Overview

overview

8

Static

static

3

Delta V3.61.zip

windows10-2004-x64

8

Delta V3.61.zip

windows10-ltsc 2021-x64

8

Resubmissions

07-11-2024 21:24

241107-z8z12ayfnb 8

07-11-2024 21:23

241107-z8jdaa1pdl 6

07-11-2024 21:21

241107-z7ptnsyjdx 7

Analysis

  • max time kernel
    616s
  • max time network
    619s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    07-11-2024 21:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Delta V3.61.zip

  • Size

    22.2MB

  • MD5

    2692ff99a5f94520b6caa33bbd0cf05e

  • SHA1

    0bf675fad129bc61f7c2763177a4314288cce4cd

  • SHA256

    507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388

  • SHA512

    65d9665d29684325ca27a33ec187be8ccb142f98f662f888b944750ffcfcea43c496403331ab00e5e408dc5b1c3d39d7fc2defdecb1133a41dcc5d00c7c0392c

  • SSDEEP

    393216:p1DbvOskyq5reDYwFpIgDDLB3IwuZcnO7BjOOPhQEFu9QZay7qPF4zjop3Lr:zDbvOPADJpIelBnO7B6OPhjFu9eaDPFj

Score
8/10
discoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 39 IoCs
  • Loads dropped DLL 45 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Checks system information in the registry 2 TTPs 20 IoCs

    System information is often read in order to detect sandboxing environments.

