be16

SHA512
0522af84b68dde35b95b2a72ae2f7d9270e6b497e519b5af1a86650d6b8ff8ba4d6b5d888cad47ef8897fbc6e7b1c626e832ef5a130a320ca5b174349c7dde48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bca6c710af3068d506d33777f1f3a7c7

SHA1
5a4051c057e21e4de31dd0bb6a032c62dd726504

SHA256
2c1f32ff7087542d59c9974d397d8d679336328a6aa271f8c91c4d11b9938423

SHA512
d1c08433c4bf64af9bb3ece4cfb2f72b9d9785220dc37d94d74411bc2c57990f30032e9df863456286545600de5138ee0ee07b9796b48ae33a066a920ecee6f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
61a63ce13149c940eda05c64fe0e3ab1

SHA1
0932762963aaabb654f582bc608ebd88a2a3cd1b

SHA256
fae4480b3d787e1803d99ab42f63a1cc0bf7f8d1e1cad2742f974d0c18844227

SHA512
870bb7d713d28fa64243a7a45b7411884485f376d6d7a588bb3e58169cf412f4c0883e0b15f3d64525d9a3e66bc3e09286b12594ea1366135aa22844d790cc31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b0c843ae38856a0214ede499c2d01b9d

SHA1
350623275225e6fde07e0dc4caa57c40fe747bee

SHA256
76b295aa912b4847d304abce69f677f0dca8151b8804ed3d8c4dc225e602e169

SHA512
ff7be9fd82f93b9ed21955baeb01ec22c74010f84458e677755fa794d47c3b668efe28028929dbd21a00feef1dbd2f5fcc16350e613857b1f9398ae4a81fc3b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8185d56df8b6ed4df1c41c8c2cdd7a4f

SHA1
f61eeafb42050140e3f50c88a9bb27df1e4c0368

SHA256
8fa12793a842e06aeb3e4cd76809bb6f8dbf4bdfc119d5ec369340e1b111b3c7

SHA512
b31a46fceb1c6df33748cbdd93505f5d548cfeadc441e01bfc7feb77a38ea818f3aaf8dcfd625fa47265484fdd57dc705653642e272c2e8ad4440271cbeef5c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b0de05dacf29128a9211485059f88349

SHA1
027242914ca9ac82c6f63ddea5d1c2597c2b598a

SHA256
02d67e0c995685598b39e631a7d4de771014738634815465dea204b38bea18e2

SHA512
bfd92a5cc209017ad798a6ca9fb266c5a6390ebc5fe5b90be72efa797c2a2b7a3f7f6bfd9f4da0d9cc4e6a97af863b6a7b38936460cae0af425c9aa9a815b773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2f3d9e8d84f9a2ab63a5c96ab074c1d1

SHA1
ce0d2d2741fe2436fc0fb0c6a500c7b14caf9f53

SHA256
06caf160c8b9f9229161bd7d41a5bbbbdf9a04862366acfa376ccd185de3cb49

SHA512
78591fab908d452798c0970594cc3202fede57bcac9e8e86257cd54180af41f28e091300ec2b791dae54baa15af285695045e5557788c8e842d593647c088893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
823d0acad95acd1bec1adfa768685f9c

SHA1
d3d14681920e257536775409b018f1f8bc37d030

SHA256
a5bcdf5d7e0a57a0c85d29f7e79ad475cb274f81cb8729abf7908ee48b6756e6

SHA512
437da226775e7f2009199d044a366580f33413a49ebe68a67ac1e21aad6eee7aec8285b8842984f474c51106d53f9bd23ddc88e9f66442b39bf7e6597036416d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b71ee493eb45f1ea64b521f49042f0dc

SHA1
fad7660cb16db62e5b2d798a84df15a94ae953ca

SHA256
07f185f7f996f3866ed460adb2a0cbe1248c0f137bbda1344b6cc1bbc3546770

SHA512
8d1eecf2506a94bc24ed766a084e41aa6e88c26e8835b8b8c95836357c8cf9d508f5a5ae3bb7566422f34d5fc88c553136e9f794c1293a9d0db41b04e0f5ed6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7d013814e84655a6f108c0b37ebfdac6

SHA1
fd3293712b06141eb55fa7e82f1305866dcab5b9

SHA256
c32ad654e66d5a69e1eccddb26a1eee7f9733c9bb41cb3d8bc9d91f21823386f

SHA512
b6b0e5aeb5e24dd2104387686b830c9b7a5b27edecebe5811401cbf98c0356c421ec9a6c9c98e65fe61d0768d6ee3b0aab4089eee59cce751d9f7dfbc493db23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6cf15cb7efeead4eda7179af03ec73c3

SHA1
5f4f5cf7ac971a2418bc273452c9041271c4b11f

SHA256
8f3e69d4f0cea9f7118c15fbf1f39cc45614f4c4dc693e9cad5f7a1404100a67

SHA512
729545d8e790698fd6ed160b05f6b108c52178dd8a2372de68351d094f8cab2c0301a6c4afc5491a6184c9fe2c3bc0fc7940d37cba91791f3b842bbb12b6d6b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
14b74e25034062c34480915739a7e08b

SHA1
fb09507bdd1ba30711dc98472c539c68ee3b210e

SHA256
28bc807cb96d0061fb2fa01985d8d9bdc32b9feafc911df4066fd5e175b4bd1d

SHA512
09428a0e4a2044ce18b39de29f7f43c43f21837e93925577104775ea6b1a2f6c87cca016bc6e4f734edc4364e01f47d5a7ec333925e0ef2dddc1ccc1097cf72f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
15e878c380727ff5561badf8cc117779

