hxxp://roblox[.]com

Resubmissions

20-11-2024 11:01

241120-m4vvaszqbr 8

20-11-2024 09:46

241120-lrqt5szkhq 8

Analysis

max time kernel
983s
max time network
985s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-11-2024 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

8^/10

defense_evasion discovery evasion persistence privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 31 IoCs

Processes:

RobloxPlayerInstaller.exeMicrosoftEdgeWebview2Setup.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdge_X64_131.0.2903.51.exesetup.exesetup.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateSetup_X86_1.3.195.35.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exe

pid	process
3160	RobloxPlayerInstaller.exe
2460	MicrosoftEdgeWebview2Setup.exe
2464	MicrosoftEdgeUpdate.exe
2128	MicrosoftEdgeUpdate.exe
3284	MicrosoftEdgeUpdate.exe
2340	MicrosoftEdgeUpdateComRegisterShell64.exe
5012	MicrosoftEdgeUpdateComRegisterShell64.exe
4944	MicrosoftEdgeUpdateComRegisterShell64.exe
1532	MicrosoftEdgeUpdate.exe
4004	MicrosoftEdgeUpdate.exe
2568	MicrosoftEdgeUpdate.exe
4620	MicrosoftEdgeUpdate.exe
1780	MicrosoftEdge_X64_131.0.2903.51.exe
1144	setup.exe
3632	setup.exe
3976	MicrosoftEdgeUpdate.exe
4768	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
4696	MicrosoftEdgeUpdate.exe
2884	MicrosoftEdgeUpdate.exe
4992	MicrosoftEdgeUpdate.exe
2364	MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
2360	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe
2916	MicrosoftEdgeUpdate.exe
868	MicrosoftEdgeUpdateComRegisterShell64.exe
224	MicrosoftEdgeUpdateComRegisterShell64.exe
2532	MicrosoftEdgeUpdateComRegisterShell64.exe
4556	MicrosoftEdgeUpdate.exe
1952	RobloxPlayerBeta.exe

Loads dropped DLL 35 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exe

pid	process
2464	MicrosoftEdgeUpdate.exe
2128	MicrosoftEdgeUpdate.exe
3284	MicrosoftEdgeUpdate.exe
2340	MicrosoftEdgeUpdateComRegisterShell64.exe
3284	MicrosoftEdgeUpdate.exe
5012	MicrosoftEdgeUpdateComRegisterShell64.exe
3284	MicrosoftEdgeUpdate.exe
4944	MicrosoftEdgeUpdateComRegisterShell64.exe
3284	MicrosoftEdgeUpdate.exe
1532	MicrosoftEdgeUpdate.exe
4004	MicrosoftEdgeUpdate.exe
2568	MicrosoftEdgeUpdate.exe
2568	MicrosoftEdgeUpdate.exe
4004	MicrosoftEdgeUpdate.exe
4620	MicrosoftEdgeUpdate.exe
3976	MicrosoftEdgeUpdate.exe
4768	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
4696	MicrosoftEdgeUpdate.exe
2884	MicrosoftEdgeUpdate.exe
2884	MicrosoftEdgeUpdate.exe
4696	MicrosoftEdgeUpdate.exe
4992	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
1816	MicrosoftEdgeUpdate.exe
2916	MicrosoftEdgeUpdate.exe
868	MicrosoftEdgeUpdateComRegisterShell64.exe
2916	MicrosoftEdgeUpdate.exe
224	MicrosoftEdgeUpdateComRegisterShell64.exe
2916	MicrosoftEdgeUpdate.exe
2532	MicrosoftEdgeUpdateComRegisterShell64.exe
2916	MicrosoftEdgeUpdate.exe
4556	MicrosoftEdgeUpdate.exe
1952	RobloxPlayerBeta.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

RobloxPlayerInstaller.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA RobloxPlayerInstaller.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Checks system information in the registry 2 TTPs 18 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid process

4768 RobloxPlayerBeta.exe
2276 RobloxPlayerBeta.exe
568 RobloxPlayerBeta.exe
1952 RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid	process
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
4768	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
1952	RobloxPlayerBeta.exe
1952	RobloxPlayerBeta.exe
1952	RobloxPlayerBeta.exe
1952	RobloxPlayerBeta.exe
1952	RobloxPlayerBeta.exe
1952	RobloxPlayerBeta.exe
1952	RobloxPlayerBeta.exe
1952	RobloxPlayerBeta.exe
1952	RobloxPlayerBeta.exe
1952	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

Processes:

RobloxPlayerInstaller.exesetup.exeMicrosoftEdgeWebview2Setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\fonts\JosefinSans-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TextureViewer\cancel.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaApp\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\nn.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\sk.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\GameSettings\ScrollBarMiddle_Wide.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Menu\hamburger3D.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_th.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\sounds\action_swim.mp3	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\transformOneDegree.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\AnimationEditor\RoundedBorder.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\PivotEditor\HoveredPivot.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainTools\icon_regions_select.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Settings\Radial\EmptyBottomRight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-ingame-6x6.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\InGameMenu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\PlatformContent\pc\textures\sky\sky512_rt.tex	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VirtualCursor\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VirtualCursor\cursorHover.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\bg.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\particles\sparkles_main.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioUIEditor\icon_rotate6.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\PlayStationController\Thumbstick2.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\Debugger\Watch-Window.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Settings\MenuBarAssets\MenuButtonSelected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VirtualCursor\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Locales\vi.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\avatar\scripts\CompositorAnimate\v1betaRC1\AnimateDependencies.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\PlatformContent\pc\terrain\materials.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\api-ms-win-core-profile-l1-1-0.dll	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\DevConsole\Error.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioSharedUI\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\LegacyRbxGui\popup_redx.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\EdgeWebView.dat	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TerrainTools\mtrl_glacier_2022.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\TextureViewer\copy.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\icons\ic-group-16x16.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\EdgeUpdate.dat	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\menuDownArrow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\AnimationEditor\btn_manage.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\InGameMenu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\PlayerList\Clear.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\api-ms-win-crt-heap-l1-1-0.dll	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\vk_swiftshader_icd.json	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\AnimationEditor\img_eventGroupMarker_border.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\StudioSharedUI\grid.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\VoiceChat\RedSpeakerDark\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\PurchasePrompt\LoadingBG.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\WindControl\ArrowDown.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\ImageSet\LuaApp\img_set_2x_1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\content\textures\ui\PlayerList\NotificationOn.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\ExtraContent\textures\ui\LuaApp\graphic\EducationalBackground.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\pwahelper.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\Locales\ar.pak	setup.exe

Drops file in Windows directory 11 IoCs

Processes:

chrome.exesetup.exesetup.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\ec659137-5aa2-45d8-a2b4-096f7b722b2c.tmp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier msedge.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateSetup_X86_1.3.195.35.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerInstaller.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeWebview2Setup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 5 IoCs
Adversaries may check for Internet connectivity on compromised systems.
discovery

Internet Connection Discovery
T1016.001

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe

pid process

1532 MicrosoftEdgeUpdate.exe
4620 MicrosoftEdgeUpdate.exe
3976 MicrosoftEdgeUpdate.exe
4992 MicrosoftEdgeUpdate.exe
4556 MicrosoftEdgeUpdate.exe

pid	process
1532	MicrosoftEdgeUpdate.exe
4620	MicrosoftEdgeUpdate.exe
3976	MicrosoftEdgeUpdate.exe
4992	MicrosoftEdgeUpdate.exe
4556	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

RobloxPlayerInstaller.exechrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

Processes:

RobloxPlayerInstaller.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdateComRegisterShell64.exeRobloxPlayerInstaller.exemsedge.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\PROGID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ = "IAppBundleWeb"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ELEVATION	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\ = "Microsoft Edge Update Legacy On Demand"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32\ = "{3316A154-AC5C-4126-9021-B201E9C33D7B}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{3316A154-AC5C-4126-9021-B201E9C33D7B}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ = "IPackage"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\ = "IAppVersion"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\IconReference = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-1004"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{3316A154-AC5C-4126-9021-B201E9C33D7B}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe

NTFS ADS 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 210762.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 46 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeRobloxPlayerInstaller.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exemsedge.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeRobloxPlayerBeta.exechrome.exechrome.exe

pid	process
4740	msedge.exe
4740	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
1180	msedge.exe
1180	msedge.exe
1384	identity_helper.exe
1384	identity_helper.exe
4396	msedge.exe
2420	msedge.exe
2420	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
3340	msedge.exe
3340	msedge.exe
3160	RobloxPlayerInstaller.exe
3160	RobloxPlayerInstaller.exe
2464	MicrosoftEdgeUpdate.exe
2464	MicrosoftEdgeUpdate.exe
2464	MicrosoftEdgeUpdate.exe
2464	MicrosoftEdgeUpdate.exe
2464	MicrosoftEdgeUpdate.exe
2464	MicrosoftEdgeUpdate.exe
4768	RobloxPlayerBeta.exe
2276	RobloxPlayerBeta.exe
568	RobloxPlayerBeta.exe
4784	msedge.exe
4784	msedge.exe
4696	MicrosoftEdgeUpdate.exe
4696	MicrosoftEdgeUpdate.exe
4696	MicrosoftEdgeUpdate.exe
4696	MicrosoftEdgeUpdate.exe
2884	MicrosoftEdgeUpdate.exe
2884	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
2360	MicrosoftEdgeUpdate.exe
1952	RobloxPlayerBeta.exe
5020	chrome.exe
5020	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 51 IoCs

Processes:

msedge.exechrome.exe

pid	process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

MicrosoftEdgeUpdate.exeAUDIODG.EXEMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2464	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	2464	MicrosoftEdgeUpdate.exe
Token: 33	2060	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2060	AUDIODG.EXE
Token: SeDebugPrivilege	4696	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	2884	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	2360	MicrosoftEdgeUpdate.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

Processes:

msedge.exechrome.exe

pid	process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

msedge.exe

pid process

4784 msedge.exe
Suspicious use of UnmapMainImage 4 IoCs

Processes:

RobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exeRobloxPlayerBeta.exe

pid process

4768 RobloxPlayerBeta.exe
2276 RobloxPlayerBeta.exe
568 RobloxPlayerBeta.exe
1952 RobloxPlayerBeta.exe

pid	process
4784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4896 wrote to memory of 3448	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 3448	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 2092	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4740	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 4740	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe
PID 4896 wrote to memory of 1968	4896	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa08613cb8,0x7ffa08613cc8,0x7ffa08613cd8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3160
- - C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:2460
  - - C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2464
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2128
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3284
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2340
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5012
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4944
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDQyRUIwQTMtQTczMy00OUNELUFGRjItODI4MkVBMUY1NjZCfSIgdXNlcmlkPSJ7NjlGNzMzQUUtNjcyMi00OTM3LUE2QTgtQjI5ODBCMUEwRDM5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszMjI5QkZFNi1DQzFELTQyOEUtQUJFOC04RUJGQTQ2ODBGM0Z9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg1NTI5MTUxNTYiIGluc3RhbGxfdGltZV9tcz0iNzMwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1532
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{042EB0A3-A733-49CD-AFF2-8282EA1F566B}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4004
- - C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 3160
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of UnmapMainImage
    PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:NJwCopKfOTBCVZDKAhYWpkKjvKX3B1AKyzWvpIbhUuqPt3u0wo4o8PgKHX_bkQMfB2ZPyIz0z7X0YINms38t2isjSXEHrDyAGmdgRjyGVhr3PP7mFBQ7guybRgG9-jPl3pBsrsEoqq7km-2TG-mXqLL4fTqJmeU99ssuePYafyCHpK9Mb30gcsBtD5qPiud229GwuPlIfiyDJC5QtlqfF6b-HutlVVfDyYObXjh43bQ+launchtime:1732100851015+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1732100507861001%26placeId%3D920587237%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D1449ec28-5d2c-45c2-80bc-ae49ae2f9ca0%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1732100507861001+robloxLocale:en_us+gameLocale:en_us+channel:zliveforbeta+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:9u7jbdLdFaCokRz7l_Ojtv-a6mzbeWXDFxHuwxdMMemmWD66D9xZQ-PgDvsFaO6uulUa0gYq9_JdVRr0Fc5FyZ9VkDT7pPQK246fwjJuLzBAWKoaY594wV5Zp0YBa-9xhag3--fji7D5c6H3vWcegMmtmFXbmSaj3DZqE5vfbtiujf-TGUI-IhU5z8r5wBO0v0U4FAHUETFkw6RYTmrqQ_qbjjT-jlPP_fJnueg0Xw0+launchtime:1732101118679+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1732100507861001%26placeId%3D920587237%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D79e3f702-b613-4f5d-bf59-eba748f36e08%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1732100507861001+robloxLocale:en_us+gameLocale:en_us+channel:zliveforbeta+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7928 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3668 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:aDcKZzHQpY_opnWbAOd_HcJRHFcGLLsVYFdtgY9IyvihrYJrH8SjShd6x7SdLM1hlQttFzi360ck8coYBc1pby1WL6B0s2hJYOXIJaZ-5dzvMVLVyzaqNopGCYXS2D7_PyLFV6HPWrtsb7kF3Faz461FN3q2r2WbY7wdpigUIMxqasVm911PJhIheKESd6rshgqNw-Ttk-RBlMOIVGAGQDX5cHRZMrZ5e35Loyw2_Ao+launchtime:1732101288534+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1732100507861001%26placeId%3D920587237%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D2e754a4d-85b8-48e0-b7c8-75cd98e22b62%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1732100507861001+robloxLocale:en_us+gameLocale:en_us+channel:zliveforbeta+LaunchExp:InApp
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,6402376144455715296,7810552808178926635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:2972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2568
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDQyRUIwQTMtQTczMy00OUNELUFGRjItODI4MkVBMUY1NjZCfSIgdXNlcmlkPSJ7NjlGNzMzQUUtNjcyMi00OTM3LUE2QTgtQjI5ODBCMUEwRDM5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4NUJDOUZGMC1DODc2LTRDOUItOTkzRS02RjNGQjA0OUEyMjF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg1NTkwNzUxNDMiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4620
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{55CBFEA7-C8E3-47F8-82C7-143ED53306D6}\MicrosoftEdge_X64_131.0.2903.51.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{55CBFEA7-C8E3-47F8-82C7-143ED53306D6}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:1780
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{55CBFEA7-C8E3-47F8-82C7-143ED53306D6}\EDGEMITMP_13FB4.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{55CBFEA7-C8E3-47F8-82C7-143ED53306D6}\EDGEMITMP_13FB4.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{55CBFEA7-C8E3-47F8-82C7-143ED53306D6}\MicrosoftEdge_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:1144
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{55CBFEA7-C8E3-47F8-82C7-143ED53306D6}\EDGEMITMP_13FB4.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{55CBFEA7-C8E3-47F8-82C7-143ED53306D6}\EDGEMITMP_13FB4.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{55CBFEA7-C8E3-47F8-82C7-143ED53306D6}\EDGEMITMP_13FB4.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7fad62918,0x7ff7fad62924,0x7ff7fad62930
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:3632
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDQyRUIwQTMtQTczMy00OUNELUFGRjItODI4MkVBMUY1NjZCfSIgdXNlcmlkPSJ7NjlGNzMzQUUtNjcyMi00OTM3LUE2QTgtQjI5ODBCMUEwRDM5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1QTI4NjMxMS1ERkIzLTQ2NjctQTdDNC1GNzA5MkU2OTJBMjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMC4yOTAzLjUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4NjIzNDk0OTE0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODYyMzQ5NDkxNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1MTIwNDE2MzUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzI2ZDM5ZjliLTAyZTEtNGUyNy04NGUyLWI1NGIyNGRjNjgzZT9QMT0xNzMyNzA1NzA5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PU1GMjluNlIlMmZ4VmFqN21HZWR3YkFlQyUyZkJpOGdYdm50M0lBU1IxaDNCV25QdUswJTJiUGV5YTNpMXI1Y0oyejdvVndFSXhVZVh5OG95cXE4VTk3Z2MxYUtRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc2NjA3ODI0IiB0b3RhbD0iMTc2NjA3ODI0IiBkb3dubG9hZF90aW1lX21zPSI4MTk0NSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1MTIzMDEyNTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NTMwMzAxNDkxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDE2NDU1MzA4OCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE0NzgiIGRvd25sb2FkX3RpbWVfbXM9Ijg4ODQ5IiBkb3dubG9hZGVkPSIxNzY2MDc4MjQiIHRvdGFsPSIxNzY2MDc4MjQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYzNDIyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3976

