Overview

overview

8

Static

static

1

URLScan

urlscan

1

http://roblox.com

windows10-ltsc 2021-x64

8

Analysis

  • max time kernel
    2698s
  • max time network
    2685s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    13-11-2024 16:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://roblox.com

Score
8/10
adwarediscoveryevasionpersistencephishingprivilege_escalationstealertrojan

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs
    persistence
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Network Service Discovery 1 TTPs 1 IoCs

    Attempt to gather information on host's network.

    discovery
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Checks system information in the registry 2 TTPs 28 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 28 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Enumerates system info in registry 2 TTPs 20 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 57 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 5 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://roblox.com
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4176
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8ff9946f8,0x7ff8ff994708,0x7ff8ff994718
      2⤵
        PID:4556
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        2⤵
          PID:1808
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1856
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
          2⤵
            PID:4208
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
            2⤵
              PID:3188
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
              2⤵
                PID:3732
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
                2⤵
                  PID:3712
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
                  2⤵
                    PID:3456
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                    2⤵
                      PID:2052
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff62ffa5460,0x7ff62ffa5470,0x7ff62ffa5480
                        3⤵
                          PID:2144
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1620
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6048 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3920
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6196 /prefetch:8
                        2⤵
                          PID:1212
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6204 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3464
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
                          2⤵
                            PID:3644
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
                            2⤵
                              PID:4244
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
                              2⤵
                                PID:1728
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
                                2⤵
                                  PID:2520
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5016 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2644
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
                                  2⤵
                                    PID:4684
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
                                    2⤵
                                      PID:2200
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
                                      2⤵
                                        PID:3832
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6064 /prefetch:8
                                        2⤵
                                          PID:4276
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
                                          2⤵
                                            PID:3964
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6764 /prefetch:8
                                            2⤵
                                              PID:3088
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,12437484239081592521,15817158217656940445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:476
                                            • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
                                              "C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • Checks whether UAC is enabled
                                              • Drops file in Program Files directory
                                              • System Location Discovery: System Language Discovery
                                              • Enumerates system info in registry
                                              • Modifies Internet Explorer settings
                                              • Modifies registry class
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:4516
                                              • C:\Program Files (x86)\Roblox\Versions\version-7cc6d2bdac2f4837\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                MicrosoftEdgeWebview2Setup.exe /silent /install
                                                3⤵
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                PID:5076
                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
                                                  4⤵
                                                  • Event Triggered Execution: Image File Execution Options Injection
                                                  • Checks computer location settings
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Checks system information in the registry
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:4980
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                    5⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • System Location Discovery: System Language Discovery
                                                    • Modifies registry class
                                                    PID:3184
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                    5⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • System Location Discovery: System Language Discovery
                                                    • Modifies registry class
                                                    PID:3456
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                      6⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Modifies registry class
                                                      PID:4232
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                      6⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Modifies registry class
                                                      PID:3564
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                      6⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Modifies registry class
                                                      PID:5072
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODU3MzIxRDktQUVGNy00MzIzLThDNUEtM0ZFMTE5MUUyRjFDfSIgdXNlcmlkPSJ7OTcwODQ3OTQtMzY5Qy00NUU0LUFBODMtMkJEMkQ0QTVGMzZDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5MTZEN0VBOC0yQTFELTQ1QzgtOTMxOC0yMjU0QTQ3QzAxRjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQ3LjM3IiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjU5NDg1ODg2NCIgaW5zdGFsbF90aW1lX21zPSI0ODMiLz48L2FwcD48L3JlcXVlc3Q-
                                                    5⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Checks system information in the registry
                                                    • System Location Discovery: System Language Discovery
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:3404
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{857321D9-AEF7-4323-8C5A-3FE1191E2F1C}" /silent
                                                    5⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • System Location Discovery: System Language Discovery
                                                    PID:3328
                                              • C:\Program Files (x86)\Roblox\Versions\version-7cc6d2bdac2f4837\RobloxStudioBeta.exe
                                                "C:\Program Files (x86)\Roblox\Versions\version-7cc6d2bdac2f4837\RobloxStudioBeta.exe" -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
                                                3⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • Checks whether UAC is enabled
                                                • Enumerates connected drives
                                                • Enumerates system info in registry
                                                • Suspicious behavior: AddClipboardFormatListener
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious behavior: GetForegroundWindowSpam
                                                • Suspicious use of SetWindowsHookEx
                                                PID:2780
                                                • C:\Program Files (x86)\Roblox\Versions\version-7cc6d2bdac2f4837\RobloxCrashHandler.exe
                                                  "C:\Program Files (x86)\Roblox\Versions\version-7cc6d2bdac2f4837\RobloxCrashHandler.exe" --no-rate-limit --crashCounter Win-ROBLOXStudio-Crash --baseUrl https://www.roblox.com --attachment=attachment_0.649.0.6490878_20241113T164214Z_Studio_A7075_last.log=C:\Users\Admin\AppData\Local\Roblox\logs\0.649.0.6490878_20241113T164214Z_Studio_A7075_last.log --attachment=attachment_log_0.649.0.6490878_20241113T164214Z_Studio_A7075_csg3.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.649.0.6490878_20241113T164214Z_Studio_A7075_csg3.log --attachment=attachment_log_0.649.0.6490878_20241113T164214Z_Studio_A7075_dcd.log=C:\Users\Admin\AppData\Local\Roblox\logs\log_0.649.0.6490878_20241113T164214Z_Studio_A7075_dcd.log --database=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --metrics-dir=C:\Users\Admin\AppData\Local\Roblox\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --annotation=AppVersion=0.649.0.6490878 --annotation=Format=minidump --annotation=HardwareModel= --annotation=HasBootstrapper=true --annotation=InstallFolder=ProgramFilesX86 --annotation=OSPlatform=Windows --annotation=RobloxChannel=production --annotation=RobloxGitHash=3891290f7ec8b14511dd09a88bb53740fbfe3768 --annotation=RobloxProduct=RobloxStudio --annotation=StudioVersion=0.649.0.6490878 --annotation=UniqueId=3650415279550844789 --annotation=UseCrashpad=True --annotation=app_arch=x86_64 --annotation=application.version=0.649.0.6490878 --annotation=host_arch=x86_64 --initial-client-data=0x5c8,0x5cc,0x5d0,0x59c,0x5d4,0x7ff6e4bbb2a8,0x7ff6e4bbb2c0,0x7ff6e4bbb2d8
                                                  4⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  PID:1052
                                                • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --mojo-named-platform-channel-pipe=2780.1268.16430475663565321071
                                                  4⤵
                                                  • Checks computer location settings
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Checks system information in the registry
                                                  • Drops file in Windows directory
                                                  • Enumerates system info in registry
                                                  • Modifies data under HKEY_USERS
                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                  • System policy modification
                                                  PID:1780
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=130.0.2849.80 --initial-client-data=0x1a0,0x1a4,0x1a8,0x17c,0x1b0,0x7ff8e8004dc0,0x7ff8e8004dcc,0x7ff8e8004dd8
                                                    5⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    PID:1416
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1816,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=1812 /prefetch:2
                                                    5⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    PID:2880
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2060,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3
                                                    5⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    PID:4876
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2216,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:8
                                                    5⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    PID:2908
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3644,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=3640 /prefetch:1
                                                    5⤵
                                                    • Checks computer location settings
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    PID:5484
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=2352,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=2384 /prefetch:1
                                                    5⤵
                                                    • Checks computer location settings
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    PID:5368
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3680,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=3812 /prefetch:1
                                                    5⤵
                                                    • Checks computer location settings
                                                    • Executes dropped EXE
                                                    PID:5936
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4900,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:8
                                                    5⤵
                                                    • Executes dropped EXE
                                                    PID:3116
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4908,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:8
                                                    5⤵
                                                    • Executes dropped EXE
                                                    PID:1508
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5572,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8
                                                    5⤵
                                                    • Executes dropped EXE
                                                    PID:2072
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5676,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=5692 /prefetch:8
                                                    5⤵
                                                    • Executes dropped EXE
                                                    PID:4048
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5712,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:8
                                                    5⤵
                                                    • Executes dropped EXE
                                                    PID:4084
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5732,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=5600 /prefetch:8
                                                    5⤵
                                                    • Executes dropped EXE
                                                    PID:2732
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2360,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8
                                                    5⤵
                                                    • Executes dropped EXE
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:3540
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5748,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:8
                                                    5⤵
                                                    • Executes dropped EXE
                                                    PID:5780
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=3940,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:8
                                                    5⤵
                                                    • Executes dropped EXE
                                                    PID:5172
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=3936,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
                                                    5⤵
                                                    • Executes dropped EXE
                                                    PID:5948
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 649, 0, 6490878" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5388,i,6989876429455631667,9255889984461898152,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8
                                                    5⤵
                                                    • Executes dropped EXE
                                                    PID:5048
                                            • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
                                              "C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Enumerates system info in registry
                                              PID:4000
                                            • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
                                              "C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Enumerates system info in registry
                                              PID:1344
                                            • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
                                              "C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Enumerates system info in registry
                                              PID:116
                                            • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
                                              "C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Enumerates system info in registry
                                              PID:3296
                                            • C:\Users\Admin\Downloads\RobloxStudioInstaller.exe
                                              "C:\Users\Admin\Downloads\RobloxStudioInstaller.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Enumerates system info in registry
                                              PID:476
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:4948
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:344
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:1196
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Checks system information in the registry
                                                  • System Location Discovery: System Language Discovery
                                                  • Modifies data under HKEY_USERS
                                                  PID:2880