SHA1
2cefb4bbe9cd6c07279d64054504f83bde8f4f51

SHA256
341936bae287a87396cb8e28570baf769ad0a43392f4d79c2e4fdf458d5bbc61

SHA512
166c54b3ab410fe0803f0556a885fccda4ba29f13dbe6c890273dd5c855bef8a7594a803dd9a3a02f59005c1fab1dc30b4d03568ce3f3c73615bc5ec8f12b1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
271b14e820466d071f11afda22a8750f

SHA1
51293013ad3c7f3053bc68ff404e4ee1a12d6c96

SHA256
8e1ec862fb07a99016b010918d19845796ebfb45be91d92bbf956683b907e48c

SHA512
631bbad70d57770e86f6239f6cb62ca4aa21953703f72744537c6d4eab7e1abe17c3a4d930a75632a930ec718116a40abe3cab5a89a879e774bc534c557808d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a10b338f608ddf78ea52c8da3c7c00c5

SHA1
093810eb55e279333fce31d665e85a19d5e46844

SHA256
382b531e05124de245891b7ba61c78fa3f413398ca1324b61dbcc6937ef9d827

SHA512
a5565a5171403948072f452e73940d2b55cd36b0cc3cce5318ccaf1d149f25d83207864a3d2f225a4df5163205ec2777ab7f77471cf610f3279da750f34ff173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9102fd6f721cf68be09c7ab1d989e01a

SHA1
70b77de0cf6838f2ef97abdc6b697d60b4dfc019

SHA256
7026244d97a419202e67957507cfcd3c9866b2e4408d2e157dcd9090ac0c7e6d

SHA512
cd59612a4564cde0dd8c4c72ae21235dc05424a8d4939ccf29ec22a39aac185e1017c6f3c0847fd840a70dea4e9d7b4b21a7358ce873dfb4af37211fd4efeb14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dd0d004faced530cbe095b4ff6f5d828

SHA1
31004af80dc8d83cb1dd4306aca8a91b2e665264

SHA256
528184dd3b892577aa071231b2589dafddb82ac87f11ee978c523a54e8ee4d8d

SHA512
2d13f7e84bbb636d0d2d76ce315792ee8d3a4abffa7ac80301a8102bd342a7c578bbbfc3f572c4b2abb8df3ba57cc618772c24a73156126677ea42eb286340cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1e4a746d2c0a5ea89cc8076a8872d0d0

SHA1
3cb26949492dd59c58f125289383ed7bc8ee890c

SHA256
86ed4443f1b8b156a29afd835c90fb437e50ef23f48c88f308005689468ce01f

SHA512
1dd4a38636fb4fbc683e30e562beef6e192e02c6c2e32cf990c66e8368a308d3c6a3b2d1b6f8a0881c581c7a70b2b31d70ec4431fb32792bfe686486693ae733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c6b8130ed75a988a04e98e80e0255cdf

SHA1
9e15e2a7c7aa901488690b94091ae8428bbc09cc

SHA256
bef48a76f8b8dcbb4de4b0c3f62782c053bbe5763baeced920e2d0bd5cc084f4

SHA512
51d08cbbe71c6d50e77312e6c2641965d03d7df44099d7c3546fa38551f249fc8c621881bf6d48b775174cc1b9f93111b66f51645fb275dcaeb7e9b64dc1f5e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3e798bbb309407d0f9ee0da95333b2f3

SHA1
bcd2ced67cb0bda297001e16143446f558674579

SHA256
a6a06377130e9b8467b1b0cb1d4030f9b8e327b7df782673627f38e2eb7799ba

SHA512
f82c80623f921634fd16cef96c3cc169685d970e96c571f36295ff6c43f489a6dbe8f29ed853c948a3ce803e55677300a338f541ebb6986697e55fe5f2d6a9a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7864737cf1c8c78f6b56b318b90ce1db

SHA1
4004a35d36d162400ac6e09f7d155326b1a6799b

SHA256
6a40afe9855fee73df2b706d46d6e276ea02365961a48b02046f435d58a23376

SHA512
34221d8986679e37c717394cc17ee462b0d383bbd0475d294838116f39d114e7ec27e19f31634d176246ef9d29d29b83bac5d7c7c866df926a78fa8e552f46ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f2add6533deeae20457e670e17ac0470

SHA1
a74e1c05255990bf3aa3a6197baca36853ffc050

SHA256
215661fe94e12b3ba605441c6ea17db8f4c9507a6fb05bdc42703b5186f08130

SHA512
4c015841c1b73de5e919c76c5c5ba04a754f1fecd65b075a8bccb648da546cc0852d553e6940eb38366a3af37b3dabceb6cf0639f85fb6c28ad20f88563f64e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6aeb3448ad7c6374202a60c1372f6ba7

SHA1
0b6f0a31bdba9385598d8bf1c3cb152583de0f44

SHA256
f5a13b9a5866c1f97722c3810ab51058a6a5eb797fb3dba2456020c200bb69ea

SHA512
0870cc7e637f4ef23496c2005afefbd137adce813f942d5c0d729c322ddcaf16def876b5e5d9ae41e5feefc32840eab77d093153895ebcfa0522e65a340a9d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e65d246f1ad26985700d2fed644543c2

SHA1
14c6867d68bc13932e581be046727852a7ae4cc8

SHA256
8d7f284118526d8cc07eda419af54a441f534d48e6e78ded3bd9bbe9c5873227

SHA512
56a96891b674ad3b4f4368c249a58e183809fa013c07678185148721d487828ab97640107bffaa7a626b655e63f7e6eba62e1f4ded252b8380320f5a0d1b767f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b2895c42017bea82600101ff0835c2be