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004EC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4696

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2884
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{12749C06-DD25-4FDE-B85F-293D13DC9E14}\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{12749C06-DD25-4FDE-B85F-293D13DC9E14}\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe" /update /sessionid "{E1AC2678-595A-4B70-8B4F-4CC30AEF47C5}"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2364
- - C:\Program Files (x86)\Microsoft\Temp\EU3FED.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EU3FED.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{E1AC2678-595A-4B70-8B4F-4CC30AEF47C5}"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2360
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:1816
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:2916
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:868
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:224
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2532
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTFBQzI2NzgtNTk1QS00QjcwLThCNEYtNENDMzBBRUY0N0M1fSIgdXNlcmlkPSJ7NjlGNzMzQUUtNjcyMi00OTM3LUE2QTgtQjI5ODBCMUEwRDM5fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7MkM0Q0RBMzYtREE1NC00NUFDLTg4NkYtOTY4ODNDMjcwODE1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3MS4zOSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMzUiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzIxMDA5MDAiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMzQ1NzA2Nzk1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4556
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTFBQzI2NzgtNTk1QS00QjcwLThCNEYtNENDMzBBRUY0N0M1fSIgdXNlcmlkPSJ7NjlGNzMzQUUtNjcyMi00OTM3LUE2QTgtQjI5ODBCMUEwRDM5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntFMUNCQUFBQy02MUIwLTQ4NzgtODEyNS1ERkFBNTFBMkRGMDR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4zNSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMDQ3NDMxODM2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMDQ3NTQxODI2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjMyNDc5NTA3NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzY4ZDU3N2EwLTFmNGEtNDM0Zi1iZGNlLTE0OGVkYzFlNGE0MD9QMT0xNzMyNzA2MDUxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWVLSTJzdFFSQW1IeXRCeGhwb3p2R0xSeWFOTVIzakRXNUVPJTJiNExXQXR0RXpHJTJmQmpTUVJ0RTIxN2pJY2lRdjlCbDVBZm1CZzVyOE1uVVd1N2c5N1JpdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMzI0Nzk1MDc1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy82OGQ1NzdhMC0xZjRhLTQzNGYtYmRjZS0xNDhlZGMxZTRhNDA_UDE9MTczMjcwNjA1MSZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1lS0kyc3RRUkFtSHl0QnhocG96dkdMUnlhTk1SM2pEVzVFTyUyYjRMV0F0dEV6RyUyZkJqU1FSdEUyMTdqSWNpUXY5Qmw1QWZtQmc1cjhNblVXdTdnOTdSaXclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNjM1OTIwIiB0b3RhbD0iMTYzNTkyMCIgZG93bmxvYWRfdGltZV9tcz0iMjMzODAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTIzMjQ3OTUwNzUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTIzMzAxMzg0NzYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzc2NTc0MTA2MzcwNDczMCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSItMSIgYWQ9Ii0xIiByZD0iLTEiLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMxLjAuMjkwMy41MSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0YyOEVDRjQ3LTRFNTEtNEQ0MC04Q0Y2LUFFRDg1NzMyMUFCN30iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa084ccc40,0x7ffa084ccc4c,0x7ffa084ccc58
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1732,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4928,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5052,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3780,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5160,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3960,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5476,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5720,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=2084,i,2768297063311133908,3965840192553031780,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa084ccc40,0x7ffa084ccc4c,0x7ffa084ccc58
  2⤵
  PID:796

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\131.0.2903.51\Installer\setup.exe

Filesize
6.6MB

MD5
e8ecc691b6b345c25ea749591911d934

SHA1
b54f8b8ece5c4221c4180edfdef39df38a36ba21

SHA256
e226aafcb47b85afe8962b885921dd982bbeb356ddd1c66e5a6f42be80dd052a

SHA512
9364268b3e7333a6d52e3ab1eedb15c9cee98d5139be0708790275ef05abba12f32c2a39546b4c81f799d7ee662d5f705af9de28b0fca12a64c72ebcccd4f066

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.35\MicrosoftEdgeUpdateSetup_X86_1.3.195.35.exe

Filesize
1.6MB

MD5
dc1543edd0dcd56536304bdf56ef93f1

SHA1
1a8b2c7791f2faa1eb0a98478edee1c45847075c

SHA256
ccbb3d9a4877999a55b2ca6b8128481e91c4b56780f581226f916c0fb2db0772

SHA512
2a6b4aa39bc3e4d234909077d5c6d75b9968c1778d505cc12431afd7aebd01eb65ed2f6f0c53c67f18eed7e97b67a93bab8c44574e3918ccd5cfcd8681767056

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\EdgeUpdate.dat

Filesize
12KB

MD5
369bbc37cff290adb8963dc5e518b9b8

SHA1
de0ef569f7ef55032e4b18d3a03542cc2bbac191

SHA256
3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

SHA512
4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\MicrosoftEdgeComRegisterShellARM64.exe

Filesize
179KB

MD5
7a160c6016922713345454265807f08d

SHA1
e36ee184edd449252eb2dfd3016d5b0d2edad3c6

SHA256
35a14bd84e74dd6d8e2683470243fb1bb9071178d9283b12ebbfb405c8cd4aa9

SHA512
c0f1d5c8455cf14f2088ede062967d6dfa7c39ca2ac9636b10ed46dfbea143f64106a4f03c285e89dd8cf4405612f1eef25a8ec4f15294ca3350053891fc3d7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
212KB

MD5
60dba9b06b56e58f5aea1a4149c743d2

SHA1
a7e456acf64dd99ca30259cf45b88cf2515a69b3

SHA256
4d01f5531f93ab2af9e92c4f998a145c94f36688c3793845d528c8675697e112

SHA512
e98088a368d4c4468e325a1d62bee49661f597e5c1cd1fe2dabad3911b8ac07e1cc4909e7324cb4ab39f30fa32a34807685fcfba767f88884ef84ca69a0049e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\MicrosoftEdgeUpdateCore.exe

Filesize
257KB

MD5
c044dcfa4d518df8fc9d4a161d49cece

SHA1
91bd4e933b22c010454fd6d3e3b042ab6e8b2149

SHA256
9f79fe09f57002ca07ae0b2a196e8cc002d2be6d5540ee857217e99b33fa4bb2

SHA512
f26b89085aa22ac62a28610689e81b4dfe3c38a9015ec56dfeaff02fdb6fa64e784b86a961509b52ad968400faa1ef0487f29f07a41e37239fe4c3262a11ac2c

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\NOTICE.TXT

Filesize
4KB

MD5
6dd5bf0743f2366a0bdd37e302783bcd

SHA1
e5ff6e044c40c02b1fc78304804fe1f993fed2e6

SHA256
91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

SHA512
f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdate.dll

Filesize
2.0MB

MD5
965b3af7886e7bf6584488658c050ca2

SHA1
72daabdde7cd500c483d0eeecb1bd19708f8e4a5

SHA256
d80c512d99765586e02323a2e18694965eafb903e9bc13f0e0b4265f86b21a19

SHA512
1c57dc7b89e7f13f21eaec7736b724cd864c443a2f09829308a4f23cb03e9a5f2a1e5bcdc441301e33119767e656a95d0f9ede0e5114bf67f5dce6e55de7b0a4

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_af.dll

Filesize
28KB

MD5
567aec2d42d02675eb515bbd852be7db

SHA1
66079ae8ac619ff34e3ddb5fb0823b1790ba7b37

SHA256
a881788359b2a7d90ac70a76c45938fb337c2064487dcb8be00b9c311d10c24c

SHA512
3a7414e95c2927d5496f29814556d731aef19efa531fb58988079287669dfc033f3e04c8740697571df76bfecfe3b75659511783ce34682d2a2ea704dfa115b3

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_am.dll

Filesize
24KB

MD5
f6c1324070b6c4e2a8f8921652bfbdfa

SHA1
988e6190f26e4ca8f7ea3caabb366cf1edcdcbbf

SHA256
986b0654a8b5f7b23478463ff051bffe1e9bbdeb48744e4aa1bd3d89a7520717

SHA512
63092cf13e8a19966181df695eb021b0a9993afe8f98b1309973ea999fdf4cd9b6ffd609968d4aa0b2cde41e872688a283fd922d8b22cb5ad06339fe18221100

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_ar.dll

Filesize
26KB

MD5
570efe7aa117a1f98c7a682f8112cb6d

SHA1
536e7c49e24e9aa068a021a8f258e3e4e69fa64f

SHA256
e2cc8017bc24e73048c7ee68d3787ed63c3898eec61299a9ca1bab8aeaa8da01

SHA512
5e963dd55a5739a1da19cec7277dc3d07afdb682330998fd8c33a1b5949942019521967d8b5af0752a7a8e2cf536faa7e62982501170319558ceaa21ed657ae8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_as.dll

Filesize
28KB

MD5
a8d3210e34bf6f63a35590245c16bc1b

SHA1
f337f2cbec05b7e20ca676d7c2b1a8d5ae8bf693

SHA256
3b82de846ad028544013383e3c9fb570d2a09abf2c854e8a4d641bd7fc3b3766

SHA512
6e47ffe8f7c2532e7854dcae3cbd4e6533f0238815cb6af5ea85087c51017ea284542b988f07692d0297ebab1bad80d7613bf424ff532e10b01c8e528ab1043a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_az.dll

Filesize
29KB

MD5
7937c407ebe21170daf0975779f1aa49

SHA1
4c2a40e76209abd2492dfaaf65ef24de72291346

SHA256
5ab96e4e6e065dbce3b643c6be2c668f5570984ead1a8b3578bbd2056fbad4e9

SHA512
8670746941660e6573732077f5ed1b630f94a825cf4ac9dbe5018772eaac1c48216334757a2aeaa561034b4d907162a370b8f0bae83b34a09457fafe165fb5d7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_bg.dll

Filesize
29KB

MD5
8375b1b756b2a74a12def575351e6bbd

SHA1
802ec096425dc1cab723d4cf2fd1a868315d3727

SHA256
a12df15afac4eb2695626d7a8a2888bdf54c8db671043b0677180f746d8ad105

SHA512
aec4bb94fde884db79a629abcff27fd8afb7f229d055514f51fa570fb47a85f8dfc9a54a8f69607d2bcaf82fae1ec7ffab0b246795a77a589be11fad51b24d19

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_bn-IN.dll

Filesize
29KB

MD5
a94cf5e8b1708a43393263a33e739edd

SHA1
1068868bdc271a52aaae6f749028ed3170b09cce

SHA256
5b01fe11016610d5606f815281c970c86025732fc597b99c031a018626cd9f3c

SHA512
920f7fed1b720afdb569aec2961bd827a6fc54b4598c0704f65da781d142b1707e5106a459f0c289e0f476b054d93c0b733806af036b68f46377dde0541af2e7

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_bn.dll

Filesize
29KB

MD5
7dc58c4e27eaf84ae9984cff2cc16235

SHA1
3f53499ddc487658932a8c2bcf562ba32afd3bda

SHA256
e32f77ed3067d7735d10f80e5a0aa0c50c993b59b82dc834f2583c314e28fa98

SHA512
bdec1300cf83ea06dfd351fe1252b850fecea08f9ef9cb1207fce40ce30742348db953107ade6cdb0612af2e774345faf03a8a6476f2f26735eb89153b4256dc