  • Suspicious use of NtCreateThreadExHideFromDebugger 8 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 13 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Enumerates system info in registry 2 TTPs 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 54 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 22 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of UnmapMainImage 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Delta V3.61.zip"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2428
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3196
    • C:\Users\Admin\Desktop\Delta V3.61\Delta.exe
      "C:\Users\Admin\Desktop\Delta V3.61\Delta.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1068
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4TfpR6wUUu
        2⤵
        • Enumerates system info in registry
        • NTFS ADS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2032
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7fffa7b046f8,0x7fffa7b04708,0x7fffa7b04718
          3⤵
            PID:968
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
            3⤵
              PID:3524
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
              3⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:4328
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
              3⤵
                PID:4340
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
                3⤵
                  PID:3796
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
                  3⤵
                    PID:4652
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
                    3⤵
                      PID:4084
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3796 /prefetch:8
                      3⤵
                        PID:4360
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4600 /prefetch:8
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:452
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
                        3⤵
                          PID:4016
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                          3⤵
                            PID:2312
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff6fdfc5460,0x7ff6fdfc5470,0x7ff6fdfc5480
                              4⤵
                                PID:3804
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
                              3⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1536
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
                              3⤵
                                PID:3340
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
                                3⤵
                                  PID:4396
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
                                  3⤵
                                    PID:5400
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
                                    3⤵
                                      PID:5408
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
                                      3⤵
                                        PID:5832
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
                                        3⤵
                                          PID:6136
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
                                          3⤵
                                            PID:5292
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
                                            3⤵
                                              PID:5764
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
                                              3⤵
                                                PID:2836
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
                                                3⤵
                                                  PID:1020
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
                                                  3⤵
                                                    PID:5324
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6924 /prefetch:8
                                                    3⤵
                                                      PID:5260
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7212 /prefetch:8
                                                      3⤵
                                                        PID:5708
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7356 /prefetch:8
                                                        3⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:6000
                                                      • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                        "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
                                                        3⤵
                                                        • Executes dropped EXE
                                                        • Checks whether UAC is enabled
                                                        • Drops file in Program Files directory
                                                        • System Location Discovery: System Language Discovery
                                                        • Enumerates system info in registry
                                                        • Modifies Internet Explorer settings
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:4532
                                                        • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc_temp\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                          MicrosoftEdgeWebview2Setup.exe /silent /install
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Drops file in Program Files directory
                                                          • System Location Discovery: System Language Discovery
                                                          PID:1696
                                                          • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\MicrosoftEdgeUpdate.exe
                                                            "C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                            5⤵
                                                            • Event Triggered Execution: Image File Execution Options Injection
                                                            • Checks computer location settings
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Checks system information in the registry
                                                            • System Location Discovery: System Language Discovery
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:4476
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                              6⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • System Location Discovery: System Language Discovery
                                                              • Modifies registry class
                                                              PID:1004
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                              6⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • System Location Discovery: System Language Discovery
                                                              • Modifies registry class
                                                              PID:6076
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                7⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Modifies registry class
                                                                PID:5984
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                7⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Modifies registry class
                                                                PID:4580
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                7⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Modifies registry class
                                                                PID:2492
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODNFRjc2QTAtMjFFOS00QTg2LTgxMkEtNjUzMUIwNkQyQzUwfSIgdXNlcmlkPSJ7MzRGMUE2N0UtQjdFOC00RjM5LTg2MDItMjE3REU1NUQ5QTc5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1NkVDNzc0OS1CQUY2LTQ4NzgtQUNDMy1BMkNFRDJDM0M2MTB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQ3LjM3IiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjA1MDkwOTE3NyIgaW5zdGFsbF90aW1lX21zPSI1NjMiLz48L2FwcD48L3JlcXVlc3Q-
                                                              6⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • Checks system information in the registry
                                                              • System Location Discovery: System Language Discovery
                                                              • System Network Configuration Discovery: Internet Connection Discovery
                                                              PID:5744
                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{83EF76A0-21E9-4A86-812A-6531B06D2C50}" /silent
                                                              6⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              • System Location Discovery: System Language Discovery
                                                              PID:5020
                                                        • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe
                                                          "C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 4532
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Suspicious use of NtCreateThreadExHideFromDebugger
                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious use of UnmapMainImage
                                                          PID:2544
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6800 /prefetch:2
                                                        3⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:2752
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
                                                        3⤵
                                                          PID:5596
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
                                                          3⤵
                                                            PID:5264
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
                                                            3⤵
                                                              PID:6028
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
                                                              3⤵
                                                                PID:3088
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
                                                                3⤵
                                                                  PID:2004
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
                                                                  3⤵
                                                                    PID:1584
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
                                                                    3⤵
                                                                      PID:4264
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5616 /prefetch:8
                                                                      3⤵
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:1960
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1
                                                                      3⤵
                                                                        PID:1568
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
                                                                        3⤵
                                                                          PID:5912
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
                                                                          3⤵
                                                                            PID:3120
                                                                          • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe
                                                                            "C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:izlk1TOyLE9CafIk3lX4kS_oLedIwaQJrNv5SlTOX2qOPCsHxASlQedZ6vKk5jowHc_P1SkYywnkffvGp1SLVbY_pfXHAn7GPP4h86XKYrNpHPD0BJLWxIFt2-AemzXd-9kgsguA09t4cJIh0Y4EAWFYhjZiouJU3_rJrTQ7-EwnGdeM3n0xMjS4Wh5lF9NAkrV3b692-94q-A0Al3GL08E7C1yLQn9mBosHB-UNt5Q+launchtime:1731015186846+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1731014825254003%26placeId%3D6872265039%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dbbcc3044-8263-4df0-83ce-6cfbe7d5bc90%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1731014825254003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                                            3⤵
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            • Suspicious use of UnmapMainImage
                                                                            PID:3084
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:1
                                                                            3⤵
                                                                              PID:1104
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6496 /prefetch:8
                                                                              3⤵
                                                                                PID:4236
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2732 /prefetch:8
                                                                                3⤵
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:3760
                                                                              • C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe
                                                                                "C:\Users\Admin\Downloads\RobloxPlayerInstaller (1).exe"
                                                                                3⤵
                                                                                • Executes dropped EXE
                                                                                • Checks whether UAC is enabled
                                                                                • Drops file in Program Files directory
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Enumerates system info in registry
                                                                                • Modifies Internet Explorer settings
                                                                                • Modifies registry class
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:1472
                                                                                • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe
                                                                                  "C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 1472
                                                                                  4⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  • Suspicious use of UnmapMainImage
                                                                                  PID:3416
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                                                                                3⤵
                                                                                  PID:5380
                                                                                • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe
                                                                                  "C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:W1ygrq-A3pVLVH9Om2FqJ_N8uMIt1o7z5cFcApANX4iFsKlvY-vGG230QEFxPCT7jANKc1wGayIB7Wzd1LqkIfWabMlYQBNbYOGZNMhVsOtuKgHqRlhrdTJ4ZRMszMdaAAl-8OrXtgJTwNFb05vVPmw7bGVUGjl4VZvtSkyKU9cbLmM5G9TFi922C5rnwkshBbkZoyfwkp_SzDGRHTaZi6nn4tgXJsKSNL0NRD9xBpY+launchtime:1731015186846+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1731014825254003%26placeId%3D6872265039%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dbbcc3044-8263-4df0-83ce-6cfbe7d5bc90%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1731014825254003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  • Suspicious use of UnmapMainImage
                                                                                  PID:2692
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
                                                                                  3⤵
                                                                                    PID:4352
                                                                                  • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe
                                                                                    "C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:HacH85vvv73QomyjC5y_iIy0kZEHkrxEf-fKGAJJKug2PIKY-3yqNwK-TZWVmDrl1S7GVUdCa_ZXh6agBBmHC3pAESx0NkSaU6LUleZjlVA_OSpczRsc1MhIxdGO5xoLkwsLVg74Lb2vojFd2dFTdMGzH376XSevkFae1xItvbE-ClxHFbhZGfsyASPpeMd5lsLNRk4HPb5fCsE4quxIjvm6TSo2UXK4GL3zZt5j5IA+launchtime:1731015186846+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1731014825254003%26placeId%3D6872265039%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dbbcc3044-8263-4df0-83ce-6cfbe7d5bc90%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1731014825254003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                                                    3⤵
                                                                                    • Executes dropped EXE
                                                                                    • Loads dropped DLL
                                                                                    • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious use of UnmapMainImage
                                                                                    PID:4900
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
                                                                                    3⤵
                                                                                      PID:1044
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
                                                                                      3⤵
                                                                                        PID:2956
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
                                                                                        3⤵
                                                                                          PID:5348
                                                                                        • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe
                                                                                          "C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:sog8dV2oUdkeDEc_xa9JDk3GvgedVvcgRImBK3G39lRCBoPhtuw2w1OCUI-5r6mzesgIwq6T2V9Da6CahE8crszcB0EjmCGESpaRH3vZpvs4v53Xs_NdkKc89wifrN3P_Ts3BN5sQ-Gp8yVgG42arkTkn1yduNVkXsSycNFkQ_xCk0GFXZNIWvdvsT-QdtOddUV79kJ1XzrRsynkmwsCQ437LuoGII-yvBHNPk_9t80+launchtime:1731015186846+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1731014825254003%26placeId%3D6872265039%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dbbcc3044-8263-4df0-83ce-6cfbe7d5bc90%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1731014825254003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          • Loads dropped DLL
                                                                                          • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          • Suspicious use of UnmapMainImage
                                                                                          PID:5676
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
                                                                                          3⤵
                                                                                            PID:4612
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
                                                                                            3⤵
                                                                                              PID:1044
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
                                                                                              3⤵
                                                                                                PID:5640
                                                                                              • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe
                                                                                                "C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:6qYygMLhCvX9HCgMiuUocuzCQUSAVO2ISWP-mz8JOxbOlCxJ7c02rUXJ-RJWR8SeXZV0tBlwJEaKefLdFDki2M5a4r_sJsvojrNiEHBwaTw0itS1Csr9_XptIwm_p2B9s1L01Gf42ZmzbMDNH4G0AQiA5aKRxuhAOcxIjYFrp9pI1WnMEf0za49WXcGzWTdd1A-_eGxTwghzcR7Xsjuqq8GTYAVx7rZ-zVqmCPhFv74+launchtime:1731015186846+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1731014825254003%26placeId%3D6872265039%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dbbcc3044-8263-4df0-83ce-6cfbe7d5bc90%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1731014825254003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                                                                3⤵
                                                                                                • Executes dropped EXE
                                                                                                • Loads dropped DLL
                                                                                                • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                • Suspicious use of UnmapMainImage
                                                                                                PID:4752
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
                                                                                                3⤵
                                                                                                  PID:1972
                                                                                                • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe
                                                                                                  "C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:qlF9O3A_YQiJwHQHhZ2HDsoa2dBz1XSj48yhKUj6XEJ9ZuAjOHnmfJy8O6z7_m43U5tCWH5T-KT8_yCU1wNPGE-1Yx9TIYQ5xlki76lz66iEBkO9q1rbWhalRAFpN28HSOmlEQ0d8zJcQVKtxMfZite3dznIVKiqcJWGS18PCOv1JUkPWS7oMTZI4zBIGMnbvxcAVcvlWtNN6vaqUvPybrZqyuKQs2ZDvdlxs2ibtgQ+launchtime:1731015186846+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1731014825254003%26placeId%3D6872265039%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dbbcc3044-8263-4df0-83ce-6cfbe7d5bc90%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1731014825254003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Loads dropped DLL
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  • Suspicious use of UnmapMainImage
                                                                                                  PID:888
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
                                                                                                  3⤵
                                                                                                    PID:4452
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
                                                                                                    3⤵
                                                                                                      PID:2836
                                                                                                    • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe
                                                                                                      "C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:IK4VYPUWQ5IKRH7izBX_VPc5alIaxJl2-0uT32hKoSazx04Yvlq2Ni7l9-e6KtoPkey5uS7F_p7MnDczygNaNU4SILDCCQIDjauUurC3Vj1CHR3_Xv9MrHJ7dLLM0j7Nu6WCbnTIQEJDkbQvLSCESJBA4Nmfgtg5hLPNpr9cVjw-jQvmTRLCIllWPYw984584kBj0EkcYIJr0aRBfq80qIeCRyThIwRhz8kbsJQ4nLc+launchtime:1731015186846+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1731014825254003%26placeId%3D6872265039%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Dbbcc3044-8263-4df0-83ce-6cfbe7d5bc90%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1731014825254003+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:5332
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
                                                                                                      3⤵
                                                                                                        PID:5988
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
                                                                                                        3⤵
                                                                                                          PID:2460
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1320 /prefetch:1
                                                                                                          3⤵
                                                                                                            PID:5704
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
                                                                                                            3⤵
                                                                                                              PID:3760
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                                                                                                              3⤵
                                                                                                                PID:4556
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11352925954740384101,2540243416914208548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
                                                                                                                3⤵
                                                                                                                  PID:4268
                                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                              1⤵
                                                                                                                PID:5020
                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                1⤵
                                                                                                                  PID:3804
                                                                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                                  1⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • Loads dropped DLL
                                                                                                                  • Checks system information in the registry
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  • Modifies data under HKEY_USERS
                                                                                                                  PID:1116
                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODNFRjc2QTAtMjFFOS00QTg2LTgxMkEtNjUzMUIwNkQyQzUwfSIgdXNlcmlkPSJ7MzRGMUE2N0UtQjdFOC00RjM5LTg2MDItMjE3REU1NUQ5QTc5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3RkVGNERCOC1GMkMyLTQyOTUtQjc0RS05NTNCNzFFNjUyNDB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MDU1OTY5MDI5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                                                                    2⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Loads dropped DLL
                                                                                                                    • Checks system information in the registry
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                    PID:6064
                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BEEE6B67-E24D-4AEC-ABC5-D075CCB78B17}\MicrosoftEdge_X64_130.0.2849.56.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BEEE6B67-E24D-4AEC-ABC5-D075CCB78B17}\MicrosoftEdge_X64_130.0.2849.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                                    2⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    PID:2004
                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BEEE6B67-E24D-4AEC-ABC5-D075CCB78B17}\EDGEMITMP_9EAD3.tmp\setup.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BEEE6B67-E24D-4AEC-ABC5-D075CCB78B17}\EDGEMITMP_9EAD3.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BEEE6B67-E24D-4AEC-ABC5-D075CCB78B17}\MicrosoftEdge_X64_130.0.2849.56.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                                                                      3⤵
                                                                                                                      • Checks computer location settings
                                                                                                                      • Executes dropped EXE
                                                                                                                      • Drops file in Program Files directory
                                                                                                                      • Drops file in Windows directory
                                                                                                                      PID:4084
                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BEEE6B67-E24D-4AEC-ABC5-D075CCB78B17}\EDGEMITMP_9EAD3.tmp\setup.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BEEE6B67-E24D-4AEC-ABC5-D075CCB78B17}\EDGEMITMP_9EAD3.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BEEE6B67-E24D-4AEC-ABC5-D075CCB78B17}\EDGEMITMP_9EAD3.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.56 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff65debd730,0x7ff65debd73c,0x7ff65debd748
                                                                                                                        4⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Drops file in Windows directory
                                                                                                                        PID:3492
                                                                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODNFRjc2QTAtMjFFOS00QTg2LTgxMkEtNjUzMUIwNkQyQzUwfSIgdXNlcmlkPSJ7MzRGMUE2N0UtQjdFOC00RjM5LTg2MDItMjE3REU1NUQ5QTc5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1MzBFRjE2Mi1FNjhBLTRERkItODg4Ri0yQjU3M0I4OEM0N0R9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMC4wLjI4NDkuNTYiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjYwNzAyMDk1NzMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2MDcwMzI5Mjc1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzA1MzUzODk5OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMzQ2YWQ5ZDEtNzQ2ZS00NWM3LThmZTAtZDZjODdhNzNhMjYxP1AxPTE3MzE2MTk2ODImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9QzlmYTU4cjQ5QnB4T1hKTFJZeEQzOUlZMjl6JTJmNU9hbE1DaDBsb0ZUOG8wJTJiZHFMWkJneXduMktWVSUyYlA1UmppSVdWRU1TREdQWlFvSmFDdU8lMmJUU3VpQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NDkzMzYwMCIgdG90YWw9IjE3NDkzMzYwMCIgZG93bmxvYWRfdGltZV9tcz0iOTEyNzEiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MDUzNjY5MzAzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzA2ODg2OTExMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzY3OTI4OTM4MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijc3OSIgZG93bmxvYWRfdGltZV9tcz0iOTgzMTUiIGRvd25sb2FkZWQ9IjE3NDkzMzYwMCIgdG90YWw9IjE3NDkzMzYwMCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNjEwNDAiLz48L2FwcD48L3JlcXVlc3Q-
                                                                                                                    2⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Loads dropped DLL
                                                                                                                    • Checks system information in the registry
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                    PID:5956
                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
                                                                                                                  1⤵
                                                                                                                    PID:5856
                                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                                    C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                                                                                                                    1⤵
                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                    PID:1948
                                                                                                                  • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe
                                                                                                                    "C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc\RobloxPlayerBeta.exe"
                                                                                                                    1⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Loads dropped DLL
                                                                                                                    • Suspicious use of NtCreateThreadExHideFromDebugger
                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                    • Suspicious use of UnmapMainImage
                                                                                                                    PID:4476
                                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                    1⤵
                                                                                                                      PID:5924
                                                                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                                                                      1⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      • Loads dropped DLL
                                                                                                                      • Checks system information in the registry
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                      PID:4140
                                                                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                                                                      C:\Windows\system32\AUDIODG.EXE 0x48c 0x16c
                                                                                                                      1⤵
                                                                                                                        PID:2540
                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                                                                        1⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Loads dropped DLL
                                                                                                                        • Checks system information in the registry
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        • Modifies data under HKEY_USERS
                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                        PID:4868
                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83AF6DAB-3BAF-4353-9511-23CB1A8E97F7}\MicrosoftEdgeUpdateSetup_X86_1.3.195.31.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{83AF6DAB-3BAF-4353-9511-23CB1A8E97F7}\MicrosoftEdgeUpdateSetup_X86_1.3.195.31.exe" /update /sessionid "{BF0D58B9-9133-4C91-BB67-9A2DC715C011}"
                                                                                                                          2⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Drops file in Program Files directory
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:5168
                                                                                                                          • C:\Program Files (x86)\Microsoft\Temp\EU337D.tmp\MicrosoftEdgeUpdate.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Temp\EU337D.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{BF0D58B9-9133-4C91-BB67-9A2DC715C011}"
                                                                                                                            3⤵
                                                                                                                            • Event Triggered Execution: Image File Execution Options Injection
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Loads dropped DLL
                                                                                                                            • Checks system information in the registry
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                            PID:1084
                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                                                                                              4⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Loads dropped DLL
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              • Modifies registry class
                                                                                                                              PID:1008
                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                                                                                              4⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Loads dropped DLL
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              • Modifies registry class
                                                                                                                              PID:2508
                                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                5⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Loads dropped DLL
                                                                                                                                • Modifies registry class
                                                                                                                                PID:5156
                                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                5⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Loads dropped DLL
                                                                                                                                • Modifies registry class
                                                                                                                                PID:3452
                                                                                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                                                                                                5⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                • Loads dropped DLL
                                                                                                                                • Modifies registry class
                                                                                                                                PID:5788
                                                                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QkYwRDU4QjktOTEzMy00QzkxLUJCNjctOUEyREM3MTVDMDExfSIgdXNlcmlkPSJ7MzRGMUE2N0UtQjdFOC00RjM5LTg2MDItMjE3REU1NUQ5QTc5fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7REU5Mzc0QTMtOEM4Qy00MzIwLTlBOTktQTRGOEQ2OEI4RkJBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4zMSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTczMTAxNDg3OCI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTc4MDIxMjMyOCIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                              4⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Loads dropped DLL
                                                                                                                              • Checks system information in the registry
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                              PID:4792
                                                                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QkYwRDU4QjktOTEzMy00QzkxLUJCNjctOUEyREM3MTVDMDExfSIgdXNlcmlkPSJ7MzRGMUE2N0UtQjdFOC00RjM5LTg2MDItMjE3REU1NUQ5QTc5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGRDUxMzJEMy0xMDQ1LTRGMjYtQkY2Ri05RUEwMTU5Nzk0MDl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjMxIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTQyNDU4MjAyNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NDI0NzMyMTExIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NzQyNTMyMjA1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNDllMGVjNjYtZDA3ZS00OTg4LTk0OWQtYjdkNzliNjE5OGM1P1AxPTE3MzE2MjAwMTgmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9QUtqS3ozaWtBYVk2U09BWlNKNk1HYkc4OTNSeVVOJTJicUVON01JYkZ6TVNGc3IwRGhWcnhmQmgwVSUyYkdJbkQzUTYweDE2Sm9MOWpwbDdURk9mTiUyZklhTWclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NzQyNTYyMDU0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy80OWUwZWM2Ni1kMDdlLTQ5ODgtOTQ5ZC1iN2Q3OWI2MTk4YzU_UDE9MTczMTYyMDAxOCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1BS2pLejNpa0FhWTZTT0FaU0o2TUdiRzg5M1J5VU4lMmJxRU43TUliRnpNU0ZzcjBEaFZyeGZCaDBVJTJiR0luRDNRNjB4MTZKb0w5anBsN1RGT2ZOJTJmSWFNZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2Mzc0NDgiIHRvdGFsPSIxNjM3NDQ4IiBkb3dubG9hZF90aW1lX21zPSIyNzMzNiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NzQyNjEyMDM4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk3NDc4NjI0MDIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSIxNSIgcmQ9IjY1MDUiIHBpbmdfZnJlc2huZXNzPSJ7RTg3MTc2NDktQUNEMy00NjFDLUEwN0EtNEI2MjhCQkM5ODg3fSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM3NTQ4ODM5NzU1NzEzNzAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSIxNSIgcj0iMTUiIGFkPSI2NTA1IiByZD0iNjUwNSIgcGluZ19mcmVzaG5lc3M9InsyMEMzNkYwRC0zMEU5LTQxRDktODAxRS1FOUQyQjY4MERBMTF9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMC4wLjI4NDkuNTYiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjUxNyI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezdGMjg2RDFGLTgwQTAtNDJFNy04NjJFLTNBNjNEODk1RkM5Rn0iLz48L2FwcD48L3JlcXVlc3Q-
                                                                                                                          2⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Loads dropped DLL
                                                                                                                          • Checks system information in the registry
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          • System Network Configuration Discovery: Internet Connection Discovery
                                                                                                                          PID:3332
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:5348
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                          1⤵
                                                                                                                          • Modifies Internet Explorer settings
                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                          PID:4060
                                                                                                                        • C:\Windows\System32\oobe\UserOOBEBroker.exe
                                                                                                                          C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
                                                                                                                          1⤵
                                                                                                                          • Drops file in Windows directory
                                                                                                                          PID:5472
                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                                                                                          C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                                                                                          1⤵
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:5732
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
                                                                                                                          1⤵
                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                          PID:3300
                                                                                                                        • C:\Windows\System32\SecurityHealthHost.exe
                                                                                                                          C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
                                                                                                                          1⤵
                                                                                                                            PID:2320
                                                                                                                          • C:\Windows\System32\SecurityHealthHost.exe
                                                                                                                            C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
                                                                                                                            1⤵
                                                                                                                              PID:5996
                                                                                                                            • C:\Windows\System32\SecurityHealthHost.exe
                                                                                                                              C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
                                                                                                                              1⤵
                                                                                                                                PID:4740
                                                                                                                              • C:\Windows\System32\SecurityHealthHost.exe
                                                                                                                                C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
                                                                                                                                1⤵
                                                                                                                                  PID:4712
                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                                                                                                  C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                                                                                                  1⤵
                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                  PID:2600
                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
                                                                                                                                  1⤵
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  PID:6100
                                                                                                                                • C:\Windows\System32\SecurityHealthHost.exe
                                                                                                                                  C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
                                                                                                                                  1⤵
                                                                                                                                    PID:2364
                                                                                                                                  • C:\Windows\System32\SecurityHealthHost.exe
                                                                                                                                    C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
                                                                                                                                    1⤵
                                                                                                                                      PID:5624
                                                                                                                                    • C:\Windows\System32\SecurityHealthHost.exe
                                                                                                                                      C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
                                                                                                                                      1⤵
                                                                                                                                        PID:5804