SHA1
80707efad3953577741b8b306b9fe76f33d92245

SHA256
a29dc08180cf1a3d283e357b72c7f64c32fd0d59a59875ccd15512b851136d73

SHA512
550e3a8a11f2f85578268e8ca0f7388a45eaa53045ef5d3538a747f235459a2d749df0b7b1622c9481f5e5c17a63920b37ed4dfe8cf5d4ff839f498e0f79be9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f2467bda2374ec29dd4792d0ad7f9a35

SHA1
a59a7e705f40d43c2a894e1ba2877752178fa5e7

SHA256
40f5c1a4a8e807d0619d9565c185f926af52f0304d5debcc2fdcda2fd5177d0f

SHA512
fc185c290d8121a7bb595b9ec6f6b5ae75c602a4144f6b0d5a5a088ec2a1c8acaaa58c2f2c1ff2355986791c3e5883922ff02b6c036a9316eec98caee35b597d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
22acf20051be5da1038be5cb2691510c

SHA1
bacb2cf0a46cc440372c2e719448c538374ef315

SHA256
206af9a6d857a47fe99baf147049db8dac01311043d8e16e3759769a7c13bb18

SHA512
a42573fe76ef359bf12107613b2df219b4dc6a04136d2a64ec40780b3991a8af8af1939b78a0f0caa65ee9f9b44d61f3693d7b7ef06125eead63ba3b3384a3f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
99cc0ee43c8dc09d6910ab3fc314f28b

SHA1
a62b1030281d544dbe7cb467bfa2ccfcc89e0b4a

SHA256
4b7415cfdd86c3056c65a3f4ead5be766a3b114c9028efdcdd7069c870705395

SHA512
ab661a24843405de41d241ba7e4cfbc33fefa500273227cb5edd2887c646f402df8e309435ed4f4a4ba6806b705926980797c7cf99d336418e9f1a64f18a0366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d4a72b97e4dac11649e3b3ccff9cae80

SHA1
11aa8866ae85959981e42a6f20f47b4960a6294f

SHA256
379b5c5ecaabca6f19d68f98ef657739751a799a2ce00ca1119c65f90947cac6

SHA512
603e669e7a85a222a330ceba613cf9d7dce8e8edd81d53617a4ab124ba3cafbff69254133fa07457fa268095f40bf8c4cb6d930dbb470e74204529da21333911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
27cd02ba810178462ede93ac09fd6002

SHA1
a57ee00a0db19223982dcff70b3fccec2e16da47

SHA256
8ddaf41a9a23789411fd2810866e00d3bc8ed05266a26287ac2dbc9d3d54be7e

SHA512
1bf2f3f335efae72adf754431e2bd290183515dc78a39b365148f3e053c6bdc8169b9115effd6097d959900fcbbab23b007e28dec31f661a1f58ae28a540fae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5697d6f2e09c92a3aefea0a254d5424c

SHA1
14c6d2a61610c0eaee148dded3d65df46a332935

SHA256
a6d1bade3e04df82cf02b74668c4fcf6567deccf0a3433a81a330192af62a89e

SHA512
3f66b52a7e917d35c5aa3698b2c612972f1fd786a81b6e55d3db169a8c8d55b88df220e7fed8898989eb72158047eb8e284ab3f717e3d29a1467de1fafa5af65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
601c81b5806475c8176163f2fc29dec7

SHA1
9467e99cfa599727a9017f5741b55534d6523a1c

SHA256
35695d5cf6b03e66474f3631a64845f4f53b6fd9697351b905c46be46b3658b1

SHA512
2123cf2b7f905715f1915c4101e017a2df807230f83128153955bc693e1eb578307e6d1bba07e69caca609864dce8f2bbe64732ad7a0c4891947c33c5256cad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3c93113d15af04c80465b5fe73f6d514

SHA1
ea5a3e6468bd9934e6ecae9332b388f65473a976

SHA256
a49ec72805435314a58b2e9dac89583d915e78fbcec8aa0eb12ed38fdef8a268

SHA512
dba13270b33c7bfc13956c86aa6400c15bf6e31cf8e4d6ccdf4bdcee74596aeb6c0f669dc8f6ee451fd0425a7fd5ee394dd0facbcf30a494aa409ace30fc8d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8b74b1df5a3f80e803b0d4d0619cad31

SHA1
6906ed54181700c451d66c6054c483a8966962cb

SHA256
3b1a0dadb01a9db2f1d81a08452d98acff2d1990673d53cd01f8e466b3d0c15a

SHA512
2bfd8122935e62780c2f837f7bba7f754f26bab64c10e1fe38ba4aeb070604cac5ea5977252a85ba5cfab0ecad0c9faaeb2908c856a690ea82bcae67aaa4e5da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3ba45a387df681f8de82bf47b174606d

SHA1
304c3534100c319d5c753c1addaf706e6ece4cf9

SHA256
6b4a82eb1c6a4074271f382130c606f9ef9782ff9eb84a12139274cdb56fe782

SHA512
9c694b0e50057fcdb237efbe1cc2e5de7a620ebc56e93ad216e9ca7f07edbd70d99438720dbabd94dc520651bd7f98364edd28e01c8a164d80a1e53ae5c8f9a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
893b30a8498d4d16b694e26e2fddce36

SHA1
c84e44e914e2ba8f12b834b53bab7bd57c19f63f

SHA256
65e819eb23e82f8f9f324f223b444d9eca649c092777adb05cffdaa7fb889cc7

SHA512
61f1e9b498a2bf7c8896d993863b7a15dcc07aa32b161de9ad123455990f719ccc609605ed545d97d2426076fed965df0c9b66fcf2028a7dd21bcd4e0ac73a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5b9d1df82720ae239bfaf730486a07c1