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_bs.dll

Filesize
28KB

MD5
e338dccaa43962697db9f67e0265a3fc

SHA1
4c6c327efc12d21c4299df7b97bf2c45840e0d83

SHA256
99b1b7e25fbc2c64489c0607cef0ae5ff720ab529e11093ed9860d953adeba04

SHA512
e0c15b166892433ef31ddf6b086680c55e1a515bed89d51edbdf526fcac71fb4e8cb2fadc739ac75ae5c2d9819fc985ca873b0e9e2a2925f82e0a456210898f9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

Filesize
29KB

MD5
2929e8d496d95739f207b9f59b13f925

SHA1
7c1c574194d9e31ca91e2a21a5c671e5e95c734c

SHA256
2726c48a468f8f6debc2d9a6a0706b640b2852c885e603e6b2dec638756160df

SHA512
ea459305d3c3fa7a546194f649722b76072f31e75d59da149c57ff05f4af8f38a809066054df809303937bbca917e67441da2f0e1ea37b50007c25ae99429957

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_ca.dll

Filesize
30KB

MD5
39551d8d284c108a17dc5f74a7084bb5

SHA1
6e43fc5cec4b4b0d44f3b45253c5e0b032e8e884

SHA256
8dbd55ed532073874f4fe006ef456e31642317145bd18ddc30f681ce9e0c8e07

SHA512
6fa5013a9ce62deca9fa90a98849401b6e164bbad8bef00a8a8b228427520dd584e28cba19c71e2c658692390fe29be28f0398cb6c0f9324c56290bb245d06d2

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_cs.dll

Filesize
28KB

MD5
16c84ad1222284f40968a851f541d6bb

SHA1
bc26d50e15ccaed6a5fbe801943117269b3b8e6b

SHA256
e0f0026ddcbeafc6c991da6ba7c52927d050f928dba4a7153552efcea893a35b

SHA512
d3018619469ed25d84713bd6b6515c9a27528810765ed41741ac92caf0a3f72345c465a5bda825041df69e1264aada322b62e10c7ed20b3d1bcde82c7e146b7e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_cy.dll

Filesize
28KB

MD5
34d991980016595b803d212dc356d765

SHA1
e3a35df6488c3463c2a7adf89029e1dd8308f816

SHA256
252b6f9bf5a9cb59ad1c072e289cc9695c0040b363d4bfbcc9618a12df77d18e

SHA512
8a6cbcf812af37e3ead789fbec6cba9c4e1829dbeea6200f0abbdae15efd1eda38c3a2576e819d95ed2df0aafd2370480daa24a3fe6aeb8081a936d5e1f8d8ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_da.dll

Filesize
28KB

MD5
d34380d302b16eab40d5b63cfb4ed0fe

SHA1
1d3047119e353a55dc215666f2b7b69f0ede775b

SHA256
fd98159338d1f3b03814af31440d37d15ab183c1a230e6261fbb90e402f85d5f

SHA512
45ce58f4343755e392037a9c6fc301ad9392e280a72b9d4b6d328866fe26877b2988c39e05c4e7f1d5b046c0864714b897d35285e222fd668f0d71b7b10e6538

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_de.dll

Filesize
30KB

MD5
aab01f0d7bdc51b190f27ce58701c1da

SHA1
1a21aabab0875651efd974100a81cda52c462997

SHA256
061a7cdaff9867ddb0bd3de2c0760d6919d8d2ca7c7f889ec2d32265d7e7a75c

SHA512
5edbda45205b61ac48ea6e874411bb1031989001539650de6e424528f72ec8071bd709c037c956450bb0558ee37d026c26fdb966efceb990ed1219f135b09e6e

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_el.dll

Filesize
30KB

MD5
ac275b6e825c3bd87d96b52eac36c0f6

SHA1
29e537d81f5d997285b62cd2efea088c3284d18f

SHA256
223d2db0bc2cc82bda04a0a2cd2b7f6cb589e2fa5c0471a2d5eb04d2ffcfcfa0

SHA512
bba581412c4297c4daf245550a2656cdc2923f77158b171e0eacf6e933c174eac84580864813cf6d75d73d1a58e0caf46170aee3cee9d84dc468379252b16679

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_en-GB.dll

Filesize
27KB

MD5
d749e093f263244d276b6ffcf4ef4b42

SHA1
69f024c769632cdbb019943552bac5281d4cbe05

SHA256
fd90699e7f29b6028a2e8e6f3ae82d26cdc6942bd39c4f07b221d87c5dbbfe1e

SHA512
48d51b006ce0cd903154fa03d17e76591db739c4bfb64243725d21d4aa17db57a852077be00b9a51815d09664d18f9e6ad61d9bc41b3d013ed24aaec8f477ad9

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_en.dll

Filesize
27KB

MD5
4a1e3cf488e998ef4d22ac25ccc520a5

SHA1
dc568a6e3c9465474ef0d761581c733b3371b1cd

SHA256
9afbbe2a591250b80499f0bf02715f02dbcd5a80088e129b1f670f1a3167a011

SHA512
ce3bffb6568ff2ef83ef7c89fd668f6b5972f1484ce3fbd5597dcac0eaec851d5705ed17a5280dd08cd9812d6faec58a5561217b897c9209566545db2f3e1245

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_es-419.dll

Filesize
29KB

MD5
28fefc59008ef0325682a0611f8dba70

SHA1
f528803c731c11d8d92c5660cb4125c26bb75265

SHA256
55a69ce2d6fc4109d16172ba6d9edb59dbadbc8af6746cc71dc4045aa549022d

SHA512
2ec71244303beac7d5ce0905001fe5b0fb996ad1d1c35e63eecd4d9b87751f0633a281554b3f0aa02ee44b8ceaad85a671ef6c34589055797912324e48cc23ed

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_es.dll

Filesize
28KB

MD5
9db7f66f9dc417ebba021bc45af5d34b

SHA1
6815318b05019f521d65f6046cf340ad88e40971

SHA256
e652159a75cbab76217ecbb4340020f277175838b316b32cf71e18d83da4a819

SHA512
943d8fc0d308c5ccd5ab068fc10e799b92465a22841ce700c636e7ae1c12995d99c0a93ab85c1ae27fefce869eabadbeafee0f2f5f010ad3b35fa4f748b54952

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_et.dll

Filesize
28KB

MD5
b78cba3088ecdc571412955742ea560b

SHA1
bc04cf9014cec5b9f240235b5ff0f29dbdb22926

SHA256
f0a4cfd96c85f2d98a3c9ecfadd41c0c139fdb20470c8004f4c112dd3d69e085

SHA512
04c8ab8e62017df63e411a49fb6218c341672f348cb9950b1f0d2b2a48016036f395b4568da70989f038e8e28efea65ddd284dfd490e93b6731d9e3e0e0813cf

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_eu.dll

Filesize
28KB

MD5
a7e1f4f482522a647311735699bec186

SHA1
3b4b4b6e6a5e0c1981c62b6b33a0ca78f82b7bbd

SHA256
e5615c838a71b533b26d308509954907bcc0eb4032cdbaa3db621eede5e6bfa4

SHA512
22131600bbac8d9c2dab358e244ec85315a1aaebfc0fb62aaa1493c418c8832c3a6fbf24a6f8cf4704fdc4bc10a66c88839a719116b4a3d85264b7ad93c54d57

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_fa.dll

Filesize
27KB

MD5
cbe3454843ce2f36201460e316af1404

SHA1
0883394c28cb60be8276cb690496318fcabea424

SHA256
c66c4024847d353e9985eb9b2f060b2d84f12cc77fb6479df5ffc55dbda97e59

SHA512
f39e660f3bfab288871d3ec40135c16d31c6eb1a84136e065b54ff306f6f8016a788c713d4d8e46ad62e459f9073d2307a6ed650919b2dd00577bbfd04e5bd73

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_fi.dll

Filesize
28KB

MD5
d45f2d476ed78fa3e30f16e11c1c61ea

SHA1
8c8c5d5f77cd8764c4ca0c389daee89e658dfd5e

SHA256
acf42b90190110ccf30bcfb2626dd999a14e42a72a3983928cba98d44f0a72e2

SHA512
2a876e0313a03e75b837d43e9c5bb10fcec385fbb0638faa984ee4bb68b485b04d14c59cd4ed561aaa7f746975e459954e276e73fc3f5f4605ae7f333ce85f1b

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_fil.dll

Filesize
29KB

MD5
7c66526dc65de144f3444556c3dba7b8

SHA1
6721a1f45ac779e82eecc9a584bcf4bcee365940

SHA256
e622823096fc656f63d5a7bbdf3744745ef389c92ec1b804d3b874578e18c89d

SHA512
dbc803c593ae0b18fd989fdc5e9e6aee8f16b893ae8d17e9d88436e2cd8cae23d06e32e4c8a8bf67fc5311b6f2a184c4e6795fed6d15b3d766ef5affc8923e2f

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_fr-CA.dll

Filesize
30KB

MD5
b534e068001e8729faf212ad3c0da16c

SHA1
999fa33c5ea856d305cc359c18ea8e994a83f7a9

SHA256
445051ef15c6c872bed6d904169793837e41029a8578eaf81d78a4641ef53511

SHA512
e937d2e0f43ade3f4a5e9cdeb6dd8c8ad8b5b50a7b6b779bda727a4fe1ced93abd06720395cc69a274ce3b0f7c6b65e1eba1ecf069db64edb80d007fbb4eedbb

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_fr.dll

Filesize
30KB

MD5
64c47a66830992f0bdfd05036a290498

SHA1
88b1b8faa511ee9f4a0e944a0289db48a8680640

SHA256
a9b72fcb3bdb5e021b8d23b2de0caeca80ddc50420088b988a5b7503f2d7c961

SHA512
426546310c12aeb80d56e6b40973a5f4dffef72e14d1ac79e3f267e4df2a0022b89e08bba8ab2ffa24f90b0c035a009bed3066201e30fe961d84ed854e48f9c5

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_ga.dll

Filesize
28KB

MD5
3b8a5301c4cf21b439953c97bd3c441c

SHA1
8a7b48bb3d75279de5f5eb88b5a83437c9a2014a

SHA256
abc9822ee193c9a98a21202648a48ecd69b0cb19ff31c9bbf0c79dab5f9609b0

SHA512
068166cfdf879caf4e54fe43c5265a692fcaf6a9dcbf151335fd054bbec06260bc5ed489de6d46ca3fc0044bc61fa1468fea85373c6c66349620618ee869383a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_gd.dll

Filesize
30KB

MD5
c90f33303c5bd706776e90c12aefabee

SHA1
1965550fe34b68ea37a24c8708eef1a0d561fb11

SHA256
e3acc61d06942408369c85365ac0d731c5f3c9bc26e3f1e3bb24226d0879ad9c

SHA512
b0c1a9d7df57d68e5daf527703f0b6154a2ef72af1a3933bda2804408f6684b5b09b822522193243fd0756f80f13d3ab0647c90d2bed1a57b4a9fea933b0aa9a

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_gl.dll

Filesize
28KB

MD5
84a1cea9a31be831155aa1e12518e446

SHA1
670f4edd4dc8df97af8925f56241375757afb3da

SHA256
e4eb716f1041160fd323b0f229b88851e153025d5d79f49b7d6ecb7eb2442c57

SHA512
5f1318119102fcee1c828565737ce914493ff86e2a18a94f5ff2b6b394d584ace75c37258d589cce1d5afd8e37d617168a7d7372cfd68dd6a2afcd4577a0bc51

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_gu.dll

Filesize
28KB

MD5
f9646357cf6ce93d7ba9cfb3fa362928

SHA1
a072cc350ea8ea6d8a01af335691057132b04025

SHA256
838ccd8243caa1a5d9e72eb1179ac8ae59d2acb453ed86be01e0722a8e917150

SHA512
654c4a5200f20411c56c59dbb30a63bfe2da27781c081e2049b31f0371a31d679e3c9378c7eb9cf0fb9166a3f0fba33a58c3268193119b06f91bebe164a82528

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_hi.dll

Filesize
28KB

MD5
34cbaeb5ec7984362a3dabe5c14a08ec

SHA1
d88ec7ac1997b7355e81226444ec4740b69670d7

SHA256
024c5eae16e45abe2237c2a5d868563550ac596f1f7d777e25234c17d9461dd9

SHA512
008c8443a3e93c4643a9e8735a1c59c24ba2f7a789606a86da54c921c34cbc0cb11c88594544d8509a8e71b6a287c043b1ffe2d39b90af53b4cde3847d891ba8

Download Submit
C:\Program Files (x86)\Microsoft\Temp\EU74A6.tmp\msedgeupdateres_hr.dll

Filesize
29KB

MD5
0b475965c311203bf3a592be2f5d5e00

SHA1
b5ff1957c0903a93737666dee0920b1043ddaf70

SHA256
65915ad11b9457d145795a1e8d151f898ec2dcb8b136967e6592884699867eb0

SHA512
bec513125f272c24477b9ddbaa5706d1e1bb958babac46829b28df99fa1dd82f3f1e3c7066dc2fe3e59118c536675a22fc2128de916ca4c478950b9992372007

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
6.8MB

MD5
7478745f2ffdcebdb1c5ccbd482312b8

SHA1
6f754125fdea66ca783875f7c6c0f96be14211d3

SHA256
ae19ae02450f9e885abbed2e40fbabf9992acf61fd206d6ec0da8fcc2ecfeecb

SHA512
9ff8e19eb3471d69654a9a83fdc62f9d340dfee344a1cc89802ab4924921edc2c4b1e4f6573143ac61cb61d970d6150ae694369c90ba453cfeb63966d85bf352