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODU3MzIxRDktQUVGNy00MzIzLThDNUEtM0ZFMTE5MUUyRjFDfSIgdXNlcmlkPSJ7OTcwODQ3OTQtMzY5Qy00NUU0LUFBODMtMkJEMkQ0QTVGMzZDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDRTQxN0UyNS04QkEyLTQ0MjctOUYwRC0xNzkzNTlDRjI5Q0N9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NjExMjY5MTQ1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Checks system information in the registry
                                                    • System Location Discovery: System Language Discovery
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:4456
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8FB63859-5C9E-4C10-A236-88795C0028B4}\MicrosoftEdge_X64_130.0.2849.80.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8FB63859-5C9E-4C10-A236-88795C0028B4}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:768
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8FB63859-5C9E-4C10-A236-88795C0028B4}\EDGEMITMP_9A0AC.tmp\setup.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8FB63859-5C9E-4C10-A236-88795C0028B4}\EDGEMITMP_9A0AC.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8FB63859-5C9E-4C10-A236-88795C0028B4}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                      3⤵
                                                      • Checks computer location settings
                                                      • Executes dropped EXE
                                                      • Drops file in Program Files directory
                                                      • Drops file in Windows directory
                                                      PID:3680
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8FB63859-5C9E-4C10-A236-88795C0028B4}\EDGEMITMP_9A0AC.tmp\setup.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8FB63859-5C9E-4C10-A236-88795C0028B4}\EDGEMITMP_9A0AC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8FB63859-5C9E-4C10-A236-88795C0028B4}\EDGEMITMP_9A0AC.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff60b6cd730,0x7ff60b6cd73c,0x7ff60b6cd748
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Drops file in Windows directory
                                                        PID:4396
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODU3MzIxRDktQUVGNy00MzIzLThDNUEtM0ZFMTE5MUUyRjFDfSIgdXNlcmlkPSJ7OTcwODQ3OTQtMzY5Qy00NUU0LUFBODMtMkJEMkQ0QTVGMzZDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDRDk5MjQyQi1FNEQ1LTQ1QzgtOTIzOC1DNkUwQ0IyNzdBQTB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMC4wLjI4NDkuODAiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjY2MjQwNzkxNTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI2NjI0MjA4ODI3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODY4NTIyODk3MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMjdjYjcyOWQtZmY5NC00ZDM0LWFhZTQtMzM4NWZhMDljNDRjP1AxPTE3MzIxMjA2NjMmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9YVY3S2plTGQ1UFpndXVudHQ1a1ZBRUIwOW91aEYweXU1WmtpMk1ta2RTSWtZMUVZUlpPaU4zTHZmUFVZa1NjQjJWNHo5Y3pZZDdqZlZjcThVNiUyYmZ3dyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NTA3NjkyMCIgdG90YWw9IjE3NTA3NjkyMCIgZG93bmxvYWRfdGltZV9tcz0iMTk5NDcxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODY4NTM0ODc1MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg3MDA0Njg4MTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjkzMTQxNzg5NzIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3ODYiIGRvd25sb2FkX3RpbWVfbXM9IjIwNjA5OSIgZG93bmxvYWRlZD0iMTc1MDc2OTIwIiB0b3RhbD0iMTc1MDc2OTIwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI2MTM1OSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Checks system information in the registry
                                                    • System Location Discovery: System Language Discovery
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:4948
                                                • C:\Windows\System32\GameBarPresenceWriter.exe
                                                  "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
                                                  1⤵
                                                  • Network Service Discovery
                                                  PID:4724
                                                • C:\Windows\system32\OpenWith.exe
                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                  1⤵
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:436
                                                • C:\Windows\system32\AUDIODG.EXE
                                                  C:\Windows\system32\AUDIODG.EXE 0x320 0x410
                                                  1⤵
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:3668
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Checks system information in the registry
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:3168
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Checks system information in the registry
                                                  • System Location Discovery: System Language Discovery
                                                  • Modifies data under HKEY_USERS
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:6008
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BB305601-419E-495C-84F7-FAA7E697C1E8}\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BB305601-419E-495C-84F7-FAA7E697C1E8}\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe" /update /sessionid "{5C30456F-8076-4481-B74C-B0A30AF75067}"
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • System Location Discovery: System Language Discovery
                                                    PID:1888
                                                    • C:\Program Files (x86)\Microsoft\Temp\EU5A10.tmp\MicrosoftEdgeUpdate.exe
                                                      "C:\Program Files (x86)\Microsoft\Temp\EU5A10.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{5C30456F-8076-4481-B74C-B0A30AF75067}"
                                                      3⤵
                                                      • Event Triggered Execution: Image File Execution Options Injection
                                                      • Executes dropped EXE
                                                      • Checks system information in the registry
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:5396
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        • Modifies registry class
                                                        PID:5888
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        • Modifies registry class
                                                        PID:5268
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                          5⤵
                                                          • Executes dropped EXE
                                                          • Modifies registry class
                                                          PID:5192
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                          5⤵
                                                          • Executes dropped EXE
                                                          • Modifies registry class
                                                          PID:4960
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                          5⤵
                                                          • Executes dropped EXE
                                                          • Modifies registry class
                                                          PID:5484
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUMzMDQ1NkYtODA3Ni00NDgxLUI3NEMtQjBBMzBBRjc1MDY3fSIgdXNlcmlkPSJ7OTcwODQ3OTQtMzY5Qy00NUU0LUFBODMtMkJEMkQ0QTVGMzZDfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QTFENDUyQUEtRDJGNS00Mzk5LTlEODQtMTA5NTVEOTdFNjFGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4zNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTczMTUxNTg1OSI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTg2NjE1MTE3MiIvPjwvYXBwPjwvcmVxdWVzdD4
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Checks system information in the registry
                                                        • System Location Discovery: System Language Discovery
                                                        • System Network Configuration Discovery: Internet Connection Discovery
                                                        PID:4508
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NUMzMDQ1NkYtODA3Ni00NDgxLUI3NEMtQjBBMzBBRjc1MDY3fSIgdXNlcmlkPSJ7OTcwODQ3OTQtMzY5Qy00NUU0LUFBODMtMkJEMkQ0QTVGMzZDfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins4Q0ZCOTkzOS1CMUJELTQ4MDAtQUMzNi0wNkM1MjNFM0JBMDl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjM1IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTg0MDYyMTI3NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5ODQwNjUxMzc2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5ODQ2NTMxMzE4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNjhkNTc3YTAtMWY0YS00MzRmLWJkY2UtMTQ4ZWRjMWU0YTQwP1AxPTE3MzIxMjA5ODUmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9WkdKWjM5U0NlYVZXZ2QxMyUyZkZETk1EUk5HeHolMmJRaUk4TmswWXBhbEFqMVVWdFU0YnlKJTJmVEV5bEhQWWxTUDZRbDA5JTJidFFqNWpIY2klMmI1VmQzWW8wTGdRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDUzODYzODUiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4NDY1NDEzMDEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzY4ZDU3N2EwLTFmNGEtNDM0Zi1iZGNlLTE0OGVkYzFlNGE0MD9QMT0xNzMyMTIwOTg1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVpHSlozOVNDZWFWV2dkMTMlMmZGRE5NRFJOR3h6JTJiUWlJOE5rMFlwYWxBajFVVnRVNGJ5SiUyZlRFeWxIUFlsU1A2UWwwOSUyYnRRajVqSGNpJTJiNVZkM1lvMExnUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSItMSIgZG93bmxvYWRfdGltZV9tcz0iNSIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5ODQ2NTYxMjg4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJ3aW5odHRwIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy82OGQ1NzdhMC0xZjRhLTQzNGYtYmRjZS0xNDhlZGMxZTRhNDA_UDE9MTczMjEyMDk4NSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1aR0paMzlTQ2VhVldnZDEzJTJmRkROTURSTkd4eiUyYlFpSThOazBZcGFsQWoxVVZ0VTRieUolMmZURXlsSFBZbFNQNlFsMDklMmJ0UWo1akhjaSUyYjVWZDNZbzBMZ1ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSI4OC4yMjEuMTM0LjczIiBjZG5fY2lkPSIyIiBjZG5fY2NjPSJHQiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzU5MjAiIHRvdGFsPSIxNjM1OTIwIiBkb3dubG9hZF90aW1lX21zPSI0OTkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTg0NjU4MTUxNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5ODUxODMxMjU5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iMjEiIHJkPSI2NTA1IiBwaW5nX2ZyZXNobmVzcz0ie0ZEMzRFRjYwLTI4NTAtNDEzOC05M0I5LUZEOEZFNThCOTM0Nn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzU5ODkyNzQyNzAxMjcwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9IjIxIiBhZD0iLTEiIHJkPSI2NTA1IiBwaW5nX2ZyZXNobmVzcz0iezcyNjYwOTFBLTA3NzAtNENCRi1CNjlDLTlCRDk0RkY1NDM4Q30iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMwLjAuMjg0OS44MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjUyNCIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzU5ODk3Mzk0NTUzMDcwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iLTEiIHI9Ii0xIiBhZD0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9InsyRDM3NEI2Qy1GNDJCLTQwQjYtQUUxRC00RTMxODcwMDhGQTl9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Checks system information in the registry
                                                    • System Location Discovery: System Language Discovery
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:4608
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:1548
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Checks system information in the registry
                                                  • System Location Discovery: System Language Discovery
                                                  • Modifies data under HKEY_USERS
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:1180
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7M0MxOUFBNkUtRTFDNC00OUJDLTlBRTYtMkNEOUE4MzNEOTk4fSIgdXNlcmlkPSJ7OTcwODQ3OTQtMzY5Qy00NUU0LUFBODMtMkJEMkQ0QTVGMzZDfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTlGODg0RTItQ0NGNi00NDNELUE4NEQtNTRBODNFOEY3MEYzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtkbDR4SjNjSlNUTUR1bjNKZEwvNFp4RzlqSkxCbkNWditzTGZIVjZ1U1k0PSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMjEiIGluc3RhbGxkYXRldGltZT0iMTcyOTY5NDA2MCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzc0MTY2NjY4NDQ3MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMDUxMzkzNTc5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Checks system information in the registry
                                                    • System Location Discovery: System Language Discovery
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:716
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\MicrosoftEdge_X64_130.0.2849.80.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:2560
                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\EDGEMITMP_9614A.tmp\setup.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\EDGEMITMP_9614A.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                      3⤵
                                                      • Boot or Logon Autostart Execution: Active Setup
                                                      • Executes dropped EXE
                                                      • Installs/modifies Browser Helper Object
                                                      • Drops file in Windows directory
                                                      • Modifies Internet Explorer settings
                                                      • Modifies registry class
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • System policy modification
                                                      PID:5676
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\EDGEMITMP_9614A.tmp\setup.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\EDGEMITMP_9614A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\EDGEMITMP_9614A.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x11c,0x118,0x114,0x250,0x25c,0x7ff7fcb0d730,0x7ff7fcb0d73c,0x7ff7fcb0d748
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Drops file in Windows directory
                                                        PID:2696
                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\EDGEMITMP_9614A.tmp\setup.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\EDGEMITMP_9614A.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Drops file in System32 directory
                                                        • Drops file in Windows directory
                                                        • Modifies data under HKEY_USERS
                                                        PID:1656
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\EDGEMITMP_9614A.tmp\setup.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\EDGEMITMP_9614A.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\EDGEMITMP_9614A.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x248,0x24c,0x250,0x228,0x254,0x7ff7fcb0d730,0x7ff7fcb0d73c,0x7ff7fcb0d748
                                                          5⤵
                                                          • Executes dropped EXE
                                                          • Drops file in Windows directory
                                                          PID:2572
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                                                        4⤵
                                                        • Executes dropped EXE
                                                        PID:684
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7a149d730,0x7ff7a149d73c,0x7ff7a149d748
                                                          5⤵
                                                          • Executes dropped EXE
                                                          • Drops file in Windows directory
                                                          PID:1992
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
                                                        4⤵
                                                        • Executes dropped EXE
                                                        PID:5460
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\130.0.2849.80\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7a149d730,0x7ff7a149d73c,0x7ff7a149d748
                                                          5⤵
                                                          • Drops file in Windows directory
                                                          PID:3256
                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7M0MxOUFBNkUtRTFDNC00OUJDLTlBRTYtMkNEOUE4MzNEOTk4fSIgdXNlcmlkPSJ7OTcwODQ3OTQtMzY5Qy00NUU0LUFBODMtMkJEMkQ0QTVGMzZDfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins0OUFFMEM2Qy03Q0E4LTRGOTUtQkQ1My0yN0Q3OEU1MDM1MDV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xOTUuMzUiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iSXNPbkludGVydmFsQ29tbWFuZHNBbGxvd2VkPSU1QiUyMi10YXJnZXRfZGV2JTIwLW1pbl9icm93c2VyX3ZlcnNpb25fY2FuYXJ5X2RldiUyMDEzMS4wLjI4NzEuMCUyMiU1RCIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC42MCI-PHVwZGF0ZWNoZWNrLz48cGluZyByZD0iNjUyNiIgcGluZ19mcmVzaG5lc3M9Ins0QjVDNEE4MC1GOTVELTRDNTItOTQ1Ni1BN0Q2QjE2NkM1RkV9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTMwLjAuMjg0OS44MCIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzNzU5ODkyNzQyNzAxMjcwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzA1OTMzMzQ1NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzA1OTM2MzQyNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzA5MzA2MzQyNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzEwODkxMzU1NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM2NDE3OTk1NTciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI0MDAiIGRvd25sb2FkZWQ9IjE3NTA3NjkyMCIgdG90YWw9IjE3NTA3NjkyMCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjIiIGluc3RhbGxfdGltZV9tcz0iNTMyODUiLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2NTI2IiBwaW5nX2ZyZXNobmVzcz0ie0VDRTVERTY5LUU4OEQtNDYxMS04NzFFLUI1QkZCQ0I1Q0E2Qn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMwLjAuMjg0OS44MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjUyNCIgY29ob3J0PSJycmZAMC40MiIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzc1OTg5NzM5NDU1MzA3MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjAiIHJkPSI2NTI2IiBwaW5nX2ZyZXNobmVzcz0iezRFNDQ2QjE3LUE4NTMtNDk1Ri1CRjU4LTgyODIzNTM3QzJBNn0iLz48L2FwcD48L3JlcXVlc3Q-
                                                    2⤵
                                                    • Checks system information in the registry
                                                    • System Location Discovery: System Language Discovery
                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                    PID:6132
                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c
                                                  1⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:5744