                                                                                                                                      Network

                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                      Replay Monitor

                                                                                                                                      Loading Replay Monitor...

                                                                                                                                      Downloads

                                                                                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.31\MicrosoftEdgeUpdateSetup_X86_1.3.195.31.exe
                                                                                                                                        Filesize

                                                                                                                                        1.6MB

                                                                                                                                        MD5

                                                                                                                                        96da7b3dc4fb1d5dcf2c417ee046f447

                                                                                                                                        SHA1

                                                                                                                                        e84a715aa7484e56c9f33d05da3bfa1ca0f1387b

                                                                                                                                        SHA256

                                                                                                                                        44487270c94902abed843606f7dd7b10923abbecce86c1cd85b3f25156eb60da

                                                                                                                                        SHA512

                                                                                                                                        8630835de1a5952e57b9c0db112854050145ca923018985984cca60003b986314f60146eba54ab52933f600ef7d61949f254627c0fd5459b724315968685d733

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\EdgeUpdate.dat
                                                                                                                                        Filesize

                                                                                                                                        12KB

                                                                                                                                        MD5

                                                                                                                                        369bbc37cff290adb8963dc5e518b9b8

                                                                                                                                        SHA1

                                                                                                                                        de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                                                                                                                        SHA256

                                                                                                                                        3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                                                                                                                        SHA512

                                                                                                                                        4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                                                                                                                        Filesize

                                                                                                                                        179KB

                                                                                                                                        MD5

                                                                                                                                        7a160c6016922713345454265807f08d

                                                                                                                                        SHA1

                                                                                                                                        e36ee184edd449252eb2dfd3016d5b0d2edad3c6

                                                                                                                                        SHA256

                                                                                                                                        35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

                                                                                                                                        SHA512

                                                                                                                                        c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\MicrosoftEdgeUpdate.exe
                                                                                                                                        Filesize

                                                                                                                                        201KB

                                                                                                                                        MD5

                                                                                                                                        4dc57ab56e37cd05e81f0d8aaafc5179

                                                                                                                                        SHA1

                                                                                                                                        494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                                                                                                        SHA256

                                                                                                                                        87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                                                                                                        SHA512

                                                                                                                                        320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                                                                                        Filesize

                                                                                                                                        212KB

                                                                                                                                        MD5

                                                                                                                                        60dba9b06b56e58f5aea1a4149c743d2

                                                                                                                                        SHA1

                                                                                                                                        a7e456acf64dd99ca30259cf45b88cf2515a69b3

                                                                                                                                        SHA256

                                                                                                                                        4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

                                                                                                                                        SHA512

                                                                                                                                        e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\MicrosoftEdgeUpdateCore.exe
                                                                                                                                        Filesize

                                                                                                                                        257KB

                                                                                                                                        MD5

                                                                                                                                        c044dcfa4d518df8fc9d4a161d49cece

                                                                                                                                        SHA1

                                                                                                                                        91bd4e933b22c010454fd6d3e3b042ab6e8b2149

                                                                                                                                        SHA256

                                                                                                                                        9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

                                                                                                                                        SHA512

                                                                                                                                        f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\NOTICE.TXT
                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        MD5

                                                                                                                                        6dd5bf0743f2366a0bdd37e302783bcd

                                                                                                                                        SHA1

                                                                                                                                        e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                                                                                                                        SHA256

                                                                                                                                        91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                                                                                                                        SHA512

                                                                                                                                        f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdate.dll
                                                                                                                                        Filesize

                                                                                                                                        2.0MB

                                                                                                                                        MD5

                                                                                                                                        965b3af7886e7bf6584488658c050ca2

                                                                                                                                        SHA1

                                                                                                                                        72daabdde7cd500c483d0eeecb1bd19708f8e4a5

                                                                                                                                        SHA256

                                                                                                                                        d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

                                                                                                                                        SHA512

                                                                                                                                        1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_af.dll
                                                                                                                                        Filesize

                                                                                                                                        28KB

                                                                                                                                        MD5

                                                                                                                                        567aec2d42d02675eb515bbd852be7db

                                                                                                                                        SHA1

                                                                                                                                        66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

                                                                                                                                        SHA256

                                                                                                                                        a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

                                                                                                                                        SHA512

                                                                                                                                        3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_am.dll
                                                                                                                                        Filesize

                                                                                                                                        24KB

                                                                                                                                        MD5

                                                                                                                                        f6c1324070b6c4e2a8f8921652bfbdfa

                                                                                                                                        SHA1

                                                                                                                                        988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

                                                                                                                                        SHA256

                                                                                                                                        986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

                                                                                                                                        SHA512

                                                                                                                                        63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_ar.dll
                                                                                                                                        Filesize

                                                                                                                                        26KB

                                                                                                                                        MD5

                                                                                                                                        570efe7aa117a1f98c7a682f8112cb6d

                                                                                                                                        SHA1

                                                                                                                                        536e7c49e24e9aa068a021a8f258e3e4e69fa64f

                                                                                                                                        SHA256

                                                                                                                                        e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

                                                                                                                                        SHA512

                                                                                                                                        5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_as.dll
                                                                                                                                        Filesize

                                                                                                                                        28KB

                                                                                                                                        MD5

                                                                                                                                        a8d3210e34bf6f63a35590245c16bc1b

                                                                                                                                        SHA1

                                                                                                                                        f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

                                                                                                                                        SHA256

                                                                                                                                        3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

                                                                                                                                        SHA512

                                                                                                                                        6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_az.dll
                                                                                                                                        Filesize

                                                                                                                                        29KB

                                                                                                                                        MD5

                                                                                                                                        7937c407ebe21170daf0975779f1aa49

                                                                                                                                        SHA1

                                                                                                                                        4c2a40e76209abd2492dfaaf65ef24de72291346

                                                                                                                                        SHA256

                                                                                                                                        5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

                                                                                                                                        SHA512

                                                                                                                                        8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_bg.dll
                                                                                                                                        Filesize

                                                                                                                                        29KB

                                                                                                                                        MD5

                                                                                                                                        8375b1b756b2a74a12def575351e6bbd

                                                                                                                                        SHA1

                                                                                                                                        802ec096425dc1cab723d4cf2fd1a868315d3727

                                                                                                                                        SHA256

                                                                                                                                        a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

                                                                                                                                        SHA512

                                                                                                                                        aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_bn-IN.dll
                                                                                                                                        Filesize

                                                                                                                                        29KB

                                                                                                                                        MD5

                                                                                                                                        a94cf5e8b1708a43393263a33e739edd

                                                                                                                                        SHA1

                                                                                                                                        1068868bdc271a52aaae6f749028ed3170b09cce

                                                                                                                                        SHA256

                                                                                                                                        5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

                                                                                                                                        SHA512

                                                                                                                                        920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_bn.dll
                                                                                                                                        Filesize

                                                                                                                                        29KB

                                                                                                                                        MD5

                                                                                                                                        7dc58c4e27eaf84ae9984cff2cc16235

                                                                                                                                        SHA1

                                                                                                                                        3f53499ddc487658932a8c2bcf562ba32afd3bda

                                                                                                                                        SHA256

                                                                                                                                        e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

                                                                                                                                        SHA512

                                                                                                                                        bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_bs.dll
                                                                                                                                        Filesize

                                                                                                                                        28KB

                                                                                                                                        MD5

                                                                                                                                        e338dccaa43962697db9f67e0265a3fc

                                                                                                                                        SHA1

                                                                                                                                        4c6c327efc12d21c4299df7b97bf2c45840e0d83

                                                                                                                                        SHA256

                                                                                                                                        99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

                                                                                                                                        SHA512

                                                                                                                                        e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                                                                                                                                        Filesize

                                                                                                                                        29KB

                                                                                                                                        MD5

                                                                                                                                        2929e8d496d95739f207b9f59b13f925

                                                                                                                                        SHA1

                                                                                                                                        7c1c574194d9e31ca91e2a21a5c671e5e95c734c

                                                                                                                                        SHA256

                                                                                                                                        2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

                                                                                                                                        SHA512

                                                                                                                                        ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_ca.dll
                                                                                                                                        Filesize

                                                                                                                                        30KB

                                                                                                                                        MD5

                                                                                                                                        39551d8d284c108a17dc5f74a7084bb5

                                                                                                                                        SHA1

                                                                                                                                        6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

                                                                                                                                        SHA256

                                                                                                                                        8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

                                                                                                                                        SHA512

                                                                                                                                        6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_cs.dll
                                                                                                                                        Filesize

                                                                                                                                        28KB

                                                                                                                                        MD5

                                                                                                                                        16c84ad1222284f40968a851f541d6bb

                                                                                                                                        SHA1

                                                                                                                                        bc26d50e15ccaed6a5fbe801943117269b3b8e6b

                                                                                                                                        SHA256

                                                                                                                                        e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

                                                                                                                                        SHA512

                                                                                                                                        d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_cy.dll
                                                                                                                                        Filesize