Download Submit
C:\Program Files (x86)\Roblox\Versions\version-32f36ac944b34913\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
16KB

MD5
8ee83c5bc5d7d5947eaffadac36e33e1

SHA1
9b8006f095e095b6a01b4dcb6f90a7b3dacab37a

SHA256
c03577747e322e82ffe5fdbf52dd0c436b5f6950480be413166da4296e2d817d

SHA512
3f3f1b3c2b1333ec5e311844567eef7c7e0498c2151846243202e02d08be7ab78cf37aa5d65ca9a8ed9a4dbed95d64fa685e8d7b6ead6911aad8053b356098aa

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
11d253b3a6f1f94b363fcb04e607acd2

SHA1
9917081d96e0d89a6c6997cc2d4aad6366ecfcbc

SHA256
20152f2fc1ca7717b9b858435b3658ce0879f28944bf822210e5ac5e148cc7ff

SHA512
101086c8c2805dcb8bb4e2a3c979574fea1cf0268859804c350f05a85945216de51bce90981a11d08c9a7043efee5130ede5c5a376cd86707dcc90c0e4f45334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c066ca2f81063a53e336d09e01dd7bbd

SHA1
17b72902d3e3cf885a8884425ba4db0b6134fc68

SHA256
97e37e5a38ba610c822c920964987d25b1661efe10c5931119359978222f66a1

SHA512
541c47c18743f72f346912c53259aee63cf0f140803d3b39a1e111d090c8e4cbe03ec624502366db909df0a45ce556438288d7e39a91c95972735de6afffb9c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d8c7e41024ed6d66e5b199df459b456e

SHA1
d72f3ac30ec65da940066060927786ef74b52ad8

SHA256
56e2fc349e2bd1776199eb54fc49c0ff7a9817b0193ebd9586bf5130ed84af0e

SHA512
b1df74a8e67ab2dfbf6173950582103c71413f55af38e3c83470a6356d6d3f5053900ea013a593feea95aa9c8c968c7df3ff1ed7320036fa159f48aca56c7396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d942c3935bea6d8053a0e209566b8f17

SHA1
2a71919165a54d031ea2bf79525a35728cac0b39

SHA256
409d07e3664d15813e1105a36a1f60f59a1ce94f328a34b4b7073790331bff67

SHA512
9d41e4cdc5ec172078f25fbcea304ca0aa2a9b0d3f2bfa10c86021f71a5feb86974e9fe8410cdbd67763fbc81e726d2c580e0b605fdb379670cd5fa494329236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3a4b8d6de567aec25bb27983ef343ad8

SHA1
e98ca55567dee98b96880298ddc21a7f49b54c62

SHA256
91e5961126cf43755b70075a39841684e45012a2bf640ee90596dc97c697f272

SHA512
dc3f3724df58e53a22145aaf82aaadb125fcae3ff53759f9eb5028b391bcb6c6c947c42203bc7f7d0b6c4a33564d267d571b7fb780620bbc32ae1a6ee7d85771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
da976f50a51fb12dd02e9f91fa95e17b

SHA1
486c66637517ef8e2b5c138dde6b3b8b010c47d1

SHA256
504fe4e618468f69438d1c329b15f8a6dec1f200e26a2aba01910e43aa551563

SHA512
1019f9be44591e7d556fadf121c64d66a3ddd80a35701eef4ea3c933f9c1dac727ad5062b201e5f683608a5b2759930d7ba0a640997700a1e31d2ecf1d57ca34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
61ea45812d75fe0811c863cdf640a455

SHA1
5499bb6ac370cc189a6ba7270afb7e87fa0831d2

SHA256
3cf105337dbdedb551b8b5904010ef6ae9118d3a5f7ac124992cab49f3b5f20a

SHA512
98636fec2487899fd1d7cf3707d0deb9d25339e6af1e2f76dff661c720f0b64577476d97c3ede77150350eba6d4510e758fa8a2cd37a836b7fab1d262372152a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e96d9133e19adf15690bd53fb3f49cbc

SHA1
93444f7d0028281ac4d9054c1e6aafda8071afc4

SHA256
8bb4a7389b7da2cdfcc4c79e2c94c7e2023045a2a27787fcbe5b1a077d834e3e

SHA512
2631d9d12f67ce17d23cddc56ecf292c7671b25f592b435d04652d45e19c9c1af60a48a7931ef4deac7d23788be970b2895dea8cd92e82efb4ba66548340852d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
59fc310c28e95ca4e4d84d5e38558d79

SHA1
05239996d77e21fb8181353ce6b61b44d392f348

SHA256
8cccd079af2f7ecfbdc51349fbb0962dae8c3745c912072a972df4f20b3782f2

SHA512
f83938ead0d9e2e6d7f1ef19b55f0d1dcbc0a685e438aa60f49fb0ea385c461de667ef65295b21b747dea53448183ebda9cb60410c7a455d9d702595d4998d87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
0702917d4e148617fe600b76be8e5491

SHA1
36f7f2d58eb7aa35190492662d0ab5787755f007

SHA256
a48cb868c8f3db3cce3064f67cb2b0a625ebe4adcc4262b366e9a9125a16e914

SHA512
ad274adcf814558e52cd3a1cdab3dd6b91737b82d4b48618663e853e3e39ff34d1086bce9dff84a51575af3540efe0a856096b1932c2194b817dd2d5d3f83ea0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4d11c6902bc268102a080c601d3792d7

SHA1
5977d55b0f54b134daeb6757df6b57181ada86f9

SHA256
85c31f6cea6e590821d94f30e5d019b7a4091b01b7107089c6474077609b6bf4

SHA512
8febdc2f29947bf5fd6d86196d1f1e2dc79067b34dfeb6c656b7986a95502d7ab3e994a58c7ea6a79bee88fe0c60c0bc52c7e6c2d7ab6bd7a7545553d668721a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0c84bdd79c95425b3f6b95ee2b5e1de8

SHA1
8413f0897bc67d43a55738ee407cd5ac31103137

SHA256
2a3acea5a70f5fc6bf2211b7576c9461c961adb07adbe1db4ff7c8aecf04950d

SHA512
5f0ae9a646df21b23ba0360d0d7f9149e8d87468e2833db7cc5db58495e338bd56a3e3485194c1105db63cd0a2611f8b89e7694914aa715a9850e6d2dd43d56e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
6dc42b5f383eb34eb1d15afb448420a8

SHA1
9d598ff91328dabfdebcc4308a847399c679357f

SHA256
97083c487663bbad7e9de1f0c3a56b52d41f61f62c372946b76375f09e5a85fc

SHA512
e222fe0edd38bd998fa3a14255b09112268d06037860e766d78a77ea7774c069cd0f6e54724e286460ac9fe1dd073aa04e8718904b0a95c23a3a7e5804ff328e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
83c9502bf6627cc727ec0ad219e3ee6d

SHA1
8191eb2f7402d94926567ff4d21c783819400826

SHA256
d65f3dcaadaf5d3359a657fcd9fcda6d8b724f2ea738e63219ff5494f90b365d

SHA512
edaa002b2e628e09fb9594910ce146e4ab5dd28df564f0d23ad9e058226e79d742420863d8aafa8f8d9724f41b505915b551993b1b2f8a55b3a2461771624683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9cb414873d8586585b4bfe5a178ea346

SHA1
fb82d23638cd9f6c8894be2680684094c4d30f16

SHA256
e180b1d1c732b0a96cd876adfdf3c9aa4259f53bc35b49f8547cd79606bb0bca

SHA512
431b45df4055221ce5fcf5a5115093e774d10b838b67833a142ebf397ba5758a0ffb2c33670255fe66e360aba9ec8d984a782798354fd8f3c73299100fd59c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e12e4f17f7034e1dfa523d200177e2f

SHA1
3ca63095f5368d243d38bdd3755f5259a2920081

SHA256
67adf6660c0729595811300d979d5fc761fc20ef324722449a70cecbb509e3b6

SHA512
e1458bd3d9fe04126a852e2097dec273f7553bcbb29b9bcbdbc69e01a1a1c96774f9afb892b7b3e4d536b34a4b9e116ba1fd418ea0db234d976b4362a4344bd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9ab87bcbffb40ed98290e0400f16822

SHA1
8ca3f852c0e4133c26e59a5cd154e1cd4e6ba29a

SHA256
7fc316d4286f1d86777d6002d3cd83cd33c3a3e3acb20457eec92a6e88f4523f

SHA512
fd4191d627016a0a5e19e78a8bad26e130f9f64b1e2cba10ce26c3f4108955ee72d387aa379517684b17e88ddfac16e27c944361d0f6562e3076a8ec24fdde72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f82385d6317bb9dce163ba1134e02ea

SHA1
2de796ea4716ffc7c0d09f2c8ba2a5eff54e50ee

SHA256
99158e792674b662d473bf5f277756d1f4f2946c4b9e94cbb38af470d962f2d8

SHA512
958be16b60512e1a3967fad1ca913e58f21ac6d8d927fb88bd17f6c9fb7bdd69a166c721e9cc0f59e2cf60309dafa51adbe26242f174447e3cb267aba8e5f4fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48f9de0ab28560144b4d463893e05db3

SHA1
6d35993bc643d8ec088d155260df3f1c5bd00cee

SHA256
87445a27701f9e404cfc2c1a8394ae3ab969bea270c8deb85a7a01265f982925

SHA512
c30b352b5727fb3d8bbc1fa5c21ea22cf0e39a3ad86de92862e82a1d83ac4786649b37decc329cc31182d9ef02340fe800bcd981d50eb981dfc204b022d2181a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
852e4d6abbf3b452e9f6157fb7341d73

SHA1
21d16545fcd4fa7dece2fca3432aac0111464484

SHA256
54153a1c3c7d6dbcbc43164cd26f7f84eea6b51da592c89eda4974c81bfc0601

SHA512
fe6ca855861c465af122d0cb21c2fd2a03d4b998d7c0f2df9cc74a9013251779c0a0a19bc7d9b3f1f9ef52e6d3500dbaa7930cb3ac2bc3b038ef26f9e142449c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0cccf6a41cc6bb6534823f541018e3db

SHA1
77a5c2f1b73bc18b4eb8d8f547c353faad593bcc

SHA256
418ce685d38c6c9d6e93f24d67ccab65b886bb7c864600887743a90a7477d1da

SHA512
6254433d114b1f38c04192161a78d36ae82b929240b2acf90b78e1bf8ab6f13c6fed6558c27c59a5c88a96289b64c1619758d773b9d5c4a6bf9be8558f13df3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
92f05cd3fdc9496bc2ddda5d1e08b8d5

SHA1
459f51f7b61e106eb2520e5e5f9af070c99e4f10

SHA256
55f0a1d0d36ef869e87b658d702f26ac4ae911bbc02dac8cc8d90f05e3264b44

SHA512
c4cd2cac0f79c9c93cdbe186c52122795b1fcc47af77d1b584c92267c5694294c52f13e050cb8e79175904a0d45cc4a96998a3e70a844eec96259f127dd06b90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ad20f356171b010aaf543deebbb659fe

SHA1
ce6ea2e713879b3e2a6e5559312f60c0c456567d

SHA256
ab06153cd7a272e60cee5b616c1ffc03444f77436a60b4a92ff6d99034ccd527

SHA512
e2a537a6a0eba48916c88dceca72199656ed2ab938371cacfcc25437173adbb850ab970c7e0ea866855b09c89cfbc9a88ed85ad2e1cce9950727e77d50ab5643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9be7d5c5721bdb86c768770e8453011f

SHA1
be7705cea3d70e625229a766b0d1f8578eea194e

SHA256
bd357258204751fdfe5f27ca781f28172a30da77fa5296559a5bbc5724e3d4cd

SHA512
66aaf3b1a7daf0908761587ba12647d1b5910e2e525a4dac85c12babfd0694c715939f032577349a797db4dcf6ba004f5037327f37fdb9b73de59d59a80c269d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6324d992e360e338311451203793203e

SHA1
9b52b68f9b34a318dbf04498816edfc7409513e3

SHA256
f0595beb6b4472a9c2fa97f680e7edb1a9a1740b01d0b4623214cd7c4fa4ab35

SHA512
5ed5d2aa81646aaa43b9e06ef4910cea2fb5576b064191e9361d0378f1bc6c5b0ddbfccf3686b4d7d13f32ae3fc705218b64bf35a1e1e7a7487c6d57ce9e2194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d19f2cdcbb43af6d45f1daf202fe0a7b

SHA1
5c7ddf7b1c5c0012ab1384a910f3ec5d63024bf6

SHA256
4ce981100ea62cd9f4b8e63a87dc009d12b80d5ae89b0966b6d4f406069de373

SHA512
6cbfd5f8118723b3f84863d1375224b4f40d69c4d19728a54f9c1a6d2964bee3b911a761149e543b3a30725e044725e4921931592ad8d48150d6187c553401ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe65aeca.TMP

Filesize
140B

MD5
4b598c9f59718a39115e301cbcc1a5d0

SHA1
c3b207a9e4356571815d029440eec04741d259c9

SHA256
2dbbdc45347e86c1242a59212ed5ceb3d496f1020ed2f505fb7db9d2e560a147

SHA512
f30127d76c7d59895bedc94a5af31bd4fbb22af2987aaaa61957d32b6c125f8e13a77fe89eaa2336ef705cd577126bba05080c051aa69abcf6c597bf1fc34ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
f247971ba9c65b6ae951a5c31b5152c2

SHA1
5bb6df15f1547793c9f3e2e61472ff24bc758a67

SHA256
0ad70653977ce655cec8a791a2e30945598ae160d78068cf2c404a3dfae0f23e

SHA512
622df0b29568f61a2f4fedd564c20ed68288e9503914f7a5b877eec52e01fc409428a6d6b040e67283564d6ff30eae5efe54261636c9c18c89ea688945d82682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
88920ba964b3a39ac60f95948652fbcf