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Reconnaissance

                                                Resource Development

                                                Initial Access

                                                Execution

                                                Persistence

                                                Boot or Logon Autostart Execution

                                                1
                                                T1547

                                                Active Setup

                                                1
                                                T1547.014

                                                Browser Extensions

                                                1
                                                T1176

                                                Event Triggered Execution

                                                2
                                                T1546

                                                Component Object Model Hijacking

                                                1
                                                T1546.015

                                                Image File Execution Options Injection

                                                1
                                                T1546.012

                                                Privilege Escalation

                                                Boot or Logon Autostart Execution

                                                1
                                                T1547

                                                Active Setup

                                                1
                                                T1547.014

                                                Event Triggered Execution

                                                2
                                                T1546

                                                Component Object Model Hijacking

                                                1
                                                T1546.015

                                                Image File Execution Options Injection

                                                1
                                                T1546.012

                                                Defense Evasion

                                                Modify Registry

                                                4
                                                T1112

                                                Credential Access

                                                Discovery

                                                Browser Information Discovery

                                                1
                                                T1217

                                                Network Service Discovery

                                                1
                                                T1046

                                                Network Share Discovery

                                                1
                                                T1135

                                                Peripheral Device Discovery

                                                1
                                                T1120

                                                Query Registry

                                                6
                                                T1012

                                                System Information Discovery

                                                6
                                                T1082

                                                System Location Discovery

                                                1
                                                T1614

                                                System Language Discovery

                                                1
                                                T1614.001

                                                System Network Configuration Discovery

                                                1
                                                T1016

                                                Internet Connection Discovery

                                                1
                                                T1016.001

                                                Lateral Movement

                                                Collection

                                                Command and Control

                                                Exfiltration

                                                Impact

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\EDGEMITMP_9614A.tmp\SETUP.EX_
                                                  Filesize

                                                  2.6MB

                                                  MD5

                                                  958befee6afc25fa51e4bf538d0894c7

                                                  SHA1

                                                  70a2f157988f6cef27048bc2b3c81e8ab4b41552

                                                  SHA256

                                                  5422f0b35bac6fc926c6f537d42cfa4aaa7985e89e4e680acc467d804071a006

                                                  SHA512

                                                  7ecf452f007d849268b4cc2644ecb239b2a4309a80f4350dfb215f6fc34950cabf1bb233f43bc6678547931af7b427517ed8c88cd214aa0358122777a5a8cce2

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DEE88C6D-2541-40AD-B83A-4A7CDAC29707}\EDGEMITMP_9614A.tmp\setup.exe
                                                  Filesize

                                                  6.5MB

                                                  MD5

                                                  b621cf9d3506d2cd18dc516d9570cd9c

                                                  SHA1

                                                  f90ed12727015e78f07692cbcd9e3c0999a03c3a

                                                  SHA256

                                                  64050839b4a6f27d896e1194e902a2f7a3c1cab0ef864b558ab77f1be25145d6

                                                  SHA512

                                                  167c73cf457689f8ba031015c1e411545550f602919c35aff6fd4d602bd591d34e8c12887a946902b798bf4cf98aadfce3c2de810bf16c7c24a216bfd8abec19

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\EdgeUpdate.dat
                                                  Filesize

                                                  12KB

                                                  MD5

                                                  369bbc37cff290adb8963dc5e518b9b8

                                                  SHA1

                                                  de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                                  SHA256

                                                  3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                                  SHA512

                                                  4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                                  Filesize

                                                  179KB

                                                  MD5

                                                  7a160c6016922713345454265807f08d

                                                  SHA1

                                                  e36ee184edd449252eb2dfd3016d5b0d2edad3c6

                                                  SHA256

                                                  35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

                                                  SHA512

                                                  c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\MicrosoftEdgeUpdate.exe
                                                  Filesize

                                                  201KB

                                                  MD5

                                                  4dc57ab56e37cd05e81f0d8aaafc5179

                                                  SHA1

                                                  494a90728d7680f979b0ad87f09b5b58f16d1cd5

                                                  SHA256

                                                  87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

                                                  SHA512

                                                  320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                  Filesize

                                                  212KB

                                                  MD5

                                                  60dba9b06b56e58f5aea1a4149c743d2

                                                  SHA1

                                                  a7e456acf64dd99ca30259cf45b88cf2515a69b3

                                                  SHA256

                                                  4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

                                                  SHA512

                                                  e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\MicrosoftEdgeUpdateCore.exe
                                                  Filesize

                                                  257KB

                                                  MD5

                                                  c044dcfa4d518df8fc9d4a161d49cece

                                                  SHA1

                                                  91bd4e933b22c010454fd6d3e3b042ab6e8b2149

                                                  SHA256

                                                  9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

                                                  SHA512

                                                  f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\NOTICE.TXT
                                                  Filesize

                                                  4KB

                                                  MD5

                                                  6dd5bf0743f2366a0bdd37e302783bcd

                                                  SHA1

                                                  e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                                  SHA256

                                                  91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                                  SHA512

                                                  f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdate.dll
                                                  Filesize

                                                  2.0MB

                                                  MD5

                                                  965b3af7886e7bf6584488658c050ca2

                                                  SHA1

                                                  72daabdde7cd500c483d0eeecb1bd19708f8e4a5

                                                  SHA256

                                                  d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

                                                  SHA512

                                                  1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_af.dll
                                                  Filesize

                                                  28KB

                                                  MD5

                                                  567aec2d42d02675eb515bbd852be7db

                                                  SHA1

                                                  66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

                                                  SHA256

                                                  a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

                                                  SHA512

                                                  3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_am.dll
                                                  Filesize

                                                  24KB

                                                  MD5

                                                  f6c1324070b6c4e2a8f8921652bfbdfa

                                                  SHA1

                                                  988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

                                                  SHA256

                                                  986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

                                                  SHA512

                                                  63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_ar.dll
                                                  Filesize

                                                  26KB

                                                  MD5

                                                  570efe7aa117a1f98c7a682f8112cb6d

                                                  SHA1

                                                  536e7c49e24e9aa068a021a8f258e3e4e69fa64f

                                                  SHA256

                                                  e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

                                                  SHA512

                                                  5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_as.dll
                                                  Filesize

                                                  28KB

                                                  MD5

                                                  a8d3210e34bf6f63a35590245c16bc1b

                                                  SHA1

                                                  f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

                                                  SHA256

                                                  3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

                                                  SHA512

                                                  6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_az.dll
                                                  Filesize

                                                  29KB

                                                  MD5

                                                  7937c407ebe21170daf0975779f1aa49

                                                  SHA1

                                                  4c2a40e76209abd2492dfaaf65ef24de72291346

                                                  SHA256

                                                  5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

                                                  SHA512

                                                  8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_bg.dll
                                                  Filesize

                                                  29KB

                                                  MD5

                                                  8375b1b756b2a74a12def575351e6bbd

                                                  SHA1

                                                  802ec096425dc1cab723d4cf2fd1a868315d3727

                                                  SHA256

                                                  a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

                                                  SHA512

                                                  aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_bn-IN.dll
                                                  Filesize

                                                  29KB

                                                  MD5

                                                  a94cf5e8b1708a43393263a33e739edd

                                                  SHA1

                                                  1068868bdc271a52aaae6f749028ed3170b09cce

                                                  SHA256

                                                  5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

                                                  SHA512

                                                  920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_bn.dll
                                                  Filesize

                                                  29KB

                                                  MD5

                                                  7dc58c4e27eaf84ae9984cff2cc16235

                                                  SHA1

                                                  3f53499ddc487658932a8c2bcf562ba32afd3bda

                                                  SHA256

                                                  e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

                                                  SHA512

                                                  bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_bs.dll
                                                  Filesize

                                                  28KB

                                                  MD5

                                                  e338dccaa43962697db9f67e0265a3fc

                                                  SHA1

                                                  4c6c327efc12d21c4299df7b97bf2c45840e0d83

                                                  SHA256

                                                  99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

                                                  SHA512

                                                  e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                                                  Filesize

                                                  29KB

                                                  MD5

                                                  2929e8d496d95739f207b9f59b13f925

                                                  SHA1

                                                  7c1c574194d9e31ca91e2a21a5c671e5e95c734c

                                                  SHA256

                                                  2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

                                                  SHA512

                                                  ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_ca.dll
                                                  Filesize

                                                  30KB

                                                  MD5

                                                  39551d8d284c108a17dc5f74a7084bb5

                                                  SHA1

                                                  6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

                                                  SHA256

                                                  8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

                                                  SHA512

                                                  6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_cs.dll
                                                  Filesize