                                                                                                                                        28KB

                                                                                                                                        MD5

                                                                                                                                        34d991980016595b803d212dc356d765

                                                                                                                                        SHA1

                                                                                                                                        e3a35df6488c3463c2a7adf89029e1dd8308f816

                                                                                                                                        SHA256

                                                                                                                                        252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

                                                                                                                                        SHA512

                                                                                                                                        8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_da.dll
                                                                                                                                        Filesize

                                                                                                                                        28KB

                                                                                                                                        MD5

                                                                                                                                        d34380d302b16eab40d5b63cfb4ed0fe

                                                                                                                                        SHA1

                                                                                                                                        1d3047119e353a55dc215666f2b7b69f0ede775b

                                                                                                                                        SHA256

                                                                                                                                        fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

                                                                                                                                        SHA512

                                                                                                                                        45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_de.dll
                                                                                                                                        Filesize

                                                                                                                                        30KB

                                                                                                                                        MD5

                                                                                                                                        aab01f0d7bdc51b190f27ce58701c1da

                                                                                                                                        SHA1

                                                                                                                                        1a21aabab0875651efd974100a81cda52c462997

                                                                                                                                        SHA256

                                                                                                                                        061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

                                                                                                                                        SHA512

                                                                                                                                        5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_el.dll
                                                                                                                                        Filesize

                                                                                                                                        30KB

                                                                                                                                        MD5

                                                                                                                                        ac275b6e825c3bd87d96b52eac36c0f6

                                                                                                                                        SHA1

                                                                                                                                        29e537d81f5d997285b62cd2efea088c3284d18f

                                                                                                                                        SHA256

                                                                                                                                        223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

                                                                                                                                        SHA512

                                                                                                                                        bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_en-GB.dll
                                                                                                                                        Filesize

                                                                                                                                        27KB

                                                                                                                                        MD5

                                                                                                                                        d749e093f263244d276b6ffcf4ef4b42

                                                                                                                                        SHA1

                                                                                                                                        69f024c769632cdbb019943552bac5281d4cbe05

                                                                                                                                        SHA256

                                                                                                                                        fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

                                                                                                                                        SHA512

                                                                                                                                        48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Microsoft\Temp\EU893B.tmp\msedgeupdateres_en.dll
                                                                                                                                        Filesize

                                                                                                                                        27KB

                                                                                                                                        MD5

                                                                                                                                        4a1e3cf488e998ef4d22ac25ccc520a5

                                                                                                                                        SHA1

                                                                                                                                        dc568a6e3c9465474ef0d761581c733b3371b1cd

                                                                                                                                        SHA256

                                                                                                                                        9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

                                                                                                                                        SHA512

                                                                                                                                        ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe
                                                                                                                                        Filesize

                                                                                                                                        6.7MB

                                                                                                                                        MD5

                                                                                                                                        3ce67509dc5518ed68a5689739774588

                                                                                                                                        SHA1

                                                                                                                                        00399c8ae50279d8c1fbe019572f2f14271325ee

                                                                                                                                        SHA256

                                                                                                                                        cabe8ea571b71a2f1d47014463c4f3593a2a932595b6835e32ebe0ec0a6482ee

                                                                                                                                        SHA512

                                                                                                                                        b5bfbe751d10674ba2eb34fd905b9e74059213891fdcba87123d8c5cd8011c829fe166679775ef1bac9859bf772e6b828b21db6a3398a3917822a166da4b7d13

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Program Files (x86)\Roblox\Versions\version-0c1a10704cb043cc_temp\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                                                                                                        Filesize

                                                                                                                                        1.5MB

                                                                                                                                        MD5

                                                                                                                                        610b1b60dc8729bad759c92f82ee2804

                                                                                                                                        SHA1

                                                                                                                                        9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

                                                                                                                                        SHA256

                                                                                                                                        921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

                                                                                                                                        SHA512

                                                                                                                                        0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

                                                                                                                                        Download Submit

                                                                                                                                      • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                                                                                                        Filesize

                                                                                                                                        101KB

                                                                                                                                        MD5

                                                                                                                                        b3e32e8b703d3438466ca617339669d1

                                                                                                                                        SHA1

                                                                                                                                        57fa21ab2e6e9b6131efeddc9e2ab68dfd565c7c

                                                                                                                                        SHA256

                                                                                                                                        e836cda770d3c3869172f4dad7370f6d89207e5e6a7b73b59466f4244ed99c16

                                                                                                                                        SHA512

                                                                                                                                        c679fe9b829b9f74cf48b06c4cf5931c6c140513e5c43cf18fe4965766b9346659a1a37248c97106d92f75980767f0cab726d03a1450dd34e66859f7a0423f1a

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                        Filesize

                                                                                                                                        152B

                                                                                                                                        MD5

                                                                                                                                        cc10dc6ba36bad31b4268762731a6c81

                                                                                                                                        SHA1

                                                                                                                                        9694d2aa8b119d674c27a1cfcaaf14ade8704e63

                                                                                                                                        SHA256

                                                                                                                                        d0d1f405097849f8203095f0d591e113145b1ce99df0545770138d772df4997f

                                                                                                                                        SHA512

                                                                                                                                        0ed193fdcc3f625221293bfd6af3132a5ce7d87138cd7df5e4b89353c89e237c1ff81920a2b17b7e0047f2cc8b2a976f667c7f12b0dcc273ddc3b4c8323b1b56

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                        Filesize

                                                                                                                                        152B

                                                                                                                                        MD5

                                                                                                                                        467bc167b06cdf2998f79460b98fa8f6

                                                                                                                                        SHA1

                                                                                                                                        a66fc2b411b31cb853195013d4677f4a2e5b6d11

                                                                                                                                        SHA256

                                                                                                                                        3b19522cb9ce73332fa1c357c6138b97b928545d38d162733eba68c8c5e604bd

                                                                                                                                        SHA512

                                                                                                                                        0eb63e6cacbec78b434d976fa2fb6fb44b1f9bc31001857c9bcb68c041bb52df30fbc7e1353f81d336b8a716821876fcacf3b32a107b16cec217c3d5d9621286

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
                                                                                                                                        Filesize

                                                                                                                                        64KB

                                                                                                                                        MD5

                                                                                                                                        d6b36c7d4b06f140f860ddc91a4c659c

                                                                                                                                        SHA1

                                                                                                                                        ccf16571637b8d3e4c9423688c5bd06167bfb9e9

                                                                                                                                        SHA256

                                                                                                                                        34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

                                                                                                                                        SHA512

                                                                                                                                        2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
                                                                                                                                        Filesize

                                                                                                                                        70KB

                                                                                                                                        MD5

                                                                                                                                        807dda2eb77b3df60f0d790fb1e4365e

                                                                                                                                        SHA1

                                                                                                                                        e313de651b857963c9ab70154b0074edb0335ef4

                                                                                                                                        SHA256

                                                                                                                                        75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc

                                                                                                                                        SHA512

                                                                                                                                        36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
                                                                                                                                        Filesize

                                                                                                                                        19KB

                                                                                                                                        MD5

                                                                                                                                        76a3f1e9a452564e0f8dce6c0ee111e8

                                                                                                                                        SHA1

                                                                                                                                        11c3d925cbc1a52d53584fd8606f8f713aa59114

                                                                                                                                        SHA256

                                                                                                                                        381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

                                                                                                                                        SHA512

                                                                                                                                        a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
                                                                                                                                        Filesize

                                                                                                                                        63KB

                                                                                                                                        MD5

                                                                                                                                        710d7637cc7e21b62fd3efe6aba1fd27

                                                                                                                                        SHA1

                                                                                                                                        8645d6b137064c7b38e10c736724e17787db6cf3

                                                                                                                                        SHA256

                                                                                                                                        c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

                                                                                                                                        SHA512

                                                                                                                                        19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
                                                                                                                                        Filesize

                                                                                                                                        103KB

                                                                                                                                        MD5

                                                                                                                                        f2dcbb1f3153e72e5f9335a4776bb51d

                                                                                                                                        SHA1

                                                                                                                                        fcf76e5002b9aa519906913f3ec493fb7affa3e1

                                                                                                                                        SHA256

                                                                                                                                        2be16e2098f1c7f123d123adab5c763061ddd3db74fcdff7e77299267d4bd1bf

                                                                                                                                        SHA512

                                                                                                                                        0f9510cd8fe090ccc0ea7c60105b56147cb6f11d9726d1775cdf298c8d131f103b6d0cd71502ca1c72646020a067cd2b9e6fb41d18431a57dc86a8a1688b3afb

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
                                                                                                                                        Filesize

                                                                                                                                        3KB

                                                                                                                                        MD5

                                                                                                                                        365a54c0d35be17f660f806821890cd2

                                                                                                                                        SHA1

                                                                                                                                        36e466a841c70ab483651d2ea6a6fdc97e92806a

                                                                                                                                        SHA256

                                                                                                                                        6ff9d56a86b8f4ff0dae8ccbd53965e89180ba67ed2df197426f8d06f2c6dc91

                                                                                                                                        SHA512

                                                                                                                                        2dd9ef868c68659813d6c02fa4a222ffb512a0a5faddfe88f694eb9c0b3925bc53a8604c0c44b4c66abe8d0ccb3fd566c4db6136717c2903ff10b460b0375154

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                        Filesize

                                                                                                                                        6KB

                                                                                                                                        MD5

                                                                                                                                        d3151d0a05c48d42ae910b8bb6e693c4

                                                                                                                                        SHA1

                                                                                                                                        a9c426039529243a54e4fe79b49483a09d3160f6

                                                                                                                                        SHA256

                                                                                                                                        7cf657af87dfb4a676fd31bc7558e2528a60cb44eeb0411dd390766b83dbd36a

                                                                                                                                        SHA512

                                                                                                                                        d2d7cf248cfd4ef3b327d286adcebba9f4a5a2809438eeab72855a705b046855dd259b6aa338f2e3ce4888c7b320e155a5526354ac62028fe5bc0135b65da982

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        MD5

                                                                                                                                        b26e4eb00330def64e961e108bdf2405

                                                                                                                                        SHA1

                                                                                                                                        64c2472b20545d3e6322584184b1814c25b09396

                                                                                                                                        SHA256

                                                                                                                                        c20838239de6787a7fad942161a938d976560218cbaae7a10edd8e5935cf271d

                                                                                                                                        SHA512

                                                                                                                                        4dfb067d4423809ac50694c8aecab38183188eb6b2850154396db6a9eb7e2566ea1f6b7464d159c9ea9890d49343c476c7a76ce816b5742e0a095f792a235590

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                        Filesize

                                                                                                                                        48B

                                                                                                                                        MD5

                                                                                                                                        8c348cd42665af14b64ead088a5c47bc

                                                                                                                                        SHA1

                                                                                                                                        550ff6d1587da75e16f68195fb92c35cb6e20269

                                                                                                                                        SHA256

                                                                                                                                        e62abd1a5d464ca1e11ab19a4fb086f413222d789d323add34041cde48457a2b

                                                                                                                                        SHA512

                                                                                                                                        1e956598272ca14188712cf3e93610d6b398ae7f1495116d8863ae22e516630874a048bb8afa3796919a2df89a5cd0ffb5fcef06b98ffb75857fe3123059a650

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                                                                                                                        Filesize

                                                                                                                                        70KB

                                                                                                                                        MD5

                                                                                                                                        e5e3377341056643b0494b6842c0b544

                                                                                                                                        SHA1

                                                                                                                                        d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                                                                                                        SHA256

                                                                                                                                        e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                                                                                                        SHA512

                                                                                                                                        83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
                                                                                                                                        Filesize