SHA1
0cad1602990f9417cad9a5cb3d7853a2f0bd34e7

SHA256
0b0b4eeb791bc5e89360540bee6bde0aa5ff05131b8a8f3974f8563d08db5897

SHA512
047fa13e223a68cceda08a242dfee2050e040b450de19d465777a81b801e7e929f2281ceb34648b836fa743debdac3c0d131ac3dd58060fa2d838fa7420923dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
118d3d9c70e5c31fa1eb9121e5baf75f

SHA1
e9a5f7ec033bed79902494dae6e91e8eedad627a

SHA256
446ebbc6a4c70f4aa0d9ce12ccd6753074a3ee590f1d3fdd6988196b852031b8

SHA512
bbea558c73aa99cd34b0bb946751bf8d93001d9e44027ebc404e514d18246ee727b7a6e5897a578545ae50c7a00dccfef1c5d620e72a5087f12ba91b4f45c4b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8a105181b7e09a583be184508fa4d9f5

SHA1
3300fc4e4ed4d652e958ec6eadd912633858e58e

SHA256
602b7b10bf2d667d4c52a0ee608bb9f7f6063294423870aaca918b7aaa4a2d59

SHA512
958d06a80c37899bba9c269d583f23a3cee29142a29acdae1e5f3f8140cf2c4668b164cb078d4c84f24ea06be06afea930cba721de6d3f054a3caf8e97f15de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2f19521abd6a3031d75525b38b39c8ce

SHA1
c97289d4a34598d22269b48ab126e1003dfd7199

SHA256
e7c103761137b06acda37b763ba7ed0510ce154a7e00e2d6ffc989723024493c

SHA512
0af849830177b801f265510210aeaa69964c5c97af2995465145c7f4ebf51ff0e1ffb680d5bb7ebb373e42d9e63bbd7c1afc5104a598b988d62df4f436b0dc3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
73b20f4a3832c0de7fa520c3d298ca7d

SHA1
f0d1d2bf65f96fcbdf425a7663c7cbda6e5b981e

SHA256
c553276b4af7dcee06bded14803bcc157a2a5bf0b462a23df7d9f22988c4b797

SHA512
4cdfbe71872494dc0ae299b86432e18ff1a4e0fc7bbb881cae973804c4e641ab730d5ff1bf1b32b5748f7c78b76ae80a2c7f342b3e694c042d97da89a6f6fae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f91b67a699784d9b287045e89e69eabc

SHA1
6d2d4de48a7b0b576c8c6fb967aaa2ce6f98cd9e

SHA256
d49777414e8a3b2c1e0d6ba2d277e9b685b698ada7142b5262d9c0d4ae137d5a

SHA512
f69dabf37cadda73c1670bd7fbceb5a77d648dcfb0570b0169811ac213a54c2397be956c05e2c1f3b1c5b95c33f36a5fdedcd3c8c703b7f62480150891975428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d592294d67b0680f3642a439a6a3fa9

SHA1
c921d27e00c28f31938dab30aee29e5a036295f2

SHA256
3d7c0d804f1057bffbc66a4831fe9339dee6a05c18f950bcc115d7cc1fae00c9

SHA512
4c222441864c718df12cc7560fdfca14c29d0440208c3badb8018dea6d67dd9855eefa025ede8e6609f1dc63a069b3d57da1bbd74e3a3254d9544054868c2bb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
64233e659bb913ed90db7c3415b848b9

SHA1
67fa51f743af4c462fa7e7614a2f96e313145b73

SHA256
d3823eeb38b58945426312eab4330d48f81f4e57a930479101afe88ba59990db

SHA512
e5056215651a624a979fa125575fc1b366eba2325c9c4d6837f25a71c3b231f9a09a5e795fb712c2feac5430b23b2dfc135cb10415755ed9a7b2b21acc875bbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c2baf82e59baadde31a69978a4ff732

SHA1
9bb7ebbcc54e3b727350a38eac2da3e64f2001f8

SHA256
361f9f4088d4805e517edbe06744aa8e508b8f1c3e872b8408dca3d3e4ed847a

SHA512
667d75ef75a7950cc3a4b37b0558e292fd9a4471a3a985d2f402bd27fec7c83bc3c9b4c385ef105ec57d0219eff6b0959d658675d0455fcf2769fbdbce6d58d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f57050cc146b58b55c8add1b9100d5d3

SHA1
460944f2694859040c95eae602d25e27f9cd2b37

SHA256
45abd0c48e9859a5cf3804957b308718acce3d500f61af5eb19c36d0d3f571f8

SHA512
3fdf381bdbb0f2d85a59a9325033796f72a8ef3d053230062ffcc99fc49975d19ff5f1f133139f11e3151bd4442029a643dbfaf0ab15e850c1fac4ad27b61c24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
235c12de6b0c6d31c2e3b8885913e7d8

SHA1
32d5ddae94d02808dd47b739e2573634ac770e41

SHA256
384cddf6e0581ed71908038b9e0fce23db7ec6684f0d5bc8348431a9a7be5023

SHA512
84cff5c000f957bdb20eb8f9b24f413e78a9e7c6637d63a6d3c639c06d1076b516812646df13363687f527b598dac22cf40d7b62d9b5ed572121e4b04e080630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc4ff62bdf21b54e3d9bd866bd82213e

SHA1
7e1f7f4f27f72a0254755ffc0dba31c12b86a5bb

SHA256
78809f4588abdc92185c59f2ea48ff78afbc17e83d4755ba5b30b63065385833

SHA512
72813284feb835e64ddb395bc3a447b876ab24be280408fb302f544c5eb982ee286f080307a215ff8a300d76d42d804cd1e2de3902efbacd717efccc8d688f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9bd21e84bf4a587ec3d4ed649a57cbc0