                                                  28KB

                                                  MD5

                                                  16c84ad1222284f40968a851f541d6bb

                                                  SHA1

                                                  bc26d50e15ccaed6a5fbe801943117269b3b8e6b

                                                  SHA256

                                                  e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

                                                  SHA512

                                                  d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_cy.dll
                                                  Filesize

                                                  28KB

                                                  MD5

                                                  34d991980016595b803d212dc356d765

                                                  SHA1

                                                  e3a35df6488c3463c2a7adf89029e1dd8308f816

                                                  SHA256

                                                  252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

                                                  SHA512

                                                  8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_da.dll
                                                  Filesize

                                                  28KB

                                                  MD5

                                                  d34380d302b16eab40d5b63cfb4ed0fe

                                                  SHA1

                                                  1d3047119e353a55dc215666f2b7b69f0ede775b

                                                  SHA256

                                                  fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

                                                  SHA512

                                                  45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_de.dll
                                                  Filesize

                                                  30KB

                                                  MD5

                                                  aab01f0d7bdc51b190f27ce58701c1da

                                                  SHA1

                                                  1a21aabab0875651efd974100a81cda52c462997

                                                  SHA256

                                                  061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

                                                  SHA512

                                                  5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_el.dll
                                                  Filesize

                                                  30KB

                                                  MD5

                                                  ac275b6e825c3bd87d96b52eac36c0f6

                                                  SHA1

                                                  29e537d81f5d997285b62cd2efea088c3284d18f

                                                  SHA256

                                                  223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

                                                  SHA512

                                                  bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_en-GB.dll
                                                  Filesize

                                                  27KB

                                                  MD5

                                                  d749e093f263244d276b6ffcf4ef4b42

                                                  SHA1

                                                  69f024c769632cdbb019943552bac5281d4cbe05

                                                  SHA256

                                                  fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

                                                  SHA512

                                                  48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_en.dll
                                                  Filesize

                                                  27KB

                                                  MD5

                                                  4a1e3cf488e998ef4d22ac25ccc520a5

                                                  SHA1

                                                  dc568a6e3c9465474ef0d761581c733b3371b1cd

                                                  SHA256

                                                  9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

                                                  SHA512

                                                  ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_es-419.dll
                                                  Filesize

                                                  29KB

                                                  MD5

                                                  28fefc59008ef0325682a0611f8dba70

                                                  SHA1

                                                  f528803c731c11d8d92c5660cb4125c26bb75265

                                                  SHA256

                                                  55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

                                                  SHA512

                                                  2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_es.dll
                                                  Filesize

                                                  28KB

                                                  MD5

                                                  9db7f66f9dc417ebba021bc45af5d34b

                                                  SHA1

                                                  6815318b05019f521d65f6046cf340ad88e40971

                                                  SHA256

                                                  e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

                                                  SHA512

                                                  943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_et.dll
                                                  Filesize

                                                  28KB

                                                  MD5

                                                  b78cba3088ecdc571412955742ea560b

                                                  SHA1

                                                  bc04cf9014cec5b9f240235b5ff0f29dbdb22926

                                                  SHA256

                                                  f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

                                                  SHA512

                                                  04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_eu.dll
                                                  Filesize

                                                  28KB

                                                  MD5

                                                  a7e1f4f482522a647311735699bec186

                                                  SHA1

                                                  3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

                                                  SHA256

                                                  e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

                                                  SHA512

                                                  22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_fa.dll
                                                  Filesize

                                                  27KB

                                                  MD5

                                                  cbe3454843ce2f36201460e316af1404

                                                  SHA1

                                                  0883394c28cb60be8276cb690496318fcabea424

                                                  SHA256

                                                  c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

                                                  SHA512

                                                  f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_fi.dll
                                                  Filesize

                                                  28KB

                                                  MD5

                                                  d45f2d476ed78fa3e30f16e11c1c61ea

                                                  SHA1

                                                  8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

                                                  SHA256

                                                  acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

                                                  SHA512

                                                  2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_fil.dll
                                                  Filesize

                                                  29KB

                                                  MD5

                                                  7c66526dc65de144f3444556c3dba7b8

                                                  SHA1

                                                  6721a1f45ac779e82eecc9a584bcf4bcee365940

                                                  SHA256

                                                  e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

                                                  SHA512

                                                  dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_fr-CA.dll
                                                  Filesize

                                                  30KB

                                                  MD5

                                                  b534e068001e8729faf212ad3c0da16c

                                                  SHA1

                                                  999fa33c5ea856d305cc359c18ea8e994a83f7a9

                                                  SHA256

                                                  445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511

                                                  SHA512

                                                  e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_fr.dll
                                                  Filesize

                                                  30KB

                                                  MD5

                                                  64c47a66830992f0bdfd05036a290498

                                                  SHA1

                                                  88b1b8faa511ee9f4a0e944a0289db48a8680640

                                                  SHA256

                                                  a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961

                                                  SHA512

                                                  426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_ga.dll
                                                  Filesize

                                                  28KB

                                                  MD5

                                                  3b8a5301c4cf21b439953c97bd3c441c

                                                  SHA1

                                                  8a7b48bb3d75279de5f5eb88b5a83437c9a2014a

                                                  SHA256

                                                  abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0

                                                  SHA512

                                                  068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_gd.dll
                                                  Filesize

                                                  30KB

                                                  MD5

                                                  c90f33303c5bd706776e90c12aefabee

                                                  SHA1

                                                  1965550fe34b68ea37a24c8708eef1a0d561fb11

                                                  SHA256

                                                  e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c

                                                  SHA512

                                                  b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_gl.dll
                                                  Filesize

                                                  28KB

                                                  MD5

                                                  84a1cea9a31be831155aa1e12518e446

                                                  SHA1

                                                  670f4edd4dc8df97af8925f56241375757afb3da

                                                  SHA256

                                                  e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57

                                                  SHA512

                                                  5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

                                                  Download Submit

                                                • C:\Program Files (x86)\Microsoft\Temp\EU5DA2.tmp\msedgeupdateres_gu.dll
                                                  Filesize

                                                  28KB

                                                  MD5

                                                  f9646357cf6ce93d7ba9cfb3fa362928

                                                  SHA1

                                                  a072cc350ea8ea6d8a01af335691057132b04025

                                                  SHA256

                                                  838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150

                                                  SHA512

                                                  654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

                                                  Download Submit

                                                • C:\Program Files (x86)\Roblox\Versions\version-7cc6d2bdac2f4837\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
                                                  Filesize

                                                  1.5MB

                                                  MD5

                                                  610b1b60dc8729bad759c92f82ee2804

                                                  SHA1

                                                  9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

                                                  SHA256

                                                  921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

                                                  SHA512

                                                  0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

                                                  Download Submit

                                                • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                  Filesize

                                                  107KB

                                                  MD5

                                                  dc7cd289bfba31bccce9922edf86f475

                                                  SHA1

                                                  1e1d6ef351970a6f427d86a4f847ca2510da22bf

                                                  SHA256

                                                  889d50458e37d7e957e695cdccd3eaf610d2a6aaa8a4371e90d072eb3fec1b68

                                                  SHA512

                                                  41c07b69999112c0ffa60c1e7fcba91813eb63ee88f9fbd4cdec09c6feedf659103e7fec1a7ede3989fb4b5c62d13c5880c17018dae3bc55c14965543fe37e6d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  9d533e1f93a61b94eea29bf4313b0a8e

                                                  SHA1

                                                  96c1f0811d9e2fbf408e1b7186921b855fc891db

                                                  SHA256

                                                  ae95a7d192b6dfed1a8a5611850df994c63ba2038018901d59ef4dae64b74ed3

                                                  SHA512

                                                  b10de657d0cef4255e96daa1b6ad0c99c70b16c13b8e86790ea226e37e9ded1a8f8bed1e137f976d86ebc3ea9a4b5eb67ce2f5b0200025d35dc8e94c947ff3f5

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  fccab8a2a3330ebd702a08d6cc6c1aee

                                                  SHA1

                                                  2d0ea7fa697cb1723d240ebf3c0781ce56273cf7

                                                  SHA256

                                                  fa39b46c6f11977f5a2e6f4cd495db424063320fbac26a2eae7466e82ffeb712

                                                  SHA512

                                                  5339b52bad5dff926b66044067aa3e1a6147c389a27ebd89b0f16e1267621d7ce7af9810010bee81cba7b08c77a33ede8ef4675fe049b9fb2ed510fcaef93d6e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\19d18b7b-012a-4259-bcd7-ba6f5d228bd7.tmp
                                                  Filesize

                                                  4KB

                                                  MD5

                                                  b0396c33f4b740fd540f146d4628f8fa

                                                  SHA1

                                                  9b58aab78eb9835752c783f5c3ed102f3ef9b03d

                                                  SHA256

                                                  45e37d250cde31a813334c500b40c7cfde37e284ed9b3604f84df34ff9e75219

                                                  SHA512

                                                  b71a353f29e7e8e81fa8c64fffcf58d7e4c1125cd4e3d39d69cb6cce61249bdb4e858b8d3930d4b8efac9e2a93a4348a99ade1e47b5b034b7112684fb374be44

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                  Filesize

                                                  103KB

                                                  MD5

                                                  f2dcbb1f3153e72e5f9335a4776bb51d

                                                  SHA1

                                                  fcf76e5002b9aa519906913f3ec493fb7affa3e1

                                                  SHA256

                                                  2be16e2098f1c7f123d123adab5c763061ddd3db74fcdff7e77299267d4bd1bf

                                                  SHA512

                                                  0f9510cd8fe090ccc0ea7c60105b56147cb6f11d9726d1775cdf298c8d131f103b6d0cd71502ca1c72646020a067cd2b9e6fb41d18431a57dc86a8a1688b3afb

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  24a060417e937c19661b5be3d1c49b81

                                                  SHA1

                                                  0c4ec1d30261b49f5b720a7c55ee24be5f945327

                                                  SHA256

                                                  5e46d9af6dffe356ee4f9c76b0a0f2b244f6246d9732cad672aeb7fa10fb9642

                                                  SHA512

                                                  ce78435d2fc29421b80c5160de5f50c877f7e55711f9848b6c808dedcdf3720f80e6bd0df95e22d9a2dc3de7ee375c5a1d76833fe8d82cfc30be9d74551978ae

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  48B

                                                  MD5

                                                  d21288e7f19d7a8c622e73b0e390cde5

                                                  SHA1

                                                  feeee83a7eb73a3436cd3504f1637fdea6a9535d

                                                  SHA256

                                                  f4894b34b62d46d945a8a4b0690c27907709d633db6bd0704814035bd3f7375b

                                                  SHA512

                                                  f3eccc8774e5213b2a7075452b2f471324a1f3a8030551544aba5f701f7edd66776d991e4d9f6ac6585deb919635277f99b748316b3f6adedef752ec73eede38

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  fd3667ddf2a79e26e864265236f22fa9