SHA1
4e402930bcd90363905ef35f3df25cc26f26706a

SHA256
6338eba02bb8da972f7e76fa5bc05b9a23103538a1ab385a3fac577280659cd7

SHA512
65473fca31b94ef2c299c993cb8e109fe48d056ab581648f38de13c9852eb22e41d68444d0f01b76be5e7bb45123397dfac9940ca108e9a0c7bd29541cb062b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
ffba61b2b950c535ede3f31438ee52b1

SHA1
38c53850954cde2ca13ca1c7a62b1ea5bf21947d

SHA256
d500e194cd42d0314743140f7cfad0ce45b543fdba40ca47fe0b772f330e93d3

SHA512
376bb1b0fff8aa6fb0429c827dec4178ddebbda3dbe5d16bc9b38bf415df0dc739f7115d908c709e668906a267f84a9e32486dbae2cc13b8817338924e2b8224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\07ddcc8a-7bb6-4ab8-ae9d-5604106d9845.tmp

Filesize
5KB

MD5
d9f82cde7d94ef21ab02465de52927dd

SHA1
efc21b936792d0981fdd57168ba5609e8327d1d3

SHA256
2c84a4c14ee4c1111882bc4075979be07d9d7531eff27d38b63507a3fd36b283

SHA512
3d5b80bcaec5752de7db68eb80797ac6c990b5e9cad6fb34449d9bdb3eb5981d89e160cc79b0b26b4c0a8cc885ac7b8561990da88972333e83482d8c32f1fb6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\31c96f4e-5aab-489b-90fa-88f8fc46d136.tmp

Filesize
5KB

MD5
5179595f7d5d5c42949a5acb83cba44b

SHA1
349864f0c6c1284045d3940e66510e7bb12d8364

SHA256
24afdae3e017b0e49540313d7004ed3b4828ea797f8fa9fe48b04812014daf6d

SHA512
9c550db534abe4f9e340cdc6aa0b98fd6202bbfb971955333227ac9d12cefc8288352d9feda2585d2914073183b630206971efd9c6cf67f81d7728f035d83fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
91KB

MD5
486f5af0adace23248c33660442b5f73

SHA1
e5382ef889f5df2e92f42d7d497fa72c2842c6f1

SHA256
ec249f6dbc51f043c59dd62eead80af75faf3067365b252170416972dd57d89e

SHA512
6a8b12f74083d06ba180c25996900379429fa967adb95397ae39bc93361209db0e02a2b525f3cfb927f8f5cdfb566cfea5fa3ff52da6a85d85a23efb975a2f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
162e83b113f4703556f828571a5e0ce0

SHA1
a0eac50e37344f3d53d6d272ed5018355b21fe82

SHA256
5c0db9d26c3d6a77d33072c5deb77c2936c844db05eadcb997e3c8309b4b1c01

SHA512
d85f556ec1276b53a5acc8aa9b75d8f6ac67ac47413b8a2779e367fa2ec782db8633c4727a2d52ff228b477b15b743b40c84f977a1e482519dcfda954a74741a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9f5fc8fc547074520f5bd1173d805bad

SHA1
c8b6985c5a0e4a834d85447ee9177d19ace5ef14

SHA256
bbcf8cc2cbaa9c908cd08f99777db016bd9a9f7819238ff74d4e4133c25486fd

SHA512
2ad447b3fa7e52f50467fbb7aac7b2d858bdcecf46a7175be148a7e9e85a573c4526312d7824561e0fdfec177746bf65d9c8524361ecc9dc90bafe48f10c5f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2bdd0a885acfc44076a0e16273686b37

SHA1
dbc387323b4584255ab6185c6ee41dc1f402a63f

SHA256
d9e9c2b2bdc45e9033470ffbab566c9af8b8d963458d743847249744d99d3ad1

SHA512
767a91e8d18dad36c366741bb1b0969ca7d2e60b32acd8a0c3407bb34bf312142cdefe8ac68dc9812e4fce5bc1a7543ed1e50cd527ab4211f50c392b9dd4e76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d36ecdef5352e0e27684dec52fa75a74

SHA1
ba36dc379286766c59bf6b8a5135f04dc68bba85

SHA256
c69dde92ed3d194d6506a06cef205575f42e5c51f61b4ae5fc4176f3b244cc08

SHA512
13fd12059728f08624f684eeffc03b29dad39d604192836873c281035eff0ab01fff276c0343cd6a85e284327984db67f98e481cf33f0e0715a335f599e60001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1f18ef507503d2c8444f1575217b7073

SHA1
8c47f309a9e264208531ae08c5c28ffca805d92e

SHA256
712996bcfa8ea6f9742ec633369218cd61d898b2358b61d529def12bf611986a

SHA512
6f1d3a509f24ff8dcdae1cfb86c9e292c2b8f90c592ebf098a513415a594f916df9245809978412e8698226512ed2fb219b9fb86bfbe4b3dc36ddd05a70790cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
748B

MD5
0489edd17a0b4e95012ed53089a384cf

SHA1
189881b77c1c1ca119cd7ad9d6a469d291973a2e

SHA256
aa5313a6ed67c65d1921c19aa5e91395b23fed6ab630567b5898677820bd603c

SHA512
0279ee5635b5a04ea231f479800b83591c6afa5e4db219d520bf481a9565a978dcd015582713ba13c8ba54ba52710baa095e138b5a3d204cdbbcc1278461b8f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5ca446.TMP

Filesize
770B

MD5
ea5399f991eda3fac9f17576ca0d35b9

SHA1
b440cfe6b7edaefb7f173c23a8163f06bfab3b73

SHA256
0d3cab9aa4d00decfeae0ac1aeb5d96ec4d83c798d910767ab169f4e04d3cedb

SHA512
abebccf8edcb9299cd279b372d0bbe263c8f5e6e1730b8477f61e2058ff2ad082bbf3d2220265e207ed36a048b76d3300f868ebf81ed90f0edac0b3f1dded350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
0423eca8e89acec51ef4cc805aba8e47

SHA1
eccbc7bbeb330ccb86ebac18c7fed92fba2598e3

SHA256
3da84e510913082d220dee5c91bbbd239ee9e2ee742d3727a74ee3350137927d

SHA512
789062b50d1a48338c997c9440e9d57c8ee9e0bd8c26280c0b62d1efc724dbaf4faa84d243d7d2781a52265352ce927856698ecbe24df3fc195811255ca32fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
696B

MD5
3f02e6c0b95c7094c2bda7c4a03a5f7d

SHA1
f9859be4f171ec9609b67414a5ce9f6dcff25f63

SHA256
100a8011d8dbab141223ebbdd1752f86aebdc15ffd7470bada4625d8f896bcf3

SHA512
7c91cc5308f92c4fcefa559101cca0d36e74bd36d44ec9c65c8497e257ff446e405eb4a6fe6de7f6e7c35b489f2746bd65b0441d6e22fda35855ba99408e7fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
8fa203155ad9300d7eac0385f0a8b508

SHA1
7f007eefa9bbcc4acc37c0ebe87a8244085c107c

SHA256
f47e51fbc00e9215dc1a95209bad476fba2319f5644081195e94b01296c83a2d

SHA512
7aac8648804fdbf3e7f8e42cf77e0b45464991a3cdb8fb2ede13f010836116a00f1affc9bf9fcdc95dfd0c3a6fbe6a288178a13f3fc7fdd3eb6516d4520208c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a39fffeeb077673cdd9f477de4fb52d1

SHA1
446bdbfe7ff78f95aa9faf9f11570bd47be6c541

SHA256
19f2772a732d9f8ff2752947456a8dd1eaaf7a94714117f5ee445006b7ced373

SHA512
921fd17f20b1a7cfe36490e177555290c89bb499bcf1455d166ee3d9dabd4aeef3059c9a88ba0043565d5de809020a6f0e5ae38765f31609f1773c707e6f79d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
73b2406eb041aa82f4e53f47a5fd7e3f

SHA1
18aa0e15b85f631e31fab148bc51a6c7a5f1f82a

SHA256
4b07054de0c23eee93cd6318cb0e7c42eccd5d13de4fd06293440cf6f9e2d240

SHA512
e2207e99b2fdb8399fa6808a983aabae3ac40aa77766bf511e314b57807b1d72725d8a398435f9c77d4552d8e841e1511903fa2c45d0814911db4642a0bebf1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
985e5414af48d70e7099019f5b8a912f

SHA1
aa2e6cd7ebee310bce079a844fef2cccb9d70271

SHA256
3cdba6b9a01cf9c794a94a3b0a2242fa1b9174f7934b4fc08d870e5c61bc4b4d

SHA512
617ee19ddff187c02dc587b3a37631b2f038b477f4039a48810156bdb7f5070a50ca1ff215bbf329187709a6957bb8da78788cbd3f6d8d23f3636d150ffbc98b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc336f525696b5dfa667c9ccdbb503e3

SHA1
0232cc14a754c66d29fdce32cf668ee4294cbd5b

SHA256
2f01e11b8345586ebe7b584588ead099a45736c28c86466675071363ab16a808

SHA512
5e09aaaa387cc806534c0bce14e2f42bd914b69c24eb22ec8a92d54d2d203d9faf78fb17a6d0c1a6b5e51326c3a086bbd36816f335f6759161d41a75e5d920d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
859bb54cb7b91fd25dca0bd1d806735c

SHA1
8072761545cb823cb0af0f5ac98ceadc1471b59b

SHA256
fa3b676657f72f0341aba3b2566dc8ef36242e522caf19ce223ab3f8bcf4a2cc

SHA512
02a30e458fe38b247b81537ba4b67fd90d3c16a8154385ef5a67aabc8b642aba348aa7f67a0536ce7b25f22a329a8eb277eb8760e6aa71b4d14f28d61a915431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24529df4e03ea80d6e338951c711b9c7

SHA1
32daa2d048335a9baf74fb6dd013347b8719fe22

SHA256
efe7b3186e9d27df7896811162cea04230b2d2bbc1ec2fb03d550f350d9a83e1

SHA512
dbf35fdef6bf17753a277e739ee2bfb31d938f818505796a0189578a9e6ee59d155b85aeec874b3be44fbfbdc2a5ce467b593ed950b0373779176c7ef1a4fb1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9e6e86595edf4bb58b5bf49e1cb4e9d0

SHA1
863953c3b953222b455fdf96737a76a07bbaa9e7

SHA256
79f387116dd657c786d9757c66ad08de48c633dbd03c0c51c8d3f48a05dbfafb

SHA512
32a62ea9cd7b359598ff266978cb4e79f5b0f3e280db470912b7612ed6623d811507181d36893634231b9b12cb0d664c7a9e97a959bf9f65e0c45fd8ed90f2c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96b1dbe1e208aced688a5455361394ca

SHA1
d110a4a1e937fcfe9a592c811a472c6964da8fb5

SHA256
f1b3cf76ecba86ca3c0bc11a23ec32c21fb74c4d625b46c8250f71427066c772

SHA512
8d951ec5b18b37e2006d899abcbc5cb9df12eb4a1e384eb5ee08aaab99e014238a97a8c44bb8a5b497602dae1fab0c93cdbf0a6ec4fc3fa814bba41b5d0c58af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
107768354273f12124d8c2793a672596

SHA1
1d8b5f32fec68c8e49eea6eedd38f95ecd9099fb

SHA256
6d538f61838a7adff7ead4122025bb010f314d2f7b87fb288df0b4dd3e7d0998

SHA512
f4dd6745d3dd483848ef5f61a3f0c637a6f6fd38c4c8e7ee53418eba6b9ddb7256a723a2b16478b600367665ac231716eed59aa64e696613c8581d0cc8b41431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b017f60aa3170e9d3c337c8605dc4bb1

SHA1
9b2536940efba8a892ac68069589e8b7002ea11e

SHA256
d491e2829aa52047951fe69f7d72ab9537afcab6dd1f104b487ee173bc69cb54

SHA512
ce6da76994cf700350a60a3d6b774b961ad70db6daa19564a24f563412f7081083e70d9267a37beafbb04d32dde2265a1769ebf9141e74eb477cea06734eb628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f047b45b986ce49c0cf4e71eb5f22d1

SHA1
962730a8eef74274d6e4ed42b3a623ce5f643638

SHA256
23080f8d70a7b50c6dfe60372281d43c8c5491a13ddbd72088d374ea741d2f89

SHA512
c59122ee45b3cda2463274348359a632582b52c9664cb5bfd9739035554b46da4a9960fb023f3eb3db32e4944675beeed5a478bc685a263d6ac4b5e24c47b496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3a3884af13a27a2bc3ef4214b65cb51

SHA1
bfaf76651847baf79fdc88bbbe8d388ce7f53a1e

SHA256
30bc35eb603849000665ee0b63066ec5ca165402b76cfebf245d66fec87c9589

SHA512
2e183f4a118d1b663697f69af78cb8e51c7e9b142e8bfcac25d354ee8673b15e4a355b2b4aa2075c07b30405b58cd93e311dc0ac5b01a4ea631ac307f3626836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
4af66078b36bd051a73d3fbabfb3e38d

SHA1
72a7aae7361c2cf7896339e16ac5eb23ac27e493

SHA256
769037c1506b28e495e3487eef8b85f8914dc545e4ad76045b192a0f6e7ff325

SHA512
3b6bc43b85ef1d443e1d2d1421633aafcdfb4abc894204768c1166182667d133ec56f78eb4bd9b8c2eb1cc7c1ebea89a710e71332a5da312838cf385791f428d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\513f7075-7612-4762-9797-eaac0027d2c8\index-dir\the-real-index