                                                                                                                                        392B

                                                                                                                                        MD5

                                                                                                                                        efdaba5a033e9e07f8421df5557953f0

                                                                                                                                        SHA1

                                                                                                                                        bff1114ef0934e5d03abf9a459762ca191a058af

                                                                                                                                        SHA256

                                                                                                                                        a287422b8164ffeb70327a0f24669439158f5d475e501d9b39ef744b3a5f93c9

                                                                                                                                        SHA512

                                                                                                                                        6905eb8990f76e12a40efc1d28f965087a9d74512ac2a95fad496f38c2a4ff112c3a8adb9deb081f89e227e91474d41118e445d3a5de80b469402439ec84d265

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5e1db7.TMP
                                                                                                                                        Filesize

                                                                                                                                        513B

                                                                                                                                        MD5

                                                                                                                                        b2ecf40f686c8eea6b4295c995211a65

                                                                                                                                        SHA1

                                                                                                                                        60d3e0e61e8f0620d47fed7fad60131d81b5d8a7

                                                                                                                                        SHA256

                                                                                                                                        057713b9254df533f0fe6c19e34b64537e19c527d7f72d008626e9673cab45df

                                                                                                                                        SHA512

                                                                                                                                        ae6b62396eaaaf3b65598ada955c72b794c5faa29f9dab8ae314accc41591aedcb6b83a274951d08dcaabab6f772419600140dcef67e9ce1de8f7e33fcf5ba02

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
                                                                                                                                        Filesize

                                                                                                                                        23B

                                                                                                                                        MD5

                                                                                                                                        3fd11ff447c1ee23538dc4d9724427a3

                                                                                                                                        SHA1

                                                                                                                                        1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                                                                                                        SHA256

                                                                                                                                        720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                                                                                                        SHA512

                                                                                                                                        10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                        Filesize

                                                                                                                                        1KB

                                                                                                                                        MD5

                                                                                                                                        2c4f47a90d0b74fdc4ac4f420e8bf1a8

                                                                                                                                        SHA1

                                                                                                                                        58636d7300cbba50d06b587173cc135695ffb3bb

                                                                                                                                        SHA256

                                                                                                                                        f4e361857c32b33afff590aa5858b3e288a5fa9e562a31f7e980fd86b6c051ca

                                                                                                                                        SHA512

                                                                                                                                        6bacc15ec6f45ed5bc1f1385d6642ee00ec445ed8c1af1a38570579305992df916a2479509f392753e37597216a3e1191cd41fb40b7bdcfa1bcabb1d7edef1cf

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        MD5

                                                                                                                                        f5d7346e4206554e7609184db205c63d

                                                                                                                                        SHA1

                                                                                                                                        2c7799574a9460111e344156c517e88170b9ec50

                                                                                                                                        SHA256

                                                                                                                                        b56e2f3ccfb976ed3c65c5e7926e3fb1d9c29d7a454997073ebd130639b299e1

                                                                                                                                        SHA512

                                                                                                                                        6f04eefa5399c36c2ac2e33869511404581064043d33dfa218461bfe699404f257854abf3a610655b186e5f3faff29f04a485ea46aa85bc89549686b72618e00

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        MD5

                                                                                                                                        5233f6057dedadf23a6c83549d6b5b7f

                                                                                                                                        SHA1

                                                                                                                                        353b372ce3a631711cd98fef30af17842837fb94

                                                                                                                                        SHA256

                                                                                                                                        44e12745596774003a6ccb1e1de20b9ed4d8df695a4c154a445902bbf0d40f10

                                                                                                                                        SHA512

                                                                                                                                        5f10902e4285aaac8c9a0d34d385d3b893e70ade9496d96b0515d7fba0d0954ea0dc1c749ac9460c4d3e9de19e1fa2a1c003ad18643b912aac00ee231d37a7f6

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe59671d.TMP
                                                                                                                                        Filesize

                                                                                                                                        59B

                                                                                                                                        MD5

                                                                                                                                        2800881c775077e1c4b6e06bf4676de4

                                                                                                                                        SHA1

                                                                                                                                        2873631068c8b3b9495638c865915be822442c8b

                                                                                                                                        SHA256

                                                                                                                                        226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                                                                                                        SHA512

                                                                                                                                        e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                        Filesize

                                                                                                                                        6KB

                                                                                                                                        MD5

                                                                                                                                        ddcf0188eb78fd682ebf36baa54ecbf7

                                                                                                                                        SHA1

                                                                                                                                        68bcf3af801260f3e3e0c3db76c8f3b975fe56a2

                                                                                                                                        SHA256

                                                                                                                                        5ceca86f02489021187ccca093e0eefb07a24b194aec09b9b3a988a4de5b8bda

                                                                                                                                        SHA512

                                                                                                                                        3f43f694e172b96d2642f70942e0f1787578a957382a98ab37c1727c102a46cda45603ef21f3ff233cf93f2a898631b6664ca2c49b589517904122679e7e2f8a

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                        Filesize

                                                                                                                                        7KB

                                                                                                                                        MD5

                                                                                                                                        e26288860e6c9b7fe867485fd6520709

                                                                                                                                        SHA1

                                                                                                                                        83244562998e5e6da26e949207d226c1fe45045e

                                                                                                                                        SHA256

                                                                                                                                        5112f7257fb7befb52614c98256e4cb4373c8ec420c43936293f40360cb331ff

                                                                                                                                        SHA512

                                                                                                                                        a8c79bd4cea256759587cf78d1c543496aabf25be63239e39fe0371388bc21d285abffc953c17b1c2abcab3c3f551d85fcb11e32b369224f4cc5e645473ac008

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                        Filesize

                                                                                                                                        7KB

                                                                                                                                        MD5

                                                                                                                                        24ae2591d13587243775974dbe0fd169

                                                                                                                                        SHA1

                                                                                                                                        d61ac3c81c1c2129764e4006a619d650e14f2fa6

                                                                                                                                        SHA256

                                                                                                                                        10ea5c9561b30591836ebb6bb4ef349c03e5db00628568fd15b88eb75cffba08

                                                                                                                                        SHA512

                                                                                                                                        527497bce39c594651870a8f1af02b42307ce0dc6d54ce3821d3001658c6b782f12cead72a2a48af725f9795791d02b2904033e654e55ccdccba315dd5eeb9a2

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                        Filesize

                                                                                                                                        6KB

                                                                                                                                        MD5

                                                                                                                                        d4cd364b95d40a389b497f6b67e3b1ca

                                                                                                                                        SHA1

                                                                                                                                        8db6fb540a5077db46da2f59a61e18383055734b

                                                                                                                                        SHA256

                                                                                                                                        be71bb133f49441d180eb0bb7c3fcd602cb5867ec609173934d1ad6fe3851a52

                                                                                                                                        SHA512

                                                                                                                                        f3edf30356d4e8aa8d3ca4d86b6b2ce364b016d690a4be9347becf2b2cbe8ceab2a9b5d7e6caf3490d061f9b2583d4f7006baa1b9928a9b8542893056cbe2b41

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        MD5

                                                                                                                                        30d4446c04c6fe989355d6655c114d0b

                                                                                                                                        SHA1

                                                                                                                                        6903233137231468284f3762acaec8128d6b622e

                                                                                                                                        SHA256

                                                                                                                                        ea76478ecf33de729af27190372356dafab45933ce3c85b199b20a3236ecfe66

                                                                                                                                        SHA512

                                                                                                                                        4643d388b8b0531c31dba441dff53c593458301a4bebe33f4eeaf6d11fef138487113123b8ed38403ff88f60b3d559e89396d1df0174ede0ba12042d1788eb0f

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                        Filesize

                                                                                                                                        6KB

                                                                                                                                        MD5

                                                                                                                                        4c623da4e22b3acd7e9c12f79ccdef84

                                                                                                                                        SHA1

                                                                                                                                        49fa9982647a875be7ceaf0779616c83505933ea

                                                                                                                                        SHA256

                                                                                                                                        e7f68df5093c357a2bbe43c6e1ace789f2b6b89bc7622c7912e0f21236698169

                                                                                                                                        SHA512

                                                                                                                                        9540b531252ebadbc72c0f2a9e31decb7423d5aea4bf5d7ff43eafabce445835c20d9d60af3260eb22df4606c844b9b1bfc4dc87fffd2dbe318e1fe9e4adc482

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        4cb6eeb5e428ea69b6cd03f84d07da50

                                                                                                                                        SHA1

                                                                                                                                        e8dc90ac3d4f543a6b0bab952a56652842790325

                                                                                                                                        SHA256

                                                                                                                                        f2d62a2d48576b63418c6571041cbb26219b8e9a6c9a40d92e49b2dd9501a13a

                                                                                                                                        SHA512

                                                                                                                                        adb3fb8006cd87c07d4fb9a4ab6a77be2c0998d8e6c54d43ae8a48391b274375c4a714abafa452cd911036d6fb896524ce6bc372464fef9c3fc1f865f324bdba

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                        Filesize

                                                                                                                                        6KB

                                                                                                                                        MD5

                                                                                                                                        ae4e1fb13af2d220a5bf79e6ee615f7e

                                                                                                                                        SHA1

                                                                                                                                        0e6cfa7e8747c01454d88050aeedbe0523e20624

                                                                                                                                        SHA256

                                                                                                                                        aadda8ada6956b4170119d9a910bd07c965757ed7cd265e7bfeeda178c1fc0dd

                                                                                                                                        SHA512

                                                                                                                                        36ae585e5897363ab7c372a6676850a58827692a03f6e2f7c12669d81dab1edbc0168092fb68d9982325f7b6d975f98b5d1f740b279f73ee56ebf8a680b1064f

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                        Filesize

                                                                                                                                        6KB

                                                                                                                                        MD5

                                                                                                                                        7fc8bab4584a8ea5ea12330e8876cd37

                                                                                                                                        SHA1

                                                                                                                                        29b4ad7952725b80e779506d987224d9250d06d4

                                                                                                                                        SHA256

                                                                                                                                        dcf01d22f76410677900b1e3cd72d5b45e6bfc31646085163f47fe15ff04fcee

                                                                                                                                        SHA512

                                                                                                                                        d6d105cd9de9b3c0facbb22bde5b14f47774cb5431388b4263d2895ae02b90242f404676b4e11148f8f7f4e983accd039dac5d65ec2736d81fb040614202b344

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                        Filesize

                                                                                                                                        6KB

                                                                                                                                        MD5

                                                                                                                                        da32a6610efb1e712095b18fefccd91f

                                                                                                                                        SHA1

                                                                                                                                        c7818a28b1b3044f09304da16320d32d1ca255a3

                                                                                                                                        SHA256

                                                                                                                                        59b9e269181a133a54f57b831f971ad4143ecfbbe5524baeef38a2628439be6a

                                                                                                                                        SHA512

                                                                                                                                        51570c82c403c8cbedcd147ec4fdb154865c77f7fed3867e4c35cdde68319262912e597e90f2090be5a3f4d06d2111405356ec68b88d3b2369f844a49ca0c48f

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                                        Filesize

                                                                                                                                        24KB

                                                                                                                                        MD5

                                                                                                                                        3b964859deef3a6f470b8021df49b34d

                                                                                                                                        SHA1

                                                                                                                                        62023dacf1e4019c9f204297c6be7e760f71a65d

                                                                                                                                        SHA256

                                                                                                                                        087debdcfba4666c03a5ea699e9bb31cf22ef4e0fad7c961cb0b500e5d262fb5

                                                                                                                                        SHA512

                                                                                                                                        c30b7e1b28820a5815b52634b46cb210c241704e33e41304400cb3ed29e82ec547a1068fc819350b368456bcabd27034afade5add3251dc74e4174f51b6c7adf

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                                        Filesize