                                                  SHA1

                                                  e36c877bd6f88ae9c4733994eda8f280044902ef

                                                  SHA256

                                                  886b075ae6d0720a1053f794128f70a13df687a804dcb4007f934100b0ee2b42

                                                  SHA512

                                                  c145a8e917ce06ef725254269cd4d5c0d14c36de5c0675693a58d3f005b5881ea51f0ca425bc2a4015e071899686406a7d2103a1618b18568240c493b06c1f27

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                                  Filesize

                                                  70KB

                                                  MD5

                                                  e5e3377341056643b0494b6842c0b544

                                                  SHA1

                                                  d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                  SHA256

                                                  e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                  SHA512

                                                  83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
                                                  Filesize

                                                  389B

                                                  MD5

                                                  ef74a9ea00abd6e8888d2357f2f60386

                                                  SHA1

                                                  c4e18ca1b9cc7ee59b3b42dd840a1c82e73b70be

                                                  SHA256

                                                  e70d7c63ef805e0678cfcfab4a02be5be0889812128d9072782025d7a6e4caa5

                                                  SHA512

                                                  9d8cee5b3ea5e80112e7effc1db4265e236a024632148980c2854aff85c840f5273d1fd34d8c50194cd08e64ceb38a8248a3a33bbcf6faf1b5fefdd1e84935ab

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe59694f.TMP
                                                  Filesize

                                                  673B

                                                  MD5

                                                  4c1ad1cc007706258d8a4ac413278c5d

                                                  SHA1

                                                  f93b817b4011d30793d27fbcdd12666d0b8207a6

                                                  SHA256

                                                  25eac9c23e2e30b35ba696bdf2fbccb0664ea3b73338f75e3df03506d39ac7a7

                                                  SHA512

                                                  5c5b77010c84a124acc17f5b5c2d975420f179bacfe2551fadc5db1809f2cf1c4b8368ef671ac413e9c4a2125bfea547db5e408732191775784841240d21a260

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
                                                  Filesize

                                                  100B

                                                  MD5

                                                  e2896794670f13dd2d4d13b86817b168

                                                  SHA1

                                                  58089c9c0955e754f116b29243b4c834e61e1570

                                                  SHA256

                                                  7a47c8951a8a2f9d0d66faa65fcb8653970dc9c8e08cc26287f6a9c2ec7cde7a

                                                  SHA512

                                                  2a14bdee064c729f2cacc90ac8f599cd355c02c0bdfcf7a543e1cbfe8626f3629626d3132810eae3eebd4685d71b306c9de99baa86be950f3698e48fa376f578

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  4KB

                                                  MD5

                                                  c052bff8e0b60bce60f098f559356e94

                                                  SHA1

                                                  2205a2033c972a5d3a48d3278f935d812e3580a3

                                                  SHA256

                                                  ec71ea726049a4adb4a95d10db6bd7a7c326dfbb2cb2c8510029bc4004be2b8c

                                                  SHA512

                                                  32a2354a15b819b920d5cb471b1de5aa2a7d76b39f354a70c17836085c543ee270f567debc3fabdd1ab170190fba622bbbdec92ed58315a7ae2be236ad6576ae

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  4KB

                                                  MD5

                                                  8e9cf701f1bc5375dc788d5f584710f7

                                                  SHA1

                                                  0742eb692eafa7d773c60cf03f1eb344f456bfe5

                                                  SHA256

                                                  3a87703c2dcb47a8eba916cfb44dbf477a204c8a292be1a5be8de3e8947637a3

                                                  SHA512

                                                  637942b9cc8a2296600b1d416a10886d7a923a555a35605e7c3a51980a7f290368a77aacfcdfccdbe1c29ba52c51290c65ea0e06c57e4c21315a2bd02fab258c

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  111B

                                                  MD5

                                                  285252a2f6327d41eab203dc2f402c67

                                                  SHA1

                                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                  SHA256

                                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                  SHA512

                                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  767B

                                                  MD5

                                                  9eb329c1465eb515daba2df6bc4d2557

                                                  SHA1

                                                  dd31edaf5e868b888409c1389ea12f4abbfad309

                                                  SHA256

                                                  3e4cc50a730bcb64530d992eb1cc3cc41c235c97d0f5f383be654930892aabcc

                                                  SHA512

                                                  e45fa387a57a81ffe41f35b8d38964d164e70ab035eb35cc7db9285ed5b4f8dc6b51bf783894d57329d131ac866ccdfc62b2fb66af2d6e99aa2c9dd6c5f8d3f9

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  2e1ea2dc1889acf8830162971189bfd1

                                                  SHA1

                                                  e83a666c0a1d37b30b1c823a0a5da0e1bb413020

                                                  SHA256

                                                  cce5fc4ec2dbd9f273d8dea1f6cd2a22aa2f2a1502515dec9050bed5528604ab

                                                  SHA512

                                                  d471505151e2efa01721d576a06442d9bc396d297d3ea0146ee59c094f4d7b3ddc872516c8c26e634a9ab23504177b763cd250a145bc3c2d3add4408007e655f

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  a56950f707d5d0e08b0cd95cae1f655f

                                                  SHA1

                                                  299258d7b7d07717ec778a7846ee2907c8842f5e

                                                  SHA256

                                                  f396b416a3bc85b0473bfae6b70ebe452d2f1b708c8d4868f540ed8ea88bd597

                                                  SHA512

                                                  67f48a90d67ceeada9ce9e14dfe601b5f976d2c91035847f778637c856adfeca8e245a8e40815cdbb679165ea5acd0a247ea807fc44105a8a7d8b4e69ddf8aee

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  b9f864582bed998c59b5a7e46087d959

                                                  SHA1

                                                  f6c2a016c4a95d51773b8d63cb4486065ea71a71

                                                  SHA256

                                                  93d5bf418048fb5583b615ee7fe52e43cd18d02d0784303dc8e4fcc8214dfa4c

                                                  SHA512

                                                  82f4a743cd1b2cd9252b31398c2c663a5b90a42925871aaef2715dfabbece74fc2722080188992d48af45abf0ce006db084851a3582126ca29b5e77828f44793

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  c55d0b5ff7bbc19ab27d07bc5987c127

                                                  SHA1

                                                  10cade41cbe12899f5b000c697cd4d694e1b1d85

                                                  SHA256

                                                  29714a39d39178e499e51c97cb70ff197c1cec43c89f995cfa8c2782f387baf8

                                                  SHA512

                                                  fb1887d6530fa423eb3dd6ca817e0e644f633bd85b18441e97a5a37d0616d2d768da3b83743b8a79a6436a66ac766c5a10c9585682f72042086b8f0077fcb475

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  9769e8f92c7c4de2141143b306906876

                                                  SHA1

                                                  585d59d21c914ed6817dd93af25c94d07085d808

                                                  SHA256

                                                  0d7195664cbb7a4b19cda23b70fedf51aa4c43224a4ffc895addcc33392545fc

                                                  SHA512

                                                  1533845a29e2256b91b7af27e8dfab6f87c41b72ccad16a698ad3aef526efa995235f14cc0f5baf8ced5ba6e6235728127981dc80ae0da835a82caeb0aca81b5

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  52d9321fb554621eb3ace9e5c7ed654c

                                                  SHA1

                                                  f177881c0bdfe562e684cf87f6c9033e04088ab9

                                                  SHA256

                                                  b5ff9198cc18f92dd6e94267d9965d6cb1d6f991cde8eee9625944142798f5ef

                                                  SHA512

                                                  366bc781c1af345a140c9df38ced1d2f9e94c08737239fdb26b085e6a8e2db59d87d11193bf04e2a9bd7cd3469837256845da9fdc385c003bf7469133741adff

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                  Filesize

                                                  24KB

                                                  MD5

                                                  ed659b1d7a51e558246bd24f62fff931

                                                  SHA1

                                                  84685d6f04379c290e4261ff04e9e1879d54d42c

                                                  SHA256

                                                  23fafd9073812d5ff8b523b84bc981e4cb410bebbf3675db2b29cfac0dae9690

                                                  SHA512

                                                  1c3203328583241895db9fb165fcfd595f642e218ee3a453ab6873cbac10ddab693cd2f913bab15c8bb7b5a12c5768b3dfcb278aad754dec1fbffe66b81843cc

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                  Filesize

                                                  24KB

                                                  MD5

                                                  7ec09c7cbd7cb0b8a777b3a9e2a1892e

                                                  SHA1

                                                  3b07979e57b6c93be7d5a6cd8fa954dee91bd8dd

                                                  SHA256

                                                  a623633f34a241b0dbc9fd26f34446d716955f94e90b2ff9ac8b9df801bdae5e

                                                  SHA512

                                                  5fff0a38a3b6e4b29d402eef2650011e4d9df514e0624767c84ea31cb73cbba10c7e0b5711cb487976d637f0f60a85c431cf0db54b519411245684c116c07b7b

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
                                                  Filesize

                                                  35B

                                                  MD5

                                                  343859b4ad03856a60d076c8cd8f22c3

                                                  SHA1

                                                  7954a27de3329b4c5eefd4bdcb8450823881aad6

                                                  SHA256

                                                  8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

                                                  SHA512

                                                  58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe598747.TMP
                                                  Filesize

                                                  99B

                                                  MD5

                                                  3397b735e34f11c4b4895d425e5fa9cc

                                                  SHA1

                                                  b8236e29e9c72236e88ada5f58e5670f91112e2f

                                                  SHA256

                                                  fa8b38f22db1f8e10b1fd7b88fde43d2798d99e6c5184762889c67eaff90b27e

                                                  SHA512

                                                  9bae217b843bc58dd67d2bc91282f7dbc7800242d11fd4a4be34db4fbdd6122ed4b927e6bd522f8e6619049f60e11369ad96f20c016d6c2eba2ee060557be89e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  467c677744d9ef076d268bc4d5c55fba

                                                  SHA1

                                                  6c207fe29993918a60593f18a637058965601351

                                                  SHA256

                                                  9c063c798d612754a2eb1d9330d168ccda9fd8a5f29f91814781a6d76377ecf0

                                                  SHA512

                                                  008028895784824028905ef8c506b78bb676af58249d9f7dbf11d1d24447609af82b90b3e45b435367a3f6a46a3324866b6d3ba9270e563ccf8715b27aab5f9e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  b2dc9f8d26ce52aa24baba7f119ac127

                                                  SHA1

                                                  91ee3fa2fd4b6d226b2543425ff0043326f3f557

                                                  SHA256

                                                  b8a7632e1a04f0e8e822eb4f52004c838760bee5bf2c4a1111180bab1defdadf

                                                  SHA512

                                                  870d39439773c1f7c99f47ad38304d71e96310565daffd07cddafe20c029bf95567f3c2489e9d101181adf9446ca15904d91ec1a7c6e7cf81caea62c14dba36a

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  3f55eda98b71868b9c15e33849bc556b