Filesize
2KB

MD5
ef8c1dbfbdf2e1764148b488c9d2d569

SHA1
66bae588ce29182545d9a10785de1493dae3bf95

SHA256
74c41da2780890efae5e334d272849e55d4272de949397e6080f704e8a6e4d4d

SHA512
a8b1ba147654e4aedd5e036ce0ec3161e6c94f1dbeb149d54b35a0dc79aca224a6c4cadd53226926b119ad363715646393c2c4f878eefaa132dabb1abc3756dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\513f7075-7612-4762-9797-eaac0027d2c8\index-dir\the-real-index~RFe615841.TMP

Filesize
48B

MD5
0226e62bea35e6f0dd9d12f3cae6a2ac

SHA1
6377226378ae37bcdbb1546a87864c924fbf3ca2

SHA256
f23e6fc8801c962156c3d68ddd40cd345e9c701cf516691c0de5fa89ab1c9c17

SHA512
20ff18db0ba7fb88cce987793803d6b3a132df6d0f05bbf0336bf86e0fe0e051f768ac19dfb6507012b23779a0f6033c9fab49bb1c76d03836d11b5e63c529d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
bb5933eee3989b0b0f8e9b401991a820

SHA1
87fcd553df93e9e049ba36ab5dc96f6177c8d428

SHA256
3d450389523aa259cf007de190398790a4743a71877959d07bee628d79265697

SHA512
f7984c9c7199e7ffc4b0c2f7efb0cd1d76701a641f2039b2692e65482b93849c0b0b760ed9acc32c082bb0638cf3e801115538c5ee76decf769662635684bf53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
24f01269eeefc53f1a35537f6e5a7657

SHA1
4b1ebfcb2de985ea903e87f8bebf816d96b4734f

SHA256
ad69c674a1e52bd6ec8abdfdfa21bbe8b50c2b67214b760aae82b9b487ad8b9e

SHA512
6aef6af83b80a395f801dc86d8b4dcaca61d702167eb9404fd3889c779b2797106492b89175dbbf91edf841c5bf66b34fc49c02e097369174f407bf82c1f7021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
0c13df5f4b95cc2e4809802d7718196e

SHA1
a5ce7c06f6e455f2683840e82e8848c3a734bfe1

SHA256
274995ac59f8ddff78a62097cfa64e8c10f095a566d16505772ab68e7bfa0173

SHA512
c751043c5ea988ca22c46a618b75325334c69e63620ae91380d8658b86e895d1ae4c006f487784e5b86614fd132d9a6cb989e2278111999866f35df7c34f23d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe614b41.TMP

Filesize
89B

MD5
1129ec4d2852c4a8f40a65403fac9228

SHA1
fc14208b9774222098dc1767bdd0cbb6bddea11c

SHA256
ea93256a0a0aa510e23ec47c6105fe98432af81f9a6d0fb813a5e36e91d9795c

SHA512
e7bad76ed4b90846e4758023f173b46942c7786571c1efd1c6ee0e4f6a9279d4f1eaee33708ca65fbbba2ed4e2abb92a467926b69601c5a5f55864b2b4322eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
5c910457a4eddddca2b33a05f422ebbf

SHA1
68ca997946c9e6f5c8f918dc6bb6c1ad46af3dc4

SHA256
4e1fc93fd0faf44926be1addee00569c65b182e37f2e68a4945e428e93cb5f4a

SHA512
3a7a94ff1952f868c62919cf1fca119a1a5829431bc84332349113f14940d1f3af60f09daab7f8335aabc7967c6a591dcafc590a9ceb4535ad49482e5deb1bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe61a661.TMP

Filesize
48B

MD5
077af54c0cb24330e8e81c9d8fdb9f4a

SHA1
5ea8c86fd9f62ecff1bd7b2fa44405047feb1cf3

SHA256
6258952f22ad17dd5355486401a57d7d23968f289b05df840e8756251ae5917a

SHA512
a65d29abc3893717cc3b472560eeb7b413f33687bed37b8c7e63f112acb65464b2b2fd3742668a5fa2e50995454e44af1aa4497c0eaecee035f4f646c501716b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1b44c4bfca0102903c8e396f06094f33

SHA1
5bfc9475a9a8a0a7c7f158c5e62dbff3e4ff55b0

SHA256
0688acd58d82fd61b18a70a1bb14ebce935da5e38bce8d42b3e55f6b0482210e

SHA512
20c8300d42cbe71b89cea2313c67b6fc1541edd8fd5ff4bf64677dd82e965461d0e087d0d252ab843113d746557e74fc0f91316b4ec2f87bfbbd180193af734d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
10313fed084d86f644ccb0ae3ddb78aa

SHA1
ace43f46c56ba1f905c0c92957c1171094a2a842

SHA256
daebf44cbd98bfd275be3726c43c4b657fce44ea0472f30596f2cfd537167148

SHA512
647ad15000fa9ae54914b3ccbab1b92150568fa9f310143498ab1d908b379541091dddf918bf8d39b87da3892ca3d95b9f1c23b5fb6983c68936e2556151bf1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b0ed0e28c488f5da4b343e6a6e104e2e

SHA1
48dd41784e1cf4d66d0cad4005691d23a6912574

SHA256
73ca8f98f0621c8652ea83adb8f2b5675854a35121ebcac2eb76c7be1fd3cd3a

SHA512
9826bdb99a7b40bd37b8ab1b443bb13fb89257dcf8bb29bbf025bc8866bc4f5e63b65a2b9d255bf8eaab8d45534182330aa5bb71072ce6e4b68f9bd5cb56b743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e7030609d2d0dce5d39fd7b5a0426022

SHA1
ad442ba9c3657b47a161235fab6dd9ffbe5464c1

SHA256
d6aa3c5f3d48870e5cf4fe75820dcdfbb52ba3ba87dfe72d82c4f2f8ab42493d

SHA512
d416e2b3bb066a1780e6f305ed98a8a3d30bc353be146638aa74db487dd59d2ae41519ad9902fc3f6538877186497e738cd1be6c03936e69845c4b1676ba380f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bbab1d6f6a47a60cfc79d7af2af0007c

SHA1
51c3f3edd8d505b2bc7ed8e6a38e7df45571c7dc

SHA256
869c1913f126cd9212d87efea938e97f7e6cbf01f47280c6994d0ff9e1d68c1e

SHA512
e3017e3423ba388f527b5630b66731e9a8a8b3cd7cb8f2ee9a12f93b6b0eaf5fef04a65bf3accb016be36c059c302014498c07017c2d4a59f49bce932ba0ca38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
30c2db85787645d7ba47819790c36c82

SHA1
a872600af79e6401cdad2186264a59c281ee21e7

SHA256
429715727007ee5248cf900703290e3bac0737b3b38780794579a98f5eb0e41f

SHA512
f47d3a6109409e3dc3725762c904e3311aa8ec35f77b441b6e68e694b1d9f7acad20fcb25ccbdd034100bd5182c9d94ef4563a68a7d3bae4b62d6abdcb1eeba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
14cfcfa84c533ca98e9610322dbc8d24

SHA1
a950d488bb124756aa2ff054a3283174c090ff00

SHA256
316aba5b96f37f0ffe4e5f00d04f6ecf50585f6dba91b3026d1be9f957c1e0a1

SHA512
eea2cc846f288175098f445fdd07e720fa22ad842ca6730e92ddcf4bb5b41c0be693382a1e523b3640aa838c19e0ef56f82a3b298a7ccd3cf578ecf8abadb404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a61698742e272096042c345239bd5cb9

SHA1
999535efccba13198fd107a73565cef6cc01bc01

SHA256
7d95981d46aac13f793719070af1d65ed0876d44daf373926dd384019b75a3aa

SHA512
e110cc73b46ee697955ef1ffcdabfcb70d3ec78e0ce53891380ed9efb132ec60ddaea4245253b36f0a832d93adf8541f6e92d44a543c892d35bfd2d56b928ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2cdbc0fe10633fbd8895a6688373c7fe

SHA1
d728de27d7d28a17af01820b67598e66953274ba

SHA256
211647bf3c55a40d7e163d5a19328bb30fdd9305cdd8ca6b0885d25e4533bb37

SHA512
1a47bc90a7a4da9d8f319792fd6537d539eaaf45bd5abe32b4df4b1bf1253844982052d71d38d66cf172ce132e5307afec9c3b611471f2a63540922b9bc5cfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
676ec4b410f2b9e6df01ac289bc09f65

SHA1
c5857d3191c99741d7f83d49853d29c56910929e

SHA256
652b951b371a4a632d458177fe395a1af34f6586af57a64e870793f82b2b48d7

SHA512
276c72742f08af63a4264ccd059b2a18bf5b7ce54ff3b7fc866d2703cb75372e2f1cdcca4a35751bd5ba7aca6d688802888dc7b9e718a78bbcc3c63c0aa4641f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
284c633f4432517b9bb8b2e3cc11fe2d

SHA1
a506884652c70cbc0d3202d350213b3b73d45dd4

SHA256
09acc6f0b95c89d3613cd3a5499ed8d7e06d9874809aa0b0d4fc96200801b675

SHA512
7292980b979a4c3b99d4d262031e10a36d3dd63e8ebd6222ca07dec480900c7aded12a84002142fa38d7f706876e3b6ee086d2db1ed93e74a6fb5551ace0dd4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ea8d0fa9bc2a2d1e794385815abbb3cb

SHA1
b6e90d8ae2c3d91f42a55a8aaecf4216b2ee2fb9

SHA256
8a1b4a8a2da79ed8eede3917db5fb04df7f9fb4729bf09d8b6cfc90d84a5a970

SHA512
7a309855d4be6ffc6446f940c10de76f5d0dcfa3cea3634f00422b214fb28cf9e157a880c05fc851ee127938a066be8b4073e24958242512a7c7414822cdcb44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3ed4a0c6ddeb0e88ad0c407f1edaf2fa

SHA1
3f0dae68cf88aa86945e49ca548bf2c4fb5f2540

SHA256
04124833a149b8898491797d0c43e6588677b36f76f7a3357f4083c738cf4dd3

SHA512
fc4a2a55defdc9d666c50c34ce786cdb66627a8d0b5fdc238fcf3747671905eb1e79fcb495eaf91138bf2c9961884035e1f97406dfbd9f3d80f4304ebbcb3864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d3d947507e1a052aa992011d1f5ab67

SHA1
5c60da6360c2c589afbc02a04a7f6c9b41dad180

SHA256
91b384fb2bf6b84dd6984ada88aa1d79fe0902c9d8db6d900009c21eed783d63

SHA512
6b0fec92375d985b3e6f216531ab1372d327260d887b6ac2410f3969c0533de1a0c0fa77d64cdade697d07820befae5fb2c0a905bb021fc291448c72459c2d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c88427541d3fbf2cce7f9351b557215

SHA1
2ca5eb7d57b9e11cb4a2c4ddfbcec8e78f36ca48

SHA256
59cba731c3498b393e87c184bf56a8685ec367e1e14b898b4168402476e685a1

SHA512
1f7f690404d05c1fa47581580bcc53f4d4f2d07ad0adba45ddc520a817395a9f2c68694f6edd1acd5f68b1aed7329efeec6085def08fe87b4431920cdbe14bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9033c49c0a64dab20da6f63e160d3e48

SHA1
d9e3fda18636ac95c6eb604d454f1b01a9ba272a

SHA256
77aa075afe3395daeb689a67f3683e15ec2baf1545abc0acab58be66b86ab12d

SHA512
8a32f36491b99202fd3e3f24a7cd319dd4f745d508f4d1f879d240ed1ecebc7d92d792da9f041b2b8f3d2ebb022c05c48fdb1e45abab54048dc91ca34b8d8c79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d81d31fd218eb807208dd09244e05e06

SHA1
1adbd8ff5185857f55c8e14ca51597f91c910d47

SHA256
896db404ddd178e717a984722dc67f2916c4c668d3e4502fd5d382724b5f9bad

SHA512
8fb4a0b47ddb99365ba55a6bdc0997f035f7acc406a0060b800c94bbe1339a1a5198697dee899ff69a57d9f23f01c50d6596ac56ff739abc1401d8779838e14b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3330f87581c3b4d27a93fbe66f0640fe

SHA1
7715c7605612d91313b2a1ed7a4768278a42abab

SHA256
06ae80dfa7ea66b7b0f9825adc768b3e47da370892a55f6dd5d1e5452a6799e3

SHA512
d3088ecf7446eb6615b0a90a749c9a92a10f3fea702b7c411d6b24176b8640faea3a961f0880ef38db84ad04582b2831bdd2d89bf9a0ab6f9c4937cd314165f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cde3a97e8558313393deea8b832271ef

SHA1
3370a04d6123e47a6d5e8734936f9173fea31583

SHA256
38a65bca7b814167774e2b669ed33fbd5db123dbb77d3ce9d39d9fb02ce08e4d

SHA512
2c7b4b00fb3c47bd31a91e743f84308dce62b5478cfd36c13db3e52693cb88258151e5fc9d36ec2bd139c6ec4dcbf0d75e844be651b1dafa5e1e52f3d6f46fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f63cb5b0f77a7d21a92e9961ac44de7e

SHA1
9fab0945810a534a1836bca3820c97c646b75012

SHA256
4f8cb1ec13a8f0632fc1352a0e92b07956424f1eae7a70134cef291a3cfdb777

SHA512
44f8209fb6a1870c1c5ba08e0f951004c3d629a794f65239a43b8a2cf196319a6ef30cc47b3f169ea67350a381c30577740aa71734eabeb18bf289c49928ab3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0f50dcb6b32619a5deb50f25fdfe1d0

SHA1
786fa3598e33e447d7a1d0de88d3996fb3db51f2

SHA256
4bbcaa34d420eb88f36e0d3cdb8831d38e757870febdf7d1ecdfd8d776e7f41f

SHA512
0e1af5460740c9a4f060f1edfe69a48f6e945e47d5c17b139c5ca65f46feec28a3baf5d1db16720cb3833fc133cddff034b987a008fac23e0c3266e8352f2f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
38a50eebcb2a211eefb128b068491b8e