SHA1
a7755e9d0794ac0a1d05cc9ee0bec134fecb57f7

SHA256
481ba9af3e14c4fd02cb3fa1373ce2a95dca0702fed6e05ff68909f20bd54e19

SHA512
a4cb33ad5c777abe723d04f705d2b7f66e30430f5e35f540d7bebe85c0fc31581ee6bdb73fdc1583b6cccdbdb61e7de64b22a0a5e799eef6333d5cb93d883ce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d68ce34f7380798e54ef7e9c43c4fcde

SHA1
4cc33763af53f6784969aca6601a96001aa637f4

SHA256
6afd018c1892d3dca683386eeae3f48a3d7a01fefa0aa70b4576c1147978b9df

SHA512
5b52754e6dc2f09b1546ecc1713398ca046944baaff83488cd4d56cc81d9c825e49adaeca9d24f501afec8e65c8f1632135663a327a94f818b6ed2e0217fabf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c5abb46a991cdb2d108e78e92664bb2

SHA1
48603e0be9ae66d89ff636ab004133fc1217a900

SHA256
10612c4881993f0e3a3c7c5a1a220cd2c297a98b47e5368508d61a8bfafd56fe

SHA512
8daec183740f0681bb6c033c9120ec2b433844fdcbb33851c0a6364b57271b61122d8cc5dcd24a7f5f06cf332ce47ba42c48d185d584e33f55b5ef59d2c9bffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fcf95554f425695208f19d1d72a5efee

SHA1
cfe53a8a0f72e11a6777aa52f1bc9b70050606d1

SHA256
3b17e731b746f5db6159038833d49d8396fa10e93a287eea3beb33ca4fa7a89a

SHA512
6c872b223abac9da54191b3c61aa01cb2fc254935504caf25479d1f21e589018d21414e3d7dd94c69a93295b7240432585ddd14b77d02f981684b3a6e6bedae3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
090d7854f5db4aa388095227501ec926

SHA1
c6a06b74359d10f3a9c0d3eb422bd1e49fdd8364

SHA256
e4394af74b3943d963b3eb937cee34b3265f5aef32f36651219beab296b268d4

SHA512
fd0588fd5ab3ee24879f6fed76398a8627678140752a1dd100c0f94ba089e7c9285b2c7bff4ddd8b34662a85f00a2f68d8237467fda80ff03e928625de0b099f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6de4bf5e458570044f23d542d64d121a

SHA1
0c5a8488d8075ae5f7baef3777ff3c51f936ab8b

SHA256
0dd397768ef963b514ce6d63c36a192d2ea2e4958a3baf5740d2a818f2febc1a

SHA512
b1de5fdddcf96fb30f1e92f723ef8838f7be8c1e51af6aedd453b71ab8831b4c9f10f8dc634768cf885ef69971ca53af3d417f957be175999a070e6d4f8a92b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f669760a0d910d709c87cda2bae95021

SHA1
30e74dc32710251b562f4afbdc2c817d04109e16

SHA256
cd2cf87e4a9edd7434438e7ac7d3bb44af7a6b0b79256478b0fd331a4ae60fe3

SHA512
dbe8742471a2e214afacd6ed5c24776cfc29a8421add3ff7f100b6f876c3f68c2ddf5a83210fcbdf64ef14d1a1432a7003345f55b2c991164552ae0935dd2008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
727bf1f1561a374c3f2bf901e607ca71

SHA1
c49b09a0885a45cd255efdeb6720f3b21dd24c3f

SHA256
ac456e6d704aa701b12fddc8cc1f10d7b7a4ac0059315890baeb4fc1d41c2070

SHA512
189c048d00c65472c685dfc047629bb4289dd6b45a89acf41f8e07b2e8919233d52e016ddac72424f2e0b17df60d7ea551e2ad4407123ef38f550dfc96070e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b4a1e35c4aff7dbda0a06b502d1f9cc

SHA1
b48e03ee9c54f8fcf7eb879ad2337221747f81e5

SHA256
3d89c7a8e2a824562df9e65de67e84c4bc0e7ec54ab7c7869d027e10698fff3f

SHA512
285a09a36c3cca2d3d28e07d79b3aba97d6fb701252fbebfd1b627b05560595b15bc5c4bdb0ba4468dfba70d81d176d14179b1f8305a07ca53cf24e8e56f4f39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71d56c8fb1af05b6b272d1ce676a1a2b

SHA1
445d632f8f7f0a7d12a854670b5c051a36a60549

SHA256
d8b48eb456e0e167a7a0b063018e0a70254341718e1a380da084660732a3090b

SHA512
de2c65f68f0bd5b8f8110300475e5a73b9aa1495be70ba153e037da5eaaf3eddac875014267360f765863e3b71a780b20893c29637a65b5ff58f67a34157cb08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad3e9076240730bec0614214a256e535

SHA1
3a893bece5433f9e942baec730cf966853f3d0ef

SHA256
e7d70e073d90b6e8bd122842ad69fc25180fa5a4fe6185376a24a9f261108898

SHA512
4f45eae6673af09b9a5e50da9de8200923e6c7c712d48daa4dd76c75a6ec5fde4993160bb53b554c41750f6ab5dcecd95b99807832b10866000cf4eaac36ee53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f720f7594bf16b8f257b06fd9b83f893

SHA1
96a0ecd43c46d544765934e1eb304dcaf99f1426

SHA256
cafa44c2a9947fab40ba78d91519caaa3688590c988462ab2a807a58c21a4eb2

SHA512
94e6e2c0f965e47a1e5dd8b4d186d6f422ab216952306b4697b1be3e31e1a8b39ffb795bfeff3270a8a04dc3d2f662851201e1c19fd16ca2a32f7ae2a75b741e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
445398a01efcf16887835b17e0ef0255