                                                                                                                                        24KB

                                                                                                                                        MD5

                                                                                                                                        5c2d5c900312f44e72209416d45723cb

                                                                                                                                        SHA1

                                                                                                                                        68fb8909308589149399c3fb74605600833fbbc1

                                                                                                                                        SHA256

                                                                                                                                        56f7a77549e5fc45bd4b1f7c2db3e8b4bd1dd9234545207613a80342cee8e7d8

                                                                                                                                        SHA512

                                                                                                                                        07c2920cff7c1125e3a2fe66bf21d8606a1f2a3d36be2d8e136da0d2a21130242ac8324f18cedfb0040304cf804815861767c969a6923d8db851312bf9b4348b

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
                                                                                                                                        Filesize

                                                                                                                                        35B

                                                                                                                                        MD5

                                                                                                                                        343859b4ad03856a60d076c8cd8f22c3

                                                                                                                                        SHA1

                                                                                                                                        7954a27de3329b4c5eefd4bdcb8450823881aad6

                                                                                                                                        SHA256

                                                                                                                                        8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

                                                                                                                                        SHA512

                                                                                                                                        58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe5e2604.TMP
                                                                                                                                        Filesize

                                                                                                                                        99B

                                                                                                                                        MD5

                                                                                                                                        0d598fb319be6b6395a4fa67251981d5

                                                                                                                                        SHA1

                                                                                                                                        3c103205055426d45ef2e4d95f0cb685b3acdac2

                                                                                                                                        SHA256

                                                                                                                                        6d7d56158421f97bab9f22230d3e1036e5318f51854661b9a99da03766259fcb

                                                                                                                                        SHA512

                                                                                                                                        b2b6e6013fb8d1c34c5b09426d37d69504cb7c7076e0d212eb67ba00d9a3e33a2aedd816133b63e75a86416e4c51c4d2da5d198106dd0de6d041d7fc64f18b48

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        f956740fb647c3363d7a19ac98761a50

                                                                                                                                        SHA1

                                                                                                                                        c0d03d483d0b87af15d023ff5a476cf02931b259

                                                                                                                                        SHA256

                                                                                                                                        ab82e3785e224b863cbcbb7057ca1e8e3edd34a654f2c4a4e516822ebc20cf35

                                                                                                                                        SHA512

                                                                                                                                        0fab67566ca127768d8c5e76d187f329d8ee4b24ce78dbbba238fdcaaebea04ca7511d1b9efaa9115114216b06fc93024e9f9a00b0368cf378d105139d5bb066

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        MD5

                                                                                                                                        08ed2646cff5804209eddc59820f28e4

                                                                                                                                        SHA1

                                                                                                                                        60156b36022b319cd25dabb3725932e2c1def3b3

                                                                                                                                        SHA256

                                                                                                                                        cab53a09956000b39174007bc3653d26f802a7969f569aecd681c52ea32cca08

                                                                                                                                        SHA512

                                                                                                                                        f05d1596cf4e8c0c102a316c7c733bbb62d2c82bde31711fbb274a3e9f391b187fa3afb481456b85cd9a3a3ed1154af2fd88046d53d44accefde5482b51d7350

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        212b224b5263d1af2a43e3d548c53e0f

                                                                                                                                        SHA1

                                                                                                                                        a4e3cd4d79d3198f67245168eefdc9e7a170e070

                                                                                                                                        SHA256

                                                                                                                                        74d8b9f7299989118bfbdba05bef0d83e1b998b4282159d00afaa6acdb2ca30a

                                                                                                                                        SHA512

                                                                                                                                        e69e15b35a3d43afc0e48bc55c82c6ad2d5cefde30ff429c35cefafaf6bbeb196d746a1a7a51971728fa19c026e66db48b5793398c47216f35bc4d5edd4bb96b

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        c8f4bbf8309159bd8cbc9ef12e4e215c

                                                                                                                                        SHA1

                                                                                                                                        cc718eeffa0a33ac373bea203f1f73a377662c9b

                                                                                                                                        SHA256

                                                                                                                                        7841da7697a2b2ad740ab27a46bd670167a61ccc5f10e4eb2f362dd779121e8e

                                                                                                                                        SHA512

                                                                                                                                        f51f6373382033b1261f4742539fa301362e899687a73713325c951145b4bcebc205da1d25b9239ef0fc38d67ce3f4357fa4c0ed1eaefb3e864a6f00965780af

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        59ff55b33c3e9653d4391526537d6174

                                                                                                                                        SHA1

                                                                                                                                        cae13f45748531aa247be1672d5df833a4a2e3d0

                                                                                                                                        SHA256

                                                                                                                                        0db8e1d0363d721a6608467d34941df8f9ed930ef1bd3c33aba7307c27c7fd64

                                                                                                                                        SHA512

                                                                                                                                        7a3c9991a173aaffd81a57d457953e3c12e987e5fb1bbd0d9290348f55eb44126ddd2c9ef7162d4484bdd1f9efb0eed78b3379f0e5bcdb4058862eb53f839af8

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        0f9430ea3a3e44b70b514a8f7e2a3468

                                                                                                                                        SHA1

                                                                                                                                        914d856c69f3778a8c8ccd74f48ab86ec23e840a

                                                                                                                                        SHA256

                                                                                                                                        563e33fa8a4423b3d2b8f73c928aa8a7d748de05b778b692e7e675a8c533e63a

                                                                                                                                        SHA512

                                                                                                                                        3bdb5d139dd4d0a83b8b47dd633529679fd6225f36c89cc98c0f68663966e930307889647465de6e85017cc6220f57856536dd4c9a8bf39d26ed14acf4be9154

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        68a7ffeb1db3a8c866d5e35acd192a42

                                                                                                                                        SHA1

                                                                                                                                        e642c8f2266af923c705222e4e5a1f8dd196fa05

                                                                                                                                        SHA256

                                                                                                                                        2d0a357cc105aa6d3a30c78ba8a71b396af272b67198a0ae2c794c0946819064

                                                                                                                                        SHA512

                                                                                                                                        794e23bca2e3ab9e5bf33bea071a436574a9e2fc2f57426b052853ea7bb03c59606d4450ec3a98b6ae372983029faa654cf41d2555f74f27996916826554ca4c

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        41d7157ce0fa12f475d405a31941d615

                                                                                                                                        SHA1

                                                                                                                                        0617655d0015308afcc29c5ff11ce48654857b18

                                                                                                                                        SHA256

                                                                                                                                        836d9046b1ffff36e10e2ad31a2ba1223d00e8f114d185b9aa4b79327c8e156c

                                                                                                                                        SHA512

                                                                                                                                        aa79db86c20588f6a10c44f6d56c4a695a2ad4bf483fb4c396ffcd40f42fb8b16261a71d82e536e7834f7710a48adc067e37738f67812beee7537c2d14530e4d

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        59325ca6ae07e06e99f7a3e011b0ec08

                                                                                                                                        SHA1

                                                                                                                                        c8e4832593cde91f0d94943a156bfeab97b97545

                                                                                                                                        SHA256

                                                                                                                                        5050754c99f31deb09f4ff0b1893a7c0e9f417a151359eed822261b564da4250

                                                                                                                                        SHA512

                                                                                                                                        770c260b93e7b03f525c9f48fcbf03d593daa71f8b0d7324872bc9c375508197b35137f361569ad191b2164d5d79d16562fc669f80c5aebf1e010a138281fd0a

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        4daa6ae6b3dc957ce4f3ccf691094e45

                                                                                                                                        SHA1

                                                                                                                                        359af45b2fe45e2ea7ce18539d713571be10788a

                                                                                                                                        SHA256

                                                                                                                                        2eb1e0ff5bd528b5100e5ccb50f3236d80d98eb70db514453bf629589da1c347

                                                                                                                                        SHA512

                                                                                                                                        a0ed8a8e13ea280330589cf5a54ac9b964d682d33e5cd860f098aafba8d6acc1a5cc7bd008e3fe47f9f1adc7b2e4c38329f2486fec92fd98413a395737ddd63a

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        c711feaf1595c9e73798eb5bde3ca860

                                                                                                                                        SHA1

                                                                                                                                        cea5f3531d25a212c88d6f2a018d20d4c46c3aa1

                                                                                                                                        SHA256

                                                                                                                                        0bf55f734dc6f094bfb1eabb231f77b03f712acdfd939058a703f90e77d8586e

                                                                                                                                        SHA512

                                                                                                                                        bbc0cd1a88eaf5152af6ae06e7b882636a6206840fdfa227695a13dd8a517be66f2c024dc53ced8424a08e60c890d3b1c6fd6dfedad5e21358fe7e0f0acfb2f4

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        1e4b7916fb022a131122510f0f3ac5f7

                                                                                                                                        SHA1

                                                                                                                                        bdf5cebcab3546d053ff46b408a8df8a7620ef0d

                                                                                                                                        SHA256

                                                                                                                                        646ce478f7d230da8193974132b2cd0ffa7b68133350039e3f99ba22f42b7f76

                                                                                                                                        SHA512

                                                                                                                                        930bc522a5d5af40519173d1884a0156448c36932436995c758ee0fd6ff0f1fa6e88a0f53ca9741c7cb11eb6213b949e328b82ed926cef7d49cef5784df293a1

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        83d55b5a1870aa59c8f33c7b2006da46

                                                                                                                                        SHA1

                                                                                                                                        33cc5afde86d2c60560d9b8679f5dc481058bee9

                                                                                                                                        SHA256

                                                                                                                                        caf416034894dee1690b0e9304010c688dfe741b8b2f9ae25ceaf334a06614a6

                                                                                                                                        SHA512

                                                                                                                                        ba6a0710a9ff06208aaca68202e56a7b3d59a4ade82e376c3096a4d8f8e06da2fafc12d29637ed5c8011d69657e3a791c75b585b9db3733b47748b745000618d

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        d14952181b1d2a94c2dae7e2dfec2ffb

                                                                                                                                        SHA1

                                                                                                                                        d550484b5dc81aaf5e6f7ee4357cc224c0d3a298

                                                                                                                                        SHA256

                                                                                                                                        e50f0c72f8a4fa68b184a25166f19d1169a0f79e0fc959a518c4b6563b217963

                                                                                                                                        SHA512

                                                                                                                                        d1b102a654200c3e531e89cfa5e7aec04b4345c7ec2d9c7c1d297e83f62b63132d2d3ee8bc640b878a7d248c6561cb094e846957094b148f221fe207c97e315b

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        b21cd72d6179fac259c9d1ce710ccbbe

                                                                                                                                        SHA1

                                                                                                                                        ad867d432e4da175e5e201278d18329386b360ec

                                                                                                                                        SHA256

                                                                                                                                        641241dc0d1045bbb86f8faac45085233cdcaa4b908e26302f7430863797b7c8

                                                                                                                                        SHA512

                                                                                                                                        eeeda0ba0391bd7541f8507172319d5cfc220eae4965b6790084c4a1691b3827537c08fecf575f983f83de9b305aa61c00d2ec3914b53a53469352c25ce4f80c

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        e77fd458365ada1ec6e601861bdd1517

                                                                                                                                        SHA1

                                                                                                                                        9ef82f30c8dab1101c154970d7f73d1bd18aa213

                                                                                                                                        SHA256

                                                                                                                                        e49fff860230fb1b0f665ff0c9a825faadba1bdf22a781248f4567427d36a2bf

                                                                                                                                        SHA512

                                                                                                                                        a5700218503425e826a491b033f7c32f2aba7255bfe16780ecd6267e33e2ead610f650abc13f5c5d1467ab711aaef27b94070f1cd1e2c73e8b35fc4e486db203

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        7a0d3f6090b0003a015a1c55936726de

                                                                                                                                        SHA1

                                                                                                                                        76742f52d35dc2ee53ebe594b00be2b30b4a5136

                                                                                                                                        SHA256

                                                                                                                                        c3ea71ab3e71c07336d9888270a0d51abda7e5ebdf2abe33a7f2cf27291ee8c4

                                                                                                                                        SHA512

                                                                                                                                        1aa335eddbd5db7ea3239dc88858dfa71e04a0aa31f3b5496ad8d7d881e2edb1f8fbef19d36b0f2198b8a5804226ad2259ef11b9a228d2c76f263607bb2fb6f5