                                                  SHA1

                                                  da631a1443b13da01ea7602dcf5b54dd5ce286c9

                                                  SHA256

                                                  bfe34f9e129fdee4e2d9a003f85c0696cadc2101d14a23bf68a9121a1b5f6e20

                                                  SHA512

                                                  9ba71578a5a21b468c15356e80fa1f1edf49ba7aa7494bdda37bd0aa4e9ee170ae461d5659039b6693dbf41bbe572512787bb98ba7500067fddf7a9613abb2bd

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  987e99bfb04cdea61fbf750ca72a731c

                                                  SHA1

                                                  593c55ec873bb3f55abe55c42d5c3879e1cca861

                                                  SHA256

                                                  671ac9e1f4c8b901c7d0f74ed5deca4723b16c93064ecc21bbbe4797c8c1891a

                                                  SHA512

                                                  cbc4b5e68bf95c1e95bb0f31df0b34e5c6ae45bc5d192057b535caf95d3a3f66153503cdd2cef2b9eb5954225ef02b5590c11bdfbb41d2313cbd2cd8d55b6329

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  d6ffcc65f06996a9161211421bcd3227

                                                  SHA1

                                                  7913d49d541101c602680cb692485bb5dc4846d8

                                                  SHA256

                                                  263c178e27456e5a4c89c1d1653f5e1f9baeb986dbac2b59f977a533e63a4bb4

                                                  SHA512

                                                  43b87bddddf223f8ef55287a8ee146c98de6dd2d502a3288ed8562858013a1e19b27c8cd611013bc407308f429f0c09c72c472f126a58c8f896a07cbbda5e036

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  a75bce1b0fff4bcb522e7487fc33efeb

                                                  SHA1

                                                  c3d9b81f9d9c4fede0a31972c4c03dd081f3ffcd

                                                  SHA256

                                                  104346fa2f358923be206d060af80b046691961b2f63b9182f1ca6cbfb3ac31c

                                                  SHA512

                                                  a1614305f2bd904bd2a374e039defedbe244d6df74e47d46045d054645caaba8be032e3ac919349e549078501c5ec45f7a0f49c600ddfd1073b0227c3f84e71b

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  abb356e799f11f7b25ff583b60e41ac5

                                                  SHA1

                                                  19d12bf61ae8ab8939dadb93623c945dbed605d7

                                                  SHA256

                                                  84375053ae056732e714e9aaec2abd7f4caa05f1b0c6c899cb21d5ce5b99bdb2

                                                  SHA512

                                                  992d446fe8ba63d0742f33250e0f7b5a0c8645cd5b3fb3aa6891b42dce70e8d49dc8a37e9f043b33d8b9b48fd68855106dc714f9649bd868be55fc90ddb83435

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  fdf47ef5eb28e55b10b11cd01fc595f8

                                                  SHA1

                                                  bce55f5a9bacffb792822a1b2966a331c65cf155

                                                  SHA256

                                                  6279eb18b7f6b921fa1e5cdf013f1afce98752c0aad244e65519c59530556f57

                                                  SHA512

                                                  6570710b0dc49a07701668f96a07f662f9d430bb7db120ac7a119b6b350ec54e56ebb3fc1ab1b82de6014577a8f5050af67e59cbf67a518f1e7243c9cb5d3a81

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  206702161f94c5cd39fadd03f4014d98

                                                  SHA1

                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                  SHA256

                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                  SHA512

                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f41aca5a-cf9b-424e-a5cc-111ffeadd12c.tmp
                                                  Filesize

                                                  4KB

                                                  MD5

                                                  e07ed5f4db91bb0236ee914a16b3599d

                                                  SHA1

                                                  e0e02c6c94b519c7c7bd0e6186410342eff4827c

                                                  SHA256

                                                  41191a269ea0d2840b6984afaa460bbedaeb072887054907c5758c3f6edad438

                                                  SHA512

                                                  cfc6296f35b09c7201ec7d83b899cc2de6ea1466ca6148345632fdf6770f0fdd7dfdd768081025bed503dccf4a34637d9cf8ac471e00442ecdb591091f72b16e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  46295cac801e5d4857d09837238a6394

                                                  SHA1

                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                  SHA256

                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                  SHA512

                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
                                                  Filesize

                                                  41B

                                                  MD5

                                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                                  SHA1

                                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                                  SHA256

                                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                  SHA512

                                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  8KB

                                                  MD5

                                                  8c688442c0ec3c7e95db53424699cbb9

                                                  SHA1

                                                  545c63a4ef9f9322077239ee348cd53d0fde6d40

                                                  SHA256

                                                  ee727925d0621c47359e0d1d1c6e22ccdadf25b5f16174aadcd1a23f0cfe151a

                                                  SHA512

                                                  afdf52a65405cf460fb9a978c352c784080e01b8375e864aa6017bcb72793837078c03991f6bd0b34b6c42a6c521e31a32c997aebffc240fe3b232948ca91daa

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  16b95d518fb58c8bcfe784f6e257d0f3

                                                  SHA1

                                                  33b502b482a8c610fed4f3e85dbe44862d8a5b96

                                                  SHA256

                                                  b0c130895bbfe55951b5b6a7e151c9744a432dc0e99cbad1319761e700ea58d4

                                                  SHA512

                                                  de3e87a7da4af3fc6e1e690df8cfcdc94c3d1d360d98544e3e45171794ef3902e5b5f4cc9d304ee42747fe80e7a594716e412272d055f51ca9d02dbc31123f04

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Crashpad\settings.dat
                                                  Filesize

                                                  280B

                                                  MD5

                                                  279567befc33d7cf15bf2c115588ff67

                                                  SHA1

                                                  3d182f3af6df6bbe314c7298767d50503898689c

                                                  SHA256

                                                  051bc7c0e197efe5f17f46c4a23bb4a42bbdb641de3a1ce7aacc03c2c36f23c3

                                                  SHA512

                                                  2fc3aed50babd0dea3ddfb077f90666d0e933a097410176062334b7bce8df0ee44ab2c4c0d885436ddf1ff22a64e1683cb91d00be9d679fca0dd136ef32c5952

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00001b
                                                  Filesize

                                                  26KB

                                                  MD5

                                                  66e255d64273467cb15d55c884a72f60

                                                  SHA1

                                                  1490c48e53877dc6a65593088158a04fc07214b6

                                                  SHA256

                                                  39808623b7274283cf711b9e5f11cf3a59cdee15d5f858b89bab72867398a0ee

                                                  SHA512

                                                  4c71b3984643d7577c12c24012def36e4abb47b9d5199f8c1a58981879270ff0f76c65b2e2371bf36235fec4920178d3ab0bf77ef111ef991710f485ed1c7015

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00001d
                                                  Filesize

                                                  44KB

                                                  MD5

                                                  0654d3fada1f1d0473eec1b0307cd5d5

                                                  SHA1

                                                  c10547a29c8ae5be2d442f48f46e9759ee256210

                                                  SHA256

                                                  24f7937ef51d5d77301ac1b1199050c47680b2743467eb57ab50dab265399d2e

                                                  SHA512

                                                  35550185bb28374b0c19a0c638b02bc1f262c965b0c2943807f20c0114b35ecc57bf7e6be3fdec7eee66f310424e9283998ce44135ff1d13876d069efa7d4298

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_00001f
                                                  Filesize

                                                  39KB

                                                  MD5

                                                  ef5fcc83ee6fb28f06e5503b2b016806

                                                  SHA1

                                                  9e571e76dfe624d7210aad95d78781cbf15a7079

                                                  SHA256

                                                  32007d4c9efc9889da70175f2624321aa8fddd12a5dd92ecf49de941d966e7fe

                                                  SHA512

                                                  4d260e5ea65f189a97637d04bd237ead2709567c7b31ff48688bbda82cc0240d0063f9c9036d79cf8879103c0bae0f288ddb1a156af30f85cb14a57fc83677f9

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000020
                                                  Filesize

                                                  76KB

                                                  MD5

                                                  3315a2f404f093d0965f7f8a408fe0a8

                                                  SHA1

                                                  fbb58e17237b5433c0396c6db7d651269628f2b4

                                                  SHA256

                                                  94fa01c66fd00f3c66c5fda6d06b737176a21c4f37e685158cd2676fbd0e2901

                                                  SHA512

                                                  d393b27f8d4bc134058b12a3bda2d6442375da304ec3242ef1023fd47c558ffb3264f0a4d6cbdb2d2d6a6ba3b22a5d4fa8ccf4ec7cf26cb569544eadf9920a8a

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000021
                                                  Filesize

                                                  80KB

                                                  MD5

                                                  7709df8d1b6e4a7c63a277a0be2148b4

                                                  SHA1

                                                  00095ad0403200a706477182c9396124ac780893

                                                  SHA256

                                                  f01d23a26eb64617f657fc3cdc84828636896a024c1c5b56c75af8984041add6

                                                  SHA512

                                                  807f4c9cb4aee50c37ec411eb21855c262e165f4159be021b533d96601a1ff52d6c2a210cd7cd54e5676979fd332b3ed6a6772db308dad333afcc99720f4cbe7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000022
                                                  Filesize

                                                  30KB

                                                  MD5

                                                  75217847a8b2918fbebc05d2dc06dfeb

                                                  SHA1

                                                  fd1248be3efadfe1b0d467223378025d68a39dab

                                                  SHA256

                                                  3dfe65902adadaf1d8c16ef685241c4d58cdef1813c2e5f565da4ec2bc6c2041

                                                  SHA512

                                                  f884c14907388d0768e349d4ca70ad4ac49d4f100c5a6dc163b88d829aa16ba7c6b87e8638a800acff92a6d25fa9421a9c1da18d1681f4918d2a7087d3ef12e0

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Cache\Cache_Data\f_000023
                                                  Filesize

                                                  43KB

                                                  MD5

                                                  80aba2ba842854f328fd9426915f42d2

                                                  SHA1

                                                  b8704e7b5c9015e2c49ca111106a1322f9d15adb

                                                  SHA256

                                                  961679b8eb5e1585d303b6c90b2442dfc3df040bb4334a55fd499b6d3d10f08d

                                                  SHA512

                                                  14578bc21d158f408b78101362e4eb5e6a0eed028c4ed971f1f32abfae0278244cd662305f43d9791e8f121560c7ca960f659fa21879484f5d72a997586e69d4

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index
                                                  Filesize

                                                  24B

                                                  MD5

                                                  54cb446f628b2ea4a5bce5769910512e

                                                  SHA1

                                                  c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                                  SHA256

                                                  fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                                  SHA512

                                                  8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  48B

                                                  MD5

                                                  4108f1e87ba55afff9ff9d83bd74b038

                                                  SHA1

                                                  d291fa19cdf9c0f4c850d28dbff6192c62f55fd9

                                                  SHA256

                                                  6151a333cf3a451ea71c198041dea1f9441c79e22ea082eca14a1fbc4e814532

                                                  SHA512

                                                  47fc9f7529e50fa84044a0d904da9623f45703d9cc32a852c7ef9995cf010324c5d58b90d34ee62c2198097822933c37f6304914b5465faff7d18d3f1eb64e75