SHA1
2a68e8fd1f104836c7258d48f9d79a9c7b1af8d8

SHA256
f749b293dda976c448282cb40dbc9924a5a22bfc3f2bef06dac9aa5972b51523

SHA512
55756c4aef6f30cbda4540d0ba4476ebde7cc3686fccb4001095873fd2fc1f95ab57fcd7e1c3b97b995f8322a1ffdb2d44c933c7f5fe951996f1edc3503064d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c21ebc440799105c2a8b0cf966460a9c

SHA1
43ab010964c236acbaf7a3d9f062fa2c5019e900

SHA256
e4f88bc7e9d5aaa3459f2c715a705abdb43b8510693fbd422f7f8fa7b7a414e1

SHA512
4ec776453e3d19ede7e0838da0e96659956c779f9e6e82a3761458addedd0d4bef82786770fe3ecfad27dc67f7d31acdc157d1f6d1fc9e592b0b173e8e0d860d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
537a8ca4ad6e1dff9cc2f48008bc5cc9

SHA1
49175d55a089c3ee6d2b57d754d4ceeac3320f48

SHA256
e4e3890359715ffe29b97c5d108a0bc1bf9b26152188a39c05dd0b375563657c

SHA512
d442118026f0d5a449446c3d171feb0b9940d9aee6f540f2d4bc6bafa661fd9ba45881b4414b714ec274c1a29a20542926aa182cad0081369f60adc3e0f345d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bae70546f38dfd139efca06a4009d931

SHA1
25f170f8cfecfd06ac8ea1650bb6f65cd8fec4b7

SHA256
6e78ada016f06a4abcdc4cbceff6aa5fdf039326a0b0c12cfc64ce72e4362e6a

SHA512
40484777fcf5daeb07142fe4f318cdf89f9c1496a4f333f5b8d728a5612ba096c3f3bd561095b8d47d7269821ad6719c4cadf500ecc0b70557d13e93d32c0304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a975f4d3248f01e1164b76b186aa186

SHA1
9fbc785f73da4753c6557756faf9720d5d35af76

SHA256
fcbcc5bfc9e302d57e4e686b276e8e3abcfff0c29b3b95b68817b618f00ddc22

SHA512
11efde3046ae1e63a936dd398c2ee7569a5793f6a3b2390efed84ab9754314d3473870eeb709569352abb3d5d70f29f3be739615bb07fbc21069658d999ded0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
922c5e649ae122b2350fedaf051b54cf

SHA1
ddd7aea9492c48b74faf76b588d701fbfaf611a5

SHA256
a722f3eb278895038b3f66efe7c505578787b3818d61c77b722c2948d55429b1

SHA512
49c2b910c3d75502cdbf09ada853b26dba20c975df87b991a4eb7b2a32805365b2855f42880187fb2623f3060c7b1779e92c375ae79871ea56172bda74e8bb5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0f8d6d011c3045dd22862e862d286a1

SHA1
524f1d2e3b356e94bbb8774d7fc3cfd085dca382

SHA256
e42a42af75c8c52ff99c70631d84078b857cb44a4ac6db959d8e9a425abe063e

SHA512
b265a2b148b30caa80481a61778bfed42f09a508501d1dee454ab9acdc39c9399e6255cd5fe3d57c1de35cbeb15e3240d6d616633e79e303f66b0ce1fb8e50d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27e7d01775ec20843b6a6aa610e8a702

SHA1
05d6caf435459aef35c4f315b83cdc65292fd793

SHA256
cd9e9f2112bd5c355954dfbd9b2d2098f034a1931568b4874f4b89ac3fd1dc1d

SHA512
bfe7d23af0a9e0688233edbfa952c3ef1b97a337436d50039c0c766461837feaffa4cecb4d28c9a5e840376f4c154e582bff36e47e31664bf41a699a3d623d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41d0012955c462059964d5076ac12152

SHA1
956b3ae1bade34661c19d1d500bb3e9a9fd75a47

SHA256
b7ff7937d72f1ddc5a528797385e3277187fc59d108efbfd1e44c14a985ef442

SHA512
c6dc0134323dc725b036f621f8ec0fcb2c0f8931b0dfd9bee4cbf9829b6229cbdcdc9e53ae678800d3702b99e77f12e74ea9ff15cd7888e8854cc7096b88e345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
791dfca15426230109956b778c38d2bd

SHA1
aebd77839cc99e557c2154f9f823fc4ade07a894

SHA256
cae773db65684369a8c81b171773c1a47aaedbf0bebd299970a1cfa9b9265301

SHA512
1c94e944168afddee5f129cb984a382b47e3c4bee9fc5c67ba8a91b8ea95fd368c446715368bf2e183fb5fa8b99b96ab73526018b3e85a2eb1bc6c8655467d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1cda4b125c6e9061b878911826c9dda4

SHA1
4e9acd72efff73f2e7ae03c4d903e06982657476

SHA256
99c836a2ffc9b214731e8b4d8f799082495cc6f6afdcfa9ed98a01415a25abb8

SHA512
e046ca2133938c0f2917c05fa21bda38111a3b43b4216351e714f0c712e154b981f9a463533d88ad1dd3933cfcb38b43b20664a6f387757213b581db6ca7655c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce035e15975b29e7de567089d761bc8b

SHA1
1f4a69a98d218e9b64ac5efda724070ba48b75aa

SHA256
91ec9e441291fc4d047adf1b7888ad823d6064f7c5cd75e829c2938e907e6494

SHA512
d5ce43c4d027986421fbd7931dc0b0c391acf6c5bdb2b5932d78a226b7da6a0238d908f1a4429ea4ad676b4c0b6e7bff0fba4348e6dcf8a169959c90947c2771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54b5755cfd7cbb767f4ac5f9732c9006