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        f4798cb6c18c0cea80fcce37637a603d

                                                                                                                                        SHA1

                                                                                                                                        7a36569a4681eed852dedbd507da74484687fc5a

                                                                                                                                        SHA256

                                                                                                                                        2f56545ef49d2ca3056e5d5e642a6a449644ee6b8b56442cadbabd3538b5a302

                                                                                                                                        SHA512

                                                                                                                                        16d8374995968f5a74cbae38299daa70c3ded4adf36881b3164bc3082ec0835f0a202de795b6bc44b90a4cfe7e0f7086eaec99badd272244d785f8de2f3d664e

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        61b61c8dae70f40d2119a463daf91836

                                                                                                                                        SHA1

                                                                                                                                        b521a5bdf9d0f845ccd42df806f1203fada64cbf

                                                                                                                                        SHA256

                                                                                                                                        344f7ef86418fb24997ab6454b615f338a2f3ad45ca402714c05c3d8e6dab5a7

                                                                                                                                        SHA512

                                                                                                                                        fa9bfecfcb679ea3951a6dbfb704f3668e370af434f925d071629ddcb9d3fc43487169ea72c60a309db1c5535a522ba3f2892fe5a1436bb0d14db29e911ebc53

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        54b653b9bd203b7c86f2d9783e667357

                                                                                                                                        SHA1

                                                                                                                                        688ee5e32a7c2b3ac0c907f78c5268b9534a1f2d

                                                                                                                                        SHA256

                                                                                                                                        7d3037135a95654d8a9414673a1b456598c812299e4008aadfb470353b892ce5

                                                                                                                                        SHA512

                                                                                                                                        f7b181b0d0f7be0b210acf946ac396744ee8943631d5f28b786baaab5aafe608a59a07829e4897cc22ecc5dbf12401ae87161082676129ed81bb6be44a862555

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        6a9e0e453945388ba58d12a2a7acd960

                                                                                                                                        SHA1

                                                                                                                                        969ef6913905e969e82379e0d580c35fb317133c

                                                                                                                                        SHA256

                                                                                                                                        2eb51f0eddab54d8b22af02a2ce8d635a29ba38a078107ac6f3f444df431d153

                                                                                                                                        SHA512

                                                                                                                                        928186bf1d2098079231899a892390aa8b09238182504c818d8caeffc383ce095bc44ab4c35a594ebc868edf6a1fa4a0257f0b22f51be35236383838b7f17ab7

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        ba059bffee1fab632231bc8a4a8e07e3

                                                                                                                                        SHA1

                                                                                                                                        02c0564cb20521e8643a9fb9053daba366776f5c

                                                                                                                                        SHA256

                                                                                                                                        5f723c35f77abcc6f4cbb92a91232e2ec675057b18ba6523800080e083806b2d

                                                                                                                                        SHA512

                                                                                                                                        7d18b43558ea04e43c225dfab5070469ee22450ea8e49a1cd8655f8529132cd1da80a45b6a773363489140bcec1e199531a938af30e4f9e2f14f49f7830fda8e

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        b4b5ee5adc43fa0e6b88084f6b6c9b4d

                                                                                                                                        SHA1

                                                                                                                                        07137769a263480fbd5543b17ffba92f45419937

                                                                                                                                        SHA256

                                                                                                                                        99c73ef3ea03ede257229932b162c111d39047daf905fb12f5732ad5d29089c1

                                                                                                                                        SHA512

                                                                                                                                        32f2d3b5a3c9a49172566cee879dd86bf8591356265bedb14d36cb9d583897db5ca640a49a7a689eff3b3d105b9341bb2781e1b5ee7ae1e24084abca6e9281c5

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        30b64cf5262de4da61ebd50638fb9536

                                                                                                                                        SHA1

                                                                                                                                        07dca0b1d0159b1e5b54a3779113e6db982bb7df

                                                                                                                                        SHA256

                                                                                                                                        1349140dca3c041159ff5a38c6a42794da43407696335e366e02933ca03c872f

                                                                                                                                        SHA512

                                                                                                                                        047ddc10bb00459bbcddc3be932c77eacb3a2764d4cdf7099a4c0268c6001c10b23b61108b210828a376aafaf86e883c9168a3b3803469e2e2568987f8098227

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        dcb8afcf27894d951d160e1737821c5b

                                                                                                                                        SHA1

                                                                                                                                        d215316877c8362a10121fe3f8d74491ebc6a0c7

                                                                                                                                        SHA256

                                                                                                                                        7b6945a18d4b821b6660ed08e51d0472048b2cef5b0fa4c2dcd77b20cd6780c6

                                                                                                                                        SHA512

                                                                                                                                        642fa946c9e93686a45c2d45c1fb6ee5ade214b7c73df2abda392e725cbbf3b0bed5861b89812467bad4e143f729d6c95d958b99f9c58f2675ed0b629cff0a43

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        7c244cf032fa41aab93853d5bf11072f

                                                                                                                                        SHA1

                                                                                                                                        8beaf5cb3e3ee912175faf8b54abc1d49010eaa3

                                                                                                                                        SHA256

                                                                                                                                        a35ea89af04bfd68540a1b62309d05bf16c9e99863ca4b9162b284d5688dacbb

                                                                                                                                        SHA512

                                                                                                                                        7456ae0d9e47823bba9cf4ec5244a5d3169838adceddf1c23d7c9a2b8d0782e651fa7f44f0437529e9ed8d0858a0a65c5ef1c38e3da42004382a63a5c04bc978

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        2aaad022e4e14d3e8001a5ee05c1a94d

                                                                                                                                        SHA1

                                                                                                                                        3fa40c5c4374934ad1978897f2f1af1f77f3b1a7

                                                                                                                                        SHA256

                                                                                                                                        e868547dca8d92679053c6d85e311f7a2378d5e1db751078b06adc731bc5dbd0

                                                                                                                                        SHA512

                                                                                                                                        42e5b9bb5c424dc7a98f804e23f8f8bd4b9bbf346bdc1b4ec9a0394c583861a86ed04d599f555d29a210965b3b3d308fcf21d8c0efee29c400dc3bea4b04a46e

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c762.TMP
                                                                                                                                        Filesize

                                                                                                                                        370B

                                                                                                                                        MD5

                                                                                                                                        01f7e7d0a0b648488fab49fa3fbf6be8

                                                                                                                                        SHA1

                                                                                                                                        be43d47f61dda41856285e5376206adde7df79d5

                                                                                                                                        SHA256

                                                                                                                                        4187efc05bcf329396966f564a393c84db2a1caf9d00b3b98033fdb053d94f2d

                                                                                                                                        SHA512

                                                                                                                                        1b732a77895e8303f604d1bbd756baf19eae49b43f28f9d9534baec9f36f71dc3af41596736737570823563ff354ee6cc4d212d60150d3ff17bf8094b628b666

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                        Filesize

                                                                                                                                        16B

                                                                                                                                        MD5

                                                                                                                                        206702161f94c5cd39fadd03f4014d98

                                                                                                                                        SHA1

                                                                                                                                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                                        SHA256

                                                                                                                                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                                        SHA512

                                                                                                                                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
                                                                                                                                        Filesize

                                                                                                                                        41B

                                                                                                                                        MD5

                                                                                                                                        5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                                        SHA1

                                                                                                                                        d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                                        SHA256

                                                                                                                                        f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                                        SHA512

                                                                                                                                        de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                                                                                                                                        Filesize

                                                                                                                                        16B

                                                                                                                                        MD5

                                                                                                                                        46295cac801e5d4857d09837238a6394

                                                                                                                                        SHA1

                                                                                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                        SHA256

                                                                                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                        SHA512

                                                                                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                        Filesize

                                                                                                                                        11KB

                                                                                                                                        MD5

                                                                                                                                        58b4ac501f80808250897aa3402e81be

                                                                                                                                        SHA1

                                                                                                                                        10adf9482dacfb8e066b4827cd0f420cb21682b4

                                                                                                                                        SHA256

                                                                                                                                        e3a1a7c173ce649b703260dc467b2319b4d0dc9458ad43f820e6b971d3044d29

                                                                                                                                        SHA512

                                                                                                                                        e9cfccae21cdbf7f0db527985e0e067565eb9e1b28260613b09555f1a80f3cde3e44f2e90ae89b43646aba2f0478d5cc268c08a9ebe94b33db6290231a924a67

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                        Filesize

                                                                                                                                        11KB

                                                                                                                                        MD5

                                                                                                                                        b61fd0e0c4c83801640285aa1fbd1d10

                                                                                                                                        SHA1

                                                                                                                                        f3b4fcc60fc2045c852ac04277638f31c3795ac3

                                                                                                                                        SHA256

                                                                                                                                        0f3872a3e41240fec0c7094c5cb8e9421f05e7d01659ad48d1293aeacce4bc17

                                                                                                                                        SHA512

                                                                                                                                        8a45a129eac2dcedbe92883e91d2b720b615facb2e96bb6dd390f6191ace9c2cdaa4f0b37a5df784c1c3b1146557275a17f30df4d3b7ff266d294ade5a641349

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                        Filesize

                                                                                                                                        11KB

                                                                                                                                        MD5

                                                                                                                                        949c09de8ef0ff5d7c20b4b66bef3589

                                                                                                                                        SHA1

                                                                                                                                        c87f1ab645570cfd891b0596360c82be9a4f9449

                                                                                                                                        SHA256

                                                                                                                                        b175c6d5f43282f9277efcdccfea68c2e22c40741feab5cd4729060e3454e506

                                                                                                                                        SHA512

                                                                                                                                        96d33bcce466573221b1c004989b1fc20acfb6f43cee821ad4b94d15ef0e27620fee8f1f443dc032c050da41406c6661339e77c4024094f7322874b38cf90cff

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                        Filesize

                                                                                                                                        8KB

                                                                                                                                        MD5

                                                                                                                                        2479b8da1368de3f27e3de7a4f638ad4

                                                                                                                                        SHA1

                                                                                                                                        3fd7d14555ecc68213947336e9f1f6c8edec5e40

                                                                                                                                        SHA256

                                                                                                                                        8a3e205f4a567b014c9f17192e38b2ac6bb997d54cb942c09570391c3ef60755

                                                                                                                                        SHA512

                                                                                                                                        fff775f371d5f2f90e1e314badd3bf84e4d0fae8c65e5e40efd77b0ed24217b95c4beae1d5010e7e9cd105968887474a3007c4bc71f7e08f2451ce225ec622af

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                        Filesize

                                                                                                                                        11KB

                                                                                                                                        MD5

                                                                                                                                        8e7ae20e40ffbccf30bddd5f030f7f4b

                                                                                                                                        SHA1

                                                                                                                                        0ebca9e7260d51fe4a5959f0ea0bae2360e86546

                                                                                                                                        SHA256

                                                                                                                                        6d3b8aa6ed504ff38357ea276b45ea2ef34bd5de5ab6bf9b8d3d741b97b9527a

                                                                                                                                        SHA512

                                                                                                                                        629c3c22d23ace23870d013905faa2bfa3d774e76158a923d5bd9a3dbcd2886fb9c7efc4f4e0556f0751e1b2cf67009454f6e6ef7452eb57c59c4e5c52a11f93

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                        Filesize