SHA1
21cee9d580485ad7307fbe85951f7e5aac730e1a

SHA256
8d27fdfe4894f4e0325a45bc83932ee56f770eeebe5cbd2496e557a0eefdda1e

SHA512
ac1004628331540b7e341a0d603f601b9de606850f72f672f20b0bb601f8412d0cb6af3536d27e7d912402c32bdc07d60b71998dee3111056afba3336bab7b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
66d4a93b99e33fa2227ad0ab70cfc7c2

SHA1
815de32652948a1bf75f14780cfa036b71c0b4ad

SHA256
46d6eee31652e840ed967ed70e9127523439f3d3a20a66c1da5b61a87a76d377

SHA512
e1df6ba2cf06c068dbf7cc99803b802cf1d17af2ba23544dd400ef0f37e55bb3f5c8996e4bfffed177e9c7cd89c30a1cda8958730a6cba8e5e07dc49820995e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
de768d8ea512846552b7c2710f685052

SHA1
be88f096b35a6030f24edcb3c31811b23a634354

SHA256
e43758c20e9205975e0504038e6bc165475c998efedbd6188495b5db8ca95116

SHA512
9ce27a60832694ab1306723028c077cc86140a8031eb4408a1843e303b154c85b7740df240d58a2a768b69d0d151436da055baff12507954dfda254322a0126e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6c444cac782c324a6a4c01706dc8337e

SHA1
991120bca3f622f616811fad227a2ea07734960c

SHA256
51d2e002af521e4c99b327c1cbc2c2248de1b57de779ff2595dcbbf75e1ef026

SHA512
2979d324eae34f989b6d0189a97d32f1edfa18adb37adcf94287205f850f8f2bd11967df1f5b8e15529faa0a4a4537c90a771e2cf3a25dad038a7be25081fcaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
33b9f218460dd827a73b958a788c652c

SHA1
bbfe66fcc8a123f2f9968b7abf3e781e06d7a824

SHA256
e5eefe45424a55911ee40a344c20c1162422ff94b3aa54c818a39b1f4dbbfd8b

SHA512
537a2ffb872ba5a78ee2a27459d05f2bf027b085a65dc5029717503c4a35a7a21fd33e6c3a26d5f247b8d002b4d397aef30f0ea35869f00e966ce94f9ba02a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ec6731728860c0b26ee42c30c8b3984f

SHA1
aca15e042ed0cd5b1da159e85851a7f863d4778c

SHA256
4b398f43d9aef1452a7f9dfecfa5921446b3a587c85fc86520ac00e333f79456

SHA512
34dc2864b758927cc70e6799ee654d49ea8920ae2786f881a5bd801322ddc228ccd7e8c3b22520e7170276e46b25a1f3f0d85371be7ba0a0f2fecea922a22c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c59b4a254083a19267702a691f85d5b4

SHA1
859d852bb7a5a03b4c8a6ef65dd23410bc83b28f

SHA256
2244ba3d25b8ceb0047499185d23464b188b1561590bf82d531d8a416a9c1b54

SHA512
4e7db8cfc26936b5b628b43486ff983593d93c736a264ac7723be46152501e1c1c14fa5e24406e94fed8d73d2b511052057b1b19a0d851f75182b9f68c4cb763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ab3b706d969e30b323bfa15fe182c367

SHA1
cb797db8a6f0b7506637977073647facbedfefd6

SHA256
2a0303104031ee9c10fdc2e22b21545ca580ae89bfbd609a2ff4181f78d88191

SHA512
f12ad7faab6b5e33ab17d17d7c9ffdda3064ed6e3e1ec46c33de2dd6dd84621c7e876c9c74bc7595f74cb4119aa5fddd20a466ffeaac98d5834cc87e656250f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
52de2b42451a1d93341794bce9ceb2ae

SHA1
e62914b71cc6c6da29cb10f6db9a209d0e574dbc

SHA256
54ff18c0fd8310417273971b4970542b9c534cff037d0ce00f01bf6d5e61854f

SHA512
43aac60a2648cbbad8f73925586795b05a243819d09bb16b5db67e82b7f80055e2a676885f3a516c5f921cb235ac14ff21af17873cf04de9f4daef3d893c67cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
629fe7a58bd61aa153fb3c07d6197119

SHA1
c75c056baf78fa1e3ab6f4d5963477ccdd240c60

SHA256
8942347d76f6cc79fc53022e41c2aef7c0f6ecf1b1bca5b3d8a19b193a79685b

SHA512
0b78ab530a84f5278425e66ea7001bf09616e65c8f3156d85c8df34224751ca22bd5b0e787f5acef71e26acde4f0225ef8539e9867268ec7fa4c2f9b6526f5c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
11dbf724f624eb2fbbe6629a5338aecc

SHA1
2108e88d857692bab90d08826c91f035c50bab49

SHA256
c4290310902043c2985178430568bcb4316547a8380cde6056d7663f89e3c653

SHA512
06db0bfbd244f92022378666fe930c7c29de3234b574513ba7f019d54dbe1f53d569fc0ec5a1ab95f6da39cf7616a17471cf33e71a3c2e158f7d738bea103b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ca8319b70112ce9186eed09fb0a5eb35

SHA1
4934e15fda395918c2bae1dd39a55acd6612444f

SHA256
63b7ee94de7b295400838ce4344e02b17535c94fb9b80246b12483fd39f85439

SHA512
185b097b171f7e329e0e63f481aea77537632f8f68d51eb7e933e5861e4daa3f0b588c66e2d7fbbfd86579b17f33f71913629b1338708ff107f3bc9285f79e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c8d5f3d5146614745eb0970d22fbd6d2

SHA1
d207ce35d784e62bce993336092c325e29834131

SHA256
67c36d3959c15f245111e4631e7b9dbf16c41a788551091f73ec6570cf52389d

SHA512
9a6ad9e66903f30f2a5c41b936562524f9ce29e8f15b80c5c6250457c8a2c0ddb3cee5a3635d8b3dd2df6782d4369c044d46da68dd88782aad37bec294fa539a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
47568331d5d3822e4126d71c538cbaca

SHA1
e5f2d603c2686b1ab15795b62f0d3d6b6a11583d

SHA256
3c82b6de9d08ffeafd4e9ba25fffe89dbbd8fe203753703306e2dcbaaa613a80

SHA512
5643d60c5a7e3e3a478de5686938b6ed7977ed4b92efa6d9ba74c1bd62ff47373475f882056b4edae12650d6ad628b445082932222d27ff90a0fd17f112ad348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
33368542a67b7e99e54c38c33f9888df

SHA1
b802141931ada5d29823e73276d76754aaed7e34

SHA256
5fc5bd9bd1c206135fc8b6720264b07c1c71c5cf20d533642307f07179d75609

SHA512
f438d2f54351d055f4ee50fb8285aca093a611eab0f1b8318ed84a015cbf9d70887dd5bce6f7bee91b10ba675b960ccfdf2b0803ae954d9d85d4f3cea282d5a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
13f7af6b0b7f921e40aefcbac3efeb28

SHA1
b4da9af3e3ef95a9aac1f159555941bbf2bb4f93

SHA256
4ffaa93c599fdb1fc7680100d43d4db02936a2d8e9c9eb6b39d9261cf4450af0

SHA512
cdbf8e3f68ed31194b0a2d211a5c077a43f6d188121c710fed5399c5d4de6bdae4006cca2f5e2cba9dd35bad5aa7b0f64c03ff931da84f7895c73bcce8716508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
bf947cd8a7c16ba1fba9b493d710dc7f

SHA1
a35146e36c6a9906f89b7601e0a1f99fb5b6ef14

SHA256
ec8295dcceff4c59b8e29a72485c1ead719228c924140ce3726d84293b701430

SHA512
f09a03a7b3546015304942df19d8ccab1eabca9c615fc15f16b29ea8085526d0ad836cce31d45620ae179bf7a6a0e30563e99eaba14d54f5f70290f7a988c29b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e6124a8a83894818ee7dc8a4d35f28ba

SHA1
3d38117d4fb1973b6b283c8199229e4d46204ca1

SHA256
80e60a14960deb769da871089f14ca9a48c35df102226eb3e98a3e5ccc6a2fa2

SHA512
6a7130e6ee62cbb6685d1033b7483ffc052d656664226cba3b412164ac97f38169d27674bd532a046832c8d4a82f92a293b93f1f14fea476de10a7ee8ce911e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59812e7de11de82d065c82ff4858e0c6

SHA1
76c47034b2c273526e2100a02295c2a456038f56

SHA256
16ef8f7fe74d4abd4df38770846206f2bcedcb5ec819304de32a89dcb96929c3

SHA512
8418fa6fbaec016255e9df28d569bfe5f372f42589eab4168cc4816f80fd1eb48da46ca73f6990cb706f95e3ad23bddb0638bf0cd418fce325a682f98cbe8d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
aecd06c419aa897060fa893413034c72

SHA1
e031093dd891c168c0426e808f2e3ccc2900d0cb

SHA256
8d8552ea1cfc8db4d940dd1e2155fb2125ba97b60248e6c54551d321a8739667

SHA512
dafc8742210f00de1c590d614f2577a02362b34bc0a939eebdc5fddb7075c479f3e696c635ce8a18ef530bfd7511fad8925aec92123114334b1548a9831a417d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e7880524989bc52a5a0d58ced115285d

SHA1
bc6c9ce7678aacf0e4069580790d49aa173153e7

SHA256
1197dc35d2d0768d668def13f563740de24b40f2c908623080067e9f3beaf2ad

SHA512
d2c062e164655437d10ab11ad6e1567db53921329b46fa0d22f45eee0964ed2d38153cee7f050b20569409c94c1e54ab7f0c9ac9d70ba68c85ccbd829e93d1eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
94c98c20f64d0dd0f328948c88f42d67

SHA1
eb359e1c2da5b4acc813e69ae9b5a6850c05448c

SHA256
8d330b3ca8e521439db3095d99f32dd3f88f51bb7c8d2a7aa738c2d6846d16b8

SHA512
06d702d7631e9e40641664548aa0db15503ab0e8f55f371a9242d2aaa4a4210cd61704bca5dc59af77d22daf2b16bc443c5a158136360bc4423d0862ed029721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c67692358573896a01e8b7f5bea9057c

SHA1
89100053a72df393d69b93021c0dcbf541ecf543

SHA256
8b10fdd8edc7d5ed947eb9d92644cca4bec6edc522db7eac05fc9ae2ad382374

SHA512
954ad65076cc775873aa6fbea42f1e768dc73ae800c162c07b7a1d1a4c06d4081761987689f156b67938fbe05c4fd63b31f69eee317263ad8d4776d2b4edcfca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
40f5472e73c2913016c819581869bfd0

SHA1
5fc7031919cbe8f2a13db003708c1382a5231e40

SHA256
2678bb888bd03fe8d3daeb90e35fd035a3ddbebb3ddbdabda7d3765fbbfe0277

SHA512
a502b2c7b80319fd93c036a0dea2cc1b1fd52036eb867fda1bee9f2d8f42b5e9f58a09eacf2a22a8e71b8eba6542c159c91765dfe57ce32c2c7f954a44a1d1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b64bc53d5648bb388ee47fe595fcc9f5

SHA1
e50df25416364be77394ffa4fb53633217dcea35

SHA256
9a165e780ded1865b0712d30f6210f6c380b43754bc4043099b3081ade982138

SHA512
0b6bd7670a83f45f3ada3b52c50fbc38f5a445aed16baf84c25f8591f7d7f8694402f3c8135cd6d4c23eae9beb58106b83ee4962277d41bee8a11e6ae0e18dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a03e8584f97d76f8fd2643c59d7ae2b6

SHA1
60bd27743f0a22d2cacd01562ff426d00b501a4e

SHA256
7f0edda91a3f6689c6b2ad8a6b28bc72e7f43148b8c9d6b6b45d618880e9d0bc

SHA512
5a39a21317b09b71d369b68cf8599e5468b2600a9d2168c5c7625d40e103dd87e99ddbd71c76e45fed9bbb671ce11ea95a07e8eb99e32f98868a734561f7345c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
57e8beb6995fd14f0e3128abf65fe208

SHA1
fe56bbb1970749cd427eb31b582588871f0a3a9d

SHA256
89c01572d5d12917f714c36b00f3b5430cb35a3e47e5a7193a6af927f80ced98

SHA512
6efa8aef2157863446c07fb22b283ba6027f559282e96ef1ad79e0e4f5cebfbfb894d39c5705ad65801caba329ea7fe416c8e50056e7169b0564f18cfb93bede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3bdd0ad11eeeba70ca92d488b1afb583

SHA1
85ac551663a6b597efe99fa7d2fc8ab3937a0085

SHA256
8c73472b1ad7e9e8165937b595e61fc10488ae91a4a50fef315c79e18807f891

SHA512
de99dac0b2edd9e6f16d0c853ef9c27f7a731e59f7278737e66acf606620613f9e5a77595bb4ebe7a442e688f0538f3ade5cbc14da0bf5cd316b6ccd53018e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d1dca1d4247000bb7e56e36a0a126bbb

SHA1
28c983366be6e9e49562c6dab7991a94caebb0bb

SHA256
f50c22a9a41cfab0de9527349f1fa76a3a3c8e7fe528b55f5fc8f9bd7d65e94a

SHA512
2f289568264c7742a74255b99a233c4fa3519bb16e675a358d4eac242d8a86139071fe378477a5cdaaaa00ac55ebf67e66a727e77670b65fd805d613ba4980c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6c18d821cdb776413e38a8297f151f27

SHA1
8c8fe1220f8b03da32d5fc14fd05ea0dd0c5fa31

SHA256
88f9bb8aee000f6343811c2e428715ee577cb0eededbb503f0ccce617fcf77a8

SHA512
fd537f269e8f3b54660ae32e779c55cdf0c98505dc8fde23bc34b63545e38276d73a7db6a062af78964d82efd3a74394d83deb2a136a7316ce83fd8c81617ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cdb0.TMP