SHA1
be5d99eb3be91b4b7eae076297b7753fb93cb069

SHA256
e41c8504ef17bb44161a6cb6e82f1f29d9e0cd184f1663e0df1c23472c9838d3

SHA512
7ec0d575b313de1deaebd28c0d31b8883e61b0327e6f1a9c7736d847123f89a789eec91c815fa42a09e357dccad3b8c6fb9c0217216161347afef368cf014b16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
301606e26307f451513b09e155a09508

SHA1
e11ea01d127d823af004cb3a235fd1733e88510c

SHA256
b282aa713a210424d6b9b9a1dbbaef38c2dd5ddd7647506b249c2a77f6fef67a

SHA512
cf980605c1ac451fc1996eeb782a16307771466411adcc3257af220831114ba02f7f207e7127dce552fffe4f62045068e6aa6b2e4d72912bc5dc48f39712b9ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2405422f2982f989409df19cc416b6cc

SHA1
5e7a1a1734063958d8f50ff7c650248e62a2cfae

SHA256
0a1e6cbb9819b1af78006dbee58281989573e4c4880b2ddae3f9cc3d80a04f01

SHA512
e64ad78f595313e255af2cdefa575733371bf90379bcb48abeb7561fc2a677a58b9b90e8b42494a9554f9315b3acdf03b8be58591e927596d9bc6664b6d944c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a4b4fac98816a5e95c1822781f14b13

SHA1
ed924490da77667f8b584fb86b0663662c6f43a3

SHA256
e4f0131e8422599d7bd721c7ad346fcffc0239107f886cf05283d5737afacb14

SHA512
2e6c83aecc807038df38e2ce090457c5ff9c439d12f4aede4d6fa99fdf4a2a3c6cb219f9354215e2954c5cebbbc5ed0046deec05571ee4743fbf4991ea1597a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b52283c57685a187c929426ed43c37c

SHA1
5ba3c280b64376bb8952ce07c3f3f237fd230fd6

SHA256
a0604c95485acd7a73634a1e23fae537b3fd01a91dc2093d8a85145cb847698a

SHA512
045f7be68ca4e712f2eb04795a2fe65db9b8e5b9e81be6377ee5d9dbd8113e48657a47a2c13787f3432a452efa5e2652338aa251d2f7e9fc280edbdae0a93c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b8160f8b099e4e66c6f449fa87968ca

SHA1
aed528815eae1624076f3917d7e9f0a208b4b2a2

SHA256
e35370796645e6b12cb4dc8d5973522a5938987c3f7b8141329ed18531126d51

SHA512
81b538e8dca6e8cea4e012fbde0ae69ff509bd6e661b50469ef53bebb294db1d72d02e964e7f54fad27abce3b5c20be6d53aedb259e26a68f30c11bc15da2f4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c8b0b62abc8103fe64f23f88d071b9e

SHA1
48643a5282902b9f14a8c48c815ab33e3d52a330

SHA256
7aa65f8e92203c498d42a991a0ce1f6348153f38b24c70ef6c81627b066b8254

SHA512
47f61d6ca3831df2bcb956b2e5442145cbdb0737b4792baa91119cb8fb5cbeb2230ff2d30b1546a4361cc2e12875899a760dabbef44accfdf308321b136ca3c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
c14d0ac134bfa4eea9a7344c986670f7

SHA1
9f17e6832ce9fe14bee4b02bda9e7c098f130691

SHA256
08e3a36d9f9559b6aa61ca4948aa997a858313f83d22d4630603b1b296f2f536

SHA512
9c14de2352f512a9607d338f9db65678e3d0185add7cb2249b34214beed30e86da0cab7e1c6ab1076af4d92b6ac86143ddf8b4c49d5455e84246ac81cc8c10c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
08aa1fa14066ef499cd07c1b58c7447c

SHA1
8841024e739b0ac7b002eb13680675554229813f

SHA256
86cc05dc299e7307007c6942a1988f2cc9e29b71df616eae2cbfa92da75700f1

SHA512
bbba8115095f9c6a656223621c702958540e405d3815248a828302cba3ad1bf0b3115bbf4ac07995145fe7e6a7691d1a91c2dcd5657655a869c3023f433f05a8

Download Submit
C:\Users\Admin\AppData\Local\Roblox\logs\cacert.pem

Filesize
226KB

MD5
c656d325f5df1991584f0bb00a27902f

SHA1
80713b343427211dbe8932ca6f642452c20ce7a6

SHA256
98ecaf8da767ccb2870dd30a5e7334d2f45702a3a33ec8b4286e6ae88b720eb8

SHA512
f7fe201f971410a15b44577123f3c3ff7982371aae9adaf2c52778ab08ac663ac0306878a665be3242662cc873cb0917b1eee3f75e45ad789d4b84474187bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
6.5MB

MD5
4541a5097100cedbe1ab8ba8ad36eb47

SHA1
236a9c043bddcd0cac31868dc550fce020547f86

SHA256
9d9c1ffcedfa1c9a38b19d0f06447d7ee068276b91e37f7ca29c87de652ff261

SHA512
4d1ae838f6b4b4b160d308cc7c1cf95dbc86e81992e5bbb9a9c1e14047cf378c3cffd6e9d6cde5e7b8fd636bdd397cd7294655175b0dbf7e2b0ff72770b784ee

Download Submit
memory/1064-1911-0x00007FFAB1CE0000-0x00007FFAB1CE5000-memory.dmp