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  4dcb581725adb6a68783f211058449e8

                                                  SHA1

                                                  94d34b460f9e3caee5541f04b9fadf6ab87d45c2

                                                  SHA256

                                                  c5af5c6ffae661c7e656ca0adcd86de4ca7dcd1fab01495f08a041b32861f736

                                                  SHA512

                                                  9eda03015b22f708ff82761160da4b17a1925c74f7eecf4be97313ec18f5c66b38305d889b0d4ebfcfe81519d2304edbd03e12876f8b5af5ad9873cc944867d9

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  3b90d68bda38b334b86b2a1924b0d19a

                                                  SHA1

                                                  a351d95553dbd1363a4cdeeb17cd1ebdbd302681

                                                  SHA256

                                                  47feab86d558a0df06a60571ccb4255bdf746701d9bb1e1fc11f1466c71b2b5c

                                                  SHA512

                                                  b24086d9220d4a3c855c350da47bb7ca081b9993ef4f383ace2c1cee17d6c5f3c58a220ab1679036fe80a398c75ab23b6c58b6fa6c903b478ec8ca5f30dc008b

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_0
                                                  Filesize

                                                  8KB

                                                  MD5

                                                  cf89d16bb9107c631daabf0c0ee58efb

                                                  SHA1

                                                  3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                  SHA256

                                                  d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                  SHA512

                                                  8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_1
                                                  Filesize

                                                  264KB

                                                  MD5

                                                  d0d388f3865d0523e451d6ba0be34cc4

                                                  SHA1

                                                  8571c6a52aacc2747c048e3419e5657b74612995

                                                  SHA256

                                                  902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                                                  SHA512

                                                  376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_2
                                                  Filesize

                                                  8KB

                                                  MD5

                                                  0962291d6d367570bee5454721c17e11

                                                  SHA1

                                                  59d10a893ef321a706a9255176761366115bedcb

                                                  SHA256

                                                  ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                  SHA512

                                                  f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\DawnWebGPUCache\data_3
                                                  Filesize

                                                  8KB

                                                  MD5

                                                  41876349cb12d6db992f1309f22df3f0

                                                  SHA1

                                                  5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                  SHA256

                                                  e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                  SHA512

                                                  e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                                  Filesize

                                                  61B

                                                  MD5

                                                  4df4574bfbb7e0b0bc56c2c9b12b6c47

                                                  SHA1

                                                  81efcbd3e3da8221444a21f45305af6fa4b71907

                                                  SHA256

                                                  e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

                                                  SHA512

                                                  78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  3fd78e84daeb510e0bb5e65df0dfee17

                                                  SHA1

                                                  6ae2ef78fa5040f9b3504514f52fe95407603610

                                                  SHA256

                                                  7952974670ca9febec2c57d31cda7f366277abbd2d39e9685b4f354c30d379a3

                                                  SHA512

                                                  728d0501c85ed569402c6606e4829c944d1874a3a814d31c5e3c50ed55ac040325eb0455d4ece1485ea383b69d843dac6b977228c3228ad4f1ea92cf96117220

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\Network Persistent State
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  7f48837ed748c7473812c94cad85c74d

                                                  SHA1

                                                  07be01d57e1fde1223bae76d784a3f338b2ae154

                                                  SHA256

                                                  e0f6fd4d6d112375a6348c1d31e49eb67b6461ee457b81fd15bf307ab1f27b15

                                                  SHA512

                                                  475211a781c08bde7e63fb87ac024c55b6bd61e896d7da61a0d85b28acd09adb3fd058bd506d044dd7819d905ace032912276a6a4a211974fa865074db8145c0

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
                                                  Filesize

                                                  2B

                                                  MD5

                                                  d751713988987e9331980363e24189ce

                                                  SHA1

                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                  SHA256

                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                  SHA512

                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  94196245120b311fbe7b5c258f62f446

                                                  SHA1

                                                  f29928b1ee67755758ebcd0209af765d456413dc

                                                  SHA256

                                                  bc455d5ec1b9bba2e2d33864f97d0965c3a6790c2d90cbeabc20ebcb908a2e4e

                                                  SHA512

                                                  3ba79c982af0f93ef1dc795c436193a2cc9ee58c4c92627f47e980ca609a32251ed7fdcddb77699be153d559a29df881074e05efa48f9ce8d5f78883342d1e20

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  079da66626eeeafe44baa05382516a93

                                                  SHA1

                                                  ba31266b6470d8b468a46f5eb447eb4e978a7b6e

                                                  SHA256

                                                  0861a48f4a31dbcc3e0c9ffd2b735414ee06608080393ee4065bb1690d69744b

                                                  SHA512

                                                  438590ac9ba2c9a8103a6c2ea5f45c7a2853929a7f4e2c07fc1483391e5753a645cc18b4659cd7ce4bc71408b57dbb2c4c7884a765929cada900e47069b10a97

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  b09e88ab4e0e2fe59562f83ef076d472

                                                  SHA1

                                                  89b2c34f097dcb32e9e4e9f33043e73ca5445a56

                                                  SHA256

                                                  64f352426d4c543e42766536a988993b2902ed7fd312ff44417c02a6673483d0

                                                  SHA512

                                                  4244a6c8b7d9e6c5f7af4223ca15dbe837b45b94f47cccb97e9bfb73bdd663717ab9af850237af401407f2d0e32699685f76d84cb86b17c7faab1875df44e024

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  2ce4c7a41ec9e62cd60693e74c3c4aa6

                                                  SHA1

                                                  24f934bbaaf8bff5482217ddc5464da8ff9a6181

                                                  SHA256

                                                  b8e977e48ab882bb8b4fcc08e2452ab7d9e240dddc08042ff2af1c18b67dd227

                                                  SHA512

                                                  a6fbeb0026e2ae2e5fceac53f1199d8d943f0ff372dd56e1ca1ecd490d3407609987ee5d9e067e07098aa3be036bbb1db737cedc0813699a7ff69abe9d777069

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  c43ccbc09b3bc15246f6c2a83200e124

                                                  SHA1

                                                  1fa98d573acaffdd3d5051ecf7a538ace29b2504

                                                  SHA256

                                                  561a3eeafffd59df65fa3c1d1ddea4c990b5ae8bf117e0e979c5eddd55e48723

                                                  SHA512

                                                  f5a0f411e800bafeab89b3c9c4d70c56b882897ca7e9b374e20b64755c87d3f364ed3042553cd55d3a712043a6c25fa12cd837e63a867e3fbb0563def4cd3ada

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  3c5297b71bda3e4ef6f99bcd02d036d3

                                                  SHA1

                                                  1aa4d76c4f351e8cc00498552ae58f2bb6b8bf2c

                                                  SHA256

                                                  2e2dc2e9f9ba8691f87cd888e8af221c58779ddaa9a5f5429e5ef7575d2e45db

                                                  SHA512

                                                  97372b60f992048b6c5a54b517b258b05e7dab98cecbd5f1e82e3cc9e4d1feb0d11ae24e0cab2a45038d3c8c4cb40db0469dd3318b90c49a4250648815108335

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  d9d07b9afe46de082cdacfdcea7bbc3d

                                                  SHA1

                                                  5748c0bd843185e1812199411e93e25ae8d4792e

                                                  SHA256

                                                  78d53c740ffc52e5ae3c0498e523f4cf7101b9c487e0f654bd0831b75be9ee51

                                                  SHA512

                                                  1ce548ea549563921f7cf2d4950368e50d63a861e7ebb5a4946ef8a82127e4601d86f28e0a6847e1cb40e497901bf907202a5560b127319c896b4aa6a5738341

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\TransportSecurity~RFe5efc40.TMP
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  75a5af1626e65696885ae09481e6db63

                                                  SHA1

                                                  af2f9791c1a975bcb38700fb2359aa2597c64d3f

                                                  SHA256

                                                  e7bec16af1793373d7bb986675a57f8ee20a6dfca7d3e6643ce798320bd2ca98

                                                  SHA512

                                                  d9a974c999b2742a87f040f6e16b52a1bf1a29b6a836b765d7bfa498a5f65f1817e7a7bea5ddd533dbde0f780f11cbcb5c4cb20ec74cd198287fed50c94591c4

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Network\e5d9fd62-ee5e-4488-9257-9248acc84799.tmp
                                                  Filesize

                                                  40B

                                                  MD5

                                                  20d4b8fa017a12a108c87f540836e250

                                                  SHA1

                                                  1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                  SHA256

                                                  6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                  SHA512

                                                  507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  37d02af00f12b8393db196071ad836b4

                                                  SHA1

                                                  f8041746ebe7e777229cf830fb21cb401566f790

                                                  SHA256

                                                  a0b714846c51c1a07c29b7289fce3f727e78f4dec127e0759d4ce9939f975518

                                                  SHA512

                                                  23de7102c726accb06c34c416301365762d2f44949d206167cce0b595c6506f68a060c7c2d99c6e8aae167e7d6b54e2f78b86fa5a9c8336c399c851ff203a209

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  87a85db358957ab860f5de0ea979767b

                                                  SHA1

                                                  b3d19d1e9eab87351c8ca0e6f8fd12d0a05a1e6c

                                                  SHA256

                                                  1a683a7f5e1fdfae08f0d40592caab16c3f55834925fd7fab3eca0d3b3ee266b

                                                  SHA512

                                                  1ccd6e00e8e813fc4f11d561aa8cb9946187ae990139e5c57491a25aacdb73ca11d4565fc760c4434aaa4c77dc9b031096970e028e6492dbd10231bc0dba75ec

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  3d2665dbfb2d96a95ccfe771a9fa92a9

                                                  SHA1

                                                  db4c3e4f67a00fd79ddd1c1e3995d78ea3ea2683

                                                  SHA256

                                                  c56ffe7e6768341bdd20425ddb0a2751c0ff6fbdf753b922796a580f59fb984b

                                                  SHA512

                                                  f6bc0863b954387cafdeb1d056f0c1531be5c83881e81ec009ace8df8f6056efd197cee92020aed4a48be59d67fca175499900ffe32db0c229b6ccfeb9d0c3a7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Preferences~RFe5ecf83.TMP
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  f7361cc59b02024bc0dc9894b4a1b341

                                                  SHA1

                                                  2b855f07455aa18e1923442e3fb7c4b41984527c

                                                  SHA256

                                                  93ec550f83d9d87fa1efaf6dde650dc68daf84e3a315b9a025cb5079b7d329b6

                                                  SHA512

                                                  6be72231fefd5d019d4cd69e9664e18780f83155cacc48e6272ebf7eb2f666e328aa38c7897474d222d41e4cd1378f48fe9877fa8671dee1a0432aa154e0cf5c

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Secure Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  38a2e4eaf56d48d1df884bf4f89b7b7e