Filesize
1KB

MD5
09c5c26e81bd134e89757b6b28d5308e

SHA1
9875d8cb953e9f3e0098e834ad7a2f6bbad298f4

SHA256
3cf7d132b65671f896e63a275544b84891d7febd46d39ee3dbc90e899be64f73

SHA512
196b9bb35434a662378e031ce77d730f7ae21005085b5554f2fd13d08b31dd2b74460a4a6ec935f43d9fe750d82847344269e194e0b58c42fd4bc41ad6ab510d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\96e6de88-6a28-4bed-bedc-895f8f3015ec.tmp

Filesize
25KB

MD5
be997a2799e034d4b16541836af91ad5

SHA1
ddc1dd4e885d3e461c7687f3811248c109adcea2

SHA256
ae0614d6f26f8b18fda109753395a8865c28b218dc2c5c79fe024c25decafe13

SHA512
4e0f099a778b2e4b8855b650e29de77cd5b294e4333447a0ceb8b716675503b73f1f0c509b0a9fa478929528df72ca8f825245b0088d4782f095a4b1ffe60ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\GPUCache\data_1

Filesize
264KB

MD5
ff60337a8b65ff063927e689ca6718b0

SHA1
3b645a512d39e2f522497088125754baf19d77ec

SHA256
a54331bce8745915205ea343392954445fe95c8e567835e368e19d58aad49790

SHA512
85abef184a015322e8453b02c3371423f2923d3adfe4637de816a5b9ae1cc56ffdbe2d12db6bf589c1c6c71ee196470fcb117a03ad2d95ee1ffcd05e286a112b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\GPUCache\index

Filesize
256KB

MD5
2fb56f043a14d89d50ed219630b981d1

SHA1
94a426eb49ab964ac8a971cbefaa5f1f35300860

SHA256
7aa24e5de119657fa4ec2c5c5518015859ee00123049c25e0c67676b1f3ed947

SHA512
65a399279746da88925b879021fa793a88b16a57f67dbcd71507229eaaffd342f64bab3338e8afd0d1e19e02020316d7c4d8fcb27825616cae594efa10cc439d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Network Persistent State~RFe639d5f.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences

Filesize
2KB

MD5
243dff17b7eec87deec6674267ddf15a

SHA1
402847c22919e42e33bec9572ce1710a82e12399

SHA256
944f07b235d36b3a58398538e6ef0f0aa3a5694474bd3bc384b7e495cf47e452

SHA512
950ca54bfd6fd00bc2ab7a2dc8c64f3f2ee600413199e2c81aac6756ace9c8645adfeb00928774ad396b8308803d2b2b0d5e862da5a903100a605f15adc2ae54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences

Filesize
2KB

MD5
2e56d5778544afcc12bbb604fa3d6470

SHA1
4fa94484a1aaa01ebdf9e02347f614adefe35af1

SHA256
a120a2310be33b9ebbd91e82458e7c7ed303107d884bdc948bbcc8f500f34620

SHA512
cc553dda5a8ba0fb4cac9684e64a4e37f85663f559b519a91b4509e89578e28a867523f197d5b3e69ab909e397dd50569de4b5d3741d5fc1899956964cb7e8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences

Filesize
2KB

MD5
8c94682ab5887f1ad593c1a75ee028f6

SHA1
00793b73fcfd5c8e9e3e46b8544c70711ea24c9b

SHA256
67a03d01af6ba8fac6e2d432acf3c169114b670fe47d73ea9887e0e1a30c0ad6

SHA512
a6ec14e300fd2edc497321471e20fb8205956584d4cb1358f7a23dc93fd8f89fbc4133dfa1e88ec588eb1bc013c80658cf8b07b43ef4d780a878cc7d0c5988d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences

Filesize
2KB

MD5
3f986302d9dabd95f0d61641480a815f

SHA1
b0a92f8b6f7d4398b55105755489a1760322a72a

SHA256
a07a490f57df7839e8805925aa37926145f17d908f1543ab80cc211e36208d4a

SHA512
402d277449c978442474a782abcf3b4d1e2f82588d625fa5ffea302beffc9b05f3562e9f5cf4173a5a4ecfcb9ffd0c69f0774d668d90a2cb8694367db967ee79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences

Filesize
3KB

MD5
4b84fad45e6d2ae1a07267fb7f3ace8c

SHA1
c5d181630043b283a9f445780f94e7b2da3fc594

SHA256
b563b2347975f464b62bef99c13bd5951aba1c302241353499e270b5a32060ba

SHA512
426de4a39dfc4c92ae7f1d73533e02fbd05db49140e36a8838e4d03b99e9b2a61e0592b93e9cd658cfdee0e6e0df150b13aa52379ca236253dd4a06e0797785e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences

Filesize
2KB

MD5
0a4fec2dd8eca80f5d421d25b902f618

SHA1
5240b2e9b02eee9886136ea301760bf61ceb134f

SHA256
63cab1743b99c907751b131be124f4f7526320d80fff1d6b2d19ecb7b6b3820b

SHA512
cab3a5c6a63bb9b582ffc0ed2b4465d4ba6b0b74423077209d09d47ddc3864d7ee4beffda575229cbeb0d84bb4bafc1a73376f6d2069d46ac6565b4bad14291c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences~RFe619654.TMP

Filesize
2KB

MD5
a175674a3ce20c524f8b7061f7e5b053

SHA1
f6474a6b11fd9e28220645adc8e64e603fa7d2c0

SHA256
bfce1f7af5062c803640ca54ff97f4289b632e78ee2c9b382c66d4c53a2301b8

SHA512
be7d9dd589cee30ae7495a11a7577b79e04d74af489d193d345ee1977ab2ec8924f82f3b8c08de7e3f3ebf6606268a1225b7a849244c19029a06de6de00ef4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4727cbd974ec3ee0bdbe76f655984309

SHA1
fa03d018288205471b4814b164091d3de30fe349

SHA256
ad13b36dfaaa8590106889a3c5ce5fd764f6d5090ba06a70c03a844aa935b3ec

SHA512
250a975b5a862b5c784173c5d3f227ad889473ba9fb08d2a2eb534aaac5e8c5df8a7727db7beba643ee4f8afb848bb7c081c42e41fc2f4c8c358d973a5a7b6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3906757388901dbf9c6d22eca02e3c37

SHA1
12ca00a4b5136fff01dd2cdeafdc9da5addb72ce

SHA256
dc811b65db1cfb61ec8b412a0867d97f1d0ec9614b228187cab7d504ba6e2e9f

SHA512
008616214c7fdb708ed9584466bd330ced734580239f1b42282fb619bd99e59e632e44988450d70ba4c98b334387a5de2a851f6bb36f000622fc3e856c28c3fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1dbd43cea9ec82da649b0d1c2f0e3efb

SHA1
20fae9ef4352636836cd31089e8a577361e7f2f3

SHA256
b3a1169e04af2f1c0f8fc7df537b50f70eb625eb61c0af9821141bfc96e21cb2

SHA512
8d41519cf318b5fbcf3e56aae7ba3bd8b663b106c7a2727be52b5878b302fe5c5c83f3a7d1de0d4dcaf59644f600d874d815de552991ea3ffc6c2804d371e0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a1b8a32877a9230a9887b146e4081db2

SHA1
2ae88ced8dfeb0a3322d8e9099256ee2d3b24d81

SHA256
847c89d677d0590d16a8a9dd802561f18ce2e94ab92989f43619870522b8969b

SHA512
d154e3cc7b9ad19797db77e9aa3b8771b2540029559240819176eb36a43aa3dab93ee0a0cae2e6e2ad18163de383af4e877086a870a800a6217cfdf4dd9c9afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
ff08a6ada68ad62f1f613cac611d957c

SHA1
c0e1f42978386b22d5beb958cd84e0fbe8ea68ba

SHA256
07251b17cdcf2e35822a25e9bd9e0cf009e38df6f406a2a7c8afae62771dc968

SHA512
a8d7a22acc92cc48705292d6cf6d10353dd215ea34d1a8949834a0e15364a7e979cde972f2c5dccd3c484c9e02ab7000bfece79cac09722e8708758cfa0a96bc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe

Filesize
6.8MB

MD5
91563396f82674c0b8a13a5bd4faa2cc

SHA1
becfde376e3053a2593640e8fbb743890077ed07

SHA256
c4e4b832dfab883152602b2ffef83f57281ebd8d08b3b8b12540f580fe0526d0

SHA512
07ee5e4084c24885ce735e93c314700dfaad96bf1b65e63a36a9c14c9f91a14fb6d4e26a534627e6a0df9416ce6a80f0539af3e50d5606489638a36b6da95e09

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
7deb6fda75391d2db8ce93ab9e4de064

SHA1
f268f8eec65ab06a9acf96f9289bb5cf0542e81d

SHA256
3f344656780fcc38ad5487f0121dd7f19bb29b487eccab8f93c33a3c58134945

SHA512
d44e694d13d6741556e951d8084d361a9ac0db0e0412294447fd63337ee97621f36203b6867fb6e3f0657fa0e4fb0e51f8ee87dc9742e3f0befae74d3b6d1409

Download Submit
\??\pipe\LOCAL\crashpad_4896_AICPBGGTJWICGHJR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2464-1813-0x0000000000080000-0x00000000000B5000-memory.dmp

Filesize
212KB

Download
memory/2464-1611-0x0000000000080000-0x00000000000B5000-memory.dmp

Filesize
212KB

Download
memory/2464-1612-0x0000000073B10000-0x0000000073D20000-memory.dmp

Filesize
2.1MB

Download
memory/2464-1638-0x0000000073B10000-0x0000000073D20000-memory.dmp

Filesize
2.1MB

Download
memory/2464-1776-0x0000000073B10000-0x0000000073D20000-memory.dmp

Filesize
2.1MB

Download
memory/4768-1848-0x00007FFA150A0000-0x00007FFA150B0000-memory.dmp

Filesize
64KB

Download
memory/4768-1853-0x00007FFA153C0000-0x00007FFA153D0000-memory.dmp

Filesize
64KB

Download
memory/4768-1854-0x00007FFA153E0000-0x00007FFA153F0000-memory.dmp

Filesize
64KB

Download
memory/4768-1855-0x00007FFA153E0000-0x00007FFA153F0000-memory.dmp

Filesize
64KB

Download
memory/4768-1857-0x00007FFA17030000-0x00007FFA17040000-memory.dmp

Filesize
64KB

Download
memory/4768-1858-0x00007FFA17030000-0x00007FFA17040000-memory.dmp

Filesize
64KB

Download
memory/4768-1856-0x00007FFA153E0000-0x00007FFA153F0000-memory.dmp

Filesize
64KB

Download
memory/4768-1844-0x00007FFA15710000-0x00007FFA15730000-memory.dmp

Filesize
128KB

Download
memory/4768-1845-0x00007FFA15710000-0x00007FFA15730000-memory.dmp

Filesize
128KB

Download
memory/4768-1831-0x00007FFA17930000-0x00007FFA17960000-memory.dmp

Filesize
192KB

Download
memory/4768-1833-0x00007FFA17930000-0x00007FFA17960000-memory.dmp

Filesize
192KB

Download
memory/4768-1834-0x00007FFA17930000-0x00007FFA17960000-memory.dmp

Filesize
192KB

Download
memory/4768-1836-0x00007FFA179C0000-0x00007FFA179C9000-memory.dmp

Filesize
36KB

Download
memory/4768-1832-0x00007FFA17930000-0x00007FFA17960000-memory.dmp

Filesize
192KB

Download
memory/4768-1827-0x00007FFA177C0000-0x00007FFA177D0000-memory.dmp

Filesize
64KB

Download
memory/4768-1852-0x00007FFA153C0000-0x00007FFA153D0000-memory.dmp

Filesize
64KB

Download
memory/4768-1851-0x00007FFA153C0000-0x00007FFA153D0000-memory.dmp

Filesize
64KB

Download
memory/4768-1850-0x00007FFA15210000-0x00007FFA15220000-memory.dmp

Filesize
64KB

Download
memory/4768-1849-0x00007FFA15210000-0x00007FFA15220000-memory.dmp

Filesize
64KB

Download
memory/4768-1847-0x00007FFA150A0000-0x00007FFA150B0000-memory.dmp

Filesize
64KB

Download
memory/4768-1843-0x00007FFA15710000-0x00007FFA15730000-memory.dmp

Filesize
128KB

Download
memory/4768-1842-0x00007FFA15710000-0x00007FFA15730000-memory.dmp

Filesize
128KB

Download
memory/4768-1841-0x00007FFA15710000-0x00007FFA15730000-memory.dmp

Filesize
128KB

Download
memory/4768-1840-0x00007FFA156F0000-0x00007FFA15700000-memory.dmp

Filesize
64KB

Download
memory/4768-1839-0x00007FFA156F0000-0x00007FFA15700000-memory.dmp

Filesize
64KB

Download
memory/4768-1838-0x00007FFA15660000-0x00007FFA15670000-memory.dmp

Filesize
64KB

Download
memory/4768-1837-0x00007FFA15660000-0x00007FFA15670000-memory.dmp

Filesize
64KB

Download
memory/4768-1830-0x00007FFA178E0000-0x00007FFA178F0000-memory.dmp

Filesize
64KB

Download
memory/4768-1829-0x00007FFA178E0000-0x00007FFA178F0000-memory.dmp

Filesize
64KB

Download
memory/4768-1828-0x00007FFA177C0000-0x00007FFA177D0000-memory.dmp

Filesize
64KB

Download
memory/4768-1835-0x00007FFA17930000-0x00007FFA17960000-memory.dmp

Filesize
192KB

Download