Filesize
20KB

Download
memory/1064-1910-0x00007FFAB1C50000-0x00007FFAB1C80000-memory.dmp

Filesize
192KB

Download
memory/1064-1912-0x00007FFAAFB40000-0x00007FFAAFB50000-memory.dmp

Filesize
64KB

Download
memory/1064-1920-0x00007FFAAFBF0000-0x00007FFAAFC00000-memory.dmp

Filesize
64KB

Download
memory/1064-1919-0x00007FFAAFBF0000-0x00007FFAAFC00000-memory.dmp

Filesize
64KB

Download
memory/1064-1918-0x00007FFAAFBF0000-0x00007FFAAFC00000-memory.dmp

Filesize
64KB

Download
memory/1064-1917-0x00007FFAAFBF0000-0x00007FFAAFC00000-memory.dmp

Filesize
64KB

Download
memory/1064-1924-0x00007FFAAF5F0000-0x00007FFAAF600000-memory.dmp

Filesize
64KB

Download
memory/1064-1932-0x00007FFAB0A90000-0x00007FFAB0A9E000-memory.dmp

Filesize
56KB

Download
memory/1064-1943-0x00007FFAB1AA0000-0x00007FFAB1AAB000-memory.dmp

Filesize
44KB

Download
memory/1064-1941-0x00007FFAB1AA0000-0x00007FFAB1AAB000-memory.dmp

Filesize
44KB

Download
memory/1064-1940-0x00007FFAB1AA0000-0x00007FFAB1AAB000-memory.dmp

Filesize
44KB

Download
memory/1064-1933-0x00007FFAB0A90000-0x00007FFAB0A9E000-memory.dmp

Filesize
56KB

Download
memory/1064-1938-0x00007FFAB1A80000-0x00007FFAB1A90000-memory.dmp

Filesize
64KB

Download
memory/1064-1937-0x00007FFAB1A80000-0x00007FFAB1A90000-memory.dmp

Filesize
64KB

Download
memory/1064-1936-0x00007FFAB0A90000-0x00007FFAB0A9E000-memory.dmp

Filesize
56KB

Download
memory/1064-1935-0x00007FFAB0A90000-0x00007FFAB0A9E000-memory.dmp

Filesize
56KB

Download
memory/1064-1934-0x00007FFAB0A90000-0x00007FFAB0A9E000-memory.dmp

Filesize
56KB

Download
memory/1064-1944-0x00007FFAAF2F0000-0x00007FFAAF300000-memory.dmp

Filesize
64KB

Download
memory/1064-1931-0x00007FFAB09E0000-0x00007FFAB09F0000-memory.dmp

Filesize
64KB

Download
memory/1064-1930-0x00007FFAB09E0000-0x00007FFAB09F0000-memory.dmp

Filesize
64KB

Download
memory/1064-1929-0x00007FFAAF760000-0x00007FFAAF790000-memory.dmp

Filesize
192KB

Download
memory/1064-1942-0x00007FFAB1AA0000-0x00007FFAB1AAB000-memory.dmp

Filesize
44KB

Download
memory/1064-1939-0x00007FFAB1AA0000-0x00007FFAB1AAB000-memory.dmp

Filesize
44KB

Download
memory/1064-1928-0x00007FFAAF760000-0x00007FFAAF790000-memory.dmp

Filesize
192KB

Download
memory/1064-1926-0x00007FFAAF760000-0x00007FFAAF790000-memory.dmp

Filesize
192KB

Download
memory/1064-1927-0x00007FFAAF760000-0x00007FFAAF790000-memory.dmp

Filesize
192KB

Download
memory/1064-1925-0x00007FFAAF760000-0x00007FFAAF790000-memory.dmp

Filesize
192KB

Download
memory/1064-1923-0x00007FFAAF5F0000-0x00007FFAAF600000-memory.dmp

Filesize
64KB

Download
memory/1064-1922-0x00007FFAAF4E0000-0x00007FFAAF4F0000-memory.dmp

Filesize
64KB

Download
memory/1064-1921-0x00007FFAAF4E0000-0x00007FFAAF4F0000-memory.dmp

Filesize
64KB

Download
memory/1064-1916-0x00007FFAAFBF0000-0x00007FFAAFC00000-memory.dmp

Filesize
64KB

Download
memory/1064-1915-0x00007FFAAFBD0000-0x00007FFAAFBE0000-memory.dmp

Filesize
64KB

Download
memory/1064-1914-0x00007FFAAFBD0000-0x00007FFAAFBE0000-memory.dmp

Filesize
64KB

Download
memory/1064-1913-0x00007FFAAFB40000-0x00007FFAAFB50000-memory.dmp

Filesize
64KB

Download
memory/1064-1903-0x00007FFAB1AF0000-0x00007FFAB1B00000-memory.dmp

Filesize
64KB

Download
memory/1064-1904-0x00007FFAB1C00000-0x00007FFAB1C10000-memory.dmp

Filesize
64KB

Download
memory/1064-1906-0x00007FFAB1C50000-0x00007FFAB1C80000-memory.dmp

Filesize
192KB

Download
memory/1064-1907-0x00007FFAB1C50000-0x00007FFAB1C80000-memory.dmp

Filesize
192KB

Download
memory/1064-1908-0x00007FFAB1C50000-0x00007FFAB1C80000-memory.dmp

Filesize
192KB

Download
memory/1064-1909-0x00007FFAB1C50000-0x00007FFAB1C80000-memory.dmp

Filesize
192KB

Download
memory/1064-1905-0x00007FFAB1C00000-0x00007FFAB1C10000-memory.dmp

Filesize
64KB

Download
memory/1064-1902-0x00007FFAB1AF0000-0x00007FFAB1B00000-memory.dmp

Filesize
64KB

Download
memory/1792-1888-0x0000000000600000-0x0000000000635000-memory.dmp

Filesize
212KB

Download
memory/1792-1747-0x0000000073010000-0x0000000073220000-memory.dmp

Filesize
2.1MB

Download
memory/1792-1701-0x0000000073010000-0x0000000073220000-memory.dmp

Filesize
2.1MB

Download
memory/1792-1700-0x0000000000600000-0x0000000000635000-memory.dmp

Filesize
212KB

Download