                                                  SHA1

                                                  14a922c98d6e3c5a0a1d033a00a06b9035e6dd80

                                                  SHA256

                                                  603c5596d7727a9de62a593bf6002272cbcec8210c7e6b9180590240c1558881

                                                  SHA512

                                                  42927678189d9a9a2d5e460dad6503aa0fd263d15b3d09118e184fd6945c2f27e640d34e21058bba08cd5d3d6e8889a2621f87832d8e78d209bceb47f4fd49cd

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Default\Secure Preferences~RFe5ecf83.TMP
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  e36356c5eab5452b5c2397aee0361698

                                                  SHA1

                                                  8245970b891275ae8741905cb46587307f3b2128

                                                  SHA256

                                                  088f72577029b64383808a9531089fb429ffc2a4ff9d0cf560647bedb4314f83

                                                  SHA512

                                                  b07606558576a913eaa7781ca6f517338c3e9b558918494354bbd49ed13b40ddc569017a512443f81797aa9fa6a5a16adb4820c53286799c3bd69e03316282a7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  3ee8d1eaac8b519565068c0dfff531ea

                                                  SHA1

                                                  24aa45ed443818d52a90ae9789d5a861729cade6

                                                  SHA256

                                                  27b7f2c252ededd1becfe2dbee87ebd442d2943ea8476dc097209cce4790bb6a

                                                  SHA512

                                                  41bce39e57a603480d0c1b81e5c78ac8405d434c3c597499457e1e92d6561be21eb53c742e676d5c7d50f4097a6343d4a96002d35b6092152ad6b51ee2a6d790

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  37affd043ff06a9a4d31757ca7764288

                                                  SHA1

                                                  787a31449d680229890cd705438a183b538fa75e

                                                  SHA256

                                                  bc99d866a25361775bdeb1e38b8e829d0f0ac3b79e571aeddb80f1a8d4fc8630

                                                  SHA512

                                                  2e36429eddb14cb80c2000bb4d1561404bb92361fc6be2ab4c2fa8e641b9fc1373451420cd9f94145af5bbed07d0a5a8d42ff931933a41dbaa0ae30a3e93fd64

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                                  Filesize

                                                  3KB

                                                  MD5

                                                  2b9164885cff6a4bb12ab25b35247fe7

                                                  SHA1

                                                  9c82a6e62c2b4219bd15a43631c64bd7f3a7126e

                                                  SHA256

                                                  bd2ffb735ed59d13f50d84df0cf0a3bbdd791c3baf2b6fe87af1bf1dded1f4c0

                                                  SHA512

                                                  d326d0f5dd3e2b06b7da7a33ed75e975a6d69f18f5f8a909a6d662e0671912f8c4273c6d73f78fcd9f8f9e002ef788ef31d1dbc77892b4fed21917b507328f38

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State
                                                  Filesize

                                                  16KB

                                                  MD5

                                                  122fd51b6f3f01496863b767abc94715

                                                  SHA1

                                                  d3cc025546540748e8f042b1e1c965620c8f6a21

                                                  SHA256

                                                  c27d433c8854c88fd5eb8dd81cef75a248227fb066b86f41c926a43ca9029f1e

                                                  SHA512

                                                  48d27cb35eb2b54f6ac1e9b75313df1342c2f7ef2762bb9aead71134dc41fc44c3ba1764174b876f08f44ba3bed79bd019dc6ffb8d82fece7ebc9654c595f8c2

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView\Local State~RFe5ea650.TMP
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  e19dc3fbb125c1c9f1318d8979899915

                                                  SHA1

                                                  773fbcf452c260d1fdfc0a8d40155ff7d03d951a

                                                  SHA256

                                                  adfd415f8a9a28555352d71a732b910d4cdfc48a14db0bd1c928cde87e511375

                                                  SHA512

                                                  6eeab0943a1ccf31200b986da1793b816e0cc96cb8b0290d5efda1b59fd331bb41130923472b9b16a97a7fe561ea5581f6580963a0ac6ccc7b4a13b883a4e5cd

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\{A0DBD775-3E8C-401A-AD6E-40020468EFB4}-MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
                                                  Filesize

                                                  1.6MB

                                                  MD5

                                                  dc1543edd0dcd56536304bdf56ef93f1

                                                  SHA1

                                                  1a8b2c7791f2faa1eb0a98478edee1c45847075c

                                                  SHA256

                                                  ccbb3d9a4877999a55b2ca6b8128481e91c4b56780f581226f916c0fb2db0772

                                                  SHA512

                                                  2a6b4aa39bc3e4d234909077d5c6d75b9968c1778d505cc12431afd7aebd01eb65ed2f6f0c53c67f18eed7e97b67a93bab8c44574e3918ccd5cfcd8681767056

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                  Filesize

                                                  2B

                                                  MD5

                                                  f3b25701fe362ec84616a93a45ce9998

                                                  SHA1

                                                  d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                  SHA256

                                                  b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                  SHA512

                                                  98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                  Filesize

                                                  3KB

                                                  MD5

                                                  fb09788b27f5c1994960527e56775748

                                                  SHA1

                                                  7998f2e991c92a44128f0608925572ec8ccbef2d

                                                  SHA256

                                                  a95feb5478264dc84481e07cfdb06ec81b5a7e3b5d359eaf1db2d95b5fe2b65a

                                                  SHA512

                                                  e9c577b41d52b3c0822cc601875de3df7b2b2e0fac93d80c288ba28fc79b4045a23006dafbc7a34d6b9f46b3d78d21af0b0ee64fedcebad644cdb6c87ae7fe5d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                  Filesize

                                                  3KB

                                                  MD5

                                                  81c3169725b6637792c95bdb7d305d1b

                                                  SHA1

                                                  4f9daa6bc81986b0a9d649efb265e577de29314b

                                                  SHA256

                                                  ba04b4089ee472cd7c62e111b47c6f2da7d166ab17a77f1a9ec8525b9300c3b3

                                                  SHA512

                                                  87c2244de205b884bf2492ee525ef848a53a7f613eb8061bbaff21b7f3194a1e7991332fbe93e50fb09732213aa6ac9a9b24980feaf9e6364818f19855b60cb2

                                                  Download Submit

                                                • C:\Users\Admin\Downloads\Unconfirmed 574469.crdownload
                                                  Filesize

                                                  6.7MB

                                                  MD5

                                                  3ce67509dc5518ed68a5689739774588

                                                  SHA1

                                                  00399c8ae50279d8c1fbe019572f2f14271325ee

                                                  SHA256

                                                  cabe8ea571b71a2f1d47014463c4f3593a2a932595b6835e32ebe0ec0a6482ee

                                                  SHA512

                                                  b5bfbe751d10674ba2eb34fd905b9e74059213891fdcba87123d8c5cd8011c829fe166679775ef1bac9859bf772e6b828b21db6a3398a3917822a166da4b7d13

                                                  Download Submit

                                                • C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat
                                                  Filesize

                                                  280B

                                                  MD5

                                                  c8d90b62a529555551c9a6ce4a4547b0

                                                  SHA1

                                                  faaad28219409bbded02223f643dd227ea98a43a

                                                  SHA256

                                                  771622440184942168a065cedc9cf58c0e275ec5c8cd7215b9e4ff6a5a444772

                                                  SHA512

                                                  548d78bec154c1b0879465df04eca4c7851f1e840b8e82e313cff28fa03a96cc95e65afaf8746e2d27313c29d386fbe47c1fcbf1b371d8a45a6fab566e3317b8

                                                  Download Submit

                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1780_1088368119\hyph-bn.hyb
                                                  Filesize

                                                  703B

                                                  MD5

                                                  8961fdd3db036dd43002659a4e4a7365

                                                  SHA1

                                                  7b2fa321d50d5417e6c8d48145e86d15b7ff8321

                                                  SHA256

                                                  c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

                                                  SHA512

                                                  531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

                                                  Download Submit

                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1780_1088368119\hyph-mr.hyb
                                                  Filesize

                                                  687B

                                                  MD5

                                                  0807cf29fc4c5d7d87c1689eb2e0baaa

                                                  SHA1

                                                  d0914fb069469d47a36d339ca70164253fccf022

                                                  SHA256

                                                  f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

                                                  SHA512

                                                  5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

                                                  Download Submit

                                                • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1780_1088368119\hyph-nn.hyb
                                                  Filesize

                                                  141KB

                                                  MD5

                                                  f2d8fe158d5361fc1d4b794a7255835a

                                                  SHA1

                                                  6c8744fa70651f629ed887cb76b6bc1bed304af9

                                                  SHA256

                                                  5bcbb58eaf65f13f6d039244d942f37c127344e3a0a2e6c32d08236945132809

                                                  SHA512

                                                  946f4e41be624458b5e842a6241d43cd40369b2e0abc2cacf67d892b5f3d8a863a0e37e8120e11375b0bacb4651eedb8d324271d9a0c37527d4d54dd4905afab

                                                  Download Submit

                                                • memory/2780-1603-0x00007FF6DB6C0000-0x00007FF6DC6C0000-memory.dmp

                                                  Filesize

                                                  16.0MB

                                                  Download

                                                • memory/2780-1602-0x00007FF8EBC10000-0x00007FF8EC012000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/2780-1601-0x00007FF8EC020000-0x00007FF8EC56C000-memory.dmp

                                                  Filesize

                                                  5.3MB

                                                  Download

                                                • memory/2780-1604-0x00007FF8EBC10000-0x00007FF8EC012000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                  Download

                                                • memory/2880-1675-0x00007FF90E8E0000-0x00007FF90E8E1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/2908-1760-0x00007FF90F2A0000-0x00007FF90F2A1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/2908-1761-0x00007FF90E530000-0x00007FF90E531000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/4980-1592-0x0000000073650000-0x0000000073860000-memory.dmp

                                                  Filesize

                                                  2.1MB

                                                  Download

                                                • memory/4980-1420-0x0000000000BF0000-0x0000000000C25000-memory.dmp

                                                  Filesize

                                                  212KB

                                                  Download

                                                • memory/4980-1460-0x0000000073650000-0x0000000073860000-memory.dmp

                                                  Filesize

                                                  2.1MB

                                                  Download

                                                • memory/4980-1428-0x0000000073650000-0x0000000073860000-memory.dmp

                                                  Filesize

                                                  2.1MB

                                                  Download

                                                • memory/4980-1421-0x0000000073650000-0x0000000073860000-memory.dmp

                                                  Filesize

                                                  2.1MB

                                                  Download

                                                • memory/4980-1574-0x0000000073650000-0x0000000073860000-memory.dmp

                                                  Filesize

                                                  2.1MB

                                                  Download

                                                • memory/4980-1596-0x0000000000BF0000-0x0000000000C25000-memory.dmp

                                                  Filesize

                                                  212KB

                                                  Download

                                                • memory/5484-1779-0x00007FF90E8E0000-0x00007FF90E8E1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download