                                                                                                                                        11KB

                                                                                                                                        MD5

                                                                                                                                        b38deb5a57077df008da05a68dd68d73

                                                                                                                                        SHA1

                                                                                                                                        c3e93117a9a8fb6f42a765daaf7fc4115c97873c

                                                                                                                                        SHA256

                                                                                                                                        78a72d95395433716a44506c98873ee2ffbb17d836d9deaf5a5d3c453a0c6df5

                                                                                                                                        SHA512

                                                                                                                                        360bf54b9b2ee99fa09fdbd60fcc6650ab5256c66bf7430fc1cb486c622f8cc69c4e57d6c1fb5e59d89df1a1731188ec1f07367bc79a2dc4cd7af4c538dd3bbb

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{2F519BF2-C697-59F8-8F6A-1E19509CE66B}
                                                                                                                                        Filesize

                                                                                                                                        36KB

                                                                                                                                        MD5

                                                                                                                                        8aaad0f4eb7d3c65f81c6e6b496ba889

                                                                                                                                        SHA1

                                                                                                                                        231237a501b9433c292991e4ec200b25c1589050

                                                                                                                                        SHA256

                                                                                                                                        813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

                                                                                                                                        SHA512

                                                                                                                                        1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe
                                                                                                                                        Filesize

                                                                                                                                        36KB

                                                                                                                                        MD5

                                                                                                                                        406347732c383e23c3b1af590a47bccd

                                                                                                                                        SHA1

                                                                                                                                        fae764f62a396f2503dd81eefd3c7f06a5fb8e5f

                                                                                                                                        SHA256

                                                                                                                                        e0a9f5c75706dc79a44d0c890c841b2b0b25af4ee60d0a16a7356b067210038e

                                                                                                                                        SHA512

                                                                                                                                        18905eaad8184bb3a7b0fe21ff37ed2ee72a3bd24bb90cbfcad222cf09e2fa74e886d5c687b21d81cd3aec1e6c05891c24f67a8f82bafd2aceb0e0dcb7672ce7

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                                                                                                        Filesize

                                                                                                                                        2B

                                                                                                                                        MD5

                                                                                                                                        f3b25701fe362ec84616a93a45ce9998

                                                                                                                                        SHA1

                                                                                                                                        d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                                                                        SHA256

                                                                                                                                        b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                                                                        SHA512

                                                                                                                                        98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                                                        Filesize

                                                                                                                                        3KB

                                                                                                                                        MD5

                                                                                                                                        b752ea18acea89fc11b90bd0e49b2871

                                                                                                                                        SHA1

                                                                                                                                        55395ebe633cb9aa4c45882f0f6a57c8920ed2b4

                                                                                                                                        SHA256

                                                                                                                                        27a58df76aafd0ef3c88daf99a33f9ebd0b719beaa0c57aedc74c0eac96b66f0

                                                                                                                                        SHA512

                                                                                                                                        4b99848e76d856f86eca5a31fcb58e49342b3e43dad306a87ccd429405073b014849ade88964da25c8c85a53d8528f7e5297f6bc257c7331f40b1332d6709e9a

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                                                        Filesize

                                                                                                                                        3KB

                                                                                                                                        MD5

                                                                                                                                        31f31901790f8d408c433660b418f2f1

                                                                                                                                        SHA1

                                                                                                                                        c73d7382fd4a7dd0be1b3314f92cd22e4b76ab5c

                                                                                                                                        SHA256

                                                                                                                                        46d69085188ebf023cb9e8b56e6c1f8be621a4793d208a6948f0524712c1572c

                                                                                                                                        SHA512

                                                                                                                                        7320ef82a36a83a0e22de2a31f5398d0054f90e473795c48a275545e3b897d6c0909d74bcadd414b383a31a99d68f6fd68009fd94dcc255498970059814c74d8

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\Desktop\Delta V3.61\Delta.exe
                                                                                                                                        Filesize

                                                                                                                                        17.0MB

                                                                                                                                        MD5

                                                                                                                                        774ffee84d8e760761b8819edd2bc252

                                                                                                                                        SHA1

                                                                                                                                        74ff2bcc3baf64790181b97dc09ab951d9440379

                                                                                                                                        SHA256

                                                                                                                                        3c2cbcfb0dc0b92e1a0f15e725a1f8c4756a990e298098d94087cdd3fd491758

                                                                                                                                        SHA512

                                                                                                                                        935624fdaa9ae57d4515a456a9383c20240988848046fcab69948450413e573167c0f17a456f0f5120ec13e3215759ad11c4857873900606116c3e495dd69650

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\Desktop\Delta V3.61\ICSharpCode.AvalonEdit.dll
                                                                                                                                        Filesize

                                                                                                                                        598KB

                                                                                                                                        MD5

                                                                                                                                        b6142f182a86adf382ea845935a327bc

                                                                                                                                        SHA1

                                                                                                                                        841367a389b4df1207224a26f9e201e593d551d1

                                                                                                                                        SHA256

                                                                                                                                        7225253a9ca59db879340f9ea8ee4f48006ceadf878d04b446522007fbe3ebb3

                                                                                                                                        SHA512

                                                                                                                                        a5e4941409b4b06fdf44ec5ebfb5d99cec47b1f348e266e7dc20254e5465deb1abf60d67092b5aa1bd14f52d637b52b380382f838d601b0f3734ea5a406fb068

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\Desktop\Delta V3.61\Newtonsoft.Json.dll
                                                                                                                                        Filesize

                                                                                                                                        685KB

                                                                                                                                        MD5

                                                                                                                                        081d9558bbb7adce142da153b2d5577a

                                                                                                                                        SHA1

                                                                                                                                        7d0ad03fbda1c24f883116b940717e596073ae96

                                                                                                                                        SHA256

                                                                                                                                        b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

                                                                                                                                        SHA512

                                                                                                                                        2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\Desktop\Delta V3.61\bin\lua.xshd
                                                                                                                                        Filesize

                                                                                                                                        3KB

                                                                                                                                        MD5

                                                                                                                                        e2b537e027b3251fb82e213739e66376

                                                                                                                                        SHA1

                                                                                                                                        e47888a238dcf90097ecd3c8860b0f9b02ded0e3

                                                                                                                                        SHA256

                                                                                                                                        5c508701141f851aeb0ad9088759f7da15bc33f9e7459ea8c8d4e1ec7b4eaa60

                                                                                                                                        SHA512

                                                                                                                                        1e347301cdc75933d709eddeace7cc9d62a7e9685f5badde3e1ec6f3cdbb37bbb8b95c23632e11b283e0464ab4c84e79c644660a1f0c09f51729e30571555f7e

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\Desktop\Delta V3.61\bin\modules.json
                                                                                                                                        Filesize

                                                                                                                                        639B

                                                                                                                                        MD5

                                                                                                                                        87b829dbc0f63d72bff5664fa2177dd9

                                                                                                                                        SHA1

                                                                                                                                        aaee2d27a5a0290af3f14a8a20a84667aff498fc

                                                                                                                                        SHA256

                                                                                                                                        df98a2a55cd20d372e43356f931a1bd5aad946b44e92f407405e9ac65539458e

                                                                                                                                        SHA512

                                                                                                                                        e827da6e7e4d85e328b51a2b2c1ed4db7b0b453a5cdca066b210b58c0c8d9c912e90324f45a3682450a4ee2519806eb5295226acd7ec7d40e952ce061f350318

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\Desktop\Delta V3.61\bin\vers.txt
                                                                                                                                        Filesize

                                                                                                                                        5B

                                                                                                                                        MD5

                                                                                                                                        8ec516f474a8e25c087b7046e5ce5fa5

                                                                                                                                        SHA1

                                                                                                                                        47e4e5e5db6430b04cc2b2047c0059540c03075a

                                                                                                                                        SHA256

                                                                                                                                        9ef2074444610f6b60ee6c9bc840ae83b0dcf1669ce282abf7aecb74d2dfc8b3

                                                                                                                                        SHA512

                                                                                                                                        e26db8507f89eaf5c689174dd30d2b02e26a120370217a058e28602ce1c92b3469174a98396f37526b44c3d3be7744ec189f2f32e4930d758c765962f5aff0f1

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
                                                                                                                                        Filesize

                                                                                                                                        6.7MB

                                                                                                                                        MD5

                                                                                                                                        7203cce6d4862929a7e29350acfc01a9

                                                                                                                                        SHA1

                                                                                                                                        3f24c3fe84bbe6d446bc96f1f000347517e46541

                                                                                                                                        SHA256

                                                                                                                                        874b8d538afd95fec999ba0e9151aaad9a8377929cc190d8a41ac3965461bf91

                                                                                                                                        SHA512

                                                                                                                                        e84419e12340f864b0f067cdd3edb7fc2de6e4a0386e9b135d6c5cc754462e0f59c077d812867abb5cac4ff2b314994611737440c86b2497fd4328c176eaea91

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
                                                                                                                                        Filesize

                                                                                                                                        280B

                                                                                                                                        MD5

                                                                                                                                        e2556f0bcd4c8a4e54abcff8df436551

                                                                                                                                        SHA1

                                                                                                                                        d4e0833cdd785325f50078d3335c94688ae0c8e8

                                                                                                                                        SHA256

                                                                                                                                        cb1030bb3a834fe56eedb50d47da18cc5443e0bae1f2600b156f66222a9507d2

                                                                                                                                        SHA512

                                                                                                                                        c5aa8d4e20f1de2ac21bf7ccb887452f4677d6590e3a8ffa5ad1263376452cb8644429ef8e8beb3b37f58e92179f29d88a629f6ccf2e0798a729146693d0dafc

                                                                                                                                        Download Submit

                                                                                                                                      • memory/1068-37-0x0000000007B90000-0x0000000007BAE000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        120KB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-53-0x000000000E8D0000-0x000000000E962000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        584KB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-52-0x0000000011F90000-0x0000000012536000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        5.6MB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-26-0x00000000068C0000-0x00000000068C8000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        32KB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-45-0x000000000D0C0000-0x000000000D0C8000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        32KB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-25-0x0000000074410000-0x0000000074BC1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        7.7MB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-43-0x0000000008530000-0x00000000085CC000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        624KB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-39-0x00000000080C0000-0x0000000008417000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        3.3MB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-24-0x0000000074410000-0x0000000074BC1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        7.7MB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-162-0x000000007441E000-0x000000007441F000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-36-0x0000000007B60000-0x0000000007B82000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        136KB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-224-0x0000000074410000-0x0000000074BC1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        7.7MB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-23-0x0000000000DA0000-0x0000000001EA6000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        17.0MB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-27-0x0000000007550000-0x0000000007588000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        224KB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-28-0x00000000068D0000-0x00000000068DE000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        56KB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-32-0x0000000007640000-0x00000000076F0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        704KB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-33-0x0000000007BB0000-0x0000000007C26000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        472KB

                                                                                                                                        Download

                                                                                                                                      • memory/1068-22-0x000000007441E000-0x000000007441F000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/1948-1141-0x0000013883680000-0x0000013883690000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        64KB

                                                                                                                                        Download

                                                                                                                                      • memory/1948-1157-0x0000013883780000-0x0000013883790000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        64KB

                                                                                                                                        Download

                                                                                                                                      • memory/1948-1173-0x000001388BAF0000-0x000001388BAF1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/1948-1177-0x000001388BC30000-0x000001388BC31000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/1948-1176-0x000001388BB20000-0x000001388BB21000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/1948-1175-0x000001388BB20000-0x000001388BB21000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/4476-1012-0x000000006AB30000-0x000000006AD40000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        2.1MB

                                                                                                                                        Download

                                                                                                                                      • memory/4476-1011-0x0000000000E80000-0x0000000000EB5000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        212KB

                                                                                                                                        Download

                                                                                                                                      • memory/4476-1029-0x000000006AB30000-0x000000006AD40000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        2.1MB

                                                                                                                                        Download

                                                                                                                                      • memory/4476-1181-0x000000006AB30000-0x000000006AD40000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        2.1MB

                                                                                                                                        Download